From 17e3363689cc43f85df9c57d34ff4f1b2c98b913 Mon Sep 17 00:00:00 2001 From: Tess Gauthier Date: Thu, 3 Nov 2022 10:55:58 -0400 Subject: [PATCH] update to V3.6.1 --- CMakeLists.txt | 77 +- ChangeLog | 448 ++++- Makefile.in | 17 +- README.md | 1 + VERSION | 2 +- aclocal.m4 | 66 +- apps/Makefile.in | 10 +- apps/nc/CMakeLists.txt | 9 +- apps/nc/Makefile.am | 4 - apps/nc/Makefile.in | 27 +- apps/nc/compat/base64.c | 32 +- apps/nc/compat/sys/socket.h | 3 +- apps/nc/nc.1 | 14 +- apps/nc/netcat.c | 41 +- apps/nc/socks.c | 4 +- apps/ocspcheck/CMakeLists.txt | 9 +- apps/ocspcheck/Makefile.am | 4 - apps/ocspcheck/Makefile.in | 26 +- apps/openssl/CMakeLists.txt | 9 +- apps/openssl/Makefile.am | 4 - apps/openssl/Makefile.in | 26 +- apps/openssl/apps.c | 110 +- apps/openssl/apps.h | 14 +- apps/openssl/asn1pars.c | 4 +- apps/openssl/ca.c | 29 +- apps/openssl/certhash.c | 6 +- apps/openssl/ciphers.c | 66 +- apps/openssl/cms.c | 2045 +++++++++++++++------- apps/openssl/crl.c | 31 +- apps/openssl/dgst.c | 5 +- apps/openssl/dh.c | 22 +- apps/openssl/dhparam.c | 48 +- apps/openssl/dsa.c | 4 +- apps/openssl/dsaparam.c | 46 +- apps/openssl/enc.c | 14 +- apps/openssl/gendh.c | 22 +- apps/openssl/gendsa.c | 4 +- apps/openssl/genrsa.c | 53 +- apps/openssl/openssl.1 | 81 +- apps/openssl/passwd.c | 115 +- apps/openssl/pkcs12.c | 304 ++-- apps/openssl/pkey.c | 34 +- apps/openssl/pkeyparam.c | 17 +- apps/openssl/req.c | 125 +- apps/openssl/rsa.c | 42 +- apps/openssl/s_apps.h | 4 +- apps/openssl/s_cb.c | 100 +- apps/openssl/s_client.c | 53 +- apps/openssl/s_server.c | 47 +- apps/openssl/s_socket.c | 43 +- apps/openssl/s_time.c | 6 +- apps/openssl/smime.c | 1251 ++++++++----- apps/openssl/speed.c | 100 +- apps/openssl/testdsa.h | 145 +- apps/openssl/ts.c | 690 +++++--- apps/openssl/x509.c | 78 +- cert.pem | 1231 +++++++++---- compile | 2 +- configure | 430 +---- configure.ac | 3 +- crypto/CMakeLists.txt | 87 +- crypto/Makefile.am | 82 +- crypto/Makefile.in | 1306 +++++++------- crypto/VERSION | 2 +- crypto/aes/aes_ige.c | 10 +- crypto/aes/aesni-elf-x86_64.S | 55 +- crypto/aes/aesni-macosx-x86_64.S | 55 +- crypto/aes/aesni-masm-x86_64.S | 77 +- crypto/aes/aesni-mingw64-x86_64.S | 79 +- crypto/arm_arch.h | 2 +- crypto/armcap.c | 2 +- crypto/asn1/a_bitstr.c | 331 ++-- crypto/asn1/a_enum.c | 299 +++- crypto/asn1/a_int.c | 950 ++++++---- crypto/asn1/a_mbstr.c | 4 +- crypto/asn1/a_object.c | 799 ++++++--- crypto/asn1/a_octet.c | 35 +- crypto/asn1/a_pkey.c | 186 ++ crypto/asn1/a_pubkey.c | 160 ++ crypto/asn1/a_strex.c | 70 +- crypto/asn1/a_string.c | 437 +++++ crypto/asn1/a_strnid.c | 138 +- crypto/asn1/a_time.c | 50 +- crypto/asn1/a_time_tm.c | 466 +++-- crypto/asn1/a_type.c | 159 +- crypto/asn1/ameth_lib.c | 74 +- crypto/asn1/asn1_err.c | 14 +- crypto/asn1/asn1_gen.c | 19 +- crypto/asn1/asn1_item.c | 652 +++++++ crypto/asn1/asn1_lib.c | 548 ++---- crypto/asn1/asn1_locl.h | 81 +- crypto/asn1/asn1_old.c | 180 ++ crypto/asn1/asn1_old_lib.c | 212 +++ crypto/asn1/asn1_par.c | 40 +- crypto/asn1/asn1_types.c | 303 ++++ crypto/asn1/asn_mime.c | 11 +- crypto/asn1/asn_moid.c | 4 +- crypto/asn1/bio_asn1.c | 41 +- crypto/asn1/bio_ndef.c | 4 +- crypto/asn1/p5_pbe.c | 4 +- crypto/asn1/p5_pbev2.c | 10 +- crypto/asn1/p8_pkey.c | 4 +- crypto/asn1/t_crl.c | 6 +- crypto/asn1/t_pkey.c | 4 +- crypto/asn1/t_req.c | 31 +- crypto/asn1/t_spki.c | 4 +- crypto/asn1/t_x509.c | 80 +- crypto/asn1/t_x509a.c | 7 +- crypto/asn1/tasn_dec.c | 1973 +++++++++++---------- crypto/asn1/tasn_enc.c | 15 +- crypto/asn1/tasn_fre.c | 33 +- crypto/asn1/tasn_new.c | 75 +- crypto/asn1/tasn_prn.c | 16 +- crypto/asn1/tasn_typ.c | 186 +- crypto/asn1/tasn_utl.c | 109 +- crypto/asn1/x_algor.c | 8 +- crypto/asn1/x_attrib.c | 64 +- crypto/asn1/x_bignum.c | 103 +- crypto/asn1/x_crl.c | 12 +- crypto/asn1/x_exten.c | 4 +- crypto/asn1/x_long.c | 176 +- crypto/asn1/x_name.c | 11 +- crypto/asn1/x_pkey.c | 4 +- crypto/asn1/x_pubkey.c | 576 ++++-- crypto/asn1/x_req.c | 4 +- crypto/asn1/x_sig.c | 23 +- crypto/asn1/x_x509.c | 13 +- crypto/asn1/x_x509a.c | 61 +- crypto/bio/bf_buff.c | 8 +- crypto/bio/bf_nbio.c | 8 +- crypto/bio/bf_null.c | 8 +- crypto/bio/bio_cb.c | 4 +- crypto/bio/bio_err.c | 9 +- crypto/bio/bio_lib.c | 312 +++- crypto/bio/bio_local.h | 123 ++ crypto/bio/bio_meth.c | 10 +- crypto/bio/bss_acpt.c | 4 +- crypto/bio/bss_bio.c | 4 +- crypto/bio/bss_conn.c | 23 +- crypto/bio/bss_dgram.c | 4 +- crypto/bio/bss_fd.c | 4 +- crypto/bio/bss_file.c | 4 +- crypto/bio/bss_log.c | 4 +- crypto/bio/bss_mem.c | 328 ++-- crypto/bio/bss_null.c | 4 +- crypto/bio/bss_sock.c | 4 +- crypto/bn/bn_bpsw.c | 445 +++++ crypto/bn/bn_err.c | 8 +- crypto/bn/bn_exp.c | 5 +- crypto/bn/bn_exp2.c | 4 +- crypto/bn/bn_gcd.c | 40 +- crypto/bn/bn_isqrt.c | 237 +++ crypto/bn/bn_kron.c | 186 +- crypto/bn/bn_lcl.h | 54 +- crypto/bn/bn_lib.c | 233 ++- crypto/bn/bn_mont.c | 11 +- crypto/bn/bn_nist.c | 394 +++-- crypto/bn/bn_prime.c | 24 +- crypto/bn/bn_print.c | 8 +- crypto/bn/bn_shift.c | 14 +- crypto/bn/bn_sqrt.c | 15 +- crypto/bn/bn_x931p.c | 11 +- crypto/buffer/buf_err.c | 8 +- crypto/bytestring/bs_ber.c | 269 +++ crypto/bytestring/bs_cbb.c | 483 +++++ crypto/bytestring/bs_cbs.c | 615 +++++++ crypto/bytestring/bytestring.h | 566 ++++++ crypto/chacha/chacha-merged.c | 31 +- crypto/chacha/chacha.c | 26 +- crypto/cmac/cm_ameth.c | 3 +- crypto/cmac/cmac.c | 4 +- crypto/cms/cms_asn1.c | 3 +- crypto/cms/cms_enc.c | 4 +- crypto/cms/cms_err.c | 3 +- crypto/cms/cms_lib.c | 5 +- crypto/cms/cms_pwri.c | 6 +- crypto/cms/cms_sd.c | 9 +- crypto/comp/c_rle.c | 4 +- crypto/comp/c_zlib.c | 8 +- crypto/comp/comp_err.c | 5 +- crypto/comp/comp_lib.c | 4 +- crypto/comp/comp_local.h | 36 + crypto/compat/arc4random.c | 12 +- crypto/compat/chacha_private.h | 4 +- crypto/compat/getentropy_aix.c | 4 +- crypto/compat/getentropy_hpux.c | 4 +- crypto/compat/getentropy_linux.c | 4 +- crypto/compat/getentropy_osx.c | 4 +- crypto/compat/getentropy_solaris.c | 4 +- crypto/compat/strtonum.c | 65 + crypto/conf/conf_err.c | 8 +- crypto/cpt_err.c | 8 +- crypto/cryptlib.h | 5 +- crypto/crypto.sym | 347 +++- crypto/crypto_init.c | 28 +- crypto/ct/ct_b64.c | 224 +++ crypto/ct/ct_err.c | 147 ++ crypto/ct/ct_local.h | 260 +++ crypto/ct/ct_log.c | 365 ++++ crypto/ct/ct_oct.c | 458 +++++ crypto/ct/ct_policy.c | 153 ++ crypto/ct/ct_prn.c | 208 +++ crypto/ct/ct_sct.c | 480 +++++ crypto/ct/ct_sct_ctx.c | 323 ++++ crypto/ct/ct_vfy.c | 195 +++ crypto/ct/ct_x509v3.c | 186 ++ crypto/curve25519/curve25519.c | 4 +- crypto/des/cfb_enc.c | 4 +- crypto/dh/dh_ameth.c | 55 +- crypto/dh/dh_asn1.c | 4 +- crypto/dh/dh_check.c | 253 ++- crypto/dh/dh_depr.c | 4 +- crypto/dh/dh_err.c | 19 +- crypto/dh/dh_gen.c | 4 +- crypto/dh/dh_key.c | 3 +- crypto/dh/dh_lib.c | 54 +- crypto/dh/dh_local.h | 117 ++ crypto/dh/dh_pmeth.c | 4 +- crypto/dsa/dsa_ameth.c | 89 +- crypto/dsa/dsa_asn1.c | 67 +- crypto/dsa/dsa_depr.c | 4 +- crypto/dsa/dsa_err.c | 8 +- crypto/dsa/dsa_key.c | 4 +- crypto/dsa/dsa_lib.c | 95 +- crypto/dsa/dsa_locl.h | 55 +- crypto/dsa/dsa_meth.c | 37 +- crypto/dsa/dsa_ossl.c | 16 +- crypto/dsa/dsa_pmeth.c | 3 +- crypto/dsa/dsa_sign.c | 4 +- crypto/dsa/dsa_vrf.c | 4 +- crypto/dso/dso_err.c | 8 +- crypto/ec/ec_ameth.c | 69 +- crypto/ec/ec_asn1.c | 50 +- crypto/ec/ec_curve.c | 7 +- crypto/ec/ec_err.c | 8 +- crypto/ec/ec_kmeth.c | 3 +- crypto/ec/ec_lcl.h | 8 +- crypto/ec/ec_lib.c | 108 +- crypto/ec/ec_pmeth.c | 3 +- crypto/ec/ecp_nist.c | 5 +- crypto/ec/ecp_smpl.c | 6 +- crypto/ecdh/ech_err.c | 8 +- crypto/ecdh/ech_key.c | 5 +- crypto/ecdsa/ecs_asn1.c | 18 +- crypto/ecdsa/ecs_err.c | 10 +- crypto/ecdsa/ecs_lib.c | 47 +- crypto/ecdsa/ecs_locl.h | 7 +- crypto/ecdsa/ecs_ossl.c | 15 +- crypto/ecdsa/ecs_sign.c | 5 +- crypto/ecdsa/ecs_vrf.c | 10 +- crypto/engine/eng_err.c | 8 +- crypto/engine/eng_openssl.c | 27 +- crypto/err/err.c | 3 +- crypto/err/err_all.c | 66 +- crypto/err/err_prn.c | 4 +- crypto/evp/bio_b64.c | 9 +- crypto/evp/bio_enc.c | 29 +- crypto/evp/bio_md.c | 9 +- crypto/evp/c_all.c | 16 +- crypto/evp/digest.c | 19 +- crypto/evp/e_aes.c | 1196 +++++++++++-- crypto/evp/e_aes_cbc_hmac_sha1.c | 5 +- crypto/evp/e_bf.c | 174 +- crypto/evp/e_camellia.c | 774 +++++++- crypto/evp/e_cast.c | 175 +- crypto/evp/e_chacha.c | 53 +- crypto/evp/e_chacha20poly1305.c | 281 ++- crypto/evp/e_des.c | 241 ++- crypto/evp/e_des3.c | 383 +++- crypto/evp/e_gost2814789.c | 140 +- crypto/evp/e_idea.c | 195 ++- crypto/evp/e_null.c | 4 +- crypto/evp/e_rc2.c | 182 +- crypto/evp/e_rc4_hmac_md5.c | 4 +- crypto/evp/e_sm4.c | 164 +- crypto/evp/encode.c | 4 +- crypto/evp/evp_aead.c | 18 +- crypto/evp/evp_enc.c | 57 +- crypto/evp/evp_err.c | 8 +- crypto/evp/evp_key.c | 4 +- crypto/evp/evp_lib.c | 171 +- crypto/evp/evp_locl.h | 347 ++-- crypto/evp/evp_pkey.c | 3 +- crypto/evp/m_gost2814789.c | 5 +- crypto/evp/m_gostr341194.c | 7 +- crypto/evp/m_md4.c | 11 +- crypto/evp/m_md5.c | 11 +- crypto/evp/m_md5_sha1.c | 11 +- crypto/evp/m_null.c | 9 +- crypto/evp/m_ripemd.c | 11 +- crypto/evp/m_sha1.c | 49 +- crypto/evp/m_sm3.c | 13 +- crypto/evp/m_streebog.c | 8 +- crypto/evp/m_wp.c | 9 +- crypto/evp/names.c | 4 +- crypto/evp/p5_crpt.c | 4 +- crypto/evp/p5_crpt2.c | 3 +- crypto/evp/p_dec.c | 4 +- crypto/evp/p_enc.c | 4 +- crypto/evp/p_lib.c | 17 +- crypto/evp/p_open.c | 4 +- crypto/evp/p_sign.c | 59 +- crypto/evp/p_verify.c | 51 +- crypto/evp/pmeth_gn.c | 69 +- crypto/evp/pmeth_lib.c | 126 +- crypto/gost/gost2814789.c | 5 +- crypto/gost/gost89imit_ameth.c | 3 +- crypto/gost/gost_err.c | 6 - crypto/gost/gostr341001.c | 3 +- crypto/gost/gostr341001_ameth.c | 6 +- crypto/gost/gostr341001_pmeth.c | 8 +- crypto/gost/streebog.c | 5 +- crypto/hkdf/hkdf.c | 5 +- crypto/hmac/hm_ameth.c | 5 +- crypto/hmac/hm_pmeth.c | 16 +- crypto/hmac/hmac.c | 12 +- crypto/hmac/hmac_local.h | 83 + crypto/kdf/hkdf_evp.c | 269 +++ crypto/kdf/kdf_err.c | 89 + crypto/modes/cbc128.c | 6 +- crypto/modes/modes_lcl.h | 4 +- crypto/modes/xts128.c | 5 +- crypto/o_fips.c | 76 + crypto/o_time.c | 83 +- crypto/o_time.h | 5 +- crypto/objects/obj_dat.c | 178 +- crypto/objects/obj_dat.h | 60 +- crypto/objects/obj_err.c | 8 +- crypto/objects/obj_lib.c | 4 +- crypto/ocsp/ocsp_asn.c | 4 +- crypto/ocsp/ocsp_cl.c | 57 +- crypto/ocsp/ocsp_err.c | 8 +- crypto/ocsp/ocsp_ext.c | 5 +- crypto/ocsp/ocsp_lib.c | 8 +- crypto/ocsp/ocsp_local.h | 291 +++ crypto/ocsp/ocsp_prn.c | 4 +- crypto/ocsp/ocsp_srv.c | 6 +- crypto/ocsp/ocsp_vfy.c | 24 +- crypto/pem/pem_err.c | 8 +- crypto/pem/pem_info.c | 4 +- crypto/pem/pem_lib.c | 6 +- crypto/pem/pem_pkey.c | 18 +- crypto/pem/pem_xaux.c | 30 +- crypto/pem/pvkfmt.c | 5 +- crypto/pkcs12/p12_add.c | 52 +- crypto/pkcs12/p12_asn.c | 8 +- crypto/pkcs12/p12_attr.c | 23 +- crypto/pkcs12/p12_crt.c | 10 +- crypto/pkcs12/p12_decr.c | 4 +- crypto/pkcs12/p12_init.c | 10 +- crypto/pkcs12/p12_key.c | 114 +- crypto/pkcs12/p12_kiss.c | 57 +- crypto/pkcs12/p12_mutl.c | 104 +- crypto/pkcs12/p12_npas.c | 5 +- crypto/pkcs12/p12_p8d.c | 4 +- crypto/pkcs12/p12_p8e.c | 4 +- crypto/pkcs12/p12_sbag.c | 225 +++ crypto/pkcs12/p12_utl.c | 40 +- crypto/pkcs12/pk12err.c | 8 +- crypto/pkcs12/pkcs12_local.h | 101 ++ crypto/pkcs7/pk7_asn1.c | 3 +- crypto/pkcs7/pk7_doit.c | 13 +- crypto/pkcs7/pk7_lib.c | 4 +- crypto/pkcs7/pk7_smime.c | 4 +- crypto/pkcs7/pkcs7err.c | 8 +- crypto/rand/rand_err.c | 8 +- crypto/rc4/rc4_enc.c | 5 +- crypto/rsa/rsa_ameth.c | 25 +- crypto/rsa/rsa_chk.c | 14 +- crypto/rsa/rsa_crpt.c | 3 +- crypto/rsa/rsa_depr.c | 4 +- crypto/rsa/rsa_eay.c | 7 +- crypto/rsa/rsa_err.c | 8 +- crypto/rsa/rsa_gen.c | 10 +- crypto/rsa/rsa_lib.c | 63 +- crypto/rsa/rsa_locl.h | 76 +- crypto/rsa/rsa_meth.c | 21 +- crypto/rsa/rsa_oaep.c | 23 +- crypto/rsa/rsa_pmeth.c | 3 +- crypto/rsa/rsa_pss.c | 5 +- crypto/rsa/rsa_sign.c | 4 +- crypto/sha/sha256.c | 5 +- crypto/sha/sha512.c | 5 +- crypto/sha/sha_locl.h | 4 +- crypto/ts/ts_asn1.c | 127 +- crypto/ts/ts_err.c | 8 +- crypto/ts/ts_lib.c | 5 +- crypto/ts/ts_local.h | 316 ++++ crypto/ts/ts_req_utils.c | 4 +- crypto/ts/ts_rsp_print.c | 4 +- crypto/ts/ts_rsp_sign.c | 27 +- crypto/ts/ts_rsp_utils.c | 28 +- crypto/ts/ts_rsp_verify.c | 148 +- crypto/ts/ts_verify_ctx.c | 68 +- crypto/ui/ui_err.c | 8 +- crypto/whrlpool/wp_block.c | 4 +- crypto/x509/by_dir.c | 70 +- crypto/x509/by_file.c | 33 +- crypto/x509/by_mem.c | 4 +- crypto/x509/ext_dat.h | 8 +- crypto/x509/pcy_cache.c | 3 +- crypto/x509/pcy_map.c | 3 +- crypto/x509/pcy_tree.c | 3 +- crypto/x509/x509_addr.c | 1309 +++++++++----- crypto/x509/x509_alt.c | 71 +- crypto/x509/x509_asid.c | 217 ++- crypto/x509/x509_att.c | 29 +- crypto/x509/x509_cmp.c | 9 +- crypto/x509/x509_conf.c | 4 +- crypto/x509/x509_constraints.c | 172 +- crypto/x509/x509_cpols.c | 4 +- crypto/x509/x509_crld.c | 4 +- crypto/x509/x509_err.c | 9 +- crypto/x509/x509_ext.c | 4 +- crypto/x509/x509_internal.h | 14 +- crypto/x509/x509_issuer_cache.c | 52 +- crypto/x509/x509_issuer_cache.h | 3 +- crypto/x509/x509_lcl.h | 321 +++- crypto/x509/x509_lib.c | 6 +- crypto/x509/x509_lu.c | 637 +++---- crypto/x509/x509_ncons.c | 4 +- crypto/x509/x509_obj.c | 4 +- crypto/x509/x509_ocsp.c | 4 +- crypto/x509/x509_prn.c | 4 +- crypto/x509/x509_purp.c | 60 +- crypto/x509/x509_r2x.c | 25 +- crypto/x509/x509_req.c | 84 +- crypto/x509/x509_set.c | 10 +- crypto/x509/x509_skey.c | 4 +- crypto/x509/x509_trs.c | 4 +- crypto/x509/x509_txt.c | 18 +- crypto/x509/x509_utl.c | 4 +- crypto/x509/x509_v3.c | 4 +- crypto/x509/x509_verify.c | 292 +-- crypto/x509/x509_vfy.c | 317 +++- crypto/x509/x509_vpm.c | 15 +- crypto/x509/x509cset.c | 13 +- crypto/x509/x509name.c | 4 +- crypto/x509/x509rset.c | 7 +- crypto/x509/x509type.c | 5 +- crypto/x509/x_all.c | 102 +- depcomp | 2 +- include/Makefile.am | 3 +- include/Makefile.in | 32 +- include/compat/arpa/nameser.h | 2 + include/compat/endian.h | 51 + include/compat/err.h | 12 +- include/compat/netinet/ip.h | 2 + include/compat/resolv.h | 2 +- include/compat/sys/socket.h | 1 + include/openssl/Makefile.am | 2 + include/openssl/Makefile.in | 58 +- include/openssl/asn1.h | 98 +- include/openssl/asn1t.h | 165 +- include/openssl/bio.h | 106 +- include/openssl/blowfish.h | 7 +- include/openssl/bn.h | 130 +- include/openssl/buffer.h | 6 +- include/openssl/comp.h | 29 +- include/openssl/conf.h | 6 +- include/openssl/crypto.h | 43 +- include/openssl/ct.h | 567 ++++++ include/openssl/dh.h | 93 +- include/openssl/dsa.h | 88 +- include/openssl/dso.h | 6 +- include/openssl/ec.h | 6 +- include/openssl/ecdh.h | 6 +- include/openssl/ecdsa.h | 19 +- include/openssl/engine.h | 6 +- include/openssl/err.h | 10 +- include/openssl/evp.h | 307 ++-- include/openssl/gost.h | 6 +- include/openssl/hmac.h | 17 +- include/openssl/kdf.h | 111 ++ include/openssl/obj_mac.h | 41 + include/openssl/objects.h | 99 +- include/openssl/ocsp.h | 287 +-- include/openssl/opensslconf.h | 2 +- include/openssl/opensslfeatures.h | 3 +- include/openssl/opensslv.h | 6 +- include/openssl/ossl_typ.h | 24 +- include/openssl/pem.h | 28 +- include/openssl/pkcs12.h | 102 +- include/openssl/pkcs7.h | 6 +- include/openssl/rand.h | 6 +- include/openssl/rsa.h | 111 +- include/openssl/safestack.h | 70 +- include/openssl/ssl.h | 467 +++-- include/openssl/tls1.h | 23 +- include/openssl/ts.h | 257 +-- include/openssl/ui.h | 7 +- include/openssl/x509.h | 308 +--- include/openssl/x509_verify.h | 3 +- include/openssl/x509_vfy.h | 294 +--- include/openssl/x509v3.h | 129 +- include/tls.h | 2 +- m4/check-hardening-options.m4 | 26 +- m4/check-libc.m4 | 12 +- m4/check-os-options.m4 | 15 +- man/ACCESS_DESCRIPTION_new.3 | 6 +- man/ASN1_BIT_STRING_num_asc.3 | 146 ++ man/ASN1_BIT_STRING_set.3 | 179 ++ man/ASN1_INTEGER_get.3 | 211 ++- man/ASN1_NULL_new.3 | 66 + man/ASN1_OBJECT_new.3 | 87 +- man/ASN1_PRINTABLE_type.3 | 92 + man/ASN1_STRING_TABLE_add.3 | 67 +- man/ASN1_STRING_length.3 | 140 +- man/ASN1_STRING_new.3 | 13 +- man/ASN1_STRING_print_ex.3 | 5 +- man/ASN1_TIME_set.3 | 75 +- man/ASN1_TYPE_get.3 | 171 +- man/ASN1_UNIVERSALSTRING_to_string.3 | 64 + man/ASN1_bn_print.3 | 118 ++ man/ASN1_item_d2i.3 | 47 +- man/ASN1_item_digest.3 | 71 + man/ASN1_item_new.3 | 11 +- man/ASN1_item_pack.3 | 84 + man/ASN1_item_sign.3 | 128 ++ man/ASN1_item_verify.3 | 77 + man/ASN1_mbstring_copy.3 | 369 ++++ man/ASN1_parse_dump.3 | 14 +- man/ASN1_put_object.3 | 85 +- man/BASIC_CONSTRAINTS_new.3 | 5 +- man/BIO_ctrl.3 | 23 +- man/BIO_dump.3 | 6 +- man/BIO_f_asn1.3 | 229 +++ man/BIO_f_buffer.3 | 6 +- man/BIO_f_ssl.3 | 14 +- man/BIO_find_type.3 | 145 +- man/BIO_new.3 | 5 +- man/BIO_new_CMS.3 | 5 +- man/BIO_new_NDEF.3 | 120 ++ man/BIO_read.3 | 73 +- man/BIO_s_accept.3 | 8 +- man/BIO_s_bio.3 | 8 +- man/BIO_s_connect.3 | 6 +- man/BIO_s_mem.3 | 15 +- man/BN_add.3 | 229 ++- man/BN_bn2bin.3 | 5 +- man/BN_cmp.3 | 49 +- man/BN_copy.3 | 6 +- man/BN_mod_inverse.3 | 6 +- man/BN_mod_mul_montgomery.3 | 88 +- man/BN_mod_mul_reciprocal.3 | 10 +- man/BN_new.3 | 6 +- man/BN_num_bytes.3 | 5 +- man/BN_rand.3 | 6 +- man/BN_set_bit.3 | 10 +- man/BN_set_flags.3 | 9 +- man/BN_set_negative.3 | 5 +- man/BN_swap.3 | 87 +- man/BN_zero.3 | 46 +- man/CMS_get0_RecipientInfos.3 | 6 +- man/CMS_verify.3 | 8 +- man/CRYPTO_set_ex_data.3 | 6 +- man/ChaCha.3 | 6 +- man/DES_set_key.3 | 6 +- man/DH_generate_parameters.3 | 75 +- man/DH_get0_pqg.3 | 5 +- man/DH_new.3 | 5 +- man/DH_set_method.3 | 6 +- man/DH_size.3 | 7 +- man/DSA_get0_pqg.3 | 5 +- man/DSA_meth_new.3 | 65 +- man/DSA_new.3 | 5 +- man/DSA_set_method.3 | 6 +- man/DSA_size.3 | 61 +- man/EC_GFp_simple_method.3 | 6 +- man/EC_GROUP_copy.3 | 6 +- man/EC_GROUP_new.3 | 6 +- man/ENGINE_ctrl.3 | 8 +- man/ERR.3 | 65 +- man/ERR_load_crypto_strings.3 | 39 +- man/ERR_put_error.3 | 6 +- man/EVP_AEAD_CTX_init.3 | 51 +- man/EVP_DigestInit.3 | 44 +- man/EVP_DigestSignInit.3 | 12 +- man/EVP_DigestVerifyInit.3 | 12 +- man/EVP_EncryptInit.3 | 23 +- man/EVP_PKCS82PKEY.3 | 63 + man/EVP_PKEY_CTX_new.3 | 5 +- man/EVP_PKEY_CTX_set_hkdf_md.3 | 253 +++ man/EVP_PKEY_add1_attr.3 | 188 ++ man/EVP_PKEY_asn1_new.3 | 280 +-- man/EVP_PKEY_check.3 | 149 ++ man/EVP_PKEY_cmp.3 | 74 +- man/EVP_PKEY_decrypt.3 | 6 +- man/EVP_PKEY_encrypt.3 | 6 +- man/EVP_PKEY_meth_new.3 | 48 +- man/EVP_PKEY_new.3 | 11 +- man/EVP_PKEY_set1_RSA.3 | 6 +- man/EVP_PKEY_sign.3 | 6 +- man/EVP_PKEY_size.3 | 224 +++ man/EVP_SignInit.3 | 43 +- man/EXTENDED_KEY_USAGE_new.3 | 5 +- man/HMAC.3 | 83 +- man/Makefile.am | 494 +++++- man/Makefile.in | 551 +++++- man/OBJ_NAME_add.3 | 347 ++++ man/OBJ_add_sigid.3 | 124 ++ man/OBJ_create.3 | 287 +++ man/OBJ_nid2obj.3 | 71 +- man/OCSP_CRLID_new.3 | 6 +- man/OCSP_REQUEST_new.3 | 6 +- man/OCSP_cert_to_id.3 | 6 +- man/OCSP_resp_find_status.3 | 8 +- man/OCSP_sendreq_new.3 | 6 +- man/OpenSSL_add_all_algorithms.3 | 17 +- man/PEM_X509_INFO_read.3 | 7 +- man/PEM_read.3 | 6 +- man/PEM_write_bio_ASN1_stream.3 | 90 + man/PEM_write_bio_CMS_stream.3 | 5 +- man/PEM_write_bio_PKCS7_stream.3 | 5 +- man/PKCS12_create.3 | 11 +- man/PKCS7_verify.3 | 12 +- man/PKCS8_PRIV_KEY_INFO_new.3 | 7 +- man/PKCS8_pkey_set0.3 | 163 ++ man/POLICYINFO_new.3 | 5 +- man/PROXY_POLICY_new.3 | 5 +- man/RSA_get_ex_new_index.3 | 6 +- man/RSA_new.3 | 5 +- man/RSA_security_bits.3 | 137 ++ man/RSA_set_method.3 | 6 +- man/RSA_size.3 | 7 +- man/SMIME_crlf_copy.3 | 97 + man/SMIME_read_ASN1.3 | 124 ++ man/SMIME_read_CMS.3 | 7 +- man/SMIME_read_PKCS7.3 | 9 +- man/SMIME_text.3 | 57 + man/SMIME_write_ASN1.3 | 166 ++ man/SMIME_write_CMS.3 | 7 +- man/SMIME_write_PKCS7.3 | 45 +- man/SSL_CIPHER_get_name.3 | 10 +- man/SSL_CTX_new.3 | 9 +- man/SSL_CTX_sess_set_get_cb.3 | 11 +- man/SSL_CTX_set_keylog_callback.3 | 56 + man/SSL_CTX_set_num_tickets.3 | 63 + man/SSL_CTX_set_options.3 | 10 +- man/SSL_CTX_set_security_level.3 | 159 ++ man/SSL_CTX_set_tlsext_ticket_key_cb.3 | 14 +- man/SSL_CTX_set_tmp_dh_callback.3 | 10 +- man/SSL_CTX_set_tmp_rsa_callback.3 | 6 +- man/SSL_dup.3 | 7 +- man/SSL_get_ex_data_X509_STORE_CTX_idx.3 | 6 +- man/SSL_get_session.3 | 6 +- man/SSL_new.3 | 7 +- man/SSL_read.3 | 66 +- man/SSL_read_early_data.3 | 8 +- man/SSL_set1_param.3 | 6 +- man/SSL_set_SSL_CTX.3 | 7 +- man/SSL_set_tmp_ecdh.3 | 6 +- man/SSL_write.3 | 125 +- man/STACK_OF.3 | 35 +- man/X25519.3 | 6 +- man/X509V3_extensions_print.3 | 6 +- man/X509_ATTRIBUTE_get0_object.3 | 136 ++ man/X509_ATTRIBUTE_new.3 | 75 +- man/X509_ATTRIBUTE_set1_object.3 | 267 +++ man/X509_CRL_METHOD_new.3 | 182 ++ man/X509_CRL_get0_by_serial.3 | 19 +- man/X509_CRL_new.3 | 20 +- man/X509_EXTENSION_set_object.3 | 30 +- man/X509_INFO_new.3 | 7 +- man/X509_LOOKUP_hash_dir.3 | 115 +- man/X509_LOOKUP_new.3 | 68 +- man/X509_NAME_ENTRY_get_object.3 | 28 +- man/X509_NAME_add_entry_by_txt.3 | 12 +- man/X509_NAME_get_index_by_NID.3 | 11 +- man/X509_NAME_print_ex.3 | 8 +- man/X509_OBJECT_get0_X509.3 | 67 +- man/X509_PKEY_new.3 | 92 + man/X509_PUBKEY_new.3 | 80 +- man/X509_REQ_add1_attr.3 | 186 ++ man/X509_REQ_add_extensions.3 | 141 ++ man/X509_REQ_new.3 | 50 +- man/X509_REQ_print_ex.3 | 175 ++ man/X509_SIG_get0.3 | 90 + man/X509_SIG_new.3 | 7 +- man/X509_STORE_CTX_get_error.3 | 89 +- man/X509_STORE_CTX_new.3 | 12 +- man/X509_STORE_CTX_set_flags.3 | 12 +- man/X509_STORE_CTX_set_verify.3 | 167 ++ man/X509_STORE_CTX_set_verify_cb.3 | 64 +- man/X509_STORE_get_by_subject.3 | 63 +- man/X509_STORE_load_locations.3 | 9 +- man/X509_STORE_new.3 | 8 +- man/X509_STORE_set1_param.3 | 7 +- man/X509_STORE_set_verify_cb_func.3 | 40 +- man/X509_VERIFY_PARAM_new.3 | 309 ++++ man/X509_VERIFY_PARAM_set_flags.3 | 274 ++- man/X509_check_ca.3 | 27 +- man/X509_check_purpose.3 | 26 +- man/X509_check_trust.3 | 48 +- man/X509_cmp_time.3 | 96 +- man/X509_get_extension_flags.3 | 234 +++ man/X509_get_pubkey.3 | 24 +- man/X509_get_pubkey_parameters.3 | 99 ++ man/X509_load_cert_file.3 | 133 ++ man/X509_new.3 | 50 +- man/X509_policy_check.3 | 5 +- man/X509_policy_tree_get0_policies.3 | 101 ++ man/X509_policy_tree_level_count.3 | 9 +- man/X509_print_ex.3 | 7 +- man/X509_sign.3 | 17 +- man/X509_signature_dump.3 | 5 +- man/X509at_add1_attr.3 | 134 ++ man/X509at_get_attr.3 | 160 ++ man/a2d_ASN1_OBJECT.3 | 83 + man/crypto.3 | 323 +++- man/d2i_ASN1_NULL.3 | 5 +- man/d2i_ASN1_OBJECT.3 | 50 +- man/d2i_ASN1_OCTET_STRING.3 | 30 +- man/d2i_ASN1_SEQUENCE_ANY.3 | 13 +- man/d2i_PrivateKey.3 | 49 +- man/d2i_X509.3 | 78 +- man/d2i_X509_ALGOR.3 | 41 +- man/d2i_X509_CRL.3 | 18 +- man/d2i_X509_NAME.3 | 6 +- man/get_rfc3526_prime_8192.3 | 11 +- man/i2a_ASN1_STRING.3 | 253 +++ man/i2d_ASN1_bio_stream.3 | 96 + man/i2d_CMS_bio_stream.3 | 5 +- man/i2d_PKCS7_bio_stream.3 | 7 +- man/lh_new.3 | 36 +- man/openssl.cnf.5 | 8 +- man/ssl.3 | 7 +- man/tls_load_file.3 | 6 +- man/x509v3.cnf.5 | 6 +- missing | 2 +- scripts/test | 14 +- ssl/CMakeLists.txt | 39 +- ssl/Makefile.am | 31 +- ssl/Makefile.in | 149 +- ssl/VERSION | 2 +- ssl/bio_ssl.c | 7 +- ssl/bs_cbb.c | 18 +- ssl/bs_cbs.c | 112 +- ssl/bytestring.h | 50 +- ssl/d1_both.c | 134 +- ssl/d1_lib.c | 71 +- ssl/d1_pkt.c | 643 ++++--- ssl/d1_srtp.c | 7 +- ssl/dtls_locl.h | 33 +- ssl/s3_cbc.c | 19 +- ssl/s3_lib.c | 349 ++-- ssl/ssl.sym | 25 + ssl/ssl_algs.c | 3 +- ssl/ssl_asn1.c | 36 +- ssl/ssl_both.c | 159 +- ssl/ssl_cert.c | 235 +-- ssl/ssl_ciph.c | 102 +- ssl/ssl_ciphers.c | 32 +- ssl/ssl_clnt.c | 1283 ++++++-------- ssl/ssl_err.c | 21 +- ssl/ssl_kex.c | 263 ++- ssl/ssl_lib.c | 661 +++++-- ssl/ssl_locl.h | 465 +++-- ssl/ssl_packet.c | 6 +- ssl/ssl_pkt.c | 817 +++++---- ssl/ssl_rsa.c | 173 +- ssl/ssl_seclevel.c | 473 +++++ ssl/ssl_sess.c | 135 +- ssl/ssl_sigalgs.c | 81 +- ssl/ssl_sigalgs.h | 7 +- ssl/ssl_srvr.c | 1127 +++++------- ssl/ssl_stat.c | 6 +- ssl/ssl_tlsext.c | 944 ++++++---- ssl/ssl_tlsext.h | 102 +- ssl/ssl_transcript.c | 71 +- ssl/ssl_txt.c | 74 +- ssl/ssl_versions.c | 44 +- ssl/t1_enc.c | 71 +- ssl/t1_lib.c | 472 +++-- ssl/tls12_lib.c | 20 +- ssl/tls12_record_layer.c | 17 +- ssl/tls13_client.c | 92 +- ssl/tls13_handshake.c | 4 +- ssl/tls13_handshake_msg.c | 23 +- ssl/tls13_internal.h | 76 +- ssl/tls13_key_schedule.c | 4 +- ssl/tls13_legacy.c | 74 +- ssl/tls13_lib.c | 117 +- ssl/tls13_quic.c | 182 ++ ssl/tls13_record.c | 21 +- ssl/tls13_record.h | 6 +- ssl/tls13_record_layer.c | 75 +- ssl/tls13_server.c | 107 +- ssl/tls_buffer.c | 248 +++ ssl/tls_internal.h | 100 ++ ssl/tls_key_share.c | 484 +++++ ssl/tls_lib.c | 68 + tap-driver.sh | 2 +- test-driver | 11 +- tests/CMakeLists.txt | 535 +++--- tests/Makefile.am | 198 ++- tests/Makefile.in | 1061 +++++++---- tests/aeadtest.c | 441 +++-- tests/aeadtest.sh | 8 +- tests/aes_128_gcm_tests.txt | 532 ++++++ tests/aes_192_gcm_tests.txt | 44 + tests/aes_256_gcm_tests.txt | 467 +++++ tests/asn1_string_to_utf8.c | 128 ++ tests/asn1api.c | 415 +++++ tests/asn1basic.c | 763 ++++++++ tests/asn1complex.c | 324 ++++ tests/asn1evp.c | 12 +- tests/asn1object.c | 495 ++++++ tests/asn1string_copy.c | 119 ++ tests/asn1test.c | 48 +- tests/asn1time.c | 156 +- tests/asn1x509.c | 577 ++++++ tests/base64test.c | 18 +- tests/biotest.c | 335 +++- tests/bn_isqrt.c | 333 ++++ tests/bn_mod_exp2_mont.c | 45 + tests/bn_mod_sqrt.c | 132 ++ tests/bn_primes.c | 90 + tests/bn_rand_interval.c | 4 +- tests/bntest.c | 966 +++++----- tests/buffertest.c | 266 ++- tests/bytestringtest.c | 58 +- tests/ca-int-ecdsa.crl | 8 + tests/ca-int-ecdsa.pem | 13 + tests/ca-int-rsa.crl | 11 + tests/ca-int-rsa.pem | 22 + tests/ca-root-ecdsa.pem | 13 + tests/ca-root-rsa.pem | 22 + tests/chacha20_poly1305_tests.txt | 576 ++++++ tests/cipher_list.c | 7 +- tests/client.pem | 51 + tests/client1-ecdsa-chain.pem | 27 + tests/client1-ecdsa.pem | 19 + tests/client1-rsa-chain.pem | 44 + tests/client1-rsa.pem | 50 + tests/client2-ecdsa-chain.pem | 26 + tests/client2-ecdsa.pem | 18 + tests/client2-rsa-chain.pem | 44 + tests/client2-rsa.pem | 50 + tests/client3-ecdsa-chain.pem | 26 + tests/client3-ecdsa.pem | 18 + tests/client3-rsa-chain.pem | 44 + tests/client3-rsa.pem | 50 + tests/clienttest.c | 135 +- tests/cmstest.c | 10 +- tests/constraints.c | 35 +- tests/dhtest.c | 109 +- tests/dsatest.c | 238 +-- tests/dtlstest.c | 3 +- tests/ec_asn1_test.c | 206 +++ tests/ec_point_conversion.c | 4 +- tests/ecdhtest.c | 29 +- tests/ecdsatest.c | 403 ++--- tests/enginetest.c | 10 +- tests/evp_pkey_check.c | 404 +++++ tests/evp_pkey_cleanup.c | 86 + tests/evptest.c | 53 +- tests/explicit_bzero.c | 27 +- tests/exptest.c | 87 +- tests/freenull.c | 22 +- tests/gcm128test.c | 10 +- tests/gost2814789t.c | 132 +- tests/handshake_table.c | 89 +- tests/hmactest.c | 76 +- tests/keypairtest.c | 14 +- tests/md_test.c | 301 ++++ tests/mont.c | 14 +- tests/objectstest.c | 544 ++++++ tests/optionstest.c | 1 - tests/quictest.bat | 14 + tests/quictest.c | 339 ++++ tests/quictest.sh | 13 + tests/rc2_test.c | 917 ++++++++++ tests/rc4_test.c | 479 +++++ tests/record_layer_test.c | 6 +- tests/recordtest.c | 6 +- tests/rfc3779.c | 1940 ++++++++++++++++++++ tests/rfc5280time.c | 30 +- tests/rmd_test.c | 201 +++ tests/rsa_test.c | 709 +++++--- tests/server1-ecdsa-chain.pem | 26 + tests/server1-ecdsa.pem | 18 + tests/server1-rsa-chain.pem | 44 + tests/server1-rsa.pem | 50 + tests/server2-ecdsa-chain.pem | 26 + tests/server2-ecdsa.pem | 18 + tests/server2-rsa-chain.pem | 44 + tests/server2-rsa.pem | 50 + tests/server3-ecdsa-chain.pem | 26 + tests/server3-ecdsa.pem | 18 + tests/server3-rsa-chain.pem | 44 + tests/server3-rsa.pem | 50 + tests/servertest.c | 14 +- tests/sha_test.c | 619 +++++++ tests/ssl_get_shared_ciphers.c | 46 +- tests/ssl_set_alpn_protos.c | 204 +++ tests/ssl_versions.c | 18 +- tests/ssltest.bat | 4 +- tests/ssltest.c | 164 +- tests/ssltest.sh | 3 +- tests/string_table.c | 128 ++ tests/testssl | 16 +- tests/tls_prf.c | 10 +- tests/tlsexttest.c | 1936 ++++++++++++++------ tests/tlslegacytest.c | 12 +- tests/tlstest.c | 2 +- tests/x509attribute.c | 16 +- tests/x509name.c | 5 +- tests/x509req_ext.c | 161 ++ tests/xchacha20_poly1305_tests.txt | 366 ++++ tls/CMakeLists.txt | 15 +- tls/Makefile.am | 1 + tls/Makefile.in | 33 +- tls/VERSION | 2 +- tls/tls.c | 27 +- tls/tls_bio_cb.c | 65 +- tls/tls_client.c | 9 +- tls/tls_config.c | 15 +- tls/tls_internal.h | 29 +- tls/tls_ocsp.c | 38 +- tls/tls_server.c | 30 +- tls/tls_signer.c | 451 +++++ 922 files changed, 71135 insertions(+), 22935 deletions(-) create mode 100644 crypto/asn1/a_pkey.c create mode 100644 crypto/asn1/a_pubkey.c create mode 100644 crypto/asn1/a_string.c create mode 100644 crypto/asn1/asn1_item.c create mode 100644 crypto/asn1/asn1_old.c create mode 100644 crypto/asn1/asn1_old_lib.c create mode 100644 crypto/asn1/asn1_types.c create mode 100644 crypto/bio/bio_local.h create mode 100644 crypto/bn/bn_bpsw.c create mode 100644 crypto/bn/bn_isqrt.c create mode 100644 crypto/bytestring/bs_ber.c create mode 100644 crypto/bytestring/bs_cbb.c create mode 100644 crypto/bytestring/bs_cbs.c create mode 100644 crypto/bytestring/bytestring.h create mode 100644 crypto/comp/comp_local.h create mode 100644 crypto/compat/strtonum.c create mode 100644 crypto/ct/ct_b64.c create mode 100644 crypto/ct/ct_err.c create mode 100644 crypto/ct/ct_local.h create mode 100644 crypto/ct/ct_log.c create mode 100644 crypto/ct/ct_oct.c create mode 100644 crypto/ct/ct_policy.c create mode 100644 crypto/ct/ct_prn.c create mode 100644 crypto/ct/ct_sct.c create mode 100644 crypto/ct/ct_sct_ctx.c create mode 100644 crypto/ct/ct_vfy.c create mode 100644 crypto/ct/ct_x509v3.c create mode 100644 crypto/dh/dh_local.h create mode 100644 crypto/hmac/hmac_local.h create mode 100644 crypto/kdf/hkdf_evp.c create mode 100644 crypto/kdf/kdf_err.c create mode 100644 crypto/o_fips.c create mode 100644 crypto/ocsp/ocsp_local.h create mode 100644 crypto/pkcs12/p12_sbag.c create mode 100644 crypto/pkcs12/pkcs12_local.h create mode 100644 crypto/ts/ts_local.h create mode 100644 include/compat/endian.h create mode 100644 include/openssl/ct.h create mode 100644 include/openssl/kdf.h create mode 100644 man/ASN1_BIT_STRING_num_asc.3 create mode 100644 man/ASN1_BIT_STRING_set.3 create mode 100644 man/ASN1_NULL_new.3 create mode 100644 man/ASN1_PRINTABLE_type.3 create mode 100644 man/ASN1_UNIVERSALSTRING_to_string.3 create mode 100644 man/ASN1_bn_print.3 create mode 100644 man/ASN1_item_digest.3 create mode 100644 man/ASN1_item_pack.3 create mode 100644 man/ASN1_item_sign.3 create mode 100644 man/ASN1_item_verify.3 create mode 100644 man/ASN1_mbstring_copy.3 create mode 100644 man/BIO_f_asn1.3 create mode 100644 man/BIO_new_NDEF.3 create mode 100644 man/EVP_PKCS82PKEY.3 create mode 100644 man/EVP_PKEY_CTX_set_hkdf_md.3 create mode 100644 man/EVP_PKEY_add1_attr.3 create mode 100644 man/EVP_PKEY_check.3 create mode 100644 man/EVP_PKEY_size.3 create mode 100644 man/OBJ_NAME_add.3 create mode 100644 man/OBJ_add_sigid.3 create mode 100644 man/OBJ_create.3 create mode 100644 man/PEM_write_bio_ASN1_stream.3 create mode 100644 man/PKCS8_pkey_set0.3 create mode 100644 man/RSA_security_bits.3 create mode 100644 man/SMIME_crlf_copy.3 create mode 100644 man/SMIME_read_ASN1.3 create mode 100644 man/SMIME_text.3 create mode 100644 man/SMIME_write_ASN1.3 create mode 100644 man/SSL_CTX_set_keylog_callback.3 create mode 100644 man/SSL_CTX_set_num_tickets.3 create mode 100644 man/SSL_CTX_set_security_level.3 create mode 100644 man/X509_ATTRIBUTE_get0_object.3 create mode 100644 man/X509_ATTRIBUTE_set1_object.3 create mode 100644 man/X509_CRL_METHOD_new.3 create mode 100644 man/X509_PKEY_new.3 create mode 100644 man/X509_REQ_add1_attr.3 create mode 100644 man/X509_REQ_add_extensions.3 create mode 100644 man/X509_REQ_print_ex.3 create mode 100644 man/X509_SIG_get0.3 create mode 100644 man/X509_STORE_CTX_set_verify.3 create mode 100644 man/X509_VERIFY_PARAM_new.3 create mode 100644 man/X509_get_extension_flags.3 create mode 100644 man/X509_get_pubkey_parameters.3 create mode 100644 man/X509_load_cert_file.3 create mode 100644 man/X509_policy_tree_get0_policies.3 create mode 100644 man/X509at_add1_attr.3 create mode 100644 man/X509at_get_attr.3 create mode 100644 man/a2d_ASN1_OBJECT.3 create mode 100644 man/i2a_ASN1_STRING.3 create mode 100644 man/i2d_ASN1_bio_stream.3 create mode 100644 ssl/ssl_seclevel.c create mode 100644 ssl/tls13_quic.c create mode 100644 ssl/tls_buffer.c create mode 100644 ssl/tls_internal.h create mode 100644 ssl/tls_key_share.c create mode 100644 ssl/tls_lib.c create mode 100644 tests/aes_128_gcm_tests.txt create mode 100644 tests/aes_192_gcm_tests.txt create mode 100644 tests/aes_256_gcm_tests.txt create mode 100644 tests/asn1_string_to_utf8.c create mode 100644 tests/asn1api.c create mode 100644 tests/asn1basic.c create mode 100644 tests/asn1complex.c create mode 100644 tests/asn1object.c create mode 100644 tests/asn1string_copy.c create mode 100644 tests/asn1x509.c create mode 100644 tests/bn_isqrt.c create mode 100644 tests/bn_mod_exp2_mont.c create mode 100644 tests/bn_mod_sqrt.c create mode 100644 tests/bn_primes.c create mode 100644 tests/ca-int-ecdsa.crl create mode 100644 tests/ca-int-ecdsa.pem create mode 100644 tests/ca-int-rsa.crl create mode 100644 tests/ca-int-rsa.pem create mode 100644 tests/ca-root-ecdsa.pem create mode 100644 tests/ca-root-rsa.pem create mode 100644 tests/chacha20_poly1305_tests.txt create mode 100644 tests/client.pem create mode 100644 tests/client1-ecdsa-chain.pem create mode 100644 tests/client1-ecdsa.pem create mode 100644 tests/client1-rsa-chain.pem create mode 100644 tests/client1-rsa.pem create mode 100644 tests/client2-ecdsa-chain.pem create mode 100644 tests/client2-ecdsa.pem create mode 100644 tests/client2-rsa-chain.pem create mode 100644 tests/client2-rsa.pem create mode 100644 tests/client3-ecdsa-chain.pem create mode 100644 tests/client3-ecdsa.pem create mode 100644 tests/client3-rsa-chain.pem create mode 100644 tests/client3-rsa.pem create mode 100644 tests/ec_asn1_test.c create mode 100644 tests/evp_pkey_check.c create mode 100644 tests/evp_pkey_cleanup.c create mode 100644 tests/md_test.c create mode 100644 tests/objectstest.c create mode 100644 tests/quictest.bat create mode 100644 tests/quictest.c create mode 100644 tests/quictest.sh create mode 100644 tests/rc2_test.c create mode 100644 tests/rc4_test.c create mode 100644 tests/rfc3779.c create mode 100644 tests/rmd_test.c create mode 100644 tests/server1-ecdsa-chain.pem create mode 100644 tests/server1-ecdsa.pem create mode 100644 tests/server1-rsa-chain.pem create mode 100644 tests/server1-rsa.pem create mode 100644 tests/server2-ecdsa-chain.pem create mode 100644 tests/server2-ecdsa.pem create mode 100644 tests/server2-rsa-chain.pem create mode 100644 tests/server2-rsa.pem create mode 100644 tests/server3-ecdsa-chain.pem create mode 100644 tests/server3-ecdsa.pem create mode 100644 tests/server3-rsa-chain.pem create mode 100644 tests/server3-rsa.pem create mode 100644 tests/sha_test.c create mode 100644 tests/ssl_set_alpn_protos.c create mode 100644 tests/string_table.c create mode 100644 tests/x509req_ext.c create mode 100644 tests/xchacha20_poly1305_tests.txt create mode 100644 tls/tls_signer.c diff --git a/CMakeLists.txt b/CMakeLists.txt index f1616532..68a7c2df 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -98,7 +98,7 @@ if(CMAKE_SYSTEM_NAME MATCHES "SunOS") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DBSD_COMP") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fpic") - set(PLATFORM_LIBS ${PLATFORM_LIBS} nsl socket) + set(PLATFORM_LIBS ${PLATFORM_LIBS} dl md nsl socket) endif() add_definitions(-DLIBRESSL_INTERNAL) @@ -286,11 +286,26 @@ if(HAVE_MEMMEM) add_definitions(-DHAVE_MEMMEM) endif() +check_include_files(endian.h HAVE_ENDIAN_H) +if(HAVE_ENDIAN_H) + add_definitions(-DHAVE_ENDIAN_H) +endif() + +check_include_files(machine/endian.h HAVE_MACHINE_ENDIAN_H) +if(HAVE_MACHINE_ENDIAN_H) + add_definitions(-DHAVE_MACHINE_ENDIAN_H) +endif() + check_include_files(err.h HAVE_ERR_H) if(HAVE_ERR_H) add_definitions(-DHAVE_ERR_H) endif() +check_include_files("sys/types.h;arpa/inet.h;netinet/ip.h" HAVE_NETINET_IP_H) +if(HAVE_NETINET_IP_H) + add_definitions(-DHAVE_NETINET_IP_H) +endif() + if(ENABLE_ASM) if("${CMAKE_C_COMPILER_ABI}" STREQUAL "ELF") if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(x86_64|amd64)") @@ -337,6 +352,15 @@ add_definitions(-DSIZEOF_TIME_T=${SIZEOF_TIME_T}) set(OPENSSL_LIBS ssl crypto ${PLATFORM_LIBS}) set(LIBTLS_LIBS tls ${PLATFORM_LIBS}) +# libraries for regression test +if(BUILD_SHARED_LIBS) + set(OPENSSL_TEST_LIBS ssl-static crypto-static ${PLATFORM_LIBS}) + set(LIBTLS_TEST_LIBS tls-static ${PLATFORM_LIBS}) +else() + set(OPENSSL_TEST_LIBS ssl crypto ${PLATFORM_LIBS}) + set(LIBTLS_TEST_LIBS tls ${PLATFORM_LIBS}) +endif() + add_subdirectory(crypto) add_subdirectory(ssl) if(LIBRESSL_APPS) @@ -352,25 +376,40 @@ if(LIBRESSL_APPS AND LIBRESSL_TESTS) add_subdirectory(tests) endif() -if(NOT MSVC) - # Create pkgconfig files. - set(prefix ${CMAKE_INSTALL_PREFIX}) - set(exec_prefix \${prefix}) - set(libdir \${exec_prefix}/${CMAKE_INSTALL_LIBDIR}) - set(includedir \${prefix}/include) - if(PLATFORM_LIBS) - string(REGEX REPLACE ";" " -l" PLATFORM_LDADD ";${PLATFORM_LIBS}") +if (BUILD_APPLE_XCFRAMEWORK) + # Create the super library from object libraries + add_library(LibreSSL_xcframework + $ $ $) + set_target_properties(LibreSSL_xcframework PROPERTIES + OUTPUT_NAME ressl) + + if(ENABLE_LIBRESSL_INSTALL) + install(TARGETS LibreSSL_xcframework + LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}) + endif(ENABLE_LIBRESSL_INSTALL) +endif(BUILD_APPLE_XCFRAMEWORK) + +if(ENABLE_LIBRESSL_INSTALL) + if(NOT MSVC) + # Create pkgconfig files. + set(prefix ${CMAKE_INSTALL_PREFIX}) + set(exec_prefix \${prefix}) + set(libdir \${exec_prefix}/${CMAKE_INSTALL_LIBDIR}) + set(includedir \${prefix}/include) + if(PLATFORM_LIBS) + string(REGEX REPLACE ";" " -l" PLATFORM_LDADD ";${PLATFORM_LIBS}") + endif() + file(STRINGS "VERSION" VERSION LIMIT_COUNT 1) + file(GLOB OPENSSL_PKGCONFIGS "*.pc.in") + foreach(file ${OPENSSL_PKGCONFIGS}) + get_filename_component(filename ${file} NAME) + string(REPLACE ".in" "" new_file "${filename}") + configure_file(${filename} pkgconfig/${new_file} @ONLY) + endforeach() + install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/pkgconfig + DESTINATION ${CMAKE_INSTALL_LIBDIR}) endif() - file(STRINGS "VERSION" VERSION LIMIT_COUNT 1) - file(GLOB OPENSSL_PKGCONFIGS "*.pc.in") - foreach(file ${OPENSSL_PKGCONFIGS}) - get_filename_component(filename ${file} NAME) - string(REPLACE ".in" "" new_file "${filename}") - configure_file(${filename} pkgconfig/${new_file} @ONLY) - endforeach() - install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/pkgconfig - DESTINATION ${CMAKE_INSTALL_LIBDIR}) -endif() +endif(ENABLE_LIBRESSL_INSTALL) if(NOT "${OPENSSLDIR}" STREQUAL "") set(CONF_DIR "${OPENSSLDIR}") diff --git a/ChangeLog b/ChangeLog index d04d462d..78ebb32b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,16 +28,454 @@ history is also available from Git. LibreSSL Portable Release Notes: -3.4.3 - Security release +3.6.1 - Stable release + + * Bug fixes + - Custom verification callbacks could cause the X.509 verifier to + fail to store errors resulting from leaf certificate verification. + Reported by Ilya Shipitsin. + - Unbreak ASN.1 indefinite length encoding. + Reported by Niklas Hallqvist. + +3.6.0 - Development release + + * Internal improvements + - Avoid expensive RFC 3779 checks during cert verification. + - The templated ASN.1 decoder has been cleaned up, refactored, + modernized with parts rewritten using CBB and CBS. + - The ASN.1 time parser has been rewritten. + - Rewrite and fix ASN1_STRING_to_UTF8(). + - Use asn1_abs_set_unused_bits() rather than inlining it. + - Simplify ec_asn1_group2curve(). + - First pass at a clean up of ASN1_item_sign_ctx() + - ssl_txt.c was cleaned up. + - Internal function arguments and struct member have been changed + to size_t. + - Lots of missing error checks of EVP API were added. + - Clean up and clarify BN_kronecker(). + - Simplify ASN1_INTEGER_cmp() + - Rewrite ASN1_INTEGER_{get,set}() using CBS and CBB and reuse + the ASN1_INTEGER functions for ASN1_ENUMERATED. + - Use ASN1_INTEGER to parse and build {Z,}LONG_it + - Refactored and cleaned up group (elliptic curve) handling in + t1_lib.c. + - Simplify certificate list handling code in the legacy server. + - Make CBB_finish() fail if *out_data is not NULL. + - Remove tls_buffer_set_data() and remove/revise callers. + - Rewrite SSL{_CTX,}_set_alpn_protos() using CBS. + - Simplify tlsext_supported_groups_server_parse(). + - Remove redundant length checks in tlsext parse functions. + - Simplify tls13_server_encrypted_extensions_recv(). + - Add read and write support to tls_buffer. + - Convert TLS transcript from BUF_MEM to tls_buffer. + - Clear key on exit in PKCS12_gen_mac(). + - Minor fixes in PKCS12_parse(). + - Provide and use a primitive clear function for BIGNUM_it. + - Use ASN1_INTEGER to encode/decode BIGNUM_it. + - Add stack frames to AES-NI x86_64 assembly. + - Use named initialisers for BIGNUMs. + - Tidy up some of BN_nist_mod_*. + - Expand BLOCK_CIPHER_* and related macros. + - Avoid shadowing the cbs function parameter in + tlsext_alpn_server_parse() + - Deduplicate peer certificate chain processing code. + - Make it possible to signal an error from an i2c_* function. + - Rewrite i2c_ASN1_INTEGER() using CBB/CBS. + - Remove UINT32_MAX limitation on ChaCha() and CRYPTO_chacha_20(). + - Remove bogus length checks from EVP_aead_chacha20_poly1305(). + - Reworked DSA_size() and ECDSA_size(). + - Stop using CBIGNUM_it internal to libcrypto. + - Provide c2i_ASN1_ENUMERATED_cbs() and call it from + asn1_c2i_primitive(). + - Ensure ASN.1 types are appropriately encoded. + - Avoid recycling ASN1_STRINGs when decoding ASN.1. + - Tidy up asn1_c2i_primitive() slightly. + - Mechanically expand IMPLEMENT_BLOCK_CIPHER, IMPLEMENT_CFBR, + BLOCK_CIPHER and the looney M_do_cipher macros. + - Use correct length for EVP CFB mode ciphers. + - Provide a version of ssl_msg_callback() that takes a CBS. + - Use CBS to parse TLS alerts in the legacy stack. + - Increment the input and output position for EVP AES CFB1. + - Ensure there is no trailing data for a CCS received by the + TLSv1.3 stack. + - Use CBS when procesing a CCS message in the legacy stack. + - Be stricter with middlebox compatibility mode in the TLSv1.3 + server. + * Compatibility changes + - The ASN.1 time parser has been refactored and rewritten using CBS. + It has been made stricter in that it now enforces the rules from + RFC 5280. + - ASN1_AFLG_BROKEN was removed. + - Error check tls_session_secret_cb() like OpenSSL. + - Added ASN1_INTEGER_{get,set}_{u,}int64() + - Move leaf certificate checks to the last thing after chain + validation. + - Added -s option to openssl(1) ciphers that only shows the ciphers + supported by the specified protocol. + - Use TLS_client_method() instead of TLSv1_client_method() in + the openssl(1) ciphers command. + - Validate the protocols in SSL{_CTX,}_set_alpn_protos(). + - Made TS and PKCS12 opaque. + - Per RFC 7292, safeContentsBag is a SEQUENCE OF, not a SET OF. + - Align PKCS12_key_gen_uni() with OpenSSL + - Various PKCS12 and TS accessors were added. In particular, the + TS_RESP_CTX_set_time_cb() function was added back. + - Allow a NULL header in PEM_write{,_bio}() + - Allow empty attribute sets in CSRs. + - Adjust signatures of BIO_ctrl functions. + - Provide additional defines for EVP AEAD. + - Provide OPENSSL_cleanup(). + - Make BIO_info_cb() identical to bio_info_cb(). + * Bug fixes + - Avoid use of uninitialized in BN_mod_exp_recp(). + - Fix X509_get_extension_flags() by ensuring that EXFLAG_INVALID is + set on X509_get_purpose() failure. + - Fix HMAC() with NULL key. + - Add ERR_load_{COMP,CT,KDF}_strings() to ERR_load_crypto_strings(). + - Avoid strict aliasing violations in BN_nist_mod_*(). + - Do not return X509_V_ERR_UNSPECIFIED from X509_check_ca(). + No return value of X509_check_ca() indicates failure. Application + code should therefore issue a checked call to X509_check_purpose() + before calling X509_check_ca(). + - Rewrite and fix X509v3_asid_subset() to avoid segfaults on some + valid input. + - Call the ASN1_OP_D2I_PRE callback after ASN1_item_ex_new(). + - Fix d2i_ASN1_OBJECT to advance the *der_in pointer correctly. + - Avoid use of uninitialized in ASN1_STRING_to_UTF8(). + - Do not pass uninitialized pointer to ASN1_STRING_to_UTF8(). + - Do not refuse valid IPv6 addresses in nc(1)'s HTTP CONNECT proxy. + - Do not reject primes in trial divisions. + - Error out on negative shifts in BN_{r,l}shift() instead of + accessing arrays out of bounds. + - Fix URI name constraints, allow for URI's with no host part. + - Fix the legacy verifier callback behaviour for untrusted certs. + - Correct serfver-side handling of TLSv1.3 key updates. + - Plug leak in PKCS12_setup_mac(). + - Plug leak in X509V3_add1_i2d(). + - Only print X.509 versions we know about. + - Avoid signed integer overflow due to unary negation + - Initialize readbytes in BIO_gets(). + - Plug memory leak in CMS_add_simple_smimecap(). + - Plug memory leak in X509_REQ_print_ex(). + - Check HMAC() return value to avoid a later use of uninitialized. + - Avoid potential NULL dereference in ssl_set_pkey(). + - Check return values in ssl_print_tmp_key(). + - Switch loop bounds from size_t to int in check_hosts(). + - Avoid division by zero if no connection was made in s_time.c. + - Check sk_SSL_CIPHER_push() return value + - Avoid out-of-bounds read in ssl_cipher_process_rulestr(). + - Use LONG_MAX as the limit for ciphers with long based APIs. + * New features + - EVP API for HKDF ported from OpenSSL and subsequently cleaned up. + - The security level API (SSL_{,CTX}_{get,set}_security_level()) is + now available. Callbacks and ex_data are not supported. Sane + software will not be using this. + - Experimental support for the BoringSSL QUIC API. + - Add initial support for TS ESSCertIDv2 verification. + - LibreSSL now uses the Baillie-PSW primality test instead of + Miller-Rabin . + +3.5.3 - Reliability fix + + * Fix d2i_ASN1_OBJECT(). A confusion of two CBS resulted in advancing + the passed *der_in pointer incorrectly. Thanks to Aram Sargsyan for + reporting the issue and testing the fix. + +3.5.2 - Stable release + + * Bug fixes + - Avoid single byte overread in asn1_parse2(). + - Allow name constraints with a leading dot. From Alex Wilson. + - Relax a check in x509_constraints_dirname() to allow prefixes. + From Alex Wilson. + - Fix NULL dereferences in openssl(1) cms option parsing. + - Do not zero the computed cofactor on ec_guess_cofactor() success. + - Bound cofactor in EC_GROUP_set_generator() to reduce the number of + bogus groups that can be described with nonsensical parameters. + - Avoid various potential segfaults in EVP_PKEY_CTX_free() in low + memory conditions. Reported for HMAC by Masaru Masuda. + - Plug leak in ASN1_TIME_adj_internal(). + - Avoid infinite loop for custom curves of order 1. + Issue reported by Hanno Boeck, comments by David Benjamin. + - Avoid an infinite loop on parsing DSA private keys by validating + that the provided parameters conform to FIPS 186-4. + Issue reported by Hanno Boeck, comments by David Benjamin. + * Compatibility improvements + - Allow non-standard name constraints of the form @domain.com. + * Internal improvements + - Limit OID text conversion to 64 bits per arc. + - Clean up and simplify memory BIO code. + - Reduce number of memmove() calls in memory BIOs. + - Factor out alert handling code in the legacy stack. + - Add sanity checks on p and q in old_dsa_priv_decode() + - Cache the SHA-512 hash instead of the SHA-1 for CRLs. + - Suppress various compiler warnings for old gcc versions. + - Remove free_cont from asn1_d2i_ex_primitive()/asn1_ex_c2i(). + - Rework ownership handling in x509_constraints_validate(). + - Rework ASN1_STRING_set(). + - Remove const from tls1_transcript_hash_value(). + - Clean up and simplify ssl3_renegotiate{,_check}(). + - Rewrite legacy TLS and DTLS unexpected handshake message handling. + - Simplify SSL_do_handshake(). + - Rewrite ASCII/text to ASN.1 object conversion. + - Provide t2i_ASN1_OBJECT_internal() and use it for OBJ_txt2obj(). + - Split armv7 and aarch64 code into separate locations. + - Rewrote openssl(1) ts to use the new option handling and cleaned + up the C code. + - Provide asn1_get_primitive(). + - Convert {c2i,d2i}_ASN1_OBJECT() to CBS. + - Remove the minimum record length checks from dtls1_read_bytes(). + - Clean up {dtls1,ssl3}_read_bytes(). + - Be more careful with embedded and terminating NULs in the new + name constraints code. + - Check EVP_Digest* return codes in openssl(1) ts + - Various minor code cleanup in openssl(1) pkcs12 + - Use calloc() in pkey_hmac_init(). + - Simplify priv_key handling in d2i_ECPrivateKey(). + * Documentation improvements + - Update d2i_ASN1_OBJECT(3) documentation to reflect reality after + refactoring and bug fixes. + - Fixed numerous minor grammar, spelling, wording, and punctuation + issues. + +3.5.1 - Security release * A malicious certificate can cause an infinite loop. Reported by and fix from Tavis Ormandy and David Benjamin, Google. -3.4.2 - Security fix +3.5.0 - Development release - * In some situations the X.509 verifier would discard an error on an - unverified certificate chain, resulting in an authentication bypass. - Thanks to Ilya Shipitsin and Timo Steinlein for reporting. + * New Features + - The RFC 3779 API was ported from OpenSSL. Many bugs were fixed, + regression tests were added and the code was cleaned up. + - Certificate Transparency was ported from OpenSSL. Many internal + improvements were made, resulting in cleaner and safer code. + Regress coverage was added. libssl does not yet make use of it. + * Portable Improvements + - Fixed various POSIX compliance and other portability issues + found by the port to the Sortix operating system. + - Add libmd as platform specific libraries for Solaris. + Issue reported from (ihsan opencsw org) on libressl ML. + - Set IA-64 compiler flag only if it is HP-UX with IA-64. + Suggested from Larkin Nickle (me larbob org) by libressl ML. + - Enabled and scheduled Coverity scan. + Contributed by Ilya Shipitsin (chipitsine gmail com> on github. + * Compatibility Changes + - Most structs that were previously defined in the following headers + are now opaque as they are in OpenSSL 1.1: + bio.h, bn.h, comp.h, dh.h, dsa.h, evp.h, hmac.h, ocsp.h, rsa.h, + x509.h, x509v3.h, x509_vfy.h + - Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_ + OpenSSL added the TLSv1.3 ciphersuites with "RFC names" instead + of using something consistent with the previous naming. Various + test suites expect these names (instead of checking for the much + more sensible cipher numbers). The old names are still accepted + as aliases. + - Subject alternative names and name constraints are now validated + when they are added to certificates. Various interoperability + problems with stacks that validate certificates more strictly + than OpenSSL can be avoided this way. + - Attempt to opportunistically use the host name for SNI in s_client + * Bug fixes + - In some situations, the verifier would discard the error on an + unvalidated certificate chain. This would happen when the + verification callback was in use, instructing the verifier to + continue unconditionally. This could lead to incorrect decisions + being made in software. + - Avoid an infinite loop in SSL_shutdown() + - Fix another return 0 bug in SSL_shutdown() + - Handle zero byte reads/writes that trigger handshakes in the + TLSv1.3 stack + - A long standing memleak in libtls CRL handling was fixed + * Internal Improvements + - Cache the SHA-512 hash instead of the SHA-1 hash and cache + notBefore and notAfter times when X.509 certificates are parsed. + - The X.509 lookup code has been simplified and cleaned up. + - Fixed numerous issues flagged by coverity and the cryptofuzz + project + - Increased the number of Miller-Rabin checks in DH and DSA + key/parameter generation + - Started using the bytestring API in libcrypto for cleaner and + safer code + - Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated + ASN1 + - Convert ASN1_OBJECT_new() to calloc() + - Convert ASN1_STRING_type_new() to calloc() + - Rewrite ASN1_STRING_cmp() + - Use calloc() for X509_CRL_METHOD_new() instead of malloc() + - Convert ASN1_PCTX_new() to calloc() + - Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a + function + - Consolidate {d2i,i2d}_{pr,pu}.c + - Remove handling of a NULL BUF_MEM from asn1_collect() + - Pull the recursion depth check up to the top of asn1_collect() + - Inline collect_data() in asn1_collect() + - Convert asn1_d2i_ex_primitive()/asn1_collect() from BUF_MEM to CBB + - Clean up d2i_ASN1_BOOLEAN() and i2d_ASN1_BOOLEAN() + - Consolidate ASN.1 universal tag type data + - Rewrite ASN.1 identifier/length parsing in CBS + - Make OBJ_obj2nid() work correctly with NID_undef + - tlsext_tick_lifetime_hint is now an uint32_t + - Untangle ssl3_get_message() return values + - Rename tls13_buffer to tls_buffer + - Fold DTLS_STATE_INTERNAL into DTLS1_STATE + - Provide a way to determine our maximum legacy version + - Mop up enc_read_ctx and read_hash + - Fold SSL_SESSION_INTERNAL into SSL_SESSION + - Use ssl_force_want_read in the DTLS code + - Add record processing limit to DTLS code + - Add explicit CBS_contains_zero_byte() check in CBS_strdup() + - Improve SNI hostname validation + - Ensure SSL_set_tlsext_host_name() is given a valid hostname + - Fix a strange check in the auto DH codepath + - Factor out/rewrite DHE key exchange + - Convert server serialisation of DHE parameters/public key to new + functions + - Check DH public key in ssl_kex_peer_public_dhe() + - Move the minimum DHE key size check into ssl_kex_peer_params_dhe() + - Clean up and refactor server side DHE key exchange + - Provide CBS_get_last_u8() + - Provide CBS_get_u64() + - Provide CBS_add_u64() + - Provide various CBS_peek_* functions + - Use CBS_get_last_u8() to find the content type in TLSv1.3 records + - unifdef TLS13_USE_LEGACY_CLIENT_AUTH + - Correct SSL_get_peer_cert_chain() when used with the TLSv1.3 stack + - Only allow zero length key shares when we know we're doing HRR + - Pull key share group/length CBB code up from + tls13_key_share_public() + - Refactor ssl3_get_server_kex_ecdhe() to separate parsing and + validation + - Return 0 on failure from send/get kex functions in the legacy + stack + - Rename tls13_key_share to tls_key_share + - Allocate and free the EVP_AEAD_CTX struct in + tls13_record_protection + - Convert legacy TLS client to tls_key_share + - Convert legacy TLS server to tls_key_share + - Stop attempting to duplicate the public and private key of dh_tmp + - Rename dh_tmp to dhe_params + - Rename CERT to SSL_CERT and CERT_PKEY to SSL_CERT_PKEY + - Clean up pkey handling in ssl3_get_server_key_exchange() + - Fix GOST skip certificate verify handling + - Simplify tlsext_keyshare_server_parse() + - Plumb decode errors through key share parsing code + - Simplify SSL_get_peer_certificate() + - Cleanup/simplify ssl_cert_type() + - The S3I macro was removed + - The openssl(1) cms and smime subcommands option handling was + converted and the C source was cleaned up. + * Documentation improvements + - 45 new manual pages, most of which were written from scratch. + Documentation coverage of ASN.1 and X.509 code has been + significantly improved. + * API additions and removals + - libssl + API additions + SSL_get0_verified_chain SSL_peek_ex SSL_read_ex SSL_write_ex + API stubs for compatibility + SSL_CTX_get_keylog_callback SSL_CTX_get_num_tickets + SSL_CTX_set_keylog_callback SSL_CTX_set_num_tickets + SSL_get_num_tickets SSL_set_num_tickets + - libcrypto + added API (some of these were previously available as macros): + ASIdOrRange_free ASIdOrRange_new ASIdentifierChoice_free + ASIdentifierChoice_new ASIdentifiers_free ASIdentifiers_new + ASN1_TIME_diff ASRange_free ASRange_new BIO_get_callback_ex + BIO_get_init BIO_set_callback_ex BIO_set_next + BIO_set_retry_reason BN_GENCB_set BN_GENCB_set_old + BN_abs_is_word BN_get_flags BN_is_negative + BN_is_odd BN_is_one BN_is_word BN_is_zero BN_set_flags + BN_to_montgomery BN_with_flags BN_zero_ex CTLOG_STORE_free + CTLOG_STORE_get0_log_by_id CTLOG_STORE_load_default_file + CTLOG_STORE_load_file CTLOG_STORE_new CTLOG_free + CTLOG_get0_log_id CTLOG_get0_name CTLOG_get0_public_key + CTLOG_new CTLOG_new_from_base64 CT_POLICY_EVAL_CTX_free + CT_POLICY_EVAL_CTX_get0_cert CT_POLICY_EVAL_CTX_get0_issuer + CT_POLICY_EVAL_CTX_get0_log_store CT_POLICY_EVAL_CTX_get_time + CT_POLICY_EVAL_CTX_new CT_POLICY_EVAL_CTX_set1_cert + CT_POLICY_EVAL_CTX_set1_issuer + CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE + CT_POLICY_EVAL_CTX_set_time DH_get0_g DH_get0_p DH_get0_priv_key + DH_get0_pub_key DH_get0_q DH_get_length DSA_bits DSA_get0_g + DSA_get0_p DSA_get0_priv_key DSA_get0_pub_key DSA_get0_q + ECDSA_SIG_get0_r ECDSA_SIG_get0_s EVP_AEAD_CTX_free + EVP_AEAD_CTX_new EVP_CIPHER_CTX_buf_noconst + EVP_CIPHER_CTX_get_cipher_data EVP_CIPHER_CTX_set_cipher_data + EVP_MD_CTX_md_data EVP_MD_CTX_pkey_ctx EVP_MD_CTX_set_pkey_ctx + EVP_MD_meth_dup EVP_MD_meth_free EVP_MD_meth_new + EVP_MD_meth_set_app_datasize EVP_MD_meth_set_cleanup + EVP_MD_meth_set_copy EVP_MD_meth_set_ctrl EVP_MD_meth_set_final + EVP_MD_meth_set_flags EVP_MD_meth_set_init + EVP_MD_meth_set_input_blocksize EVP_MD_meth_set_result_size + EVP_MD_meth_set_update EVP_PKEY_asn1_set_check + EVP_PKEY_asn1_set_param_check EVP_PKEY_asn1_set_public_check + EVP_PKEY_check EVP_PKEY_meth_set_check + EVP_PKEY_meth_set_param_check EVP_PKEY_meth_set_public_check + EVP_PKEY_param_check EVP_PKEY_public_check FIPS_mode + FIPS_mode_set IPAddressChoice_free IPAddressChoice_new + IPAddressFamily_free IPAddressFamily_new IPAddressOrRange_free + IPAddressOrRange_new IPAddressRange_free IPAddressRange_new + OBJ_get0_data OBJ_length OCSP_resp_get0_certs OCSP_resp_get0_id + OCSP_resp_get0_produced_at OCSP_resp_get0_respdata + OCSP_resp_get0_signature OCSP_resp_get0_signer + OCSP_resp_get0_tbs_sigalg PEM_write_bio_PrivateKey_traditional + RSA_get0_d RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_e RSA_get0_iqmp + RSA_get0_n RSA_get0_p RSA_get0_pss_params RSA_get0_q + SCT_LIST_free SCT_LIST_print SCT_LIST_validate SCT_free + SCT_get0_extensions SCT_get0_log_id SCT_get0_signature + SCT_get_log_entry_type SCT_get_signature_nid SCT_get_source + SCT_get_timestamp SCT_get_validation_status SCT_get_version + SCT_new SCT_new_from_base64 SCT_print SCT_set0_extensions + SCT_set0_log_id SCT_set0_signature SCT_set1_extensions + SCT_set1_log_id SCT_set1_signature SCT_set_log_entry_type + SCT_set_signature_nid SCT_set_source SCT_set_timestamp + SCT_set_version SCT_validate SCT_validation_status_string + X509_OBJECT_free X509_OBJECT_new X509_REQ_get0_pubkey + X509_SIG_get0 X509_SIG_getm X509_STORE_CTX_get_by_subject + X509_STORE_CTX_get_num_untrusted + X509_STORE_CTX_get_obj_by_subject X509_STORE_CTX_get_verify + X509_STORE_CTX_get_verify_cb X509_STORE_CTX_set0_verified_chain + X509_STORE_CTX_set_current_cert X509_STORE_CTX_set_error_depth + X509_STORE_CTX_set_verify X509_STORE_get_verify + X509_STORE_get_verify_cb X509_STORE_set_verify + X509_get_X509_PUBKEY X509_get_extended_key_usage + X509_get_extension_flags X509_get_key_usage + X509v3_addr_add_inherit X509v3_addr_add_prefix + X509v3_addr_add_range X509v3_addr_canonize X509v3_addr_get_afi + X509v3_addr_get_range X509v3_addr_inherits + X509v3_addr_is_canonical X509v3_addr_subset + X509v3_addr_validate_path X509v3_addr_validate_resource_set + X509v3_asid_add_id_or_range X509v3_asid_add_inherit + X509v3_asid_canonize X509v3_asid_inherits + X509v3_asid_is_canonical X509v3_asid_subset + X509v3_asid_validate_path X509v3_asid_validate_resource_set + d2i_ASIdOrRange d2i_ASIdentifierChoice d2i_ASIdentifiers + d2i_ASRange d2i_IPAddressChoice d2i_IPAddressFamily + d2i_IPAddressOrRange d2i_IPAddressRange d2i_SCT_LIST + i2d_ASIdOrRange i2d_ASIdentifierChoice i2d_ASIdentifiers + i2d_ASRange i2d_IPAddressChoice i2d_IPAddressFamily + i2d_IPAddressOrRange i2d_IPAddressRange i2d_SCT_LIST + i2d_re_X509_CRL_tbs i2d_re_X509_REQ_tbs i2d_re_X509_tbs i2o_SCT + i2o_SCT_LIST o2i_SCT o2i_SCT_LIST + removed API: + ASN1_check_infinite_end ASN1_const_check_infinite_end EVP_dss + EVP_dss1 EVP_ecdsa HMAC_CTX_cleanup HMAC_CTX_init + NETSCAPE_ENCRYPTED_PKEY_free NETSCAPE_ENCRYPTED_PKEY_new + NETSCAPE_PKEY_free NETSCAPE_PKEY_new NETSCAPE_X509_free + NETSCAPE_X509_new OBJ_bsearch_ex_ PEM_SealFinal PEM_SealInit + PEM_SealUpdate PEM_read_X509_CERT_PAIR + PEM_read_bio_X509_CERT_PAIR PEM_write_X509_CERT_PAIR + PEM_write_bio_X509_CERT_PAIR X509_CERT_PAIR_free + X509_CERT_PAIR_new X509_OBJECT_free_contents asn1_do_adb + asn1_do_lock asn1_enc_free asn1_enc_init asn1_enc_restore + asn1_enc_save asn1_ex_c2i asn1_get_choice_selector + asn1_get_field_ptr asn1_set_choice_selector check_defer + d2i_ASN1_BOOLEAN d2i_NETSCAPE_ENCRYPTED_PKEY d2i_NETSCAPE_PKEY + d2i_NETSCAPE_X509 d2i_Netscape_RSA d2i_RSA_NET + d2i_X509_CERT_PAIR i2d_ASN1_BOOLEAN i2d_NETSCAPE_ENCRYPTED_PKEY + i2d_NETSCAPE_PKEY i2d_NETSCAPE_X509 i2d_Netscape_RSA i2d_RSA_NET + i2d_X509_CERT_PAIR name_cmp obj_cleanup_defer 3.4.1 - Stable release diff --git a/Makefile.in b/Makefile.in index 16ff0409..b24540eb 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.3 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2020 Free Software Foundation, Inc. +# Copyright (C) 1994-2021 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -191,15 +191,12 @@ am__define_uniq_tagged_files = \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags -CSCOPE = cscope DIST_SUBDIRS = crypto ssl tls include apps man tests am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/libcrypto.pc.in \ $(srcdir)/libssl.pc.in $(srcdir)/libtls.pc.in \ - $(srcdir)/openssl.pc.in COPYING ChangeLog INSTALL compile \ - config.guess config.sub depcomp install-sh ltmain.sh missing \ - tap-driver.sh + $(srcdir)/openssl.pc.in COPYING ChangeLog INSTALL README.md \ + compile config.guess config.sub depcomp install-sh ltmain.sh \ + missing tap-driver.sh DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) @@ -260,6 +257,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ @@ -270,6 +269,7 @@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ +ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ @@ -556,7 +556,6 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -rm -f cscope.out cscope.in.out cscope.po.out cscope.files - distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am diff --git a/README.md b/README.md index 31c122dc..464da181 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ [![Android_Build Status](https://github.com/libressl-portable/portable/actions/workflows/android_test.yml/badge.svg)](https://github.com/libressl-portable/portable/actions/workflows/android_test.yml) [![Cross_Build Status](https://github.com/libressl-portable/portable/actions/workflows/cross_test.yml/badge.svg)](https://github.com/libressl-portable/portable/actions/workflows/cross_test.yml) [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/libressl.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:libressl) +[![ASan Status](https://github.com/libressl-portable/portable/actions/workflows/linux_test_asan.yml/badge.svg)](https://github.com/libressl-portable/portable/actions/workflows/linux_test_asan.yml) LibreSSL is a fork of [OpenSSL](https://www.openssl.org) 1.0.1g developed by the [OpenBSD](https://www.openbsd.org) project. Our goal is to modernize the codebase, diff --git a/VERSION b/VERSION index 7404b21f..00fb469b 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -3.4.3.0 +3.6.1.0 diff --git a/aclocal.m4 b/aclocal.m4 index a997cf4f..02676cb7 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.16.3 -*- Autoconf -*- +# generated automatically by aclocal 1.16.5 -*- Autoconf -*- -# Copyright (C) 1996-2020 Free Software Foundation, Inc. +# Copyright (C) 1996-2021 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -20,7 +20,7 @@ You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) -# Copyright (C) 2002-2020 Free Software Foundation, Inc. +# Copyright (C) 2002-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -35,7 +35,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.16' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.16.3], [], +m4_if([$1], [1.16.5], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -51,14 +51,14 @@ m4_define([_AM_AUTOCONF_VERSION], []) # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.16.3])dnl +[AM_AUTOMAKE_VERSION([1.16.5])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # Figure out how to run the assembler. -*- Autoconf -*- -# Copyright (C) 2001-2020 Free Software Foundation, Inc. +# Copyright (C) 2001-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -78,7 +78,7 @@ _AM_IF_OPTION([no-dependencies],, [_AM_DEPENDENCIES([CCAS])])dnl # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001-2020 Free Software Foundation, Inc. +# Copyright (C) 2001-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -130,7 +130,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd` # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997-2020 Free Software Foundation, Inc. +# Copyright (C) 1997-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -161,7 +161,7 @@ AC_CONFIG_COMMANDS_PRE( Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999-2020 Free Software Foundation, Inc. +# Copyright (C) 1999-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -352,7 +352,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999-2020 Free Software Foundation, Inc. +# Copyright (C) 1999-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -420,7 +420,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996-2020 Free Software Foundation, Inc. +# Copyright (C) 1996-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -448,6 +448,10 @@ m4_defn([AC_PROG_CC]) # release and drop the old call support. AC_DEFUN([AM_INIT_AUTOMAKE], [AC_PREREQ([2.65])dnl +m4_ifdef([_$0_ALREADY_INIT], + [m4_fatal([$0 expanded multiple times +]m4_defn([_$0_ALREADY_INIT]))], + [m4_define([_$0_ALREADY_INIT], m4_expansion_stack)])dnl dnl Autoconf wants to disallow AM_ names. We explicitly allow dnl the ones we care about. m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl @@ -484,7 +488,7 @@ m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl [_AM_SET_OPTIONS([$1])dnl dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. m4_if( - m4_ifdef([AC_PACKAGE_NAME], [ok]):m4_ifdef([AC_PACKAGE_VERSION], [ok]), + m4_ifset([AC_PACKAGE_NAME], [ok]):m4_ifset([AC_PACKAGE_VERSION], [ok]), [ok:ok],, [m4_fatal([AC_INIT should be called with package and version arguments])])dnl AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl @@ -536,6 +540,20 @@ AC_PROVIDE_IFELSE([AC_PROG_OBJCXX], [m4_define([AC_PROG_OBJCXX], m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl ]) +# Variables for tags utilities; see am/tags.am +if test -z "$CTAGS"; then + CTAGS=ctags +fi +AC_SUBST([CTAGS]) +if test -z "$ETAGS"; then + ETAGS=etags +fi +AC_SUBST([ETAGS]) +if test -z "$CSCOPE"; then + CSCOPE=cscope +fi +AC_SUBST([CSCOPE]) + AC_REQUIRE([AM_SILENT_RULES])dnl dnl The testsuite driver may need to know about EXEEXT, so add the dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This @@ -617,7 +635,7 @@ for _am_header in $config_headers :; do done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001-2020 Free Software Foundation, Inc. +# Copyright (C) 2001-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -638,7 +656,7 @@ if test x"${install_sh+set}" != xset; then fi AC_SUBST([install_sh])]) -# Copyright (C) 2003-2020 Free Software Foundation, Inc. +# Copyright (C) 2003-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -659,7 +677,7 @@ AC_SUBST([am__leading_dot])]) # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001-2020 Free Software Foundation, Inc. +# Copyright (C) 2001-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -702,7 +720,7 @@ AC_SUBST([am__quote])]) # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997-2020 Free Software Foundation, Inc. +# Copyright (C) 1997-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -736,7 +754,7 @@ fi # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001-2020 Free Software Foundation, Inc. +# Copyright (C) 2001-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -765,7 +783,7 @@ AC_DEFUN([_AM_SET_OPTIONS], AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Copyright (C) 1999-2020 Free Software Foundation, Inc. +# Copyright (C) 1999-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -812,7 +830,7 @@ AC_LANG_POP([C])]) # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) -# Copyright (C) 2001-2020 Free Software Foundation, Inc. +# Copyright (C) 2001-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -831,7 +849,7 @@ AC_DEFUN([AM_RUN_LOG], # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996-2020 Free Software Foundation, Inc. +# Copyright (C) 1996-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -912,7 +930,7 @@ AC_CONFIG_COMMANDS_PRE( rm -f conftest.file ]) -# Copyright (C) 2009-2020 Free Software Foundation, Inc. +# Copyright (C) 2009-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -972,7 +990,7 @@ AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) -# Copyright (C) 2001-2020 Free Software Foundation, Inc. +# Copyright (C) 2001-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1000,7 +1018,7 @@ fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006-2020 Free Software Foundation, Inc. +# Copyright (C) 2006-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1019,7 +1037,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004-2020 Free Software Foundation, Inc. +# Copyright (C) 2004-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff --git a/apps/Makefile.in b/apps/Makefile.in index 81461a34..dc85fd40 100644 --- a/apps/Makefile.in +++ b/apps/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.3 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2020 Free Software Foundation, Inc. +# Copyright (C) 1994-2021 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -156,8 +156,6 @@ am__define_uniq_tagged_files = \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) am__DIST_COMMON = $(srcdir)/Makefile.in \ $(top_srcdir)/Makefile.am.common @@ -203,6 +201,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ @@ -213,6 +213,7 @@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ +ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ @@ -455,7 +456,6 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am diff --git a/apps/nc/CMakeLists.txt b/apps/nc/CMakeLists.txt index a241637d..bd59211f 100644 --- a/apps/nc/CMakeLists.txt +++ b/apps/nc/CMakeLists.txt @@ -29,14 +29,6 @@ else() set(NC_SRC ${NC_SRC} compat/readpassphrase.c) endif() -check_function_exists(strtonum HAVE_STRTONUM) -if(HAVE_STRTONUM AND CMAKE_SYSTEM_NAME MATCHES "Darwin" AND - CMAKE_HOST_SYSTEM_VERSION VERSION_GREATER_EQUAL 20) - add_definitions(-DHAVE_STRTONUM) -else() - set(NC_SRC ${NC_SRC} compat/strtonum.c) -endif() - if(NOT "${OPENSSLDIR}" STREQUAL "") add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\") else() @@ -44,6 +36,7 @@ else() endif() add_executable(nc ${NC_SRC}) +target_include_directories(nc PUBLIC ../../include) target_include_directories(nc PRIVATE . ./compat ../../include/compat) target_link_libraries(nc ${LIBTLS_LIBS}) diff --git a/apps/nc/Makefile.am b/apps/nc/Makefile.am index 58b5c011..e9db6e59 100644 --- a/apps/nc/Makefile.am +++ b/apps/nc/Makefile.am @@ -43,8 +43,4 @@ if !HAVE_READPASSPHRASE nc_SOURCES += compat/readpassphrase.c endif -if !HAVE_STRTONUM -nc_SOURCES += compat/strtonum.c -endif - endif diff --git a/apps/nc/Makefile.in b/apps/nc/Makefile.in index f6c379ef..fc986495 100644 --- a/apps/nc/Makefile.in +++ b/apps/nc/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.3 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2020 Free Software Foundation, Inc. +# Copyright (C) 1994-2021 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -95,7 +95,6 @@ host_triplet = @host@ @BUILD_NC_TRUE@@HAVE_B64_NTOP_FALSE@am__append_2 = compat/base64.c @BUILD_NC_TRUE@@HAVE_ACCEPT4_FALSE@am__append_3 = compat/accept4.c @BUILD_NC_TRUE@@HAVE_READPASSPHRASE_FALSE@am__append_4 = compat/readpassphrase.c -@BUILD_NC_TRUE@@HAVE_STRTONUM_FALSE@am__append_5 = compat/strtonum.c subdir = apps/nc ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_add_fortify_source.m4 \ @@ -117,20 +116,17 @@ CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) am__nc_SOURCES_DIST = atomicio.c netcat.c socks.c compat/socket.c \ - compat/base64.c compat/accept4.c compat/readpassphrase.c \ - compat/strtonum.c + compat/base64.c compat/accept4.c compat/readpassphrase.c am__dirstamp = $(am__leading_dot)dirstamp @BUILD_NC_TRUE@@HAVE_B64_NTOP_FALSE@am__objects_1 = \ @BUILD_NC_TRUE@@HAVE_B64_NTOP_FALSE@ compat/base64.$(OBJEXT) @BUILD_NC_TRUE@@HAVE_ACCEPT4_FALSE@am__objects_2 = \ @BUILD_NC_TRUE@@HAVE_ACCEPT4_FALSE@ compat/accept4.$(OBJEXT) @BUILD_NC_TRUE@@HAVE_READPASSPHRASE_FALSE@am__objects_3 = compat/readpassphrase.$(OBJEXT) -@BUILD_NC_TRUE@@HAVE_STRTONUM_FALSE@am__objects_4 = \ -@BUILD_NC_TRUE@@HAVE_STRTONUM_FALSE@ compat/strtonum.$(OBJEXT) @BUILD_NC_TRUE@am_nc_OBJECTS = atomicio.$(OBJEXT) netcat.$(OBJEXT) \ @BUILD_NC_TRUE@ socks.$(OBJEXT) compat/socket.$(OBJEXT) \ @BUILD_NC_TRUE@ $(am__objects_1) $(am__objects_2) \ -@BUILD_NC_TRUE@ $(am__objects_3) $(am__objects_4) +@BUILD_NC_TRUE@ $(am__objects_3) nc_OBJECTS = $(am_nc_OBJECTS) am__DEPENDENCIES_1 = @BUILD_NC_TRUE@nc_DEPENDENCIES = $(abs_top_builddir)/tls/libtls.la \ @@ -157,7 +153,7 @@ am__maybe_remake_depfiles = depfiles am__depfiles_remade = ./$(DEPDIR)/atomicio.Po ./$(DEPDIR)/netcat.Po \ ./$(DEPDIR)/socks.Po compat/$(DEPDIR)/accept4.Po \ compat/$(DEPDIR)/base64.Po compat/$(DEPDIR)/readpassphrase.Po \ - compat/$(DEPDIR)/socket.Po compat/$(DEPDIR)/strtonum.Po + compat/$(DEPDIR)/socket.Po am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -233,8 +229,6 @@ am__define_uniq_tagged_files = \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \ $(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -254,6 +248,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ @@ -264,6 +260,7 @@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ +ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ @@ -374,7 +371,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \ @BUILD_NC_TRUE@ $(libcompatnoopt_la_objects) @BUILD_NC_TRUE@nc_SOURCES = atomicio.c netcat.c socks.c \ @BUILD_NC_TRUE@ compat/socket.c $(am__append_2) $(am__append_3) \ -@BUILD_NC_TRUE@ $(am__append_4) $(am__append_5) +@BUILD_NC_TRUE@ $(am__append_4) @BUILD_NC_TRUE@noinst_HEADERS = atomicio.h compat/sys/socket.h all: all-am @@ -482,8 +479,6 @@ compat/accept4.$(OBJEXT): compat/$(am__dirstamp) \ compat/$(DEPDIR)/$(am__dirstamp) compat/readpassphrase.$(OBJEXT): compat/$(am__dirstamp) \ compat/$(DEPDIR)/$(am__dirstamp) -compat/strtonum.$(OBJEXT): compat/$(am__dirstamp) \ - compat/$(DEPDIR)/$(am__dirstamp) nc$(EXEEXT): $(nc_OBJECTS) $(nc_DEPENDENCIES) $(EXTRA_nc_DEPENDENCIES) @rm -f nc$(EXEEXT) @@ -503,7 +498,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/base64.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/readpassphrase.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/socket.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/strtonum.Po@am__quote@ # am--include-marker $(am__depfiles_remade): @$(MKDIR_P) $(@D) @@ -635,7 +629,6 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am @@ -721,7 +714,6 @@ distclean: distclean-am -rm -f compat/$(DEPDIR)/base64.Po -rm -f compat/$(DEPDIR)/readpassphrase.Po -rm -f compat/$(DEPDIR)/socket.Po - -rm -f compat/$(DEPDIR)/strtonum.Po -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -774,7 +766,6 @@ maintainer-clean: maintainer-clean-am -rm -f compat/$(DEPDIR)/base64.Po -rm -f compat/$(DEPDIR)/readpassphrase.Po -rm -f compat/$(DEPDIR)/socket.Po - -rm -f compat/$(DEPDIR)/strtonum.Po -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic diff --git a/apps/nc/compat/base64.c b/apps/nc/compat/base64.c index e90696df..f36c11a2 100644 --- a/apps/nc/compat/base64.c +++ b/apps/nc/compat/base64.c @@ -1,4 +1,4 @@ -/* $OpenBSD: base64.c,v 1.8 2015/01/16 16:48:51 deraadt Exp $ */ +/* $OpenBSD: base64.c,v 1.15 2021/10/25 14:41:09 jca Exp $ */ /* * Copyright (c) 1996 by Internet Software Consortium. @@ -46,11 +46,9 @@ #include #include #include -#include #include #include -#include #include #include @@ -107,9 +105,9 @@ static const char Pad64 = '='; end of the data is performed using the '=' character. Since all base64 input is an integral number of octets, only the - ------------------------------------------------- + ------------------------------------------------- following cases can arise: - + (1) the final quantum of encoding input is an integral multiple of 24 bits; here, the final unit of encoded output will be an integral multiple of 4 characters @@ -123,15 +121,12 @@ static const char Pad64 = '='; */ int -b64_ntop(src, srclength, target, targsize) - u_char const *src; - size_t srclength; - char *target; - size_t targsize; +b64_ntop(unsigned char const *src, size_t srclength, char *target, + size_t targsize) { size_t datalength = 0; - u_char input[3]; - u_char output[4]; + unsigned char input[3]; + unsigned char output[4]; int i; while (2 < srclength) { @@ -152,14 +147,14 @@ b64_ntop(src, srclength, target, targsize) target[datalength++] = Base64[output[2]]; target[datalength++] = Base64[output[3]]; } - + /* Now we worry about padding. */ if (0 != srclength) { /* Get what's left. */ input[0] = input[1] = input[2] = '\0'; for (i = 0; i < srclength; i++) input[i] = *src++; - + output[0] = input[0] >> 2; output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); @@ -187,13 +182,10 @@ b64_ntop(src, srclength, target, targsize) */ int -b64_pton(src, target, targsize) - char const *src; - u_char *target; - size_t targsize; +b64_pton(char const *src, unsigned char *target, size_t targsize) { int tarindex, state, ch; - u_char nextbyte; + unsigned char nextbyte; char *pos; state = 0; @@ -207,7 +199,7 @@ b64_pton(src, target, targsize) break; pos = strchr(Base64, ch); - if (pos == 0) /* A non-base64 character. */ + if (pos == 0) /* A non-base64 character. */ return (-1); switch (state) { diff --git a/apps/nc/compat/sys/socket.h b/apps/nc/compat/sys/socket.h index 13eb380b..2c7ee4fc 100644 --- a/apps/nc/compat/sys/socket.h +++ b/apps/nc/compat/sys/socket.h @@ -6,8 +6,7 @@ #ifndef _WIN32 #include_next -#if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC) -#define NEED_SOCKET_FLAGS +#if defined(NEED_SOCKET_FLAGS) int _socket(int domain, int type, int protocol); #ifndef SOCKET_FLAGS_PRIV #define socket(d, t, p) _socket(d, t, p) diff --git a/apps/nc/nc.1 b/apps/nc/nc.1 index 14733597..0ef318e0 100644 --- a/apps/nc/nc.1 +++ b/apps/nc/nc.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: nc.1,v 1.96 2021/03/31 20:41:35 jmc Exp $ +.\" $OpenBSD: nc.1,v 1.97 2022/09/11 09:58:06 schwarze Exp $ .\" .\" Copyright (c) 1996 David Sacerdote .\" All rights reserved. @@ -25,7 +25,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 31 2021 $ +.Dd $Mdocdate: September 11 2022 $ .Dt NC 1 .Os .Sh NAME @@ -442,13 +442,13 @@ Start by using .Nm to listen on a specific port, with output captured into a file: .Pp -.Dl $ nc -l 1234 \*(Gt filename.out +.Dl $ nc -l 1234 > filename.out .Pp Using a second machine, connect to the listening .Nm process, feeding it the file which is to be transferred: .Pp -.Dl $ nc -N host.example.com 1234 \*(Lt filename.in +.Dl $ nc -N host.example.com 1234 < filename.in .Pp After the file has been transferred, the connection will close automatically. .Sh TALKING TO SERVERS @@ -472,10 +472,10 @@ More complicated examples can be built up when the user knows the format of requests required by the server. As another example, an email may be submitted to an SMTP server using: .Bd -literal -offset indent -$ nc localhost 25 \*(Lt\*(Lt EOF +$ nc localhost 25 << EOF HELO host.example.com -MAIL FROM:\*(Ltuser@host.example.com\*(Gt -RCPT TO:\*(Ltuser2@host.example.com\*(Gt +MAIL FROM: +RCPT TO: DATA Body of email. \&. diff --git a/apps/nc/netcat.c b/apps/nc/netcat.c index 3d62af90..ec6ad0c8 100644 --- a/apps/nc/netcat.c +++ b/apps/nc/netcat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: netcat.c,v 1.218 2021/07/12 15:09:20 beck Exp $ */ +/* $OpenBSD: netcat.c,v 1.219 2022/06/08 20:07:31 tb Exp $ */ /* * Copyright (c) 2001 Eric Jackson * Copyright (c) 2015 Bob Beck. All rights reserved. @@ -678,7 +678,6 @@ main(int argc, char *argv[]) if (uflag) unlink(unix_dg_tmp_socket); return ret; - } else { int i = 0; @@ -735,8 +734,8 @@ main(int argc, char *argv[]) * if we aren't connecting thru a proxy and * there is something to report, print IP */ - if (!nflag && !xflag - && (strcmp(host, ipaddr) != 0)) + if (!nflag && !xflag && + strcmp(host, ipaddr) != 0) fprintf(stderr, " (%s)", ipaddr); fprintf(stderr, " %s port [%s/%s] succeeded!\n", @@ -834,7 +833,7 @@ tls_setup_client(struct tls *tls_ctx, int s, char *host) const char *errstr; if (tls_connect_socket(tls_ctx, s, - tls_expectname ? tls_expectname : host) == -1) { + tls_expectname ? tls_expectname : host) == -1) { errx(1, "tls connection failed (%s)", tls_error(tls_ctx)); } @@ -923,7 +922,6 @@ unix_connect(char *path) return -1; } return s; - } /* @@ -1469,7 +1467,6 @@ atelnet(int nfd, unsigned char *buf, unsigned int size) } } - int strtoport(char *portstr, int udp) { @@ -1571,13 +1568,13 @@ set_common_sockopts(int s, int af) #ifdef TCP_MD5SIG if (Sflag) { if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, - &x, sizeof(x)) == -1) + &x, sizeof(x)) == -1) err(1, NULL); } #endif if (Dflag) { if (setsockopt(s, SOL_SOCKET, SO_DEBUG, - &x, sizeof(x)) == -1) + &x, sizeof(x)) == -1) err(1, NULL); } if (Tflag != -1) { @@ -1737,7 +1734,7 @@ save_peer_cert(struct tls *tls_ctx, FILE *fp) } void -report_tls(struct tls * tls_ctx, char * host) +report_tls(struct tls *tls_ctx, char *host) { time_t t; const char *ocsp_url; @@ -1765,7 +1762,7 @@ report_tls(struct tls * tls_ctx, char * host) switch (tls_peer_ocsp_response_status(tls_ctx)) { case TLS_OCSP_RESPONSE_SUCCESSFUL: fprintf(stderr, "OCSP Stapling: %s\n", - tls_peer_ocsp_result(tls_ctx) == NULL ? "" : + tls_peer_ocsp_result(tls_ctx) == NULL ? "" : tls_peer_ocsp_result(tls_ctx)); fprintf(stderr, " response_status=%d cert_status=%d crl_reason=%d\n", @@ -1775,22 +1772,22 @@ report_tls(struct tls * tls_ctx, char * host) t = tls_peer_ocsp_this_update(tls_ctx); fprintf(stderr, " this update: %s", t != -1 ? ctime(&t) : "\n"); - t = tls_peer_ocsp_next_update(tls_ctx); + t = tls_peer_ocsp_next_update(tls_ctx); fprintf(stderr, " next update: %s", t != -1 ? ctime(&t) : "\n"); - t = tls_peer_ocsp_revocation_time(tls_ctx); + t = tls_peer_ocsp_revocation_time(tls_ctx); fprintf(stderr, " revocation: %s", t != -1 ? ctime(&t) : "\n"); break; case -1: break; default: - fprintf(stderr, "OCSP Stapling: failure - response_status %d (%s)\n", + fprintf(stderr, + "OCSP Stapling: failure - response_status %d (%s)\n", tls_peer_ocsp_response_status(tls_ctx), - tls_peer_ocsp_result(tls_ctx) == NULL ? "" : + tls_peer_ocsp_result(tls_ctx) == NULL ? "" : tls_peer_ocsp_result(tls_ctx)); break; - } } @@ -1813,12 +1810,12 @@ report_sock(const char *msg, const struct sockaddr *sa, socklen_t salen, herr = getnameinfo(sa, salen, host, sizeof(host), port, sizeof(port), flags); switch (herr) { - case 0: - break; - case EAI_SYSTEM: - err(1, "getnameinfo"); - default: - errx(1, "getnameinfo: %s", gai_strerror(herr)); + case 0: + break; + case EAI_SYSTEM: + err(1, "getnameinfo"); + default: + errx(1, "getnameinfo: %s", gai_strerror(herr)); } fprintf(stderr, "%s on %s %s\n", msg, host, port); diff --git a/apps/nc/socks.c b/apps/nc/socks.c index 9766be7d..7c7448c9 100644 --- a/apps/nc/socks.c +++ b/apps/nc/socks.c @@ -1,4 +1,4 @@ -/* $OpenBSD: socks.c,v 1.30 2019/11/04 17:33:28 millert Exp $ */ +/* $OpenBSD: socks.c,v 1.31 2022/06/08 20:20:26 djm Exp $ */ /* * Copyright (c) 1999 Niklas Hallqvist. All rights reserved. @@ -321,7 +321,7 @@ socks_connect(const char *host, const char *port, /* HTTP proxy CONNECT */ /* Disallow bad chars in hostname */ - if (strcspn(host, "\r\n\t []:") != strlen(host)) + if (strcspn(host, "\r\n\t []") != strlen(host)) errx(1, "Invalid hostname"); /* Try to be sane about numeric IPv6 addresses */ diff --git a/apps/ocspcheck/CMakeLists.txt b/apps/ocspcheck/CMakeLists.txt index 43b091a5..2dddb6e2 100644 --- a/apps/ocspcheck/CMakeLists.txt +++ b/apps/ocspcheck/CMakeLists.txt @@ -13,14 +13,6 @@ else() set(OCSPCHECK_SRC ${OCSPCHECK_SRC} compat/memmem.c) endif() -check_function_exists(strtonum HAVE_STRTONUM) -if(HAVE_STRTONUM AND CMAKE_SYSTEM_NAME MATCHES "Darwin" AND - CMAKE_HOST_SYSTEM_VERSION VERSION_GREATER_EQUAL 20) - add_definitions(-DHAVE_STRTONUM) -else() - set(OCSPCHECK_SRC ${OCSPCHECK_SRC} compat/strtonum.c) -endif() - if(NOT "${OPENSSLDIR}" STREQUAL "") add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\") else() @@ -28,6 +20,7 @@ else() endif() add_executable(ocspcheck ${OCSPCHECK_SRC}) +target_include_directories(ocspcheck PUBLIC ../../include) target_include_directories(ocspcheck PRIVATE . ./compat ../../include/compat) target_link_libraries(ocspcheck tls ${OPENSSL_LIBS}) diff --git a/apps/ocspcheck/Makefile.am b/apps/ocspcheck/Makefile.am index 71a73ea4..7c7b4543 100644 --- a/apps/ocspcheck/Makefile.am +++ b/apps/ocspcheck/Makefile.am @@ -22,7 +22,3 @@ noinst_HEADERS = http.h if !HAVE_MEMMEM ocspcheck_SOURCES += compat/memmem.c endif - -if !HAVE_STRTONUM -ocspcheck_SOURCES += compat/strtonum.c -endif diff --git a/apps/ocspcheck/Makefile.in b/apps/ocspcheck/Makefile.in index 35a35327..49474b87 100644 --- a/apps/ocspcheck/Makefile.in +++ b/apps/ocspcheck/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.3 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2020 Free Software Foundation, Inc. +# Copyright (C) 1994-2021 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -92,7 +92,6 @@ host_triplet = @host@ @ENABLE_LIBTLS_ONLY_FALSE@bin_PROGRAMS = ocspcheck$(EXEEXT) @ENABLE_LIBTLS_ONLY_TRUE@noinst_PROGRAMS = ocspcheck$(EXEEXT) @HAVE_MEMMEM_FALSE@am__append_1 = compat/memmem.c -@HAVE_STRTONUM_FALSE@am__append_2 = compat/strtonum.c subdir = apps/ocspcheck ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_add_fortify_source.m4 \ @@ -113,13 +112,11 @@ CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man8dir)" PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) -am__ocspcheck_SOURCES_DIST = http.c ocspcheck.c compat/memmem.c \ - compat/strtonum.c +am__ocspcheck_SOURCES_DIST = http.c ocspcheck.c compat/memmem.c am__dirstamp = $(am__leading_dot)dirstamp @HAVE_MEMMEM_FALSE@am__objects_1 = compat/memmem.$(OBJEXT) -@HAVE_STRTONUM_FALSE@am__objects_2 = compat/strtonum.$(OBJEXT) am_ocspcheck_OBJECTS = http.$(OBJEXT) ocspcheck.$(OBJEXT) \ - $(am__objects_1) $(am__objects_2) + $(am__objects_1) ocspcheck_OBJECTS = $(am_ocspcheck_OBJECTS) am__DEPENDENCIES_1 = ocspcheck_DEPENDENCIES = $(abs_top_builddir)/crypto/libcrypto.la \ @@ -146,7 +143,7 @@ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__maybe_remake_depfiles = depfiles am__depfiles_remade = ./$(DEPDIR)/http.Po ./$(DEPDIR)/ocspcheck.Po \ - compat/$(DEPDIR)/memmem.Po compat/$(DEPDIR)/strtonum.Po + compat/$(DEPDIR)/memmem.Po am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -221,8 +218,6 @@ am__define_uniq_tagged_files = \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \ $(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -242,6 +237,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ @@ -252,6 +249,7 @@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ +ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ @@ -360,7 +358,7 @@ ocspcheck_LDADD = $(abs_top_builddir)/crypto/libcrypto.la \ $(abs_top_builddir)/ssl/libssl.la \ $(abs_top_builddir)/tls/libtls.la $(PLATFORM_LDADD) \ $(PROG_LDADD) -ocspcheck_SOURCES = http.c ocspcheck.c $(am__append_1) $(am__append_2) +ocspcheck_SOURCES = http.c ocspcheck.c $(am__append_1) noinst_HEADERS = http.h all: all-am @@ -462,8 +460,6 @@ compat/$(DEPDIR)/$(am__dirstamp): @: > compat/$(DEPDIR)/$(am__dirstamp) compat/memmem.$(OBJEXT): compat/$(am__dirstamp) \ compat/$(DEPDIR)/$(am__dirstamp) -compat/strtonum.$(OBJEXT): compat/$(am__dirstamp) \ - compat/$(DEPDIR)/$(am__dirstamp) ocspcheck$(EXEEXT): $(ocspcheck_OBJECTS) $(ocspcheck_DEPENDENCIES) $(EXTRA_ocspcheck_DEPENDENCIES) @rm -f ocspcheck$(EXEEXT) @@ -479,7 +475,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/http.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocspcheck.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/memmem.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/strtonum.Po@am__quote@ # am--include-marker $(am__depfiles_remade): @$(MKDIR_P) $(@D) @@ -611,7 +606,6 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am @@ -693,7 +687,6 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/http.Po -rm -f ./$(DEPDIR)/ocspcheck.Po -rm -f compat/$(DEPDIR)/memmem.Po - -rm -f compat/$(DEPDIR)/strtonum.Po -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -742,7 +735,6 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/http.Po -rm -f ./$(DEPDIR)/ocspcheck.Po -rm -f compat/$(DEPDIR)/memmem.Po - -rm -f compat/$(DEPDIR)/strtonum.Po -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic diff --git a/apps/openssl/CMakeLists.txt b/apps/openssl/CMakeLists.txt index c5cfbe23..2a84178f 100644 --- a/apps/openssl/CMakeLists.txt +++ b/apps/openssl/CMakeLists.txt @@ -61,14 +61,6 @@ if(WIN32) set(OPENSSL_SRC ${OPENSSL_SRC} compat/poll_win.c) endif() -check_function_exists(strtonum HAVE_STRTONUM) -if(HAVE_STRTONUM AND CMAKE_SYSTEM_NAME MATCHES "Darwin" AND - CMAKE_HOST_SYSTEM_VERSION VERSION_GREATER_EQUAL 20) - add_definitions(-DHAVE_STRTONUM) -else() - set(OPENSSL_SRC ${OPENSSL_SRC} compat/strtonum.c) -endif() - if(CMAKE_SYSTEM_NAME MATCHES "Darwin") check_function_exists(clock_gettime HAVE_CLOCK_GETTIME) if(NOT HAVE_CLOCK_GETTIME) @@ -77,6 +69,7 @@ if(CMAKE_SYSTEM_NAME MATCHES "Darwin") endif() add_executable(openssl ${OPENSSL_SRC}) +target_include_directories(openssl PUBLIC ../../include) target_include_directories(openssl PRIVATE . ../../include/compat) target_link_libraries(openssl ${OPENSSL_LIBS}) diff --git a/apps/openssl/Makefile.am b/apps/openssl/Makefile.am index b98e08db..7cbac48a 100644 --- a/apps/openssl/Makefile.am +++ b/apps/openssl/Makefile.am @@ -84,10 +84,6 @@ openssl_SOURCES += compat/clock_gettime_osx.c endif endif -if !HAVE_STRTONUM -openssl_SOURCES += compat/strtonum.c -endif - noinst_HEADERS = apps.h noinst_HEADERS += progs.h noinst_HEADERS += s_apps.h diff --git a/apps/openssl/Makefile.in b/apps/openssl/Makefile.in index b99f0f35..caafd0b3 100644 --- a/apps/openssl/Makefile.in +++ b/apps/openssl/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.3 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2020 Free Software Foundation, Inc. +# Copyright (C) 1994-2021 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -97,7 +97,6 @@ host_triplet = @host@ @HOST_WIN_FALSE@am__append_4 = apps_posix.c @HAVE_POLL_FALSE@@HOST_WIN_TRUE@am__append_5 = compat/poll_win.c @HAVE_CLOCK_GETTIME_FALSE@@HOST_DARWIN_TRUE@am__append_6 = compat/clock_gettime_osx.c -@HAVE_STRTONUM_FALSE@am__append_7 = compat/strtonum.c subdir = apps/openssl ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_add_fortify_source.m4 \ @@ -126,7 +125,7 @@ am__openssl_SOURCES_DIST = apps.c asn1pars.c ca.c ciphers.c crl.c \ rsautl.c s_cb.c s_client.c s_server.c s_socket.c s_time.c \ sess_id.c smime.c speed.c spkac.c ts.c verify.c version.c \ x509.c certhash.c certhash_win.c apps_win.c apps_posix.c \ - compat/poll_win.c compat/clock_gettime_osx.c compat/strtonum.c + compat/poll_win.c compat/clock_gettime_osx.c @BUILD_CERTHASH_TRUE@am__objects_1 = certhash.$(OBJEXT) @BUILD_CERTHASH_FALSE@am__objects_2 = certhash_win.$(OBJEXT) @HOST_WIN_TRUE@am__objects_3 = apps_win.$(OBJEXT) @@ -135,7 +134,6 @@ am__dirstamp = $(am__leading_dot)dirstamp @HAVE_POLL_FALSE@@HOST_WIN_TRUE@am__objects_5 = \ @HAVE_POLL_FALSE@@HOST_WIN_TRUE@ compat/poll_win.$(OBJEXT) @HAVE_CLOCK_GETTIME_FALSE@@HOST_DARWIN_TRUE@am__objects_6 = compat/clock_gettime_osx.$(OBJEXT) -@HAVE_STRTONUM_FALSE@am__objects_7 = compat/strtonum.$(OBJEXT) am_openssl_OBJECTS = apps.$(OBJEXT) asn1pars.$(OBJEXT) ca.$(OBJEXT) \ ciphers.$(OBJEXT) crl.$(OBJEXT) crl2p7.$(OBJEXT) cms.$(OBJEXT) \ dgst.$(OBJEXT) dh.$(OBJEXT) dhparam.$(OBJEXT) dsa.$(OBJEXT) \ @@ -152,7 +150,7 @@ am_openssl_OBJECTS = apps.$(OBJEXT) asn1pars.$(OBJEXT) ca.$(OBJEXT) \ speed.$(OBJEXT) spkac.$(OBJEXT) ts.$(OBJEXT) verify.$(OBJEXT) \ version.$(OBJEXT) x509.$(OBJEXT) $(am__objects_1) \ $(am__objects_2) $(am__objects_3) $(am__objects_4) \ - $(am__objects_5) $(am__objects_6) $(am__objects_7) + $(am__objects_5) $(am__objects_6) openssl_OBJECTS = $(am_openssl_OBJECTS) am__DEPENDENCIES_1 = openssl_DEPENDENCIES = $(abs_top_builddir)/ssl/libssl.la \ @@ -200,7 +198,7 @@ am__depfiles_remade = ./$(DEPDIR)/apps.Po ./$(DEPDIR)/apps_posix.Po \ ./$(DEPDIR)/speed.Po ./$(DEPDIR)/spkac.Po ./$(DEPDIR)/ts.Po \ ./$(DEPDIR)/verify.Po ./$(DEPDIR)/version.Po \ ./$(DEPDIR)/x509.Po compat/$(DEPDIR)/clock_gettime_osx.Po \ - compat/$(DEPDIR)/poll_win.Po compat/$(DEPDIR)/strtonum.Po + compat/$(DEPDIR)/poll_win.Po am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -275,8 +273,6 @@ am__define_uniq_tagged_files = \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \ $(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -296,6 +292,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ @@ -306,6 +304,7 @@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ +ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ @@ -420,8 +419,7 @@ openssl_SOURCES = apps.c asn1pars.c ca.c ciphers.c crl.c crl2p7.c \ s_cb.c s_client.c s_server.c s_socket.c s_time.c sess_id.c \ smime.c speed.c spkac.c ts.c verify.c version.c x509.c \ $(am__append_1) $(am__append_2) $(am__append_3) \ - $(am__append_4) $(am__append_5) $(am__append_6) \ - $(am__append_7) + $(am__append_4) $(am__append_5) $(am__append_6) noinst_HEADERS = apps.h progs.h s_apps.h testdsa.h testrsa.h \ timeouts.h EXTRA_DIST = CMakeLists.txt @@ -527,8 +525,6 @@ compat/poll_win.$(OBJEXT): compat/$(am__dirstamp) \ compat/$(DEPDIR)/$(am__dirstamp) compat/clock_gettime_osx.$(OBJEXT): compat/$(am__dirstamp) \ compat/$(DEPDIR)/$(am__dirstamp) -compat/strtonum.$(OBJEXT): compat/$(am__dirstamp) \ - compat/$(DEPDIR)/$(am__dirstamp) openssl$(EXEEXT): $(openssl_OBJECTS) $(openssl_DEPENDENCIES) $(EXTRA_openssl_DEPENDENCIES) @rm -f openssl$(EXEEXT) @@ -595,7 +591,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/clock_gettime_osx.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/poll_win.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/strtonum.Po@am__quote@ # am--include-marker $(am__depfiles_remade): @$(MKDIR_P) $(@D) @@ -727,7 +722,6 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am @@ -860,7 +854,6 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/x509.Po -rm -f compat/$(DEPDIR)/clock_gettime_osx.Po -rm -f compat/$(DEPDIR)/poll_win.Po - -rm -f compat/$(DEPDIR)/strtonum.Po -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -960,7 +953,6 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/x509.Po -rm -f compat/$(DEPDIR)/clock_gettime_osx.Po -rm -f compat/$(DEPDIR)/poll_win.Po - -rm -f compat/$(DEPDIR)/strtonum.Po -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic diff --git a/apps/openssl/apps.c b/apps/openssl/apps.c index 5e4e8d52..fd13371f 100644 --- a/apps/openssl/apps.c +++ b/apps/openssl/apps.c @@ -1,4 +1,4 @@ -/* $OpenBSD: apps.c,v 1.60 2021/03/31 17:13:54 tb Exp $ */ +/* $OpenBSD: apps.c,v 1.62 2022/01/10 12:17:49 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -160,12 +160,6 @@ static int set_table_opts(unsigned long *flags, const char *arg, static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl); -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) -/* Looks like this stuff is worth moving into separate function */ -static EVP_PKEY *load_netscape_key(BIO *err, BIO *key, const char *file, - const char *key_descrip, int format); -#endif - int str2fmt(char *s) { @@ -175,8 +169,6 @@ str2fmt(char *s) return (FORMAT_ASN1); else if ((*s == 'T') || (*s == 't')) return (FORMAT_TEXT); - else if ((*s == 'N') || (*s == 'n')) - return (FORMAT_NETSCAPE); else if ((*s == 'S') || (*s == 's')) return (FORMAT_SMIME); else if ((*s == 'M') || (*s == 'm')) @@ -612,24 +604,7 @@ load_cert(BIO *err, const char *file, int format, const char *pass, if (format == FORMAT_ASN1) x = d2i_X509_bio(cert, NULL); - else if (format == FORMAT_NETSCAPE) { - NETSCAPE_X509 *nx; - nx = ASN1_item_d2i_bio(&NETSCAPE_X509_it, - cert, NULL); - if (nx == NULL) - goto end; - - if ((strncmp(NETSCAPE_CERT_HDR, (char *) nx->header->data, - nx->header->length) != 0)) { - NETSCAPE_X509_free(nx); - BIO_printf(err, - "Error reading header on certificate\n"); - goto end; - } - x = nx->cert; - nx->cert = NULL; - NETSCAPE_X509_free(nx); - } else if (format == FORMAT_PEM) + else if (format == FORMAT_PEM) x = PEM_read_bio_X509_AUX(cert, NULL, password_callback, NULL); else if (format == FORMAT_PKCS12) { if (!load_pkcs12(err, cert, cert_descrip, NULL, NULL, @@ -684,10 +659,6 @@ load_key(BIO *err, const char *file, int format, int maybe_stdin, } else if (format == FORMAT_PEM) { pkey = PEM_read_bio_PrivateKey(key, NULL, password_callback, &cb_data); } -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) - else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC) - pkey = load_netscape_key(err, key, file, key_descrip, format); -#endif else if (format == FORMAT_PKCS12) { if (!load_pkcs12(err, key, key_descrip, password_callback, &cb_data, &pkey, NULL, NULL)) @@ -768,10 +739,6 @@ load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, else if (format == FORMAT_PEM) { pkey = PEM_read_bio_PUBKEY(key, NULL, password_callback, &cb_data); } -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) - else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC) - pkey = load_netscape_key(err, key, file, key_descrip, format); -#endif #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) else if (format == FORMAT_MSBLOB) pkey = b2i_PublicKey_bio(key); @@ -788,51 +755,6 @@ load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, return (pkey); } -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) -static EVP_PKEY * -load_netscape_key(BIO *err, BIO *key, const char *file, - const char *key_descrip, int format) -{ - EVP_PKEY *pkey; - BUF_MEM *buf; - RSA *rsa; - const unsigned char *p; - int size, i; - - buf = BUF_MEM_new(); - pkey = EVP_PKEY_new(); - size = 0; - if (buf == NULL || pkey == NULL) - goto error; - for (;;) { - if (!BUF_MEM_grow_clean(buf, size + 1024 * 10)) - goto error; - i = BIO_read(key, &(buf->data[size]), 1024 * 10); - size += i; - if (i == 0) - break; - if (i < 0) { - BIO_printf(err, "Error reading %s %s", - key_descrip, file); - goto error; - } - } - p = (unsigned char *) buf->data; - rsa = d2i_RSA_NET(NULL, &p, (long) size, NULL, - (format == FORMAT_IISSGC ? 1 : 0)); - if (rsa == NULL) - goto error; - BUF_MEM_free(buf); - EVP_PKEY_set1_RSA(pkey, rsa); - return pkey; - - error: - BUF_MEM_free(buf); - EVP_PKEY_free(pkey); - return NULL; -} -#endif /* ndef OPENSSL_NO_RC4 */ - static int load_certs_crls(BIO *err, const char *file, int format, const char *pass, const char *desc, STACK_OF(X509) **pcerts, @@ -2340,3 +2262,31 @@ show_cipher(const OBJ_NAME *name, void *arg) fprintf(stderr, " -%-24s%s", name->name, (++*n % 3 != 0 ? "" : "\n")); } + +int +pkey_check(BIO *out, EVP_PKEY *pkey, int (check_fn)(EVP_PKEY_CTX *), + const char *desc) +{ + EVP_PKEY_CTX *ctx; + + if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) { + ERR_print_errors(bio_err); + return 0; + } + + if (check_fn(ctx) == 1) { + BIO_printf(out, "%s valid\n", desc); + } else { + unsigned long err; + + BIO_printf(out, "%s invalid\n", desc); + + while ((err = ERR_get_error()) != 0) + BIO_printf(out, "Detailed error: %s\n", + ERR_reason_error_string(err)); + } + + EVP_PKEY_CTX_free(ctx); + + return 1; +} diff --git a/apps/openssl/apps.h b/apps/openssl/apps.h index 0e1c2120..f4fa5361 100644 --- a/apps/openssl/apps.h +++ b/apps/openssl/apps.h @@ -1,4 +1,4 @@ -/* $OpenBSD: apps.h,v 1.28 2021/09/02 11:30:15 inoguchi Exp $ */ +/* $OpenBSD: apps.h,v 1.31 2022/01/10 12:17:49 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -255,14 +255,12 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in); #define FORMAT_ASN1 1 #define FORMAT_TEXT 2 #define FORMAT_PEM 3 -#define FORMAT_NETSCAPE 4 + #define FORMAT_PKCS12 5 #define FORMAT_SMIME 6 -#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid - * adding yet another param to load_*key() */ -#define FORMAT_PEMRSA 9 /* PEM RSAPubicKey format */ -#define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */ +#define FORMAT_PEMRSA 9 /* PEM RSAPublicKey format */ +#define FORMAT_ASN1RSA 10 /* DER RSAPublicKey format */ #define FORMAT_MSBLOB 11 /* MS Key blob format */ #define FORMAT_PVK 12 /* MS PVK file format */ @@ -270,8 +268,6 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in); #define EXT_COPY_ADD 1 #define EXT_COPY_ALL 2 -#define NETSCAPE_CERT_HDR "certificate" - #define APP_PASS_LEN 1024 #define SERIAL_RAND_BITS 64 @@ -330,4 +326,6 @@ int options_parse(int argc, char **argv, const struct option *opts, void show_cipher(const OBJ_NAME *name, void *arg); +int pkey_check(BIO *out, EVP_PKEY *pkey, int (check_fn)(EVP_PKEY_CTX *), + const char *desc); #endif diff --git a/apps/openssl/asn1pars.c b/apps/openssl/asn1pars.c index 18f8a48c..38d12f61 100644 --- a/apps/openssl/asn1pars.c +++ b/apps/openssl/asn1pars.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1pars.c,v 1.10 2019/07/14 03:30:45 guenther Exp $ */ +/* $OpenBSD: asn1pars.c,v 1.11 2022/01/12 22:55:51 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -424,7 +424,7 @@ asn1parse_main(int argc, char **argv) } static int -do_generate(BIO * bio, char *genstr, char *genconf, BUF_MEM * buf) +do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) { CONF *cnf = NULL; int len; diff --git a/apps/openssl/ca.c b/apps/openssl/ca.c index 00dbc5ba..bbc5403e 100644 --- a/apps/openssl/ca.c +++ b/apps/openssl/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.49 2021/09/05 04:05:14 inoguchi Exp $ */ +/* $OpenBSD: ca.c,v 1.53 2022/02/03 17:44:04 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1082,7 +1082,7 @@ ca_main(int argc, char **argv) } if (ca_config.verbose) BIO_printf(bio_err, "message digest is %s\n", - OBJ_nid2ln(dgst->type)); + OBJ_nid2ln(EVP_MD_type(dgst))); if ((ca_config.policy == NULL) && ((ca_config.policy = NCONF_get_string(conf, ca_config.section, ENV_POLICY)) == NULL)) { @@ -1633,12 +1633,11 @@ certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, ok = 0; goto err; } - if ((pktmp = X509_REQ_get_pubkey(req)) == NULL) { + if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) { BIO_printf(bio_err, "error unpacking public key\n"); goto err; } i = X509_REQ_verify(req, pktmp); - EVP_PKEY_free(pktmp); if (i < 0) { ok = 0; BIO_printf(bio_err, "Signature verification problems....\n"); @@ -1688,12 +1687,11 @@ certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, BIO_printf(bio_err, "Check that the request matches the signature\n"); - if ((pktmp = X509_get_pubkey(req)) == NULL) { + if ((pktmp = X509_get0_pubkey(req)) == NULL) { BIO_printf(bio_err, "error unpacking public key\n"); goto err; } i = X509_verify(req, pktmp); - EVP_PKEY_free(pktmp); if (i < 0) { ok = 0; BIO_printf(bio_err, "Signature verification problems....\n"); @@ -1764,7 +1762,6 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, X509_NAME_free(n); goto err; } - req->req_info->enc.modified = 1; X509_NAME_free(n); } if (default_op) @@ -1785,7 +1782,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, if (ca_config.msie_hack) { /* assume all type should be strings */ - nid = OBJ_obj2nid(ne->object); + nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(ne)); if (nid == NID_undef) goto err; @@ -1998,13 +1995,10 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, if (!X509_set_subject_name(ret, subject)) goto err; - pktmp = X509_REQ_get_pubkey(req); - if (pktmp == NULL) + if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) goto err; - i = X509_set_pubkey(ret, pktmp); - EVP_PKEY_free(pktmp); - if (!i) + if (!X509_set_pubkey(ret, pktmp)) goto err; /* Lets add the extensions, if there are any */ @@ -2227,18 +2221,15 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, } } - pktmp = X509_get_pubkey(ret); - if (pktmp == NULL) + if ((pktmp = X509_get0_pubkey(ret)) == NULL) goto err; if (EVP_PKEY_missing_parameters(pktmp) && !EVP_PKEY_missing_parameters(pkey)) { if (!EVP_PKEY_copy_parameters(pktmp, pkey)) { - EVP_PKEY_free(pktmp); goto err; } } - EVP_PKEY_free(pktmp); if (!do_X509_sign(bio_err, ret, pkey, dgst, sigopts)) goto err; @@ -2329,7 +2320,6 @@ certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, X509_REQ *req = NULL; CONF_VALUE *cv = NULL; NETSCAPE_SPKI *spki = NULL; - X509_REQ_INFO *ri; char *type, *buf; EVP_PKEY *pktmp = NULL; X509_NAME *n = NULL; @@ -2371,8 +2361,7 @@ certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, /* * Build up the subject name set. */ - ri = req->req_info; - n = ri->subject; + n = X509_REQ_get_subject_name(req); for (i = 0;; i++) { if (sk_CONF_VALUE_num(sk) <= i) diff --git a/apps/openssl/certhash.c b/apps/openssl/certhash.c index 31c4899f..a4417a2b 100644 --- a/apps/openssl/certhash.c +++ b/apps/openssl/certhash.c @@ -1,4 +1,4 @@ -/* $OpenBSD: certhash.c,v 1.18 2021/08/28 08:16:39 tb Exp $ */ +/* $OpenBSD: certhash.c,v 1.19 2021/10/23 08:13:48 tb Exp $ */ /* * Copyright (c) 2014, 2015 Joel Sing * @@ -490,6 +490,10 @@ certhash_link(struct dirent *dep, struct hashinfo **links) fprintf(stderr, "failed to readlink %s\n", dep->d_name); return (-1); } + if (n >= sizeof(target) - 1) { + fprintf(stderr, "symbolic link is too long %s\n", dep->d_name); + return (-1); + } target[n] = '\0'; hi = hashinfo_from_linkname(dep->d_name, target); diff --git a/apps/openssl/ciphers.c b/apps/openssl/ciphers.c index a20f19c3..583db116 100644 --- a/apps/openssl/ciphers.c +++ b/apps/openssl/ciphers.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ciphers.c,v 1.10 2019/07/14 03:30:45 guenther Exp $ */ +/* $OpenBSD: ciphers.c,v 1.15 2022/07/19 20:15:19 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -26,7 +26,9 @@ struct { int usage; + int use_supported; int verbose; + int version; } ciphers_config; static const struct option ciphers_options[] = { @@ -40,10 +42,39 @@ static const struct option ciphers_options[] = { .type = OPTION_FLAG, .opt.flag = &ciphers_config.usage, }, + { + .name = "s", + .desc = "Only list ciphers that are supported by the TLS method", + .type = OPTION_FLAG, + .opt.flag = &ciphers_config.use_supported, + }, { .name = "tls1", - .desc = "This option is deprecated since it is the default", - .type = OPTION_DISCARD, + .desc = "Use TLS protocol version 1", + .type = OPTION_VALUE, + .opt.value = &ciphers_config.version, + .value = TLS1_VERSION, + }, + { + .name = "tls1_1", + .desc = "Use TLS protocol version 1.1", + .type = OPTION_VALUE, + .opt.value = &ciphers_config.version, + .value = TLS1_1_VERSION, + }, + { + .name = "tls1_2", + .desc = "Use TLS protocol version 1.2", + .type = OPTION_VALUE, + .opt.value = &ciphers_config.version, + .value = TLS1_2_VERSION, + }, + { + .name = "tls1_3", + .desc = "Use TLS protocol version 1.3", + .type = OPTION_VALUE, + .opt.value = &ciphers_config.version, + .value = TLS1_3_VERSION, }, { .name = "v", @@ -65,7 +96,8 @@ static const struct option ciphers_options[] = { static void ciphers_usage(void) { - fprintf(stderr, "usage: ciphers [-hVv] [-tls1] [cipherlist]\n"); + fprintf(stderr, "usage: ciphers [-hsVv] [-tls1] [-tls1_1] [-tls1_2] " + "[-tls1_3] [cipherlist]\n"); options_usage(ciphers_options); } @@ -74,6 +106,7 @@ ciphers_main(int argc, char **argv) { char *cipherlist = NULL; STACK_OF(SSL_CIPHER) *ciphers; + STACK_OF(SSL_CIPHER) *supported_ciphers = NULL; const SSL_CIPHER *cipher; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; @@ -101,9 +134,18 @@ ciphers_main(int argc, char **argv) return (1); } - if ((ssl_ctx = SSL_CTX_new(TLSv1_client_method())) == NULL) + if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) goto err; + if (ciphers_config.version != 0) { + if (!SSL_CTX_set_min_proto_version(ssl_ctx, + ciphers_config.version)) + goto err; + if (!SSL_CTX_set_max_proto_version(ssl_ctx, + ciphers_config.version)) + goto err; + } + if (cipherlist != NULL) { if (SSL_CTX_set_cipher_list(ssl_ctx, cipherlist) == 0) goto err; @@ -112,8 +154,15 @@ ciphers_main(int argc, char **argv) if ((ssl = SSL_new(ssl_ctx)) == NULL) goto err; - if ((ciphers = SSL_get_ciphers(ssl)) == NULL) - goto err; + if (ciphers_config.use_supported) { + if ((supported_ciphers = + SSL_get1_supported_ciphers(ssl)) == NULL) + goto err; + ciphers = supported_ciphers; + } else { + if ((ciphers = SSL_get_ciphers(ssl)) == NULL) + goto err; + } for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { cipher = sk_SSL_CIPHER_value(ciphers, i); @@ -125,7 +174,7 @@ ciphers_main(int argc, char **argv) if (ciphers_config.verbose > 1) { value = SSL_CIPHER_get_value(cipher); fprintf(stdout, "%-*s0x%02X,0x%02X - ", 10, "", - ((value >> 8) & 0xff), (value & 0xff)); + ((value >> 8) & 0xff), (value & 0xff)); } desc = SSL_CIPHER_description(cipher, NULL, 0); if (strcmp(desc, "OPENSSL_malloc Error") == 0) { @@ -145,6 +194,7 @@ ciphers_main(int argc, char **argv) rv = 1; done: + sk_SSL_CIPHER_free(supported_ciphers); SSL_CTX_free(ssl_ctx); SSL_free(ssl); diff --git a/apps/openssl/cms.c b/apps/openssl/cms.c index cad85567..a3004e8a 100644 --- a/apps/openssl/cms.c +++ b/apps/openssl/cms.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms.c,v 1.17 2020/01/04 14:17:55 inoguchi Exp $ */ +/* $OpenBSD: cms.c,v 1.30 2022/03/23 15:16:59 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -105,46 +105,1065 @@ struct cms_key_param { struct cms_key_param *next; }; +static struct { + char *CAfile; + char *CApath; + X509 *cert; + char *certfile; + char *certsoutfile; + const EVP_CIPHER *cipher; + char *contfile; + ASN1_OBJECT *econtent_type; + STACK_OF(X509) *encerts; + int flags; + char *from; + char *infile; + int informat; + struct cms_key_param *key_first; + struct cms_key_param *key_param; + char *keyfile; + int keyform; + int noout; + int operation; + char *outfile; + int outformat; + char *passargin; + int print; + unsigned char *pwri_pass; + int rr_allorfirst; + STACK_OF(OPENSSL_STRING) *rr_from; + int rr_print; + STACK_OF(OPENSSL_STRING) *rr_to; + char *rctfile; + int rctformat; + char *recipfile; + unsigned char *secret_key; + unsigned char *secret_keyid; + size_t secret_keyidlen; + size_t secret_keylen; + const EVP_MD *sign_md; + char *signerfile; + STACK_OF(OPENSSL_STRING) *skkeys; + STACK_OF(OPENSSL_STRING) *sksigners; + char *subject; + char *to; + int verify_retcode; + X509_VERIFY_PARAM *vpm; +} cms_config; + +static const EVP_CIPHER * +get_cipher_by_name(char *name) +{ + if (name == NULL || strcmp(name, "") == 0) + return (NULL); +#ifndef OPENSSL_NO_AES + else if (strcmp(name, "aes128") == 0) + return EVP_aes_128_cbc(); + else if (strcmp(name, "aes192") == 0) + return EVP_aes_192_cbc(); + else if (strcmp(name, "aes256") == 0) + return EVP_aes_256_cbc(); +#endif +#ifndef OPENSSL_NO_CAMELLIA + else if (strcmp(name, "camellia128") == 0) + return EVP_camellia_128_cbc(); + else if (strcmp(name, "camellia192") == 0) + return EVP_camellia_192_cbc(); + else if (strcmp(name, "camellia256") == 0) + return EVP_camellia_256_cbc(); +#endif +#ifndef OPENSSL_NO_DES + else if (strcmp(name, "des") == 0) + return EVP_des_cbc(); + else if (strcmp(name, "des3") == 0) + return EVP_des_ede3_cbc(); +#endif +#ifndef OPENSSL_NO_RC2 + else if (!strcmp(name, "rc2-40")) + return EVP_rc2_40_cbc(); + else if (!strcmp(name, "rc2-64")) + return EVP_rc2_64_cbc(); + else if (!strcmp(name, "rc2-128")) + return EVP_rc2_cbc(); +#endif + else + return (NULL); +} + +static int +cms_opt_cipher(int argc, char **argv, int *argsused) +{ + char *name = argv[0]; + + if (*name++ != '-') + return (1); + + if ((cms_config.cipher = get_cipher_by_name(name)) == NULL) + if ((cms_config.cipher = EVP_get_cipherbyname(name)) == NULL) + return (1); + + *argsused = 1; + return (0); +} + +static int +cms_opt_econtent_type(char *arg) +{ + ASN1_OBJECT_free(cms_config.econtent_type); + + if ((cms_config.econtent_type = OBJ_txt2obj(arg, 0)) == NULL) { + BIO_printf(bio_err, "Invalid OID %s\n", arg); + return (1); + } + return (0); +} + +static int +cms_opt_inkey(char *arg) +{ + if (cms_config.keyfile == NULL) { + cms_config.keyfile = arg; + return (0); + } + + if (cms_config.signerfile == NULL) { + BIO_puts(bio_err, "Illegal -inkey without -signer\n"); + return (1); + } + + if (cms_config.sksigners == NULL) + cms_config.sksigners = sk_OPENSSL_STRING_new_null(); + if (cms_config.sksigners == NULL) + return (1); + if (!sk_OPENSSL_STRING_push(cms_config.sksigners, cms_config.signerfile)) + return (1); + + cms_config.signerfile = NULL; + + if (cms_config.skkeys == NULL) + cms_config.skkeys = sk_OPENSSL_STRING_new_null(); + if (cms_config.skkeys == NULL) + return (1); + if (!sk_OPENSSL_STRING_push(cms_config.skkeys, cms_config.keyfile)) + return (1); + + cms_config.keyfile = arg; + return (0); +} + +static int +cms_opt_keyopt(char *arg) +{ + int keyidx = -1; + + if (cms_config.operation == SMIME_ENCRYPT) { + if (cms_config.encerts != NULL) + keyidx += sk_X509_num(cms_config.encerts); + } else { + if (cms_config.keyfile != NULL || cms_config.signerfile != NULL) + keyidx++; + if (cms_config.skkeys != NULL) + keyidx += sk_OPENSSL_STRING_num(cms_config.skkeys); + } + + if (keyidx < 0) { + BIO_printf(bio_err, "No key specified\n"); + return (1); + } + + if (cms_config.key_param == NULL || + cms_config.key_param->idx != keyidx) { + struct cms_key_param *nparam; + + if ((nparam = calloc(1, sizeof(struct cms_key_param))) == NULL) + return (1); + + nparam->idx = keyidx; + if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL) { + free(nparam); + return (1); + } + + nparam->next = NULL; + if (cms_config.key_first == NULL) + cms_config.key_first = nparam; + else + cms_config.key_param->next = nparam; + + cms_config.key_param = nparam; + } + + if (!sk_OPENSSL_STRING_push(cms_config.key_param->param, arg)) + return (1); + + return (0); +} + +static int +cms_opt_md(char *arg) +{ + if ((cms_config.sign_md = EVP_get_digestbyname(arg)) == NULL) { + BIO_printf(bio_err, "Unknown digest %s\n", arg); + return (1); + } + return (0); +} + +static int +cms_opt_print(void) +{ + cms_config.noout = 1; + cms_config.print = 1; + return (0); +} + +static int +cms_opt_pwri_pass(char *arg) +{ + cms_config.pwri_pass = (unsigned char *)arg; + return (0); +} + +static int +cms_opt_recip(char *arg) +{ + if (cms_config.operation == SMIME_ENCRYPT) { + if (cms_config.encerts == NULL) { + if ((cms_config.encerts = sk_X509_new_null()) == NULL) + return (1); + } + + cms_config.cert = load_cert(bio_err, arg, FORMAT_PEM, + NULL, "recipient certificate file"); + if (cms_config.cert == NULL) + return (1); + + if (!sk_X509_push(cms_config.encerts, cms_config.cert)) + return (1); + + cms_config.cert = NULL; + } else { + cms_config.recipfile = arg; + } + return (0); +} + +static int +cms_opt_receipt_request_from(char *arg) +{ + if (cms_config.rr_from == NULL) + cms_config.rr_from = sk_OPENSSL_STRING_new_null(); + if (cms_config.rr_from == NULL) + return (1); + if (!sk_OPENSSL_STRING_push(cms_config.rr_from, arg)) + return (1); + + return (0); +} + +static int +cms_opt_receipt_request_to(char *arg) +{ + if (cms_config.rr_to == NULL) + cms_config.rr_to = sk_OPENSSL_STRING_new_null(); + if (cms_config.rr_to == NULL) + return (1); + if (!sk_OPENSSL_STRING_push(cms_config.rr_to, arg)) + return (1); + + return (0); +} + +static int +cms_opt_secretkey(char *arg) +{ + long ltmp; + + free(cms_config.secret_key); + + if ((cms_config.secret_key = string_to_hex(arg, <mp)) == NULL) { + BIO_printf(bio_err, "Invalid key %s\n", arg); + return (1); + } + cms_config.secret_keylen = (size_t)ltmp; + return (0); +} + +static int +cms_opt_secretkeyid(char *arg) +{ + long ltmp; + + free(cms_config.secret_keyid); + + if ((cms_config.secret_keyid = string_to_hex(arg, <mp)) == NULL) { + BIO_printf(bio_err, "Invalid id %s\n", arg); + return (1); + } + cms_config.secret_keyidlen = (size_t)ltmp; + return (0); +} + +static int +cms_opt_signer(char *arg) +{ + if (cms_config.signerfile == NULL) { + cms_config.signerfile = arg; + return (0); + } + + if (cms_config.sksigners == NULL) + cms_config.sksigners = sk_OPENSSL_STRING_new_null(); + if (cms_config.sksigners == NULL) + return (1); + if (!sk_OPENSSL_STRING_push(cms_config.sksigners, cms_config.signerfile)) + return (1); + + if (cms_config.keyfile == NULL) + cms_config.keyfile = cms_config.signerfile; + + if (cms_config.skkeys == NULL) + cms_config.skkeys = sk_OPENSSL_STRING_new_null(); + if (cms_config.skkeys == NULL) + return (1); + if (!sk_OPENSSL_STRING_push(cms_config.skkeys, cms_config.keyfile)) + return (1); + + cms_config.keyfile = NULL; + + cms_config.signerfile = arg; + return (0); +} + +static int +cms_opt_verify_param(int argc, char **argv, int *argsused) +{ + int oargc = argc; + int badarg = 0; + + if (!args_verify(&argv, &argc, &badarg, bio_err, &cms_config.vpm)) + return (1); + if (badarg) + return (1); + + *argsused = oargc - argc; + + return (0); +} + +static int +cms_opt_verify_receipt(char *arg) +{ + cms_config.operation = SMIME_VERIFY_RECEIPT; + cms_config.rctfile = arg; + return (0); +} + +static const struct option cms_options[] = { +#ifndef OPENSSL_NO_AES + { + .name = "aes128", + .desc = "Encrypt PEM output with CBC AES", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_cipher, + }, + { + .name = "aes192", + .desc = "Encrypt PEM output with CBC AES", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_cipher, + }, + { + .name = "aes256", + .desc = "Encrypt PEM output with CBC AES", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_cipher, + }, +#endif +#ifndef OPENSSL_NO_CAMELLIA + { + .name = "camellia128", + .desc = "Encrypt PEM output with CBC Camellia", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_cipher, + }, + { + .name = "camellia192", + .desc = "Encrypt PEM output with CBC Camellia", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_cipher, + }, + { + .name = "camellia256", + .desc = "Encrypt PEM output with CBC Camellia", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_cipher, + }, +#endif +#ifndef OPENSSL_NO_DES + { + .name = "des", + .desc = "Encrypt with DES", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_cipher, + }, + { + .name = "des3", + .desc = "Encrypt with triple DES (default)", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_cipher, + }, +#endif +#ifndef OPENSSL_NO_RC2 + { + .name = "rc2-40", + .desc = "Encrypt with RC2-40", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_cipher, + }, + { + .name = "rc2-64", + .desc = "Encrypt with RC2-64", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_cipher, + }, + { + .name = "rc2-128", + .desc = "Encrypt with RC2-128", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_cipher, + }, +#endif + { + .name = "CAfile", + .argname = "file", + .desc = "Certificate Authority file", + .type = OPTION_ARG, + .opt.arg = &cms_config.CAfile, + }, + { + .name = "CApath", + .argname = "path", + .desc = "Certificate Authority path", + .type = OPTION_ARG, + .opt.arg = &cms_config.CApath, + }, + { + .name = "binary", + .desc = "Do not translate message to text", + .type = OPTION_VALUE_OR, + .opt.value = &cms_config.flags, + .value = CMS_BINARY, + }, + { + .name = "certfile", + .argname = "file", + .desc = "Other certificates file", + .type = OPTION_ARG, + .opt.arg = &cms_config.certfile, + }, + { + .name = "certsout", + .argname = "file", + .desc = "Certificate output file", + .type = OPTION_ARG, + .opt.arg = &cms_config.certsoutfile, + }, + { + .name = "cmsout", + .desc = "Output CMS structure", + .type = OPTION_VALUE, + .opt.value = &cms_config.operation, + .value = SMIME_CMSOUT, + }, + { + .name = "compress", + .desc = "Create CMS CompressedData type", + .type = OPTION_VALUE, + .opt.value = &cms_config.operation, + .value = SMIME_COMPRESS, + }, + { + .name = "content", + .argname = "file", + .desc = "Supply or override content for detached signature", + .type = OPTION_ARG, + .opt.arg = &cms_config.contfile, + }, + { + .name = "crlfeol", + .desc = "Use CRLF as EOL termination instead of CR only", + .type = OPTION_VALUE_OR, + .opt.value = &cms_config.flags, + .value = CMS_CRLFEOL, + }, + { + .name = "data_create", + .desc = "Create CMS Data type", + .type = OPTION_VALUE, + .opt.value = &cms_config.operation, + .value = SMIME_DATA_CREATE, + }, + { + .name = "data_out", + .desc = "Output content from the input CMS Data type", + .type = OPTION_VALUE, + .opt.value = &cms_config.operation, + .value = SMIME_DATAOUT, + }, + { + .name = "debug_decrypt", + .desc = "Set the CMS_DEBUG_DECRYPT flag when decrypting", + .type = OPTION_VALUE_OR, + .opt.value = &cms_config.flags, + .value = CMS_DEBUG_DECRYPT, + }, + { + .name = "decrypt", + .desc = "Decrypt encrypted message", + .type = OPTION_VALUE, + .opt.value = &cms_config.operation, + .value = SMIME_DECRYPT, + }, + { + .name = "digest_create", + .desc = "Create CMS DigestedData type", + .type = OPTION_VALUE, + .opt.value = &cms_config.operation, + .value = SMIME_DIGEST_CREATE, + }, + { + .name = "digest_verify", + .desc = "Verify CMS DigestedData type and output the content", + .type = OPTION_VALUE, + .opt.value = &cms_config.operation, + .value = SMIME_DIGEST_VERIFY, + }, + { + .name = "econtent_type", + .argname = "type", + .desc = "Set the encapsulated content type", + .type = OPTION_ARG_FUNC, + .opt.argfunc = cms_opt_econtent_type, + }, + { + .name = "encrypt", + .desc = "Encrypt message", + .type = OPTION_VALUE, + .opt.value = &cms_config.operation, + .value = SMIME_ENCRYPT, + }, + { + .name = "EncryptedData_decrypt", + .desc = "Decrypt CMS EncryptedData", + .type = OPTION_VALUE, + .opt.value = &cms_config.operation, + .value = SMIME_ENCRYPTED_DECRYPT, + }, + { + .name = "EncryptedData_encrypt", + .desc = "Encrypt content using supplied symmetric key and algorithm", + .type = OPTION_VALUE, + .opt.value = &cms_config.operation, + .value = SMIME_ENCRYPTED_ENCRYPT, + }, + { + .name = "from", + .argname = "addr", + .desc = "From address", + .type = OPTION_ARG, + .opt.arg = &cms_config.from, + }, + { + .name = "in", + .argname = "file", + .desc = "Input file", + .type = OPTION_ARG, + .opt.arg = &cms_config.infile, + }, + { + .name = "indef", + .desc = "Same as -stream", + .type = OPTION_VALUE_OR, + .opt.value = &cms_config.flags, + .value = CMS_STREAM, + }, + { + .name = "inform", + .argname = "fmt", + .desc = "Input format (DER, PEM or SMIME (default))", + .type = OPTION_ARG_FORMAT, + .opt.value = &cms_config.informat, + }, + { + .name = "inkey", + .argname = "file", + .desc = "Input key file", + .type = OPTION_ARG_FUNC, + .opt.argfunc = cms_opt_inkey, + }, + { + .name = "keyform", + .argname = "fmt", + .desc = "Input key format (DER or PEM (default))", + .type = OPTION_ARG_FORMAT, + .opt.value = &cms_config.keyform, + }, + { + .name = "keyid", + .desc = "Use subject key identifier", + .type = OPTION_VALUE_OR, + .opt.value = &cms_config.flags, + .value = CMS_USE_KEYID, + }, + { + .name = "keyopt", + .argname = "nm:v", + .desc = "Set public key parameters", + .type = OPTION_ARG_FUNC, + .opt.argfunc = cms_opt_keyopt, + }, + { + .name = "md", + .argname = "digest", + .desc = "Digest to use when signing or resigning", + .type = OPTION_ARG_FUNC, + .opt.argfunc = cms_opt_md, + }, + { + .name = "no_attr_verify", + .desc = "Do not verify the signer's attribute of a signature", + .type = OPTION_VALUE_OR, + .opt.value = &cms_config.flags, + .value = CMS_NO_ATTR_VERIFY, + }, + { + .name = "no_content_verify", + .desc = "Do not verify the content of a signed message", + .type = OPTION_VALUE_OR, + .opt.value = &cms_config.flags, + .value = CMS_NO_CONTENT_VERIFY, + }, + { + .name = "no_signer_cert_verify", + .desc = "Do not verify the signer's certificate", + .type = OPTION_VALUE_OR, + .opt.value = &cms_config.flags, + .value = CMS_NO_SIGNER_CERT_VERIFY, + }, + { + .name = "noattr", + .desc = "Do not include any signed attributes", + .type = OPTION_VALUE_OR, + .opt.value = &cms_config.flags, + .value = CMS_NOATTR, + }, + { + .name = "nocerts", + .desc = "Do not include signer's certificate when signing", + .type = OPTION_VALUE_OR, + .opt.value = &cms_config.flags, + .value = CMS_NOCERTS, + }, + { + .name = "nodetach", + .desc = "Use opaque signing", + .type = OPTION_VALUE_AND, + .opt.value = &cms_config.flags, + .value = ~CMS_DETACHED, + }, + { + .name = "noindef", + .desc = "Disable CMS streaming", + .type = OPTION_VALUE_AND, + .opt.value = &cms_config.flags, + .value = ~CMS_STREAM, + }, + { + .name = "nointern", + .desc = "Do not search certificates in message for signer", + .type = OPTION_VALUE_OR, + .opt.value = &cms_config.flags, + .value = CMS_NOINTERN, + }, + { + .name = "nooldmime", + .desc = "Output old S/MIME content type", + .type = OPTION_VALUE_OR, + .opt.value = &cms_config.flags, + .value = CMS_NOOLDMIMETYPE, + }, + { + .name = "noout", + .desc = "Do not output the parsed CMS structure", + .type = OPTION_FLAG, + .opt.flag = &cms_config.noout, + }, + { + .name = "nosigs", + .desc = "Do not verify message signature", + .type = OPTION_VALUE_OR, + .opt.value = &cms_config.flags, + .value = CMS_NOSIGS, + }, + { + .name = "nosmimecap", + .desc = "Omit the SMIMECapabilities attribute", + .type = OPTION_VALUE_OR, + .opt.value = &cms_config.flags, + .value = CMS_NOSMIMECAP, + }, + { + .name = "noverify", + .desc = "Do not verify signer's certificate", + .type = OPTION_VALUE_OR, + .opt.value = &cms_config.flags, + .value = CMS_NO_SIGNER_CERT_VERIFY, + }, + { + .name = "out", + .argname = "file", + .desc = "Output file", + .type = OPTION_ARG, + .opt.arg = &cms_config.outfile, + }, + { + .name = "outform", + .argname = "fmt", + .desc = "Output format (DER, PEM or SMIME (default))", + .type = OPTION_ARG_FORMAT, + .opt.value = &cms_config.outformat, + }, + { + .name = "passin", + .argname = "src", + .desc = "Private key password source", + .type = OPTION_ARG, + .opt.arg = &cms_config.passargin, + }, + { + .name = "print", + .desc = "Print out all fields of the CMS structure for the -cmsout", + .type = OPTION_FUNC, + .opt.func = cms_opt_print, + }, + { + .name = "pwri_password", + .argname = "arg", + .desc = "Specify PasswordRecipientInfo (PWRI) password to use", + .type = OPTION_ARG_FUNC, + .opt.argfunc = cms_opt_pwri_pass, + }, + { + .name = "rctform", + .argname = "fmt", + .desc = "Receipt file format (DER, PEM or SMIME (default))", + .type = OPTION_ARG_FORMAT, + .opt.value = &cms_config.rctformat, + }, + { + .name = "receipt_request_all", + .desc = "Indicate requests should be provided by all recipients", + .type = OPTION_VALUE, + .opt.value = &cms_config.rr_allorfirst, + .value = 0, + }, + { + .name = "receipt_request_first", + .desc = "Indicate requests should be provided by first tier recipient", + .type = OPTION_VALUE, + .opt.value = &cms_config.rr_allorfirst, + .value = 1, + }, + { + .name = "receipt_request_from", + .argname = "addr", + .desc = "Add explicit email address where receipts should be supplied", + .type = OPTION_ARG_FUNC, + .opt.argfunc = cms_opt_receipt_request_from, + }, + { + .name = "receipt_request_print", + .desc = "Print out the contents of any signed receipt requests", + .type = OPTION_FLAG, + .opt.flag = &cms_config.rr_print, + }, + { + .name = "receipt_request_to", + .argname = "addr", + .desc = "Add explicit email address where receipts should be sent to", + .type = OPTION_ARG_FUNC, + .opt.argfunc = cms_opt_receipt_request_to, + }, + { + .name = "recip", + .argname = "file", + .desc = "Recipient certificate file for decryption", + .type = OPTION_ARG_FUNC, + .opt.argfunc = cms_opt_recip, + }, + { + .name = "resign", + .desc = "Resign a signed message", + .type = OPTION_VALUE, + .opt.value = &cms_config.operation, + .value = SMIME_RESIGN, + }, + { + .name = "secretkey", + .argname = "key", + .desc = "Specify symmetric key to use", + .type = OPTION_ARG_FUNC, + .opt.argfunc = cms_opt_secretkey, + }, + { + .name = "secretkeyid", + .argname = "id", + .desc = "The key identifier for the supplied symmetric key", + .type = OPTION_ARG_FUNC, + .opt.argfunc = cms_opt_secretkeyid, + }, + { + .name = "sign", + .desc = "Sign message", + .type = OPTION_VALUE, + .opt.value = &cms_config.operation, + .value = SMIME_SIGN, + }, + { + .name = "sign_receipt", + .desc = "Generate a signed receipt for the message", + .type = OPTION_VALUE, + .opt.value = &cms_config.operation, + .value = SMIME_SIGN_RECEIPT, + }, + { + .name = "signer", + .argname = "file", + .desc = "Signer certificate file", + .type = OPTION_ARG_FUNC, + .opt.argfunc = cms_opt_signer, + }, + { + .name = "stream", + .desc = "Enable CMS streaming", + .type = OPTION_VALUE_OR, + .opt.value = &cms_config.flags, + .value = CMS_STREAM, + }, + { + .name = "subject", + .argname = "s", + .desc = "Subject", + .type = OPTION_ARG, + .opt.arg = &cms_config.subject, + }, + { + .name = "text", + .desc = "Include or delete text MIME headers", + .type = OPTION_VALUE_OR, + .opt.value = &cms_config.flags, + .value = CMS_TEXT, + }, + { + .name = "to", + .argname = "addr", + .desc = "To address", + .type = OPTION_ARG, + .opt.arg = &cms_config.to, + }, + { + .name = "uncompress", + .desc = "Uncompress CMS CompressedData type", + .type = OPTION_VALUE, + .opt.value = &cms_config.operation, + .value = SMIME_UNCOMPRESS, + }, + { + .name = "verify", + .desc = "Verify signed message", + .type = OPTION_VALUE, + .opt.value = &cms_config.operation, + .value = SMIME_VERIFY, + }, + { + .name = "verify_receipt", + .argname = "file", + .desc = "Verify a signed receipt in file", + .type = OPTION_ARG_FUNC, + .opt.argfunc = cms_opt_verify_receipt, + }, + { + .name = "verify_retcode", + .desc = "Set verification error code to exit code", + .type = OPTION_FLAG, + .opt.flag = &cms_config.verify_retcode, + }, + { + .name = "check_ss_sig", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_verify_param, + }, + { + .name = "crl_check", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_verify_param, + }, + { + .name = "crl_check_all", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_verify_param, + }, + { + .name = "extended_crl", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_verify_param, + }, + { + .name = "ignore_critical", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_verify_param, + }, + { + .name = "issuer_checks", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_verify_param, + }, + { + .name = "policy", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_verify_param, + }, + { + .name = "policy_check", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_verify_param, + }, + { + .name = "purpose", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_verify_param, + }, + { + .name = "x509_strict", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_verify_param, + }, + { + .name = NULL, + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = cms_opt_cipher, + }, + { NULL }, +}; + +static const struct option verify_shared_options[] = { + { + .name = "check_ss_sig", + .desc = "Check the root CA self-signed certificate signature", + }, + { + .name = "crl_check", + .desc = "Enable CRL checking for the leaf certificate", + }, + { + .name = "crl_check_all", + .desc = "Enable CRL checking for the entire certificate chain", + }, + { + .name = "extended_crl", + .desc = "Enable extended CRL support", + }, + { + .name = "ignore_critical", + .desc = "Disable critical extension checking", + }, + { + .name = "issuer_checks", + .desc = "Enable debugging of certificate issuer checks", + }, + { + .name = "policy", + .argname = "name", + .desc = "Add given policy to the acceptable set", + }, + { + .name = "policy_check", + .desc = "Enable certificate policy checking", + }, + { + .name = "purpose", + .argname = "name", + .desc = "Verify for the given purpose", + }, + { + .name = "x509_strict", + .desc = "Use strict X.509 rules (disables workarounds)", + }, + { NULL }, +}; + +static void +cms_usage(void) +{ + int i; + + fprintf(stderr, "usage: cms " + "[-aes128 | -aes192 | -aes256 | -camellia128 |\n" + " -camellia192 | -camellia256 | -des | -des3 |\n" + " -rc2-40 | -rc2-64 | -rc2-128] [-CAfile file]\n" + " [-CApath directory] [-binary] [-certfile file]\n" + " [-certsout file] [-cmsout] [-compress] [-content file]\n" + " [-crlfeol] [-data_create] [-data_out] [-debug_decrypt]\n" + " [-decrypt] [-digest_create] [-digest_verify]\n" + " [-econtent_type type] [-encrypt] [-EncryptedData_decrypt]\n" + " [-EncryptedData_encrypt] [-from addr] [-in file]\n" + " [-inform der | pem | smime] [-inkey file]\n" + " [-keyform der | pem] [-keyid] [-keyopt nm:v] [-md digest]\n" + " [-no_attr_verify] [-no_content_verify]\n" + " [-no_signer_cert_verify] [-noattr] [-nocerts] [-nodetach]\n" + " [-nointern] [-nooldmime] [-noout] [-nosigs] [-nosmimecap]\n" + " [-noverify] [-out file] [-outform der | pem | smime]\n" + " [-passin src] [-print] [-pwri_password arg]\n" + " [-rctform der | pem | smime]\n" + " [-receipt_request_all | -receipt_request_first]\n" + " [-receipt_request_from addr] [-receipt_request_print]\n" + " [-receipt_request_to addr] [-recip file] [-resign]\n" + " [-secretkey key] [-secretkeyid id] [-sign] [-sign_receipt]\n" + " [-signer file] [-stream | -indef | -noindef] [-subject s]\n" + " [-text] [-to addr] [-uncompress] [-verify]\n" + " [-verify_receipt file] [-verify_retcode] [cert.pem ...]\n\n"); + + options_usage(cms_options); + + fprintf(stderr, "\nVerification options:\n\n"); + options_usage(verify_shared_options); + + fprintf(stderr, "\nValid purposes:\n\n"); + for (i = 0; i < X509_PURPOSE_get_count(); i++) { + X509_PURPOSE *ptmp = X509_PURPOSE_get0(i); + fprintf(stderr, " %-18s%s\n", X509_PURPOSE_get0_sname(ptmp), + X509_PURPOSE_get0_name(ptmp)); + } +} + int cms_main(int argc, char **argv) { - int operation = 0; int ret = 0; char **args; + int argsused = 0; const char *inmode = "r", *outmode = "w"; - char *infile = NULL, *outfile = NULL, *rctfile = NULL; - char *signerfile = NULL, *recipfile = NULL; - STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; - char *certfile = NULL, *keyfile = NULL, *contfile = NULL; - char *certsoutfile = NULL; - const EVP_CIPHER *cipher = NULL; CMS_ContentInfo *cms = NULL, *rcms = NULL; X509_STORE *store = NULL; - X509 *cert = NULL, *recip = NULL, *signer = NULL; + X509 *recip = NULL, *signer = NULL; EVP_PKEY *key = NULL; - STACK_OF(X509) *encerts = NULL, *other = NULL; + STACK_OF(X509) *other = NULL; BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL; int badarg = 0; - int flags = CMS_DETACHED, noout = 0, print = 0; - int verify_retcode = 0; - int rr_print = 0, rr_allorfirst = -1; - STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL; CMS_ReceiptRequest *rr = NULL; - char *to = NULL, *from = NULL, *subject = NULL; - char *CAfile = NULL, *CApath = NULL; - char *passargin = NULL, *passin = NULL; - const EVP_MD *sign_md = NULL; - int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; - int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM; - unsigned char *secret_key = NULL, *secret_keyid = NULL; - unsigned char *pwri_pass = NULL, *pwri_tmp = NULL; - size_t secret_keylen = 0, secret_keyidlen = 0; - - struct cms_key_param *key_first = NULL, *key_param = NULL; - - ASN1_OBJECT *econtent_type = NULL; - - X509_VERIFY_PARAM *vpm = NULL; + char *passin = NULL; + unsigned char *pwri_tmp = NULL; if (single_execution) { if (pledge("stdio rpath wpath cpath tty", NULL) == -1) { @@ -153,660 +1172,310 @@ cms_main(int argc, char **argv) } } - args = argv + 1; - ret = 1; - - while (!badarg && *args && *args[0] == '-') { - if (!strcmp(*args, "-encrypt")) - operation = SMIME_ENCRYPT; - else if (!strcmp(*args, "-decrypt")) - operation = SMIME_DECRYPT; - else if (!strcmp(*args, "-sign")) - operation = SMIME_SIGN; - else if (!strcmp(*args, "-sign_receipt")) - operation = SMIME_SIGN_RECEIPT; - else if (!strcmp(*args, "-resign")) - operation = SMIME_RESIGN; - else if (!strcmp(*args, "-verify")) - operation = SMIME_VERIFY; - else if (!strcmp(*args, "-verify_retcode")) - verify_retcode = 1; - else if (!strcmp(*args, "-verify_receipt")) { - operation = SMIME_VERIFY_RECEIPT; - if (!args[1]) - goto argerr; - args++; - rctfile = *args; - } else if (!strcmp(*args, "-cmsout")) - operation = SMIME_CMSOUT; - else if (!strcmp(*args, "-data_out")) - operation = SMIME_DATAOUT; - else if (!strcmp(*args, "-data_create")) - operation = SMIME_DATA_CREATE; - else if (!strcmp(*args, "-digest_verify")) - operation = SMIME_DIGEST_VERIFY; - else if (!strcmp(*args, "-digest_create")) - operation = SMIME_DIGEST_CREATE; - else if (!strcmp(*args, "-compress")) - operation = SMIME_COMPRESS; - else if (!strcmp(*args, "-uncompress")) - operation = SMIME_UNCOMPRESS; - else if (!strcmp(*args, "-EncryptedData_decrypt")) - operation = SMIME_ENCRYPTED_DECRYPT; - else if (!strcmp(*args, "-EncryptedData_encrypt")) - operation = SMIME_ENCRYPTED_ENCRYPT; -#ifndef OPENSSL_NO_DES - else if (!strcmp(*args, "-des3")) - cipher = EVP_des_ede3_cbc(); - else if (!strcmp(*args, "-des")) - cipher = EVP_des_cbc(); -#endif -#ifndef OPENSSL_NO_RC2 - else if (!strcmp(*args, "-rc2-40")) - cipher = EVP_rc2_40_cbc(); - else if (!strcmp(*args, "-rc2-128")) - cipher = EVP_rc2_cbc(); - else if (!strcmp(*args, "-rc2-64")) - cipher = EVP_rc2_64_cbc(); -#endif -#ifndef OPENSSL_NO_AES - else if (!strcmp(*args, "-aes128")) - cipher = EVP_aes_128_cbc(); - else if (!strcmp(*args, "-aes192")) - cipher = EVP_aes_192_cbc(); - else if (!strcmp(*args, "-aes256")) - cipher = EVP_aes_256_cbc(); -#endif -#ifndef OPENSSL_NO_CAMELLIA - else if (!strcmp(*args, "-camellia128")) - cipher = EVP_camellia_128_cbc(); - else if (!strcmp(*args, "-camellia192")) - cipher = EVP_camellia_192_cbc(); - else if (!strcmp(*args, "-camellia256")) - cipher = EVP_camellia_256_cbc(); -#endif - else if (!strcmp(*args, "-debug_decrypt")) - flags |= CMS_DEBUG_DECRYPT; - else if (!strcmp(*args, "-text")) - flags |= CMS_TEXT; - else if (!strcmp(*args, "-nointern")) - flags |= CMS_NOINTERN; - else if (!strcmp(*args, "-noverify") || - !strcmp(*args, "-no_signer_cert_verify")) - flags |= CMS_NO_SIGNER_CERT_VERIFY; - else if (!strcmp(*args, "-nocerts")) - flags |= CMS_NOCERTS; - else if (!strcmp(*args, "-noattr")) - flags |= CMS_NOATTR; - else if (!strcmp(*args, "-nodetach")) - flags &= ~CMS_DETACHED; - else if (!strcmp(*args, "-nosmimecap")) - flags |= CMS_NOSMIMECAP; - else if (!strcmp(*args, "-binary")) - flags |= CMS_BINARY; - else if (!strcmp(*args, "-keyid")) - flags |= CMS_USE_KEYID; - else if (!strcmp(*args, "-nosigs")) - flags |= CMS_NOSIGS; - else if (!strcmp(*args, "-no_content_verify")) - flags |= CMS_NO_CONTENT_VERIFY; - else if (!strcmp(*args, "-no_attr_verify")) - flags |= CMS_NO_ATTR_VERIFY; - else if (!strcmp(*args, "-stream")) - flags |= CMS_STREAM; - else if (!strcmp(*args, "-indef")) - flags |= CMS_STREAM; - else if (!strcmp(*args, "-noindef")) - flags &= ~CMS_STREAM; - else if (!strcmp(*args, "-nooldmime")) - flags |= CMS_NOOLDMIMETYPE; - else if (!strcmp(*args, "-crlfeol")) - flags |= CMS_CRLFEOL; - else if (!strcmp(*args, "-noout")) - noout = 1; - else if (!strcmp(*args, "-receipt_request_print")) - rr_print = 1; - else if (!strcmp(*args, "-receipt_request_all")) - rr_allorfirst = 0; - else if (!strcmp(*args, "-receipt_request_first")) - rr_allorfirst = 1; - else if (!strcmp(*args, "-receipt_request_from")) { - if (!args[1]) - goto argerr; - args++; - if (rr_from == NULL && - (rr_from = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - if (!sk_OPENSSL_STRING_push(rr_from, *args)) - goto end; - } else if (!strcmp(*args, "-receipt_request_to")) { - if (!args[1]) - goto argerr; - args++; - if (rr_to == NULL && - (rr_to = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - if (!sk_OPENSSL_STRING_push(rr_to, *args)) - goto end; - } else if (!strcmp(*args, "-print")) { - noout = 1; - print = 1; - } else if (!strcmp(*args, "-secretkey")) { - long ltmp; - if (!args[1]) - goto argerr; - args++; - secret_key = string_to_hex(*args, <mp); - if (!secret_key) { - BIO_printf(bio_err, "Invalid key %s\n", *args); - goto argerr; - } - secret_keylen = (size_t) ltmp; - } else if (!strcmp(*args, "-secretkeyid")) { - long ltmp; - if (!args[1]) - goto argerr; - args++; - secret_keyid = string_to_hex(*args, <mp); - if (!secret_keyid) { - BIO_printf(bio_err, "Invalid id %s\n", *args); - goto argerr; - } - secret_keyidlen = (size_t) ltmp; - } else if (!strcmp(*args, "-pwri_password")) { - if (!args[1]) - goto argerr; - args++; - pwri_pass = (unsigned char *) *args; - } else if (!strcmp(*args, "-econtent_type")) { - if (!args[1]) - goto argerr; - args++; - econtent_type = OBJ_txt2obj(*args, 0); - if (!econtent_type) { - BIO_printf(bio_err, "Invalid OID %s\n", *args); - goto argerr; - } - } - else if (!strcmp(*args, "-passin")) { - if (!args[1]) - goto argerr; - passargin = *++args; - } else if (!strcmp(*args, "-to")) { - if (!args[1]) - goto argerr; - to = *++args; - } else if (!strcmp(*args, "-from")) { - if (!args[1]) - goto argerr; - from = *++args; - } else if (!strcmp(*args, "-subject")) { - if (!args[1]) - goto argerr; - subject = *++args; - } else if (!strcmp(*args, "-signer")) { - if (!args[1]) - goto argerr; - /* If previous -signer argument add signer to list */ - - if (signerfile) { - if (sksigners == NULL && - (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - if (!sk_OPENSSL_STRING_push(sksigners, signerfile)) - goto end; - if (!keyfile) - keyfile = signerfile; - if (skkeys == NULL && - (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - if (!sk_OPENSSL_STRING_push(skkeys, keyfile)) - goto end; - keyfile = NULL; - } - signerfile = *++args; - } else if (!strcmp(*args, "-recip")) { - if (!args[1]) - goto argerr; - if (operation == SMIME_ENCRYPT) { - if (encerts == NULL && - (encerts = sk_X509_new_null()) == NULL) - goto end; - cert = load_cert(bio_err, *++args, FORMAT_PEM, - NULL, "recipient certificate file"); - if (cert == NULL) - goto end; - if (!sk_X509_push(encerts, cert)) - goto end; - cert = NULL; - } else { - recipfile = *++args; - } - } else if (!strcmp(*args, "-certsout")) { - if (!args[1]) - goto argerr; - certsoutfile = *++args; - } else if (!strcmp(*args, "-md")) { - if (!args[1]) - goto argerr; - sign_md = EVP_get_digestbyname(*++args); - if (sign_md == NULL) { - BIO_printf(bio_err, "Unknown digest %s\n", - *args); - goto argerr; - } - } else if (!strcmp(*args, "-inkey")) { - if (!args[1]) - goto argerr; - /* If previous -inkey arument add signer to list */ - if (keyfile) { - if (!signerfile) { - BIO_puts(bio_err, - "Illegal -inkey without -signer\n"); - goto argerr; - } - if (sksigners == NULL && - (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - if (!sk_OPENSSL_STRING_push(sksigners, signerfile)) - goto end; - signerfile = NULL; - if (skkeys == NULL && - (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - if (!sk_OPENSSL_STRING_push(skkeys, keyfile)) - goto end; - } - keyfile = *++args; - } else if (!strcmp(*args, "-keyform")) { - if (!args[1]) - goto argerr; - keyform = str2fmt(*++args); - } else if (!strcmp (*args, "-keyopt")) { - int keyidx = -1; - if (!args[1]) - goto argerr; - if (operation == SMIME_ENCRYPT) { - if (encerts != NULL) - keyidx += sk_X509_num(encerts); - } else { - if (keyfile != NULL || signerfile != NULL) - keyidx++; - if (skkeys != NULL) - keyidx += sk_OPENSSL_STRING_num(skkeys); - } - if (keyidx < 0) { - BIO_printf(bio_err, "No key specified\n"); - goto argerr; - } - if (key_param == NULL || key_param->idx != keyidx) { - struct cms_key_param *nparam; - if ((nparam = malloc(sizeof(struct cms_key_param))) == NULL) - goto end; - nparam->idx = keyidx; - if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - nparam->next = NULL; - if (key_first == NULL) - key_first = nparam; - else - key_param->next = nparam; - key_param = nparam; - } - if (!sk_OPENSSL_STRING_push(key_param->param, *++args)) - goto end; - } else if (!strcmp(*args, "-rctform")) { - if (!args[1]) - goto argerr; - rctformat = str2fmt(*++args); - } else if (!strcmp(*args, "-certfile")) { - if (!args[1]) - goto argerr; - certfile = *++args; - } else if (!strcmp(*args, "-CAfile")) { - if (!args[1]) - goto argerr; - CAfile = *++args; - } else if (!strcmp(*args, "-CApath")) { - if (!args[1]) - goto argerr; - CApath = *++args; - } else if (!strcmp(*args, "-in")) { - if (!args[1]) - goto argerr; - infile = *++args; - } else if (!strcmp(*args, "-inform")) { - if (!args[1]) - goto argerr; - informat = str2fmt(*++args); - } else if (!strcmp(*args, "-outform")) { - if (!args[1]) - goto argerr; - outformat = str2fmt(*++args); - } else if (!strcmp(*args, "-out")) { - if (!args[1]) - goto argerr; - outfile = *++args; - } else if (!strcmp(*args, "-content")) { - if (!args[1]) - goto argerr; - contfile = *++args; - } else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) - continue; - else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL) - badarg = 1; - args++; + memset(&cms_config, 0, sizeof(cms_config)); + cms_config.flags = CMS_DETACHED; + cms_config.rr_allorfirst = -1; + cms_config.informat = FORMAT_SMIME; + cms_config.outformat = FORMAT_SMIME; + cms_config.rctformat = FORMAT_SMIME; + cms_config.keyform = FORMAT_PEM; + if (options_parse(argc, argv, cms_options, NULL, &argsused) != 0) { + goto argerr; } + args = argv + argsused; + ret = 1; - if (((rr_allorfirst != -1) || rr_from) && !rr_to) { + if (((cms_config.rr_allorfirst != -1) || cms_config.rr_from != NULL) && + cms_config.rr_to == NULL) { BIO_puts(bio_err, "No Signed Receipts Recipients\n"); goto argerr; } - if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) { + if (!(cms_config.operation & SMIME_SIGNERS) && + (cms_config.rr_to != NULL || cms_config.rr_from != NULL)) { BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); goto argerr; } - if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) { + if (!(cms_config.operation & SMIME_SIGNERS) && + (cms_config.skkeys != NULL || cms_config.sksigners != NULL)) { BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); goto argerr; } - if (operation & SMIME_SIGNERS) { - if (keyfile && !signerfile) { + if (cms_config.operation & SMIME_SIGNERS) { + if (cms_config.keyfile != NULL && + cms_config.signerfile == NULL) { BIO_puts(bio_err, "Illegal -inkey without -signer\n"); goto argerr; } /* Check to see if any final signer needs to be appended */ - if (signerfile) { - if (sksigners == NULL && - (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) + if (cms_config.signerfile != NULL) { + if (cms_config.sksigners == NULL && + (cms_config.sksigners = + sk_OPENSSL_STRING_new_null()) == NULL) goto end; - if (!sk_OPENSSL_STRING_push(sksigners, signerfile)) + if (!sk_OPENSSL_STRING_push(cms_config.sksigners, + cms_config.signerfile)) goto end; - if (skkeys == NULL && - (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) + if (cms_config.skkeys == NULL && + (cms_config.skkeys = + sk_OPENSSL_STRING_new_null()) == NULL) goto end; - if (!keyfile) - keyfile = signerfile; - if (!sk_OPENSSL_STRING_push(skkeys, keyfile)) + if (cms_config.keyfile == NULL) + cms_config.keyfile = cms_config.signerfile; + if (!sk_OPENSSL_STRING_push(cms_config.skkeys, + cms_config.keyfile)) goto end; } - if (!sksigners) { + if (cms_config.sksigners == NULL) { BIO_printf(bio_err, "No signer certificate specified\n"); badarg = 1; } - signerfile = NULL; - keyfile = NULL; - } else if (operation == SMIME_DECRYPT) { - if (!recipfile && !keyfile && !secret_key && !pwri_pass) { + cms_config.signerfile = NULL; + cms_config.keyfile = NULL; + } else if (cms_config.operation == SMIME_DECRYPT) { + if (cms_config.recipfile == NULL && + cms_config.keyfile == NULL && + cms_config.secret_key == NULL && + cms_config.pwri_pass == NULL) { BIO_printf(bio_err, "No recipient certificate or key specified\n"); badarg = 1; } - } else if (operation == SMIME_ENCRYPT) { - if (!*args && !secret_key && !pwri_pass && !encerts) { + } else if (cms_config.operation == SMIME_ENCRYPT) { + if (*args == NULL && cms_config.secret_key == NULL && + cms_config.pwri_pass == NULL && + cms_config.encerts == NULL) { BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); badarg = 1; } - } else if (!operation) + } else if (!cms_config.operation) { badarg = 1; + } if (badarg) { argerr: - BIO_printf(bio_err, "Usage cms [options] cert.pem ...\n"); - BIO_printf(bio_err, "where options are\n"); - BIO_printf(bio_err, "-encrypt encrypt message\n"); - BIO_printf(bio_err, "-decrypt decrypt encrypted message\n"); - BIO_printf(bio_err, "-sign sign message\n"); - BIO_printf(bio_err, "-verify verify signed message\n"); - BIO_printf(bio_err, "-cmsout output CMS structure\n"); -#ifndef OPENSSL_NO_DES - BIO_printf(bio_err, "-des3 encrypt with triple DES\n"); - BIO_printf(bio_err, "-des encrypt with DES\n"); -#endif -#ifndef OPENSSL_NO_RC2 - BIO_printf(bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); - BIO_printf(bio_err, "-rc2-64 encrypt with RC2-64\n"); - BIO_printf(bio_err, "-rc2-128 encrypt with RC2-128\n"); -#endif -#ifndef OPENSSL_NO_AES - BIO_printf(bio_err, "-aes128, -aes192, -aes256\n"); - BIO_printf(bio_err, " encrypt PEM output with cbc aes\n"); -#endif -#ifndef OPENSSL_NO_CAMELLIA - BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n"); - BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n"); -#endif - BIO_printf(bio_err, "-nointern don't search certificates in message for signer\n"); - BIO_printf(bio_err, "-nosigs don't verify message signature\n"); - BIO_printf(bio_err, "-noverify don't verify signers certificate\n"); - BIO_printf(bio_err, "-nocerts don't include signers certificate when signing\n"); - BIO_printf(bio_err, "-nodetach use opaque signing\n"); - BIO_printf(bio_err, "-noattr don't include any signed attributes\n"); - BIO_printf(bio_err, "-binary don't translate message to text\n"); - BIO_printf(bio_err, "-certfile file other certificates file\n"); - BIO_printf(bio_err, "-certsout file certificate output file\n"); - BIO_printf(bio_err, "-signer file signer certificate file\n"); - BIO_printf(bio_err, "-recip file recipient certificate file for decryption\n"); - BIO_printf(bio_err, "-keyid use subject key identifier\n"); - BIO_printf(bio_err, "-in file input file\n"); - BIO_printf(bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); - BIO_printf(bio_err, "-inkey file input private key (if not signer or recipient)\n"); - BIO_printf(bio_err, "-keyform arg input private key format (PEM)\n"); - BIO_printf(bio_err, "-keyopt nm:v set public key parameters\n"); - BIO_printf(bio_err, "-out file output file\n"); - BIO_printf(bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); - BIO_printf(bio_err, "-content file supply or override content for detached signature\n"); - BIO_printf(bio_err, "-to addr to address\n"); - BIO_printf(bio_err, "-from ad from address\n"); - BIO_printf(bio_err, "-subject s subject\n"); - BIO_printf(bio_err, "-text include or delete text MIME headers\n"); - BIO_printf(bio_err, "-CApath dir trusted certificates directory\n"); - BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); - BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); - BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); - BIO_printf(bio_err, "-passin arg input file pass phrase source\n"); - BIO_printf(bio_err, "cert.pem recipient certificate(s) for encryption\n"); + cms_usage(); goto end; } - if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { + if (!app_passwd(bio_err, cms_config.passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } ret = 2; - if (!(operation & SMIME_SIGNERS)) - flags &= ~CMS_DETACHED; + if (!(cms_config.operation & SMIME_SIGNERS)) + cms_config.flags &= ~CMS_DETACHED; - if (operation & SMIME_OP) { - if (outformat == FORMAT_ASN1) + if (cms_config.operation & SMIME_OP) { + if (cms_config.outformat == FORMAT_ASN1) outmode = "wb"; } else { - if (flags & CMS_BINARY) + if (cms_config.flags & CMS_BINARY) outmode = "wb"; } - if (operation & SMIME_IP) { - if (informat == FORMAT_ASN1) + if (cms_config.operation & SMIME_IP) { + if (cms_config.informat == FORMAT_ASN1) inmode = "rb"; } else { - if (flags & CMS_BINARY) + if (cms_config.flags & CMS_BINARY) inmode = "rb"; } - if (operation == SMIME_ENCRYPT) { - if (!cipher) { + if (cms_config.operation == SMIME_ENCRYPT) { + if (cms_config.cipher == NULL) { #ifndef OPENSSL_NO_DES - cipher = EVP_des_ede3_cbc(); + cms_config.cipher = EVP_des_ede3_cbc(); #else BIO_printf(bio_err, "No cipher selected\n"); goto end; #endif } - if (secret_key && !secret_keyid) { + if (cms_config.secret_key != NULL && + cms_config.secret_keyid == NULL) { BIO_printf(bio_err, "No secret key id\n"); goto end; } - if (*args && encerts == NULL) - if ((encerts = sk_X509_new_null()) == NULL) + if (*args != NULL && cms_config.encerts == NULL) + if ((cms_config.encerts = sk_X509_new_null()) == NULL) goto end; while (*args) { - if (!(cert = load_cert(bio_err, *args, FORMAT_PEM, - NULL, "recipient certificate file"))) + if ((cms_config.cert = load_cert(bio_err, *args, + FORMAT_PEM, NULL, + "recipient certificate file")) == NULL) goto end; - if (!sk_X509_push(encerts, cert)) + if (!sk_X509_push(cms_config.encerts, cms_config.cert)) goto end; - cert = NULL; + cms_config.cert = NULL; args++; } } - if (certfile) { - if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL, - "certificate file"))) { + if (cms_config.certfile != NULL) { + if ((other = load_certs(bio_err, cms_config.certfile, + FORMAT_PEM, NULL, "certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; } } - if (recipfile && (operation == SMIME_DECRYPT)) { - if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL, - "recipient certificate file"))) { + if (cms_config.recipfile != NULL && + (cms_config.operation == SMIME_DECRYPT)) { + if ((recip = load_cert(bio_err, cms_config.recipfile, + FORMAT_PEM, NULL, "recipient certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; } } - if (operation == SMIME_SIGN_RECEIPT) { - if (!(signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL, - "receipt signer certificate file"))) { + if (cms_config.operation == SMIME_SIGN_RECEIPT) { + if ((signer = load_cert(bio_err, cms_config.signerfile, + FORMAT_PEM, NULL, + "receipt signer certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; } } - if (operation == SMIME_DECRYPT) { - if (!keyfile) - keyfile = recipfile; - } else if ((operation == SMIME_SIGN) || - (operation == SMIME_SIGN_RECEIPT)) { - if (!keyfile) - keyfile = signerfile; - } else - keyfile = NULL; - - if (keyfile) { - key = load_key(bio_err, keyfile, keyform, 0, passin, - "signing key file"); - if (!key) + if (cms_config.operation == SMIME_DECRYPT) { + if (cms_config.keyfile == NULL) + cms_config.keyfile = cms_config.recipfile; + } else if ((cms_config.operation == SMIME_SIGN) || + (cms_config.operation == SMIME_SIGN_RECEIPT)) { + if (cms_config.keyfile == NULL) + cms_config.keyfile = cms_config.signerfile; + } else { + cms_config.keyfile = NULL; + } + + if (cms_config.keyfile != NULL) { + key = load_key(bio_err, cms_config.keyfile, cms_config.keyform, + 0, passin, "signing key file"); + if (key == NULL) goto end; } - if (infile) { - if (!(in = BIO_new_file(infile, inmode))) { + if (cms_config.infile != NULL) { + if ((in = BIO_new_file(cms_config.infile, inmode)) == NULL) { BIO_printf(bio_err, - "Can't open input file %s\n", infile); + "Can't open input file %s\n", cms_config.infile); goto end; } - } else - in = BIO_new_fp(stdin, BIO_NOCLOSE); + } else { + if ((in = BIO_new_fp(stdin, BIO_NOCLOSE)) == NULL) + goto end; + } - if (operation & SMIME_IP) { - if (informat == FORMAT_SMIME) + if (cms_config.operation & SMIME_IP) { + if (cms_config.informat == FORMAT_SMIME) cms = SMIME_read_CMS(in, &indata); - else if (informat == FORMAT_PEM) + else if (cms_config.informat == FORMAT_PEM) cms = PEM_read_bio_CMS(in, NULL, NULL, NULL); - else if (informat == FORMAT_ASN1) + else if (cms_config.informat == FORMAT_ASN1) cms = d2i_CMS_bio(in, NULL); else { BIO_printf(bio_err, "Bad input format for CMS file\n"); goto end; } - if (!cms) { + if (cms == NULL) { BIO_printf(bio_err, "Error reading S/MIME message\n"); goto end; } - if (contfile) { + if (cms_config.contfile != NULL) { BIO_free(indata); - if (!(indata = BIO_new_file(contfile, "rb"))) { + if ((indata = BIO_new_file(cms_config.contfile, + "rb")) == NULL) { BIO_printf(bio_err, - "Can't read content file %s\n", contfile); + "Can't read content file %s\n", + cms_config.contfile); goto end; } } - if (certsoutfile) { + if (cms_config.certsoutfile != NULL) { STACK_OF(X509) *allcerts; if ((allcerts = CMS_get1_certs(cms)) == NULL) goto end; - if (!save_certs(certsoutfile, allcerts)) { + if (!save_certs(cms_config.certsoutfile, allcerts)) { BIO_printf(bio_err, "Error writing certs to %s\n", - certsoutfile); + cms_config.certsoutfile); + sk_X509_pop_free(allcerts, X509_free); ret = 5; goto end; } sk_X509_pop_free(allcerts, X509_free); } } - if (rctfile) { - char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r"; - if (!(rctin = BIO_new_file(rctfile, rctmode))) { + if (cms_config.rctfile != NULL) { + char *rctmode = (cms_config.rctformat == FORMAT_ASN1) ? + "rb" : "r"; + if ((rctin = BIO_new_file(cms_config.rctfile, rctmode)) == NULL) { BIO_printf(bio_err, - "Can't open receipt file %s\n", rctfile); + "Can't open receipt file %s\n", cms_config.rctfile); goto end; } - if (rctformat == FORMAT_SMIME) + if (cms_config.rctformat == FORMAT_SMIME) rcms = SMIME_read_CMS(rctin, NULL); - else if (rctformat == FORMAT_PEM) + else if (cms_config.rctformat == FORMAT_PEM) rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL); - else if (rctformat == FORMAT_ASN1) + else if (cms_config.rctformat == FORMAT_ASN1) rcms = d2i_CMS_bio(rctin, NULL); else { BIO_printf(bio_err, "Bad input format for receipt\n"); goto end; } - if (!rcms) { + if (rcms == NULL) { BIO_printf(bio_err, "Error reading receipt\n"); goto end; } } - if (outfile) { - if (!(out = BIO_new_file(outfile, outmode))) { + if (cms_config.outfile != NULL) { + if ((out = BIO_new_file(cms_config.outfile, outmode)) == NULL) { BIO_printf(bio_err, - "Can't open output file %s\n", outfile); + "Can't open output file %s\n", cms_config.outfile); goto end; } } else { - out = BIO_new_fp(stdout, BIO_NOCLOSE); + if ((out = BIO_new_fp(stdout, BIO_NOCLOSE)) == NULL) + goto end; } - if ((operation == SMIME_VERIFY) || - (operation == SMIME_VERIFY_RECEIPT)) { - if (!(store = setup_verify(bio_err, CAfile, CApath))) + if ((cms_config.operation == SMIME_VERIFY) || + (cms_config.operation == SMIME_VERIFY_RECEIPT)) { + if ((store = setup_verify(bio_err, cms_config.CAfile, + cms_config.CApath)) == NULL) goto end; X509_STORE_set_verify_cb(store, cms_cb); - if (vpm) - X509_STORE_set1_param(store, vpm); + if (cms_config.vpm != NULL) { + if (!X509_STORE_set1_param(store, cms_config.vpm)) + goto end; + } } ret = 3; - if (operation == SMIME_DATA_CREATE) { - cms = CMS_data_create(in, flags); - } else if (operation == SMIME_DIGEST_CREATE) { - cms = CMS_digest_create(in, sign_md, flags); - } else if (operation == SMIME_COMPRESS) { - cms = CMS_compress(in, -1, flags); - } else if (operation == SMIME_ENCRYPT) { + if (cms_config.operation == SMIME_DATA_CREATE) { + cms = CMS_data_create(in, cms_config.flags); + } else if (cms_config.operation == SMIME_DIGEST_CREATE) { + cms = CMS_digest_create(in, cms_config.sign_md, + cms_config.flags); + } else if (cms_config.operation == SMIME_COMPRESS) { + cms = CMS_compress(in, -1, cms_config.flags); + } else if (cms_config.operation == SMIME_ENCRYPT) { int i; - flags |= CMS_PARTIAL; - cms = CMS_encrypt(NULL, in, cipher, flags); + cms_config.flags |= CMS_PARTIAL; + cms = CMS_encrypt(NULL, in, cms_config.cipher, + cms_config.flags); if (cms == NULL) goto end; - for (i = 0; i < sk_X509_num(encerts); i++) { + for (i = 0; i < sk_X509_num(cms_config.encerts); i++) { CMS_RecipientInfo *ri; struct cms_key_param *kparam; - int tflags = flags; - X509 *x = sk_X509_value(encerts, i); - for (kparam = key_first; kparam; kparam = kparam->next) { + int tflags = cms_config.flags; + X509 *x; + + if ((x = sk_X509_value(cms_config.encerts, i)) == NULL) + goto end; + for (kparam = cms_config.key_first; kparam != NULL; + kparam = kparam->next) { if (kparam->idx == i) { tflags |= CMS_KEY_PARAM; break; @@ -817,115 +1486,131 @@ cms_main(int argc, char **argv) goto end; if (kparam != NULL) { EVP_PKEY_CTX *pctx; - if ((pctx = CMS_RecipientInfo_get0_pkey_ctx(ri)) == NULL) + if ((pctx = CMS_RecipientInfo_get0_pkey_ctx( + ri)) == NULL) goto end; if (!cms_set_pkey_param(pctx, kparam->param)) goto end; } } - if (secret_key) { - if (!CMS_add0_recipient_key(cms, NID_undef, secret_key, - secret_keylen, secret_keyid, secret_keyidlen, - NULL, NULL, NULL)) + if (cms_config.secret_key != NULL) { + if (CMS_add0_recipient_key(cms, NID_undef, + cms_config.secret_key, cms_config.secret_keylen, + cms_config.secret_keyid, cms_config.secret_keyidlen, + NULL, NULL, NULL) == NULL) goto end; /* NULL these because call absorbs them */ - secret_key = NULL; - secret_keyid = NULL; + cms_config.secret_key = NULL; + cms_config.secret_keyid = NULL; } - if (pwri_pass) { - pwri_tmp = strdup(pwri_pass); - if (!pwri_tmp) + if (cms_config.pwri_pass != NULL) { + pwri_tmp = strdup(cms_config.pwri_pass); + if (pwri_tmp == NULL) goto end; - if (!CMS_add0_recipient_password(cms, -1, NID_undef, - NID_undef, pwri_tmp, -1, NULL)) + if (CMS_add0_recipient_password(cms, -1, NID_undef, + NID_undef, pwri_tmp, -1, NULL) == NULL) goto end; pwri_tmp = NULL; } - if (!(flags & CMS_STREAM)) { - if (!CMS_final(cms, in, NULL, flags)) + if (!(cms_config.flags & CMS_STREAM)) { + if (!CMS_final(cms, in, NULL, cms_config.flags)) goto end; } - } else if (operation == SMIME_ENCRYPTED_ENCRYPT) { - cms = CMS_EncryptedData_encrypt(in, cipher, secret_key, - secret_keylen, flags); + } else if (cms_config.operation == SMIME_ENCRYPTED_ENCRYPT) { + cms = CMS_EncryptedData_encrypt(in, cms_config.cipher, + cms_config.secret_key, cms_config.secret_keylen, + cms_config.flags); - } else if (operation == SMIME_SIGN_RECEIPT) { + } else if (cms_config.operation == SMIME_SIGN_RECEIPT) { CMS_ContentInfo *srcms = NULL; STACK_OF(CMS_SignerInfo) *sis; CMS_SignerInfo *si; sis = CMS_get0_SignerInfos(cms); - if (!sis) + if (sis == NULL) goto end; si = sk_CMS_SignerInfo_value(sis, 0); - srcms = CMS_sign_receipt(si, signer, key, other, flags); - if (!srcms) + if (si == NULL) + goto end; + srcms = CMS_sign_receipt(si, signer, key, other, + cms_config.flags); + if (srcms == NULL) goto end; CMS_ContentInfo_free(cms); cms = srcms; - } else if (operation & SMIME_SIGNERS) { + } else if (cms_config.operation & SMIME_SIGNERS) { int i; /* * If detached data content we enable streaming if S/MIME * output format. */ - if (operation == SMIME_SIGN) { + if (cms_config.operation == SMIME_SIGN) { - if (flags & CMS_DETACHED) { - if (outformat == FORMAT_SMIME) - flags |= CMS_STREAM; + if (cms_config.flags & CMS_DETACHED) { + if (cms_config.outformat == FORMAT_SMIME) + cms_config.flags |= CMS_STREAM; } - flags |= CMS_PARTIAL; - cms = CMS_sign(NULL, NULL, other, in, flags); - if (!cms) + cms_config.flags |= CMS_PARTIAL; + cms = CMS_sign(NULL, NULL, other, in, cms_config.flags); + if (cms == NULL) goto end; - if (econtent_type) - if (!CMS_set1_eContentType(cms, econtent_type)) + if (cms_config.econtent_type != NULL) + if (!CMS_set1_eContentType(cms, + cms_config.econtent_type)) goto end; - if (rr_to) { - rr = make_receipt_request(rr_to, rr_allorfirst, - rr_from); - if (!rr) { + if (cms_config.rr_to != NULL) { + rr = make_receipt_request(cms_config.rr_to, + cms_config.rr_allorfirst, + cms_config.rr_from); + if (rr == NULL) { BIO_puts(bio_err, "Signed Receipt Request Creation Error\n"); goto end; } } - } else - flags |= CMS_REUSE_DIGEST; - for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { + } else { + cms_config.flags |= CMS_REUSE_DIGEST; + } + + for (i = 0; i < sk_OPENSSL_STRING_num(cms_config.sksigners); i++) { CMS_SignerInfo *si; struct cms_key_param *kparam; - int tflags = flags; - signerfile = sk_OPENSSL_STRING_value(sksigners, i); - keyfile = sk_OPENSSL_STRING_value(skkeys, i); + int tflags = cms_config.flags; + + cms_config.signerfile = sk_OPENSSL_STRING_value( + cms_config.sksigners, i); + cms_config.keyfile = sk_OPENSSL_STRING_value( + cms_config.skkeys, i); - signer = load_cert(bio_err, signerfile, FORMAT_PEM, - NULL, "signer certificate"); - if (!signer) + signer = load_cert(bio_err, cms_config.signerfile, + FORMAT_PEM, NULL, "signer certificate"); + if (signer == NULL) goto end; - key = load_key(bio_err, keyfile, keyform, 0, passin, - "signing key file"); - if (!key) + key = load_key(bio_err, cms_config.keyfile, + cms_config.keyform, 0, passin, "signing key file"); + if (key == NULL) goto end; - for (kparam = key_first; kparam; kparam = kparam->next) { + for (kparam = cms_config.key_first; kparam != NULL; + kparam = kparam->next) { if (kparam->idx == i) { tflags |= CMS_KEY_PARAM; break; } } - si = CMS_add1_signer(cms, signer, key, sign_md, tflags); + si = CMS_add1_signer(cms, signer, key, + cms_config.sign_md, tflags); if (si == NULL) goto end; if (kparam != NULL) { EVP_PKEY_CTX *pctx; - if ((pctx = CMS_SignerInfo_get0_pkey_ctx(si)) == NULL) + if ((pctx = CMS_SignerInfo_get0_pkey_ctx( + si)) == NULL) goto end; if (!cms_set_pkey_param(pctx, kparam->param)) goto end; } - if (rr && !CMS_add1_ReceiptRequest(si, rr)) + if (rr != NULL && !CMS_add1_ReceiptRequest(si, rr)) goto end; X509_free(signer); signer = NULL; @@ -933,116 +1618,128 @@ cms_main(int argc, char **argv) key = NULL; } /* If not streaming or resigning finalize structure */ - if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) { - if (!CMS_final(cms, in, NULL, flags)) + if ((cms_config.operation == SMIME_SIGN) && + !(cms_config.flags & CMS_STREAM)) { + if (!CMS_final(cms, in, NULL, cms_config.flags)) goto end; } } - if (!cms) { + if (cms == NULL) { BIO_printf(bio_err, "Error creating CMS structure\n"); goto end; } ret = 4; - if (operation == SMIME_DECRYPT) { - if (flags & CMS_DEBUG_DECRYPT) - CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags); - - if (secret_key) { - if (!CMS_decrypt_set1_key(cms, secret_key, - secret_keylen, secret_keyid, secret_keyidlen)) { + if (cms_config.operation == SMIME_DECRYPT) { + if (cms_config.flags & CMS_DEBUG_DECRYPT) + CMS_decrypt(cms, NULL, NULL, NULL, NULL, + cms_config.flags); + + if (cms_config.secret_key != NULL) { + if (!CMS_decrypt_set1_key(cms, cms_config.secret_key, + cms_config.secret_keylen, cms_config.secret_keyid, + cms_config.secret_keyidlen)) { BIO_puts(bio_err, "Error decrypting CMS using secret key\n"); goto end; } } - if (key) { + if (key != NULL) { if (!CMS_decrypt_set1_pkey(cms, key, recip)) { BIO_puts(bio_err, "Error decrypting CMS using private key\n"); goto end; } } - if (pwri_pass) { - if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) { + if (cms_config.pwri_pass != NULL) { + if (!CMS_decrypt_set1_password(cms, + cms_config.pwri_pass, -1)) { BIO_puts(bio_err, "Error decrypting CMS using password\n"); goto end; } } - if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) { + if (!CMS_decrypt(cms, NULL, NULL, indata, out, + cms_config.flags)) { BIO_printf(bio_err, "Error decrypting CMS structure\n"); goto end; } - } else if (operation == SMIME_DATAOUT) { - if (!CMS_data(cms, out, flags)) + } else if (cms_config.operation == SMIME_DATAOUT) { + if (!CMS_data(cms, out, cms_config.flags)) goto end; - } else if (operation == SMIME_UNCOMPRESS) { - if (!CMS_uncompress(cms, indata, out, flags)) + } else if (cms_config.operation == SMIME_UNCOMPRESS) { + if (!CMS_uncompress(cms, indata, out, cms_config.flags)) goto end; - } else if (operation == SMIME_DIGEST_VERIFY) { - if (CMS_digest_verify(cms, indata, out, flags) > 0) + } else if (cms_config.operation == SMIME_DIGEST_VERIFY) { + if (CMS_digest_verify(cms, indata, out, cms_config.flags) > 0) BIO_printf(bio_err, "Verification successful\n"); else { BIO_printf(bio_err, "Verification failure\n"); goto end; } - } else if (operation == SMIME_ENCRYPTED_DECRYPT) { - if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen, - indata, out, flags)) + } else if (cms_config.operation == SMIME_ENCRYPTED_DECRYPT) { + if (!CMS_EncryptedData_decrypt(cms, cms_config.secret_key, + cms_config.secret_keylen, indata, out, cms_config.flags)) goto end; - } else if (operation == SMIME_VERIFY) { - if (CMS_verify(cms, other, store, indata, out, flags) > 0) + } else if (cms_config.operation == SMIME_VERIFY) { + if (CMS_verify(cms, other, store, indata, out, + cms_config.flags) > 0) { BIO_printf(bio_err, "Verification successful\n"); - else { + } else { BIO_printf(bio_err, "Verification failure\n"); - if (verify_retcode) + if (cms_config.verify_retcode) ret = verify_err + 32; goto end; } - if (signerfile) { + if (cms_config.signerfile != NULL) { STACK_OF(X509) *signers; if ((signers = CMS_get0_signers(cms)) == NULL) goto end; - if (!save_certs(signerfile, signers)) { + if (!save_certs(cms_config.signerfile, signers)) { BIO_printf(bio_err, "Error writing signers to %s\n", - signerfile); + cms_config.signerfile); + sk_X509_free(signers); ret = 5; goto end; } sk_X509_free(signers); } - if (rr_print) + if (cms_config.rr_print) receipt_request_print(bio_err, cms); - } else if (operation == SMIME_VERIFY_RECEIPT) { - if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) + } else if (cms_config.operation == SMIME_VERIFY_RECEIPT) { + if (CMS_verify_receipt(rcms, cms, other, store, + cms_config.flags) > 0) { BIO_printf(bio_err, "Verification successful\n"); - else { + } else { BIO_printf(bio_err, "Verification failure\n"); goto end; } } else { - if (noout) { - if (print && + if (cms_config.noout) { + if (cms_config.print && !CMS_ContentInfo_print_ctx(out, cms, 0, NULL)) goto end; - } else if (outformat == FORMAT_SMIME) { - if (to) - BIO_printf(out, "To: %s\n", to); - if (from) - BIO_printf(out, "From: %s\n", from); - if (subject) - BIO_printf(out, "Subject: %s\n", subject); - if (operation == SMIME_RESIGN) - ret = SMIME_write_CMS(out, cms, indata, flags); + } else if (cms_config.outformat == FORMAT_SMIME) { + if (cms_config.to != NULL) + BIO_printf(out, "To: %s\n", cms_config.to); + if (cms_config.from != NULL) + BIO_printf(out, "From: %s\n", cms_config.from); + if (cms_config.subject != NULL) + BIO_printf(out, "Subject: %s\n", + cms_config.subject); + if (cms_config.operation == SMIME_RESIGN) + ret = SMIME_write_CMS(out, cms, indata, + cms_config.flags); else - ret = SMIME_write_CMS(out, cms, in, flags); - } else if (outformat == FORMAT_PEM) - ret = PEM_write_bio_CMS_stream(out, cms, in, flags); - else if (outformat == FORMAT_ASN1) - ret = i2d_CMS_bio_stream(out, cms, in, flags); - else { + ret = SMIME_write_CMS(out, cms, in, + cms_config.flags); + } else if (cms_config.outformat == FORMAT_PEM) { + ret = PEM_write_bio_CMS_stream(out, cms, in, + cms_config.flags); + } else if (cms_config.outformat == FORMAT_ASN1) { + ret = i2d_CMS_bio_stream(out, cms, in, cms_config.flags); + } else { BIO_printf(bio_err, "Bad output format for CMS file\n"); goto end; } @@ -1057,27 +1754,27 @@ cms_main(int argc, char **argv) if (ret) ERR_print_errors(bio_err); - sk_X509_pop_free(encerts, X509_free); + sk_X509_pop_free(cms_config.encerts, X509_free); sk_X509_pop_free(other, X509_free); - X509_VERIFY_PARAM_free(vpm); - sk_OPENSSL_STRING_free(sksigners); - sk_OPENSSL_STRING_free(skkeys); - free(secret_key); - free(secret_keyid); + X509_VERIFY_PARAM_free(cms_config.vpm); + sk_OPENSSL_STRING_free(cms_config.sksigners); + sk_OPENSSL_STRING_free(cms_config.skkeys); + free(cms_config.secret_key); + free(cms_config.secret_keyid); free(pwri_tmp); - ASN1_OBJECT_free(econtent_type); + ASN1_OBJECT_free(cms_config.econtent_type); CMS_ReceiptRequest_free(rr); - sk_OPENSSL_STRING_free(rr_to); - sk_OPENSSL_STRING_free(rr_from); - for (key_param = key_first; key_param;) { + sk_OPENSSL_STRING_free(cms_config.rr_to); + sk_OPENSSL_STRING_free(cms_config.rr_from); + for (cms_config.key_param = cms_config.key_first; cms_config.key_param;) { struct cms_key_param *tparam; - sk_OPENSSL_STRING_free(key_param->param); - tparam = key_param->next; - free(key_param); - key_param = tparam; + sk_OPENSSL_STRING_free(cms_config.key_param->param); + tparam = cms_config.key_param->next; + free(cms_config.key_param); + cms_config.key_param = tparam; } X509_STORE_free(store); - X509_free(cert); + X509_free(cms_config.cert); X509_free(recip); X509_free(signer); EVP_PKEY_free(key); @@ -1098,10 +1795,10 @@ save_certs(char *signerfile, STACK_OF(X509) *signers) int i; BIO *tmp; - if (!signerfile) + if (signerfile == NULL) return 1; tmp = BIO_new_file(signerfile, "w"); - if (!tmp) + if (tmp == NULL) return 0; for (i = 0; i < sk_X509_num(signers); i++) PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); @@ -1162,17 +1859,19 @@ receipt_request_print(BIO *out, CMS_ContentInfo *cms) if ((sis = CMS_get0_SignerInfos(cms)) == NULL) return; for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) { - si = sk_CMS_SignerInfo_value(sis, i); + if ((si = sk_CMS_SignerInfo_value(sis, i)) == NULL) + return; rv = CMS_get1_ReceiptRequest(si, &rr); BIO_printf(bio_err, "Signer %d:\n", i + 1); - if (rv == 0) + if (rv == 0) { BIO_puts(bio_err, " No Receipt Request\n"); - else if (rv < 0) { + } else if (rv < 0) { BIO_puts(bio_err, " Receipt Request Parse Error\n"); ERR_print_errors(bio_err); } else { char *id; int idlen; + CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst, &rlist, &rto); BIO_puts(out, " Signed Content ID:\n"); @@ -1180,20 +1879,20 @@ receipt_request_print(BIO *out, CMS_ContentInfo *cms) id = (char *) ASN1_STRING_data(scid); BIO_dump_indent(out, id, idlen, 4); BIO_puts(out, " Receipts From"); - if (rlist) { + if (rlist != NULL) { BIO_puts(out, " List:\n"); gnames_stack_print(out, rlist); - } else if (allorfirst == 1) + } else if (allorfirst == 1) { BIO_puts(out, ": First Tier\n"); - else if (allorfirst == 0) + } else if (allorfirst == 0) { BIO_puts(out, ": All\n"); - else + } else { BIO_printf(out, " Unknown (%d)\n", allorfirst); + } BIO_puts(out, " Receipts To:\n"); gnames_stack_print(out, rto); } - if (rr) - CMS_ReceiptRequest_free(rr); + CMS_ReceiptRequest_free(rr); } } @@ -1204,15 +1903,16 @@ make_names_stack(STACK_OF(OPENSSL_STRING) *ns) STACK_OF(GENERAL_NAMES) *ret; GENERAL_NAMES *gens = NULL; GENERAL_NAME *gen = NULL; + if ((ret = sk_GENERAL_NAMES_new_null()) == NULL) goto err; for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) { char *str = sk_OPENSSL_STRING_value(ns, i); gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0); - if (!gen) + if (gen == NULL) goto err; gens = GENERAL_NAMES_new(); - if (!gens) + if (gens == NULL) goto err; if (!sk_GENERAL_NAME_push(gens, gen)) goto err; @@ -1237,18 +1937,19 @@ static CMS_ReceiptRequest * make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING) *rr_from) { - STACK_OF(GENERAL_NAMES) *rct_to, *rct_from; + STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL; CMS_ReceiptRequest *rr; rct_to = make_names_stack(rr_to); - if (!rct_to) + if (rct_to == NULL) goto err; - if (rr_from) { + if (rr_from != NULL) { rct_from = make_names_stack(rr_from); - if (!rct_from) + if (rct_from == NULL) goto err; - } else + } else { rct_from = NULL; + } if ((rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from, rct_to)) == NULL) @@ -1257,6 +1958,8 @@ make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst, return rr; err: + sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free); + sk_GENERAL_NAMES_pop_free(rct_from, GENERAL_NAMES_free); return NULL; } diff --git a/apps/openssl/crl.c b/apps/openssl/crl.c index fc189f4c..03136085 100644 --- a/apps/openssl/crl.c +++ b/apps/openssl/crl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crl.c,v 1.13 2019/07/14 03:30:45 guenther Exp $ */ +/* $OpenBSD: crl.c,v 1.15 2021/10/31 16:47:27 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -223,9 +223,9 @@ crl_main(int argc, char **argv) int ret = 1, i; BIO *out = NULL; X509_STORE *store = NULL; - X509_STORE_CTX ctx; + X509_STORE_CTX *ctx = NULL; X509_LOOKUP *lookup = NULL; - X509_OBJECT xobj; + X509_OBJECT *xobj = NULL; EVP_PKEY *pkey; const EVP_MD *digest; char *digest_name = NULL; @@ -281,6 +281,8 @@ crl_main(int argc, char **argv) if (crl_config.verify) { store = X509_STORE_new(); + if (store == NULL) + goto end; lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); if (lookup == NULL) goto end; @@ -298,20 +300,26 @@ crl_main(int argc, char **argv) X509_FILETYPE_DEFAULT); ERR_clear_error(); - if (!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) { + if ((ctx = X509_STORE_CTX_new()) == NULL) + goto end; + if ((xobj = X509_OBJECT_new()) == NULL) + goto end; + + if (!X509_STORE_CTX_init(ctx, store, NULL, NULL)) { BIO_printf(bio_err, "Error initialising X509 store\n"); goto end; } - i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, - X509_CRL_get_issuer(x), &xobj); + i = X509_STORE_get_by_subject(ctx, X509_LU_X509, + X509_CRL_get_issuer(x), xobj); if (i <= 0) { BIO_printf(bio_err, "Error getting CRL issuer certificate\n"); goto end; } - pkey = X509_get_pubkey(xobj.data.x509); - X509_OBJECT_free_contents(&xobj); + pkey = X509_get_pubkey(X509_OBJECT_get0_X509(xobj)); + X509_OBJECT_free(xobj); + xobj = NULL; if (!pkey) { BIO_printf(bio_err, "Error getting CRL issuer public key\n"); @@ -429,10 +437,9 @@ crl_main(int argc, char **argv) BIO_free_all(bio_out); bio_out = NULL; X509_CRL_free(x); - if (store) { - X509_STORE_CTX_cleanup(&ctx); - X509_STORE_free(store); - } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + X509_OBJECT_free(xobj); return (ret); } diff --git a/apps/openssl/dgst.c b/apps/openssl/dgst.c index 74c31f7d..689591cd 100644 --- a/apps/openssl/dgst.c +++ b/apps/openssl/dgst.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dgst.c,v 1.18 2019/08/30 12:32:14 inoguchi Exp $ */ +/* $OpenBSD: dgst.c,v 1.19 2022/01/14 09:28:07 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -302,9 +302,6 @@ list_md_fn(const EVP_MD * m, const char *from, const char *to, void *arg) /* Skip shortnames */ if (strcmp(from, mname)) return; - /* Skip clones */ - if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST) - return; if (strchr(mname, ' ')) mname = EVP_MD_name(m); BIO_printf(arg, " -%-17s To use the %s message digest algorithm\n", diff --git a/apps/openssl/dh.c b/apps/openssl/dh.c index 9557d15a..c2c5d689 100644 --- a/apps/openssl/dh.c +++ b/apps/openssl/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.12 2019/07/14 03:30:45 guenther Exp $ */ +/* $OpenBSD: dh.c,v 1.13 2022/01/14 09:21:54 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -234,14 +234,14 @@ dh_main(int argc, char **argv) unsigned char *data; int len, l, bits; - len = BN_num_bytes(dh->p); - bits = BN_num_bits(dh->p); + len = BN_num_bytes(DH_get0_p(dh)); + bits = BN_num_bits(DH_get0_p(dh)); data = malloc(len); if (data == NULL) { perror("malloc"); goto end; } - l = BN_bn2bin(dh->p, data); + l = BN_bn2bin(DH_get0_p(dh), data); printf("static unsigned char dh%d_p[] = {", bits); for (i = 0; i < l; i++) { if ((i % 12) == 0) @@ -250,7 +250,7 @@ dh_main(int argc, char **argv) } printf("\n\t};\n"); - l = BN_bn2bin(dh->g, data); + l = BN_bn2bin(DH_get0_g(dh), data); printf("static unsigned char dh%d_g[] = {", bits); for (i = 0; i < l; i++) { if ((i % 12) == 0) @@ -260,14 +260,16 @@ dh_main(int argc, char **argv) printf("\n\t};\n\n"); printf("DH *get_dh%d()\n\t{\n", bits); - printf("\tDH *dh;\n\n"); + printf("\tDH *dh;\n"); + printf("\tBIGNUM *p = NULL, *g = NULL;\n\n"); printf("\tif ((dh = DH_new()) == NULL) return(NULL);\n"); - printf("\tdh->p = BN_bin2bn(dh%d_p, sizeof(dh%d_p), NULL);\n", + printf("\tp = BN_bin2bn(dh%d_p, sizeof(dh%d_p), NULL);\n", bits, bits); - printf("\tdh->g = BN_bin2bn(dh%d_g, sizeof(dh%d_g), NULL);\n", + printf("\tg = BN_bin2bn(dh%d_g, sizeof(dh%d_g), NULL);\n", bits, bits); - printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); - printf("\t\treturn(NULL);\n"); + printf("\tif (p == NULL || g == NULL)\n"); + printf("\t\t{ BN_free(p); BN_free(q); DH_free(dh); return(NULL); }\n"); + printf("\tDH_set0_pqg(dh, p, NULL, g);\n"); printf("\treturn(dh);\n\t}\n"); free(data); } diff --git a/apps/openssl/dhparam.c b/apps/openssl/dhparam.c index b0dd5109..da9075f5 100644 --- a/apps/openssl/dhparam.c +++ b/apps/openssl/dhparam.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dhparam.c,v 1.12 2019/07/14 03:30:45 guenther Exp $ */ +/* $OpenBSD: dhparam.c,v 1.14 2022/01/14 09:22:50 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -231,12 +231,13 @@ dhparam_usage() options_usage(dhparam_options); } -static int dh_cb(int p, int n, BN_GENCB * cb); +static int dh_cb(int p, int n, BN_GENCB *cb); int dhparam_main(int argc, char **argv) { BIO *in = NULL, *out = NULL; + BN_GENCB *cb = NULL; char *num_bits = NULL; DH *dh = NULL; int num = 0; @@ -283,15 +284,19 @@ dhparam_main(int argc, char **argv) } if (num) { + if ((cb = BN_GENCB_new()) == NULL) { + BIO_printf(bio_err, + "Error allocating BN_GENCB object\n"); + goto end; + } - BN_GENCB cb; - BN_GENCB_set(&cb, dh_cb, bio_err); + BN_GENCB_set(cb, dh_cb, bio_err); if (dhparam_config.dsaparam) { DSA *dsa = DSA_new(); BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num); if (!dsa || !DSA_generate_parameters_ex(dsa, num, - NULL, 0, NULL, NULL, &cb)) { + NULL, 0, NULL, NULL, cb)) { DSA_free(dsa); ERR_print_errors(bio_err); goto end; @@ -306,7 +311,7 @@ dhparam_main(int argc, char **argv) dh = DH_new(); BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, dhparam_config.g); BIO_printf(bio_err, "This is going to take a long time\n"); - if (!dh || !DH_generate_parameters_ex(dh, num, dhparam_config.g, &cb)) { + if (!dh || !DH_generate_parameters_ex(dh, num, dhparam_config.g, cb)) { ERR_print_errors(bio_err); goto end; } @@ -406,8 +411,8 @@ dhparam_main(int argc, char **argv) unsigned char *data; int len, l, bits; - len = BN_num_bytes(dh->p); - bits = BN_num_bits(dh->p); + len = BN_num_bytes(DH_get0_p(dh)); + bits = BN_num_bits(DH_get0_p(dh)); data = malloc(len); if (data == NULL) { perror("malloc"); @@ -418,7 +423,7 @@ dhparam_main(int argc, char **argv) "#endif\n"); printf("DH *get_dh%d()\n\t{\n", bits); - l = BN_bn2bin(dh->p, data); + l = BN_bn2bin(DH_get0_p(dh), data); printf("\tstatic unsigned char dh%d_p[] = {", bits); for (i = 0; i < l; i++) { if ((i % 12) == 0) @@ -427,7 +432,7 @@ dhparam_main(int argc, char **argv) } printf("\n\t\t};\n"); - l = BN_bn2bin(dh->g, data); + l = BN_bn2bin(DH_get0_g(dh), data); printf("\tstatic unsigned char dh%d_g[] = {", bits); for (i = 0; i < l; i++) { if ((i % 12) == 0) @@ -436,16 +441,18 @@ dhparam_main(int argc, char **argv) } printf("\n\t\t};\n"); - printf("\tDH *dh;\n\n"); + printf("\tDH *dh;\n"); + printf("\tBIGNUM *p = NULL, *g = NULL;\n\n"); printf("\tif ((dh = DH_new()) == NULL) return(NULL);\n"); - printf("\tdh->p = BN_bin2bn(dh%d_p, sizeof(dh%d_p), NULL);\n", + printf("\tp = BN_bin2bn(dh%d_p, sizeof(dh%d_p), NULL);\n", bits, bits); - printf("\tdh->g = BN_bin2bn(dh%d_g, sizeof(dh%d_g), NULL);\n", + printf("\tg = BN_bin2bn(dh%d_g, sizeof(dh%d_g), NULL);\n", bits, bits); - printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); - printf("\t\t{ DH_free(dh); return(NULL); }\n"); - if (dh->length) - printf("\tdh->length = %ld;\n", dh->length); + printf("\tif (p == NULL || g == NULL)\n"); + printf("\t\t{ BN_free(p); BN_free(g); DH_free(dh); return(NULL); }\n"); + printf("\tDH_set0_pqg(dh, p, NULL, g);\n"); + if (DH_get_length(dh) > 0) + printf("\tDH_set_length(dh, %ld);\n", DH_get_length(dh)); printf("\treturn(dh);\n\t}\n"); free(data); } @@ -469,6 +476,7 @@ dhparam_main(int argc, char **argv) end: BIO_free(in); BIO_free_all(out); + BN_GENCB_free(cb); DH_free(dh); return (ret); @@ -476,7 +484,7 @@ dhparam_main(int argc, char **argv) /* dh_cb is identical to dsa_cb in apps/dsaparam.c */ static int -dh_cb(int p, int n, BN_GENCB * cb) +dh_cb(int p, int n, BN_GENCB *cb) { char c = '*'; @@ -488,8 +496,8 @@ dh_cb(int p, int n, BN_GENCB * cb) c = '*'; if (p == 3) c = '\n'; - BIO_write(cb->arg, &c, 1); - (void) BIO_flush(cb->arg); + BIO_write(BN_GENCB_get_arg(cb), &c, 1); + (void) BIO_flush(BN_GENCB_get_arg(cb)); return 1; } diff --git a/apps/openssl/dsa.c b/apps/openssl/dsa.c index 1b5e302b..df45cd6e 100644 --- a/apps/openssl/dsa.c +++ b/apps/openssl/dsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa.c,v 1.15 2019/07/14 03:30:45 guenther Exp $ */ +/* $OpenBSD: dsa.c,v 1.16 2022/01/14 09:23:42 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -315,7 +315,7 @@ dsa_main(int argc, char **argv) } if (dsa_config.modulus) { fprintf(stdout, "Public Key="); - BN_print(out, dsa->pub_key); + BN_print(out, DSA_get0_pub_key(dsa)); fprintf(stdout, "\n"); } if (dsa_config.noout) diff --git a/apps/openssl/dsaparam.c b/apps/openssl/dsaparam.c index 3c2ac898..33bde035 100644 --- a/apps/openssl/dsaparam.c +++ b/apps/openssl/dsaparam.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsaparam.c,v 1.11 2019/07/14 03:30:45 guenther Exp $ */ +/* $OpenBSD: dsaparam.c,v 1.13 2022/01/14 09:24:20 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -156,7 +156,7 @@ dsaparam_usage(void) options_usage(dsaparam_options); } -static int dsa_cb(int p, int n, BN_GENCB * cb); +static int dsa_cb(int p, int n, BN_GENCB *cb); int dsaparam_main(int argc, char **argv) @@ -164,6 +164,7 @@ dsaparam_main(int argc, char **argv) DSA *dsa = NULL; int i; BIO *in = NULL, *out = NULL; + BN_GENCB *cb = NULL; int ret = 1; int numbits = -1; char *strbits = NULL; @@ -218,8 +219,14 @@ dsaparam_main(int argc, char **argv) } if (numbits > 0) { - BN_GENCB cb; - BN_GENCB_set(&cb, dsa_cb, bio_err); + if ((cb = BN_GENCB_new()) == NULL) { + BIO_printf(bio_err, + "Error allocating BN_GENCB object\n"); + goto end; + } + + BN_GENCB_set(cb, dsa_cb, bio_err); + dsa = DSA_new(); if (!dsa) { BIO_printf(bio_err, "Error allocating DSA object\n"); @@ -227,7 +234,7 @@ dsaparam_main(int argc, char **argv) } BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", numbits); BIO_printf(bio_err, "This could take some time\n"); - if (!DSA_generate_parameters_ex(dsa, numbits, NULL, 0, NULL, NULL, &cb)) { + if (!DSA_generate_parameters_ex(dsa, numbits, NULL, 0, NULL, NULL, cb)) { ERR_print_errors(bio_err); BIO_printf(bio_err, "Error, DSA key generation failed\n"); goto end; @@ -252,14 +259,14 @@ dsaparam_main(int argc, char **argv) unsigned char *data; int l, len, bits_p; - len = BN_num_bytes(dsa->p); - bits_p = BN_num_bits(dsa->p); + len = BN_num_bytes(DSA_get0_p(dsa)); + bits_p = BN_num_bits(DSA_get0_p(dsa)); data = malloc(len + 20); if (data == NULL) { perror("malloc"); goto end; } - l = BN_bn2bin(dsa->p, data); + l = BN_bn2bin(DSA_get0_p(dsa), data); printf("static unsigned char dsa%d_p[] = {", bits_p); for (i = 0; i < l; i++) { if ((i % 12) == 0) @@ -268,7 +275,7 @@ dsaparam_main(int argc, char **argv) } printf("\n\t};\n"); - l = BN_bn2bin(dsa->q, data); + l = BN_bn2bin(DSA_get0_q(dsa), data); printf("static unsigned char dsa%d_q[] = {", bits_p); for (i = 0; i < l; i++) { if ((i % 12) == 0) @@ -277,7 +284,7 @@ dsaparam_main(int argc, char **argv) } printf("\n\t};\n"); - l = BN_bn2bin(dsa->g, data); + l = BN_bn2bin(DSA_get0_g(dsa), data); printf("static unsigned char dsa%d_g[] = {", bits_p); for (i = 0; i < l; i++) { if ((i % 12) == 0) @@ -288,16 +295,18 @@ dsaparam_main(int argc, char **argv) printf("\n\t};\n\n"); printf("DSA *get_dsa%d()\n\t{\n", bits_p); + printf("\tBIGNUM *p = NULL, *q = NULL, *g = NULL;\n"); printf("\tDSA *dsa;\n\n"); printf("\tif ((dsa = DSA_new()) == NULL) return(NULL);\n"); - printf("\tdsa->p = BN_bin2bn(dsa%d_p, sizeof(dsa%d_p), NULL);\n", + printf("\tp = BN_bin2bn(dsa%d_p, sizeof(dsa%d_p), NULL);\n", bits_p, bits_p); - printf("\tdsa->q = BN_bin2bn(dsa%d_q, sizeof(dsa%d_q), NULL);\n", + printf("\tq = BN_bin2bn(dsa%d_q, sizeof(dsa%d_q), NULL);\n", bits_p, bits_p); - printf("\tdsa->g = BN_bin2bn(dsa%d_g, sizeof(dsa%d_g), NULL);\n", + printf("\tg = BN_bin2bn(dsa%d_g, sizeof(dsa%d_g), NULL);\n", bits_p, bits_p); - printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n"); - printf("\t\t{ DSA_free(dsa); return(NULL); }\n"); + printf("\tif (p == NULL || q == NULL || g == NULL)\n"); + printf("\t\t{ BN_free(p); BN_free(q); BN_free(g); DSA_free(dsa); return(NULL); }\n"); + printf("\tDSA_set0_pqg(dsa, p, q, g);\n"); printf("\treturn(dsa);\n\t}\n"); } if (!dsaparam_config.noout) { @@ -341,13 +350,14 @@ dsaparam_main(int argc, char **argv) end: BIO_free(in); BIO_free_all(out); + BN_GENCB_free(cb); DSA_free(dsa); return (ret); } static int -dsa_cb(int p, int n, BN_GENCB * cb) +dsa_cb(int p, int n, BN_GENCB *cb) { char c = '*'; @@ -359,8 +369,8 @@ dsa_cb(int p, int n, BN_GENCB * cb) c = '*'; if (p == 3) c = '\n'; - BIO_write(cb->arg, &c, 1); - (void) BIO_flush(cb->arg); + BIO_write(BN_GENCB_get_arg(cb), &c, 1); + (void) BIO_flush(BN_GENCB_get_arg(cb)); #ifdef GENCB_TEST if (stop_keygen_flag) return 0; diff --git a/apps/openssl/enc.c b/apps/openssl/enc.c index ed18527f..7955d9b9 100644 --- a/apps/openssl/enc.c +++ b/apps/openssl/enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: enc.c,v 1.23 2019/07/25 11:42:12 bcook Exp $ */ +/* $OpenBSD: enc.c,v 1.24 2021/12/07 20:13:15 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -703,21 +703,25 @@ enc_main(int argc, char **argv) BIO_set_callback_arg(benc, (char *) bio_err); } if (enc_config.printkey) { + int key_len, iv_len; + if (!enc_config.nosalt) { printf("salt="); for (i = 0; i < (int) sizeof(salt); i++) printf("%02X", salt[i]); printf("\n"); } - if (enc_config.cipher->key_len > 0) { + key_len = EVP_CIPHER_key_length(enc_config.cipher); + if (key_len > 0) { printf("key="); - for (i = 0; i < enc_config.cipher->key_len; i++) + for (i = 0; i < key_len; i++) printf("%02X", key[i]); printf("\n"); } - if (enc_config.cipher->iv_len > 0) { + iv_len = EVP_CIPHER_iv_length(enc_config.cipher); + if (iv_len > 0) { printf("iv ="); - for (i = 0; i < enc_config.cipher->iv_len; i++) + for (i = 0; i < iv_len; i++) printf("%02X", iv[i]); printf("\n"); } diff --git a/apps/openssl/gendh.c b/apps/openssl/gendh.c index facc9248..c6564e04 100644 --- a/apps/openssl/gendh.c +++ b/apps/openssl/gendh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gendh.c,v 1.11 2019/07/14 03:30:45 guenther Exp $ */ +/* $OpenBSD: gendh.c,v 1.12 2021/11/20 18:10:48 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -84,7 +84,7 @@ #define DEFBITS 512 -static int dh_cb(int p, int n, BN_GENCB * cb); +static int dh_cb(int p, int n, BN_GENCB *cb); static struct { int g; @@ -128,7 +128,7 @@ gendh_usage(void) int gendh_main(int argc, char **argv) { - BN_GENCB cb; + BN_GENCB *cb = NULL; DH *dh = NULL; int ret = 1, numbits = DEFBITS; BIO *out = NULL; @@ -141,7 +141,12 @@ gendh_main(int argc, char **argv) } } - BN_GENCB_set(&cb, dh_cb, bio_err); + if ((cb = BN_GENCB_new()) == NULL) { + BIO_printf(bio_err, "Error allocating BN_GENCB object\n"); + goto end; + } + + BN_GENCB_set(cb, dh_cb, bio_err); memset(&gendh_config, 0, sizeof(gendh_config)); @@ -180,7 +185,7 @@ gendh_main(int argc, char **argv) BIO_printf(bio_err, "This is going to take a long time\n"); if (((dh = DH_new()) == NULL) || - !DH_generate_parameters_ex(dh, numbits, gendh_config.g, &cb)) + !DH_generate_parameters_ex(dh, numbits, gendh_config.g, cb)) goto end; if (!PEM_write_bio_DHparams(out, dh)) @@ -190,13 +195,14 @@ gendh_main(int argc, char **argv) if (ret != 0) ERR_print_errors(bio_err); BIO_free_all(out); + BN_GENCB_free(cb); DH_free(dh); return (ret); } static int -dh_cb(int p, int n, BN_GENCB * cb) +dh_cb(int p, int n, BN_GENCB *cb) { char c = '*'; @@ -208,8 +214,8 @@ dh_cb(int p, int n, BN_GENCB * cb) c = '*'; if (p == 3) c = '\n'; - BIO_write(cb->arg, &c, 1); - (void) BIO_flush(cb->arg); + BIO_write(BN_GENCB_get_arg(cb), &c, 1); + (void) BIO_flush(BN_GENCB_get_arg(cb)); return 1; } #endif diff --git a/apps/openssl/gendsa.c b/apps/openssl/gendsa.c index fff00532..6d69957e 100644 --- a/apps/openssl/gendsa.c +++ b/apps/openssl/gendsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gendsa.c,v 1.14 2019/07/24 14:23:25 inoguchi Exp $ */ +/* $OpenBSD: gendsa.c,v 1.15 2022/01/14 09:25:00 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -278,7 +278,7 @@ gendsa_main(int argc, char **argv) } BIO_printf(bio_err, "Generating DSA key, %d bits\n", - BN_num_bits(dsa->p)); + BN_num_bits(DSA_get0_p(dsa))); if (!DSA_generate_key(dsa)) goto end; diff --git a/apps/openssl/genrsa.c b/apps/openssl/genrsa.c index f0cea1f9..a199ba2e 100644 --- a/apps/openssl/genrsa.c +++ b/apps/openssl/genrsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: genrsa.c,v 1.17 2019/07/24 14:23:25 inoguchi Exp $ */ +/* $OpenBSD: genrsa.c,v 1.19 2022/01/14 09:25:42 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -83,7 +83,7 @@ #define DEFBITS 2048 -static int genrsa_cb(int p, int n, BN_GENCB * cb); +static int genrsa_cb(int p, int n, BN_GENCB *cb); static struct { const EVP_CIPHER *enc; @@ -270,15 +270,15 @@ genrsa_usage(void) int genrsa_main(int argc, char **argv) { - BN_GENCB cb; + BN_GENCB *cb = NULL; int ret = 1; - int i, num = DEFBITS; - char *numbits= NULL; - long l; + int num = DEFBITS; + char *numbits = NULL; char *passout = NULL; BIO *out = NULL; - BIGNUM *bn = BN_new(); + BIGNUM *bn = NULL; RSA *rsa = NULL; + char *rsa_e_hex = NULL, *rsa_e_dec = NULL; if (single_execution) { if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { @@ -287,10 +287,15 @@ genrsa_main(int argc, char **argv) } } - if (!bn) + if ((bn = BN_new()) == NULL) goto err; - BN_GENCB_set(&cb, genrsa_cb, bio_err); + if ((cb = BN_GENCB_new()) == NULL) { + BIO_printf(bio_err, "Error allocating BN_GENCB object\n"); + goto err; + } + + BN_GENCB_set(cb, genrsa_cb, bio_err); if ((out = BIO_new(BIO_s_file())) == NULL) { BIO_printf(bio_err, "unable to create BIO for output\n"); @@ -333,22 +338,15 @@ genrsa_main(int argc, char **argv) goto err; if (!BN_set_word(bn, genrsa_config.f4) || - !RSA_generate_key_ex(rsa, num, bn, &cb)) + !RSA_generate_key_ex(rsa, num, bn, cb)) goto err; - /* - * We need to do the following for when the base number size is < - * long, esp windows 3.1 :-(. - */ - l = 0L; - for (i = 0; i < rsa->e->top; i++) { -#ifndef _LP64 - l <<= BN_BITS4; - l <<= BN_BITS4; -#endif - l += rsa->e->d[i]; - } - BIO_printf(bio_err, "e is %ld (0x%lX)\n", l, l); + if ((rsa_e_hex = BN_bn2hex(RSA_get0_e(rsa))) == NULL) + goto err; + if ((rsa_e_dec = BN_bn2dec(RSA_get0_e(rsa))) == NULL) + goto err; + + BIO_printf(bio_err, "e is %s (0x%s)\n", rsa_e_hex, rsa_e_dec); { PW_CB_DATA cb_data; cb_data.password = passout; @@ -361,8 +359,11 @@ genrsa_main(int argc, char **argv) ret = 0; err: BN_free(bn); + BN_GENCB_free(cb); RSA_free(rsa); BIO_free_all(out); + free(rsa_e_dec); + free(rsa_e_hex); free(passout); if (ret != 0) @@ -372,7 +373,7 @@ genrsa_main(int argc, char **argv) } static int -genrsa_cb(int p, int n, BN_GENCB * cb) +genrsa_cb(int p, int n, BN_GENCB *cb) { char c = '*'; @@ -384,7 +385,7 @@ genrsa_cb(int p, int n, BN_GENCB * cb) c = '*'; if (p == 3) c = '\n'; - BIO_write(cb->arg, &c, 1); - (void) BIO_flush(cb->arg); + BIO_write(BN_GENCB_get_arg(cb), &c, 1); + (void) BIO_flush(BN_GENCB_get_arg(cb)); return 1; } diff --git a/apps/openssl/openssl.1 b/apps/openssl/openssl.1 index 5f7f2394..419fbe4d 100644 --- a/apps/openssl/openssl.1 +++ b/apps/openssl/openssl.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: openssl.1,v 1.132 2021/09/05 06:16:30 jmc Exp $ +.\" $OpenBSD: openssl.1,v 1.139 2022/07/19 16:08:09 tb Exp $ .\" ==================================================================== .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. .\" @@ -110,7 +110,7 @@ .\" copied and put under another distribution licence .\" [including the GNU Public Licence.] .\" -.Dd $Mdocdate: September 5 2021 $ +.Dd $Mdocdate: July 19 2022 $ .Dt OPENSSL 1 .Os .Sh NAME @@ -272,7 +272,7 @@ If an OID .Pq object identifier is not part of .Nm openssl Ns 's -internal table it will be represented in +internal table, it will be represented in numerical form .Pq for example 1.2.3.4 . .Pp @@ -910,7 +910,11 @@ Specify the directories to process. .Tg ciphers .Sh CIPHERS .Nm openssl ciphers -.Op Fl hVv +.Op Fl hsVv +.Op Fl tls1 +.Op Fl tls1_1 +.Op Fl tls1_2 +.Op Fl tls1_3 .Op Ar control .Pp The @@ -930,6 +934,13 @@ The options are as follows: .Bl -tag -width Ds .It Fl h , \&? Print a brief usage message. +.It Fl s +Only list ciphers that are supported by the TLS method. +.It Fl tls1 | tls1_1 | tls1_2 | tls1_3 +In combination with the +.Fl s +option, list the ciphers which could be used +if the specified protocol version were negotiated. .It Fl V Verbose. List ciphers with cipher suite code in hex format, @@ -1146,8 +1157,8 @@ should be linked to each certificate. One or more certificates of message recipients: used when encrypting a message. .It Fl certfile Ar file Allows additional certificates to be specified. -When signing these will be included with the message. -When verifying these will be searched for the signer's certificates. +When signing, these will be included with the message. +When verifying, these will be searched for the signer's certificates. The certificates should be in PEM format. .It Fl certsout Ar file A file that any certificates contained in the message are written to. @@ -1198,7 +1209,7 @@ email address matches that specified in the From: address. .It Fl econtent_type Ar type Set the encapsulated content type, used with .Fl sign . -If not supplied the Data type is used. +If not supplied, the Data type is used. The type argument can be any valid OID name in either text or numerical format. .It Fl in Ar file The input message to be encrypted or signed or the message to be decrypted or @@ -1227,7 +1238,7 @@ the certificate file specified with the or .Fl signer file. -When signing this option can be used multiple times to specify successive keys. +When signing, this option can be used multiple times to specify successive keys. .It Fl keyform Cm der | pem Input private key format. The default is @@ -1270,7 +1281,7 @@ the .Fl certfile option for example). .It Fl nodetach -When signing a message use opaque signing. +When signing a message, use opaque signing. This form is more resistant to translation by mail relays but it cannot be read by mail agents that do not support S/MIME. Without this option cleartext signing with the MIME type multipart/signed is @@ -1279,7 +1290,7 @@ used. Only the certificates specified in the .Fl certfile option are used. -When verifying a message normally certificates (if any) included in the +When verifying a message, normally certificates (if any) included in the message are searched for the signing certificate. The supplied certificates can still be used as untrusted CAs however. .It Fl nooldmime @@ -1354,10 +1365,10 @@ operation. Add an explicit email address where signed receipts should be sent to. This option must be supplied if a signed receipt is requested. .It Fl recip Ar file -When decrypting a message this specifies the recipient's certificate. +When decrypting a message, this specifies the recipient's certificate. The certificate must match one of the recipients of the message or an error occurs. -When encrypting a message this option may be used multiple times to +When encrypting a message, this option may be used multiple times to specify each recipient. This form must be used if customised parameters are required (for example to specify RSA-OAEP). @@ -1377,7 +1388,7 @@ operations. When used with .Fl encrypt or -.Fl decrypt +.Fl decrypt , the supplied key is used to wrap or unwrap the content encryption key using an AES key in the KEKRecipientInfo type. .It Fl secretkeyid Ar id @@ -1418,7 +1429,7 @@ This option currently has no effect. .It Fl text Add plain text (text/plain) MIME headers to the supplied message if encrypting or signing. -If decrypting or verifying it strips off text headers: if the decrypted +If decrypting or verifying, it strips off text headers: if the decrypted or verified message is not of MIME type text/plain then an error occurs. .It Fl verify_retcode Set verification error code to exit code to indicate what verification error @@ -1945,7 +1956,7 @@ forms and their components printed out. .Nm openssl uses the private key format specified in .Dq SEC 1: Elliptic Curve Cryptography -.Pq Lk http://www.secg.org/ . +.Pq Lk https://www.secg.org/ . To convert an EC private key into the PKCS#8 private key format use the .Nm pkcs8 @@ -2280,7 +2291,7 @@ to use: this must be represented as a string comprised only of hex digits. .It Fl salt Use a salt in the key derivation routines (the default). -When the salt is being used +When the salt is being used, the first eight bytes of the encrypted data are reserved for the salt: it is randomly generated when encrypting a file and read from the encrypted file when it is decrypted. @@ -2423,7 +2434,7 @@ The output format. .It Fl paramfile Ar file Some public key algorithms generate a private key based on a set of parameters, which can be supplied using this option. -If this option is used the public key +If this option is used, the public key algorithm used is determined by the parameters. This option must precede any .Fl pkeyopt @@ -2710,7 +2721,7 @@ If an OCSP request is being created (using the .Fl cert and .Fl serial -options) +options), a nonce is automatically added; specifying .Fl no_nonce overrides this. @@ -3306,7 +3317,7 @@ The MAC is used to check the file integrity but since it will normally have the same password as the keys and certificates it could also be attacked. By default, both MAC and encryption iteration counts are set to 2048; using these options the MAC and encryption iteration counts can be set to 1. -Since this reduces the file security you should not use these options +Since this reduces the file security, you should not use these options unless you really have to. Most software supports both MAC and key iteration counts. .It Fl out Ar file @@ -3332,6 +3343,7 @@ is equivalent to .Bl -hang -width "openssl pkey" .It Nm openssl pkey .Bk -words +.Op Fl check .Op Ar cipher .Op Fl in Ar file .Op Fl inform Cm der | pem @@ -3340,6 +3352,7 @@ is equivalent to .Op Fl outform Cm der | pem .Op Fl passin Ar arg .Op Fl passout Ar arg +.Op Fl pubcheck .Op Fl pubin .Op Fl pubout .Op Fl text @@ -3355,6 +3368,8 @@ and their components printed out. .Pp The options are as follows: .Bl -tag -width Ds +.It Fl check +Check the validity of a key pair. .It Ar cipher Encrypt the private key with the specified cipher. Any algorithm name accepted by @@ -3380,6 +3395,9 @@ The output format. The key password source. .It Fl passout Ar arg The output file password source. +.It Fl pubcheck +Check the validity of a public key +or the public component of a key pair. .It Fl pubin Read in a public key, not a private key. .It Fl pubout @@ -3394,6 +3412,7 @@ even if a private key is being processed. .Tg pkeyparam .Sh PKEYPARAM .Cm openssl pkeyparam +.Op Fl check .Op Fl in Ar file .Op Fl noout .Op Fl out Ar file @@ -3406,6 +3425,8 @@ The key type is determined by the PEM headers. .Pp The options are as follows: .Bl -tag -width Ds +.It Fl check +check the correctness of parameters. .It Fl in Ar file The input file to read from, or standard input if not specified. @@ -3649,7 +3670,6 @@ or standard output if not specified. .It Nm openssl req .Bk -words .Op Fl addext Ar ext -.Op Fl asn1-kludge .Op Fl batch .Op Fl config Ar file .Op Fl days Ar n @@ -3666,7 +3686,6 @@ or standard output if not specified. .Op Fl new .Op Fl newhdr .Op Fl newkey Ar arg -.Op Fl no-asn1-kludge .Op Fl nodes .Op Fl noout .Op Fl out Ar file @@ -3705,9 +3724,6 @@ option is present) or certificate request. The argument must have the form of a key=value pair as it would appear in a config file. This option can be given multiple times. -.It Fl asn1-kludge -Produce requests in an invalid format for certain picky CAs. -Very few CAs still require the use of this option. .It Fl batch Non-interactive mode. .It Fl config Ar file @@ -3797,7 +3813,7 @@ generates an RSA key in size. If .Ar nbits -is omitted +is omitted, the default key size is used. .Pp .No dsa : Ns Ar file @@ -3819,9 +3835,6 @@ can be omitted, in which case any parameters can be specified via the .Fl pkeyopt option. -.It Fl no-asn1-kludge -Reverse the effect of -.Fl asn1-kludge . .It Fl nodes Do not encrypt the private key. .It Fl noout @@ -4113,7 +4126,6 @@ Any additional fields will be treated as though they were a .Op Fl pvk-none | pvk-strong | pvk-weak .Op Fl RSAPublicKey_in .Op Fl RSAPublicKey_out -.Op Fl sgckey .Op Fl text .Ek .El @@ -4185,9 +4197,6 @@ and except .Cm RSAPublicKey format is used instead. -.It Fl sgckey -Use the modified NET algorithm used with some versions of Microsoft IIS -and SGC keys. .It Fl text Print the public/private key components in plain text. .El @@ -5329,7 +5338,7 @@ option, for example). Do not do chain verification of signers' certificates: that is, don't use the certificates in the signed message as untrusted CAs. .It Fl nodetach -When signing a message use opaque signing: this form is more resistant +When signing a message, use opaque signing: this form is more resistant to translation by mail relays but it cannot be read by mail agents that do not support S/MIME. Without this option cleartext signing with the MIME type @@ -5666,7 +5675,7 @@ This option does not require a request; it is useful, for example, to examine the content of a response or token or to extract the time stamp token from a response. -If the input is a token and the output is a time stamp response a default +If the input is a token and the output is a time stamp response, a default .Qq granted status info is added to the token. .It Fl inkey Ar private.pem @@ -5687,7 +5696,7 @@ The key password source. The default policy to use for the response. Either dotted OID notation or OID names defined in the config file can be used. -If no policy is requested the TSA uses its own default policy. +If no policy is requested, the TSA uses its own default policy. .It Fl queryfile Ar request.tsq The file containing a DER-encoded time stamp request. .It Fl section Ar tsa_section @@ -5797,7 +5806,7 @@ for a description. The file containing the hexadecimal serial number of the last time stamp response created. This number is incremented by 1 for each response. -If the file does not exist at the time of response generation +If the file does not exist at the time of response generation, a new file is created with serial number 1. This parameter is mandatory. .It Cm signer_cert diff --git a/apps/openssl/passwd.c b/apps/openssl/passwd.c index 4033b553..11b43d65 100644 --- a/apps/openssl/passwd.c +++ b/apps/openssl/passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: passwd.c,v 1.10 2019/07/14 03:30:46 guenther Exp $ */ +/* $OpenBSD: passwd.c,v 1.12 2021/12/12 20:40:25 tb Exp $ */ #if defined OPENSSL_NO_MD5 #define NO_MD5CRYPT_1 @@ -306,7 +306,7 @@ md5crypt(const char *passwd, const char *magic, const char *salt) char *salt_out; int n; unsigned int i; - EVP_MD_CTX md, md2; + EVP_MD_CTX *md = NULL, *md2 = NULL; size_t passwd_len, salt_len; passwd_len = strlen(passwd); @@ -321,45 +321,74 @@ md5crypt(const char *passwd, const char *magic, const char *salt) salt_len = strlen(salt_out); assert(salt_len <= 8); - EVP_MD_CTX_init(&md); - EVP_DigestInit_ex(&md, EVP_md5(), NULL); - EVP_DigestUpdate(&md, passwd, passwd_len); - EVP_DigestUpdate(&md, "$", 1); - EVP_DigestUpdate(&md, magic, strlen(magic)); - EVP_DigestUpdate(&md, "$", 1); - EVP_DigestUpdate(&md, salt_out, salt_len); - - EVP_MD_CTX_init(&md2); - EVP_DigestInit_ex(&md2, EVP_md5(), NULL); - EVP_DigestUpdate(&md2, passwd, passwd_len); - EVP_DigestUpdate(&md2, salt_out, salt_len); - EVP_DigestUpdate(&md2, passwd, passwd_len); - EVP_DigestFinal_ex(&md2, buf, NULL); - - for (i = passwd_len; i > sizeof buf; i -= sizeof buf) - EVP_DigestUpdate(&md, buf, sizeof buf); - EVP_DigestUpdate(&md, buf, i); + if ((md = EVP_MD_CTX_new()) == NULL) + goto err; + if (!EVP_DigestInit_ex(md, EVP_md5(), NULL)) + goto err; + if (!EVP_DigestUpdate(md, passwd, passwd_len)) + goto err; + if (!EVP_DigestUpdate(md, "$", 1)) + goto err; + if (!EVP_DigestUpdate(md, magic, strlen(magic))) + goto err; + if (!EVP_DigestUpdate(md, "$", 1)) + goto err; + if (!EVP_DigestUpdate(md, salt_out, salt_len)) + goto err; + + if ((md2 = EVP_MD_CTX_new()) == NULL) + goto err; + if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL)) + goto err; + if (!EVP_DigestUpdate(md2, passwd, passwd_len)) + goto err; + if (!EVP_DigestUpdate(md2, salt_out, salt_len)) + goto err; + if (!EVP_DigestUpdate(md2, passwd, passwd_len)) + goto err; + if (!EVP_DigestFinal_ex(md2, buf, NULL)) + goto err; + + for (i = passwd_len; i > sizeof buf; i -= sizeof buf) { + if (!EVP_DigestUpdate(md, buf, sizeof buf)) + goto err; + } + if (!EVP_DigestUpdate(md, buf, i)) + goto err; n = passwd_len; while (n) { - EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1); + if (!EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1)) + goto err; n >>= 1; } - EVP_DigestFinal_ex(&md, buf, NULL); + if (!EVP_DigestFinal_ex(md, buf, NULL)) + goto err; for (i = 0; i < 1000; i++) { - EVP_DigestInit_ex(&md2, EVP_md5(), NULL); - EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf, - (i & 1) ? passwd_len : sizeof buf); - if (i % 3) - EVP_DigestUpdate(&md2, salt_out, salt_len); - if (i % 7) - EVP_DigestUpdate(&md2, passwd, passwd_len); - EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd, - (i & 1) ? sizeof buf : passwd_len); - EVP_DigestFinal_ex(&md2, buf, NULL); + if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL)) + goto err; + if (!EVP_DigestUpdate(md2, + (i & 1) ? (unsigned const char *) passwd : buf, + (i & 1) ? passwd_len : sizeof buf)) + goto err; + if (i % 3) { + if (!EVP_DigestUpdate(md2, salt_out, salt_len)) + goto err; + } + if (i % 7) { + if (!EVP_DigestUpdate(md2, passwd, passwd_len)) + goto err; + } + if (!EVP_DigestUpdate(md2, + (i & 1) ? buf : (unsigned const char *) passwd, + (i & 1) ? sizeof buf : passwd_len)) + goto err; + if (!EVP_DigestFinal_ex(md2, buf, NULL)) + goto err; } - EVP_MD_CTX_cleanup(&md2); + EVP_MD_CTX_free(md2); + md2 = NULL; { /* transform buf into output string */ @@ -394,9 +423,14 @@ md5crypt(const char *passwd, const char *magic, const char *salt) *output = 0; assert(strlen(out_buf) < sizeof(out_buf)); } - EVP_MD_CTX_cleanup(&md); + EVP_MD_CTX_free(md); return out_buf; + err: + EVP_MD_CTX_free(md); + EVP_MD_CTX_free(md2); + + return NULL; } #endif @@ -449,11 +483,9 @@ do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, /* truncate password if necessary */ if ((strlen(passwd) > pw_maxlen)) { if (!quiet) - /* - * XXX: really we should know how to print a size_t, - * not cast it - */ - BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned) pw_maxlen); + BIO_printf(bio_err, + "Warning: truncating password to %zu characters\n", + pw_maxlen); passwd[pw_maxlen] = 0; } assert(strlen(passwd) <= pw_maxlen); @@ -465,7 +497,8 @@ do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, #endif #ifndef NO_MD5CRYPT_1 if (use1 || useapr1) - hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p); + if ((hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p)) == NULL) + goto err; #endif assert(hash != NULL); @@ -478,6 +511,8 @@ do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, return 1; err: + free(*salt_malloc_p); + *salt_malloc_p = NULL; return 0; } #else diff --git a/apps/openssl/pkcs12.c b/apps/openssl/pkcs12.c index d2e677ad..fb8a1f0e 100644 --- a/apps/openssl/pkcs12.c +++ b/apps/openssl/pkcs12.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs12.c,v 1.14 2019/07/26 12:35:59 inoguchi Exp $ */ +/* $OpenBSD: pkcs12.c,v 1.23 2022/09/14 16:31:36 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -77,18 +77,18 @@ #define CLCERTS 0x8 #define CACERTS 0x10 -int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain); -int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, +static int get_cert_chain(X509 *cert, X509_STORE *store, + STACK_OF(X509) **chain); +static int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass); -int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass, +static int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags, + char *pass, int passlen, int options, char *pempass); +static int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass); -int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, - int passlen, int options, char *pempass); -int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, +static int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, const char *name); -void hex_prin(BIO *out, unsigned char *buf, int len); -int alg_print(BIO *x, X509_ALGOR *alg); -int cert_load(BIO *in, STACK_OF(X509) *sk); +static void hex_prin(BIO *out, unsigned char *buf, int len); +static int alg_print(BIO *x, const X509_ALGOR *alg); static int set_pbe(BIO *err, int *ppbe, const char *str); static struct { @@ -556,7 +556,7 @@ pkcs12_main(int argc, char **argv) goto end; } - if (pkcs12_config.passarg) { + if (pkcs12_config.passarg != NULL) { if (pkcs12_config.export_cert) pkcs12_config.passargout = pkcs12_config.passarg; else @@ -567,13 +567,13 @@ pkcs12_main(int argc, char **argv) BIO_printf(bio_err, "Error getting passwords\n"); goto end; } - if (!cpass) { + if (cpass == NULL) { if (pkcs12_config.export_cert) cpass = passout; else cpass = passin; } - if (cpass) { + if (cpass != NULL) { mpass = cpass; pkcs12_config.noprompt = 1; } else { @@ -581,22 +581,22 @@ pkcs12_main(int argc, char **argv) mpass = macpass; } - if (!pkcs12_config.infile) + if (pkcs12_config.infile == NULL) in = BIO_new_fp(stdin, BIO_NOCLOSE); else in = BIO_new_file(pkcs12_config.infile, "rb"); - if (!in) { + if (in == NULL) { BIO_printf(bio_err, "Error opening input file %s\n", pkcs12_config.infile ? pkcs12_config.infile : ""); perror(pkcs12_config.infile); goto end; } - if (!pkcs12_config.outfile) { + if (pkcs12_config.outfile == NULL) { out = BIO_new_fp(stdout, BIO_NOCLOSE); } else out = BIO_new_file(pkcs12_config.outfile, "wb"); - if (!out) { + if (out == NULL) { BIO_printf(bio_err, "Error opening output file %s\n", pkcs12_config.outfile ? pkcs12_config.outfile : ""); perror(pkcs12_config.outfile); @@ -637,10 +637,10 @@ pkcs12_main(int argc, char **argv) if (!(pkcs12_config.options & NOCERTS)) { certs = load_certs(bio_err, pkcs12_config.infile, FORMAT_PEM, NULL, "certificates"); - if (!certs) + if (certs == NULL) goto export_end; - if (key) { + if (key != NULL) { /* Look for matching private key */ for (i = 0; i < sk_X509_num(certs); i++) { x = sk_X509_value(certs, i); @@ -654,7 +654,7 @@ pkcs12_main(int argc, char **argv) break; } } - if (!ucert) { + if (ucert == NULL) { BIO_printf(bio_err, "No certificate matches private key\n"); goto export_end; @@ -663,11 +663,11 @@ pkcs12_main(int argc, char **argv) } /* Add any more certificates asked for */ - if (pkcs12_config.certfile) { + if (pkcs12_config.certfile != NULL) { STACK_OF(X509) *morecerts = NULL; - if (!(morecerts = load_certs(bio_err, + if ((morecerts = load_certs(bio_err, pkcs12_config.certfile, FORMAT_PEM, NULL, - "certificates from certfile"))) + "certificates from certfile")) == NULL) goto export_end; while (sk_X509_num(morecerts) > 0) sk_X509_push(certs, sk_X509_shift(morecerts)); @@ -680,7 +680,7 @@ pkcs12_main(int argc, char **argv) int vret; STACK_OF(X509) *chain2; X509_STORE *store = X509_STORE_new(); - if (!store) { + if (store == NULL) { BIO_printf(bio_err, "Memory allocation error\n"); goto export_end; @@ -692,7 +692,7 @@ pkcs12_main(int argc, char **argv) vret = get_cert_chain(ucert, store, &chain2); X509_STORE_free(store); - if (!vret) { + if (vret == X509_V_OK) { /* Exclude verified certificate */ for (i = 1; i < sk_X509_num(chain2); i++) sk_X509_push(certs, sk_X509_value( @@ -701,7 +701,7 @@ pkcs12_main(int argc, char **argv) X509_free(sk_X509_value(chain2, 0)); sk_X509_free(chain2); } else { - if (vret >= 0) + if (vret != X509_V_ERR_UNSPECIFIED) BIO_printf(bio_err, "Error %s getting chain.\n", X509_verify_cert_error_string( @@ -720,12 +720,12 @@ pkcs12_main(int argc, char **argv) X509_alias_set1(sk_X509_value(certs, i), catmp, -1); } - if (pkcs12_config.csp_name && key) + if (pkcs12_config.csp_name != NULL && key != NULL) EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, MBSTRING_ASC, (unsigned char *) pkcs12_config.csp_name, -1); - if (pkcs12_config.add_lmk && key) + if (pkcs12_config.add_lmk && key != NULL) EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); @@ -743,13 +743,13 @@ pkcs12_main(int argc, char **argv) certs, pkcs12_config.key_pbe, pkcs12_config.cert_pbe, pkcs12_config.iter, -1, pkcs12_config.keytype); - if (!p12) { + if (p12 == NULL) { ERR_print_errors(bio_err); goto export_end; } - if (pkcs12_config.macalg) { + if (pkcs12_config.macalg != NULL) { macmd = EVP_get_digestbyname(pkcs12_config.macalg); - if (!macmd) { + if (macmd == NULL) { BIO_printf(bio_err, "Unknown digest algorithm %s\n", pkcs12_config.macalg); @@ -771,7 +771,7 @@ pkcs12_main(int argc, char **argv) goto end; } - if (!(p12 = d2i_PKCS12_bio(in, NULL))) { + if ((p12 = d2i_PKCS12_bio(in, NULL)) == NULL) { ERR_print_errors(bio_err); goto end; } @@ -784,9 +784,13 @@ pkcs12_main(int argc, char **argv) if (!pkcs12_config.twopass) strlcpy(macpass, pass, sizeof macpass); - if ((pkcs12_config.options & INFO) && p12->mac) + if ((pkcs12_config.options & INFO) != 0 && PKCS12_mac_present(p12)) { + const ASN1_INTEGER *iter; + + PKCS12_get0_mac(NULL, NULL, NULL, &iter, p12); BIO_printf(bio_err, "MAC Iteration %ld\n", - p12->mac->iter ? ASN1_INTEGER_get(p12->mac->iter) : 1); + iter != NULL ? ASN1_INTEGER_get(iter) : 1); + } if (pkcs12_config.macver) { /* If we enter empty password try no password first */ if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { @@ -819,9 +823,9 @@ pkcs12_main(int argc, char **argv) return (ret); } -int -dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, - int passlen, int options, char *pempass) +static int +dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, + char *pempass) { STACK_OF(PKCS7) *asafes = NULL; STACK_OF(PKCS12_SAFEBAG) *bags; @@ -829,7 +833,7 @@ dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int ret = 0; PKCS7 *p7; - if (!(asafes = PKCS12_unpack_authsafes(p12))) + if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL) return 0; for (i = 0; i < sk_PKCS7_num(asafes); i++) { p7 = sk_PKCS7_value(asafes, i); @@ -847,7 +851,7 @@ dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, bags = PKCS12_unpack_p7encdata(p7, pass, passlen); } else continue; - if (!bags) + if (bags == NULL) goto err; if (!dump_certs_pkeys_bags(out, bags, pass, passlen, options, pempass)) { @@ -864,11 +868,12 @@ dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, return ret; } -int -dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, +static int +dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags, char *pass, int passlen, int options, char *pempass) { int i; + for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { if (!dump_certs_pkeys_bag(out, sk_PKCS12_SAFEBAG_value(bags, i), @@ -879,65 +884,82 @@ dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, return 1; } -int -dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, - int passlen, int options, char *pempass) +static int +dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, int passlen, + int options, char *pempass) { EVP_PKEY *pkey; - PKCS8_PRIV_KEY_INFO *p8; + const STACK_OF(X509_ATTRIBUTE) *attrs; X509 *x509; - switch (OBJ_obj2nid(bag->type)) { + attrs = PKCS12_SAFEBAG_get0_attrs(bag); + + switch (PKCS12_SAFEBAG_get_nid(bag)) { case NID_keyBag: + { + const PKCS8_PRIV_KEY_INFO *p8; + if (options & INFO) BIO_printf(bio_err, "Key bag\n"); if (options & NOKEYS) return 1; - print_attribs(out, bag->attrib, "Bag Attributes"); - p8 = bag->value.keybag; - if (!(pkey = EVP_PKCS82PKEY(p8))) + print_attribs(out, attrs, "Bag Attributes"); + if ((p8 = PKCS12_SAFEBAG_get0_p8inf(bag)) == NULL) + return 0; + if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) return 0; - print_attribs(out, p8->attributes, "Key Attributes"); + print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes"); PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0, NULL, pempass); EVP_PKEY_free(pkey); break; + } case NID_pkcs8ShroudedKeyBag: + { + PKCS8_PRIV_KEY_INFO *p8; + if (options & INFO) { + const X509_SIG *tp8; + const X509_ALGOR *tp8alg; + BIO_printf(bio_err, "Shrouded Keybag: "); - alg_print(bio_err, bag->value.shkeybag->algor); + if ((tp8 = PKCS12_SAFEBAG_get0_pkcs8(bag)) == NULL) + return 0; + X509_SIG_get0(tp8, &tp8alg, NULL); + alg_print(bio_err, tp8alg); } if (options & NOKEYS) return 1; - print_attribs(out, bag->attrib, "Bag Attributes"); - if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) + print_attribs(out, attrs, "Bag Attributes"); + if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL) return 0; - if (!(pkey = EVP_PKCS82PKEY(p8))) { + if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) { PKCS8_PRIV_KEY_INFO_free(p8); return 0; } - print_attribs(out, p8->attributes, "Key Attributes"); + print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes"); PKCS8_PRIV_KEY_INFO_free(p8); PEM_write_bio_PrivateKey(out, pkey, pkcs12_config.enc, NULL, 0, NULL, pempass); EVP_PKEY_free(pkey); break; + } case NID_certBag: if (options & INFO) BIO_printf(bio_err, "Certificate bag\n"); if (options & NOCERTS) return 1; - if (PKCS12_get_attr(bag, NID_localKeyID)) { + if (PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID) != NULL) { if (options & CACERTS) return 1; } else if (options & CLCERTS) return 1; - print_attribs(out, bag->attrib, "Bag Attributes"); - if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate) + print_attribs(out, attrs, "Bag Attributes"); + if (PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate) return 1; - if (!(x509 = PKCS12_certbag2x509(bag))) + if ((x509 = PKCS12_certbag2x509(bag)) == NULL) return 0; dump_cert_text(out, x509); PEM_write_bio_X509(out, x509); @@ -947,13 +969,13 @@ dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, case NID_safeContentsBag: if (options & INFO) BIO_printf(bio_err, "Safe Contents bag\n"); - print_attribs(out, bag->attrib, "Bag Attributes"); - return dump_certs_pkeys_bags(out, bag->value.safes, pass, - passlen, options, pempass); + print_attribs(out, attrs, "Bag Attributes"); + return dump_certs_pkeys_bags(out, PKCS12_SAFEBAG_get0_safes(bag), + pass, passlen, options, pempass); default: BIO_printf(bio_err, "Warning unsupported bag type: "); - i2a_ASN1_OBJECT(bio_err, bag->type); + i2a_ASN1_OBJECT(bio_err, PKCS12_SAFEBAG_get0_type(bag)); BIO_printf(bio_err, "\n"); return 1; break; @@ -962,49 +984,40 @@ dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, } /* Given a single certificate return a verified chain or NULL if error */ - -/* Hope this is OK .... */ - -int -get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain) +static int +get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **out_chain) { - X509_STORE_CTX store_ctx; - STACK_OF(X509) *chn; - int i = 0; - - /* - * FIXME: Should really check the return status of - * X509_STORE_CTX_init for an error, but how that fits into the - * return value of this function is less obvious. - */ - X509_STORE_CTX_init(&store_ctx, store, cert, NULL); - if (X509_verify_cert(&store_ctx) <= 0) { - i = X509_STORE_CTX_get_error(&store_ctx); - if (i == 0) - /* - * avoid returning 0 if X509_verify_cert() did not - * set an appropriate error value in the context - */ - i = -1; - chn = NULL; + X509_STORE_CTX *store_ctx = NULL; + STACK_OF(X509) *chain = NULL; + int ret = X509_V_ERR_UNSPECIFIED; + + if ((store_ctx = X509_STORE_CTX_new()) == NULL) goto err; - } else - chn = X509_STORE_CTX_get1_chain(&store_ctx); + if (!X509_STORE_CTX_init(store_ctx, store, cert, NULL)) + goto err; + + if (X509_verify_cert(store_ctx) > 0) { + if ((chain = X509_STORE_CTX_get1_chain(store_ctx)) == NULL) + goto err; + } + ret = X509_STORE_CTX_get_error(store_ctx); + err: - X509_STORE_CTX_cleanup(&store_ctx); - *chain = chn; + X509_STORE_CTX_free(store_ctx); + *out_chain = chain; - return i; + return ret; } -int -alg_print(BIO *x, X509_ALGOR *alg) +static int +alg_print(BIO *x, const X509_ALGOR *alg) { PBEPARAM *pbe; const unsigned char *p; + p = alg->parameter->value.sequence->data; pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); - if (!pbe) + if (pbe == NULL) return 1; BIO_printf(bio_err, "%s, Iteration %ld\n", OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), @@ -1013,33 +1026,49 @@ alg_print(BIO *x, X509_ALGOR *alg) return 1; } -/* Load all certificates from a given file */ - -int -cert_load(BIO *in, STACK_OF(X509) *sk) +/* Generalised attribute print: handle PKCS#8 and bag attributes */ +static void +print_attribute(BIO *out, const ASN1_TYPE *av) { - int ret; - X509 *cert; - ret = 0; - while ((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) { - ret = 1; - sk_X509_push(sk, cert); + char *value; + + switch (av->type) { + case V_ASN1_BMPSTRING: + value = OPENSSL_uni2asc( + av->value.bmpstring->data, + av->value.bmpstring->length); + BIO_printf(out, "%s\n", value); + free(value); + break; + + case V_ASN1_OCTET_STRING: + hex_prin(out, av->value.octet_string->data, + av->value.octet_string->length); + BIO_printf(out, "\n"); + break; + + case V_ASN1_BIT_STRING: + hex_prin(out, av->value.bit_string->data, + av->value.bit_string->length); + BIO_printf(out, "\n"); + break; + + default: + BIO_printf(out, "\n", + av->type); + break; } - if (ret) - ERR_clear_error(); - return ret; } -/* Generalised attribute print: handle PKCS#8 and bag attributes */ - -int -print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, const char *name) +static int +print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, + const char *name) { X509_ATTRIBUTE *attr; ASN1_TYPE *av; - char *value; - int i, attr_nid; - if (!attrlst) { + int i, j, attr_nid; + + if (attrlst == NULL) { BIO_printf(out, "%s: \n", name); return 1; } @@ -1049,42 +1078,22 @@ print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, const char *name) } BIO_printf(out, "%s\n", name); for (i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) { + ASN1_OBJECT *obj; + attr = sk_X509_ATTRIBUTE_value(attrlst, i); - attr_nid = OBJ_obj2nid(attr->object); + obj = X509_ATTRIBUTE_get0_object(attr); + attr_nid = OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)); BIO_printf(out, " "); if (attr_nid == NID_undef) { - i2a_ASN1_OBJECT(out, attr->object); + i2a_ASN1_OBJECT(out, obj); BIO_printf(out, ": "); } else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid)); - if (sk_ASN1_TYPE_num(attr->value.set)) { - av = sk_ASN1_TYPE_value(attr->value.set, 0); - switch (av->type) { - case V_ASN1_BMPSTRING: - value = OPENSSL_uni2asc( - av->value.bmpstring->data, - av->value.bmpstring->length); - BIO_printf(out, "%s\n", value); - free(value); - break; - - case V_ASN1_OCTET_STRING: - hex_prin(out, av->value.octet_string->data, - av->value.octet_string->length); - BIO_printf(out, "\n"); - break; - - case V_ASN1_BIT_STRING: - hex_prin(out, av->value.bit_string->data, - av->value.bit_string->length); - BIO_printf(out, "\n"); - break; - - default: - BIO_printf(out, "\n", - av->type); - break; + if (X509_ATTRIBUTE_count(attr)) { + for (j = 0; j < X509_ATTRIBUTE_count(attr); j++) { + av = X509_ATTRIBUTE_get0_type(attr, j); + print_attribute(out, av); } } else BIO_printf(out, "\n"); @@ -1092,10 +1101,11 @@ print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, const char *name) return 1; } -void +static void hex_prin(BIO *out, unsigned char *buf, int len) { int i; + for (i = 0; i < len; i++) BIO_printf(out, "%02X ", buf[i]); } @@ -1103,9 +1113,9 @@ hex_prin(BIO *out, unsigned char *buf, int len) static int set_pbe(BIO *err, int *ppbe, const char *str) { - if (!str) + if (str == NULL) return 0; - if (!strcmp(str, "NONE")) { + if (strcmp(str, "NONE") == 0) { *ppbe = -1; return 1; } diff --git a/apps/openssl/pkey.c b/apps/openssl/pkey.c index 06b4c018..dcddd976 100644 --- a/apps/openssl/pkey.c +++ b/apps/openssl/pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkey.c,v 1.15 2019/07/14 03:30:46 guenther Exp $ */ +/* $OpenBSD: pkey.c,v 1.17 2022/01/14 10:17:30 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006 */ @@ -66,6 +66,7 @@ #include static struct { + int check; const EVP_CIPHER *cipher; char *infile; int informat; @@ -74,6 +75,7 @@ static struct { int outformat; char *passargin; char *passargout; + int pubcheck; int pubin; int pubout; int pubtext; @@ -98,6 +100,12 @@ pkey_opt_cipher(int argc, char **argv, int *argsused) } static const struct option pkey_options[] = { + { + .name = "check", + .desc = "Check validity of key", + .type = OPTION_FLAG, + .opt.flag = &pkey_config.check, + }, { .name = "in", .argname = "file", @@ -146,6 +154,12 @@ static const struct option pkey_options[] = { .type = OPTION_ARG, .opt.arg = &pkey_config.passargout, }, + { + .name = "pubcheck", + .desc = "Check validity of public key", + .type = OPTION_FLAG, + .opt.flag = &pkey_config.pubcheck, + }, { .name = "pubin", .desc = "Expect a public key (default private key)", @@ -186,11 +200,11 @@ pkey_usage() int n = 0; fprintf(stderr, - "usage: pkey [-ciphername] [-in file] [-inform fmt] [-noout] " - "[-out file]\n" - " [-outform fmt] [-passin src] [-passout src] [-pubin] " - "[-pubout] [-text]\n" - " [-text_pub]\n\n"); + "usage: pkey [-check] [-ciphername] [-in file] [-inform fmt] " + "[-noout] [-out file]\n" + " [-outform fmt] [-passin src] [-passout src] [-pubcheck] " + "[-pubin] [-pubout]\n" + " [-text] [-text_pub]\n\n"); options_usage(pkey_options); fprintf(stderr, "\n"); @@ -252,6 +266,14 @@ pkey_main(int argc, char **argv) if (!pkey) goto end; + if (pkey_config.check) { + if (!pkey_check(out, pkey, EVP_PKEY_check, "Key pair")) + goto end; + } else if (pkey_config.pubcheck) { + if (!pkey_check(out, pkey, EVP_PKEY_public_check, "Public key")) + goto end; + } + if (!pkey_config.noout) { if (pkey_config.outformat == FORMAT_PEM) { if (pkey_config.pubout) diff --git a/apps/openssl/pkeyparam.c b/apps/openssl/pkeyparam.c index 81bed139..924c39ed 100644 --- a/apps/openssl/pkeyparam.c +++ b/apps/openssl/pkeyparam.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkeyparam.c,v 1.12 2019/07/14 03:30:46 guenther Exp $ */ +/* $OpenBSD: pkeyparam.c,v 1.14 2022/01/14 10:17:30 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006 */ @@ -66,6 +66,7 @@ #include struct { + int check; char *infile; int noout; char *outfile; @@ -73,6 +74,12 @@ struct { } pkeyparam_config; static const struct option pkeyparam_options[] = { + { + .name = "check", + .desc = "Check validity of key parameters", + .type = OPTION_FLAG, + .opt.flag = &pkeyparam_config.check, + }, { .name = "in", .argname = "file", @@ -106,7 +113,7 @@ static void pkeyparam_usage() { fprintf(stderr, - "usage: pkeyparam [-in file] [-noout] [-out file] " + "usage: pkeyparam [-check] [-in file] [-noout] [-out file] " "[-text]\n"); options_usage(pkeyparam_options); } @@ -157,6 +164,12 @@ pkeyparam_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } + + if (pkeyparam_config.check) { + if (!pkey_check(out, pkey, EVP_PKEY_param_check, "Parameters")) + goto end; + } + if (!pkeyparam_config.noout) PEM_write_bio_Parameters(out, pkey); diff --git a/apps/openssl/req.c b/apps/openssl/req.c index dfba8e28..6d74ca0e 100644 --- a/apps/openssl/req.c +++ b/apps/openssl/req.c @@ -1,4 +1,4 @@ -/* $OpenBSD: req.c,v 1.19 2020/08/09 16:38:24 jsing Exp $ */ +/* $OpenBSD: req.c,v 1.23 2022/02/03 17:44:04 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -143,7 +143,6 @@ struct { char *keyfile; int keyform; char *keyout; - int kludge; int modulus; int multirdn; int newhdr; @@ -295,12 +294,6 @@ static const struct option req_options[] = { .type = OPTION_ARG_FUNC, .opt.argfunc = req_opt_addext, }, - { - .name = "asn1-kludge", - .type = OPTION_VALUE, - .opt.value = &req_config.kludge, - .value = 1, - }, { .name = "batch", .desc = "Operate in batch mode", @@ -401,12 +394,6 @@ static const struct option req_options[] = { .type = OPTION_ARG_FUNC, .opt.argfunc = req_opt_newkey, }, - { - .name = "no-asn1-kludge", - .type = OPTION_VALUE, - .opt.value = &req_config.kludge, - .value = 0, - }, { .name = "nodes", .desc = "Do not encrypt output private key", @@ -544,12 +531,12 @@ static void req_usage(void) { fprintf(stderr, - "usage: req [-addext ext] [-asn1-kludge] [-batch] [-config file]\n" + "usage: req [-addext ext] [-batch] [-config file]\n" " [-days n] [-extensions section] [-in file]\n" " [-inform der | pem] [-key keyfile] [-keyform der | pem]\n" " [-keyout file] [-md4 | -md5 | -sha1] [-modulus]\n" " [-multivalue-rdn] [-nameopt option] [-new] [-newhdr]\n" - " [-newkey arg] [-no-asn1-kludge] [-nodes] [-noout]\n" + " [-newkey arg] [-nodes] [-noout]\n" " [-out file] [-outform der | pem] [-passin arg]\n" " [-passout arg] [-pkeyopt opt:value] [-pubkey]\n" " [-reqexts section] [-reqopt option] [-set_serial n]\n" @@ -851,11 +838,6 @@ req_main(int argc, char **argv) BIO_printf(bio_err, "-----\n"); } if (!req_config.newreq) { - /* - * Since we are using a pre-existing certificate request, the - * kludge 'format' info should not be changed. - */ - req_config.kludge = -1; if (req_config.infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { @@ -890,10 +872,6 @@ req_main(int argc, char **argv) } i = make_REQ(req, pkey, req_config.subj, req_config.multirdn, !req_config.x509, req_config.chtype); req_config.subj = NULL; /* done processing '-subj' option */ - if ((req_config.kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) { - sk_X509_ATTRIBUTE_free(req->req_info->attributes); - req->req_info->attributes = NULL; - } if (!i) { BIO_printf(bio_err, "problems making Certificate Request\n"); goto end; @@ -901,6 +879,7 @@ req_main(int argc, char **argv) } if (req_config.x509) { EVP_PKEY *tmppkey; + X509V3_CTX ext_ctx; if ((x509ss = X509_new()) == NULL) goto end; @@ -926,10 +905,10 @@ req_main(int argc, char **argv) goto end; if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end; - tmppkey = X509_REQ_get_pubkey(req); - if (!tmppkey || !X509_set_pubkey(x509ss, tmppkey)) + if ((tmppkey = X509_REQ_get0_pubkey(req)) == NULL) + goto end; + if (!X509_set_pubkey(x509ss, tmppkey)) goto end; - EVP_PKEY_free(tmppkey); /* Set up V3 context struct */ @@ -1000,26 +979,19 @@ req_main(int argc, char **argv) ex = 1; goto end; } - req->req_info->enc.modified = 1; if (req_config.verbose) { print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), req_config.nmflag); } } if (req_config.verify && !req_config.x509) { - int tmp = 0; + EVP_PKEY *pubkey = pkey; - if (pkey == NULL) { - pkey = X509_REQ_get_pubkey(req); - tmp = 1; - if (pkey == NULL) - goto end; - } - i = X509_REQ_verify(req, pkey); - if (tmp) { - EVP_PKEY_free(pkey); - pkey = NULL; - } + if (pubkey == NULL) + pubkey = X509_REQ_get0_pubkey(req); + if (pubkey == NULL) + goto end; + i = X509_REQ_verify(req, pubkey); if (i < 0) { goto end; } else if (i == 0) { @@ -1047,14 +1019,13 @@ req_main(int argc, char **argv) if (req_config.pubkey) { EVP_PKEY *tpubkey; - tpubkey = X509_REQ_get_pubkey(req); - if (tpubkey == NULL) { + + if ((tpubkey = X509_REQ_get0_pubkey(req)) == NULL) { BIO_printf(bio_err, "Error getting public key\n"); ERR_print_errors(bio_err); goto end; } PEM_write_bio_PUBKEY(out, tpubkey); - EVP_PKEY_free(tpubkey); } if (req_config.text) { if (req_config.x509) @@ -1072,19 +1043,22 @@ req_main(int argc, char **argv) EVP_PKEY *tpubkey; if (req_config.x509) - tpubkey = X509_get_pubkey(x509ss); + tpubkey = X509_get0_pubkey(x509ss); else - tpubkey = X509_REQ_get_pubkey(req); + tpubkey = X509_REQ_get0_pubkey(req); if (tpubkey == NULL) { fprintf(stdout, "Modulus=unavailable\n"); goto end; } fprintf(stdout, "Modulus="); - if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA) - BN_print(out, tpubkey->pkey.rsa->n); - else + if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA) { + const BIGNUM *n = NULL; + + RSA_get0_key(EVP_PKEY_get0_RSA(tpubkey), &n, NULL, NULL); + + BN_print(out, n); + } else fprintf(stdout, "Wrong Algorithm type"); - EVP_PKEY_free(tpubkey); fprintf(stdout, "\n"); } if (!req_config.noout && !req_config.x509) { @@ -1783,14 +1757,19 @@ int do_X509_sign(BIO * err, X509 * x, EVP_PKEY * pkey, const EVP_MD * md, STACK_OF(OPENSSL_STRING) * sigopts) { + EVP_MD_CTX *mctx; int rv; - EVP_MD_CTX mctx; - EVP_MD_CTX_init(&mctx); - rv = do_sign_init(err, &mctx, pkey, md, sigopts); + + if ((mctx = EVP_MD_CTX_new()) == NULL) + return 0; + + rv = do_sign_init(err, mctx, pkey, md, sigopts); if (rv > 0) - rv = X509_sign_ctx(x, &mctx); - EVP_MD_CTX_cleanup(&mctx); - return rv > 0 ? 1 : 0; + rv = X509_sign_ctx(x, mctx); + + EVP_MD_CTX_free(mctx); + + return rv > 0; } @@ -1798,14 +1777,19 @@ int do_X509_REQ_sign(BIO * err, X509_REQ * x, EVP_PKEY * pkey, const EVP_MD * md, STACK_OF(OPENSSL_STRING) * sigopts) { + EVP_MD_CTX *mctx; int rv; - EVP_MD_CTX mctx; - EVP_MD_CTX_init(&mctx); - rv = do_sign_init(err, &mctx, pkey, md, sigopts); + + if ((mctx = EVP_MD_CTX_new()) == NULL) + return 0; + + rv = do_sign_init(err, mctx, pkey, md, sigopts); if (rv > 0) - rv = X509_REQ_sign_ctx(x, &mctx); - EVP_MD_CTX_cleanup(&mctx); - return rv > 0 ? 1 : 0; + rv = X509_REQ_sign_ctx(x, mctx); + + EVP_MD_CTX_free(mctx); + + return rv > 0; } @@ -1815,13 +1799,18 @@ do_X509_CRL_sign(BIO * err, X509_CRL * x, EVP_PKEY * pkey, const EVP_MD * md, STACK_OF(OPENSSL_STRING) * sigopts) { int rv; - EVP_MD_CTX mctx; - EVP_MD_CTX_init(&mctx); - rv = do_sign_init(err, &mctx, pkey, md, sigopts); + EVP_MD_CTX *mctx; + + if ((mctx = EVP_MD_CTX_new()) == NULL) + return 0; + + rv = do_sign_init(err, mctx, pkey, md, sigopts); if (rv > 0) - rv = X509_CRL_sign_ctx(x, &mctx); - EVP_MD_CTX_cleanup(&mctx); - return rv > 0 ? 1 : 0; + rv = X509_CRL_sign_ctx(x, mctx); + + EVP_MD_CTX_free(mctx); + + return rv > 0; } static unsigned long diff --git a/apps/openssl/rsa.c b/apps/openssl/rsa.c index 231674b5..acc05ee0 100644 --- a/apps/openssl/rsa.c +++ b/apps/openssl/rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa.c,v 1.14 2019/07/14 03:30:46 guenther Exp $ */ +/* $OpenBSD: rsa.c,v 1.16 2022/01/14 09:26:41 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -88,7 +88,6 @@ static struct { int pubin; int pubout; int pvk_encr; - int sgckey; int text; } rsa_config; @@ -214,12 +213,6 @@ static const struct option rsa_options[] = { .value = 2, .opt.value = &rsa_config.pubout, }, - { - .name = "sgckey", - .desc = "Use modified NET algorithm for IIS and SGC keys", - .type = OPTION_FLAG, - .opt.flag = &rsa_config.sgckey, - }, { .name = "text", .desc = "Print in plain text in addition to encoded", @@ -244,7 +237,7 @@ rsa_usage() "[-inform fmt]\n" " [-modulus] [-noout] [-out file] [-outform fmt] " "[-passin src]\n" - " [-passout src] [-pubin] [-pubout] [-sgckey] [-text]\n\n"); + " [-passout src] [-pubin] [-pubout] [-text]\n\n"); options_usage(rsa_options); fprintf(stderr, "\n"); @@ -300,19 +293,14 @@ rsa_main(int argc, char **argv) tmpformat = FORMAT_PEMRSA; else if (rsa_config.informat == FORMAT_ASN1) tmpformat = FORMAT_ASN1RSA; - } else if (rsa_config.informat == FORMAT_NETSCAPE && - rsa_config.sgckey) - tmpformat = FORMAT_IISSGC; - else + } else tmpformat = rsa_config.informat; pkey = load_pubkey(bio_err, rsa_config.infile, tmpformat, 1, passin, "Public Key"); } else pkey = load_key(bio_err, rsa_config.infile, - (rsa_config.informat == FORMAT_NETSCAPE && - rsa_config.sgckey ? FORMAT_IISSGC : - rsa_config.informat), 1, passin, "Private Key"); + rsa_config.informat, 1, passin, "Private Key"); if (pkey != NULL) rsa = EVP_PKEY_get1_RSA(pkey); @@ -340,7 +328,7 @@ rsa_main(int argc, char **argv) } if (rsa_config.modulus) { BIO_printf(out, "Modulus="); - BN_print(out, rsa->n); + BN_print(out, RSA_get0_n(rsa)); BIO_printf(out, "\n"); } if (rsa_config.check) { @@ -380,25 +368,7 @@ rsa_main(int argc, char **argv) i = i2d_RSA_PUBKEY_bio(out, rsa); } else i = i2d_RSAPrivateKey_bio(out, rsa); - } -#ifndef OPENSSL_NO_RC4 - else if (rsa_config.outformat == FORMAT_NETSCAPE) { - unsigned char *p, *pp; - int size; - - i = 1; - size = i2d_RSA_NET(rsa, NULL, NULL, rsa_config.sgckey); - if ((p = malloc(size)) == NULL) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto end; - } - pp = p; - i2d_RSA_NET(rsa, &p, NULL, rsa_config.sgckey); - BIO_write(out, (char *) pp, size); - free(pp); - } -#endif - else if (rsa_config.outformat == FORMAT_PEM) { + } else if (rsa_config.outformat == FORMAT_PEM) { if (rsa_config.pubout || rsa_config.pubin) { if (rsa_config.pubout == 2) i = PEM_write_bio_RSAPublicKey(out, rsa); diff --git a/apps/openssl/s_apps.h b/apps/openssl/s_apps.h index f535a35c..a73c2eb1 100644 --- a/apps/openssl/s_apps.h +++ b/apps/openssl/s_apps.h @@ -1,4 +1,4 @@ -/* $OpenBSD: s_apps.h,v 1.6 2021/08/29 12:33:15 tb Exp $ */ +/* $OpenBSD: s_apps.h,v 1.7 2021/12/06 11:06:58 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -119,7 +119,7 @@ extern int verify_depth; extern int verify_return_error; int do_server(int port, int type, int *ret, - int (*cb)(char *hostname, int s, unsigned char *context), + int (*cb)(int s, unsigned char *context), unsigned char *context, int naccept); #ifdef HEADER_X509_H int verify_callback(int ok, X509_STORE_CTX *ctx); diff --git a/apps/openssl/s_cb.c b/apps/openssl/s_cb.c index 3a0c89bb..73f45c25 100644 --- a/apps/openssl/s_cb.c +++ b/apps/openssl/s_cb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_cb.c,v 1.15 2021/04/02 10:19:19 inoguchi Exp $ */ +/* $OpenBSD: s_cb.c,v 1.20 2022/08/31 07:12:30 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -202,60 +202,33 @@ verify_callback(int ok, X509_STORE_CTX * ctx) int set_cert_stuff(SSL_CTX * ctx, char *cert_file, char *key_file) { - if (cert_file != NULL) { - /* - SSL *ssl; - X509 *x509; - */ - - if (SSL_CTX_use_certificate_file(ctx, cert_file, - SSL_FILETYPE_PEM) <= 0) { - BIO_printf(bio_err, - "unable to get certificate from '%s'\n", cert_file); - ERR_print_errors(bio_err); - return (0); - } - if (key_file == NULL) - key_file = cert_file; - if (SSL_CTX_use_PrivateKey_file(ctx, key_file, - SSL_FILETYPE_PEM) <= 0) { - BIO_printf(bio_err, - "unable to get private key from '%s'\n", key_file); - ERR_print_errors(bio_err); - return (0); - } - /* - In theory this is no longer needed - ssl=SSL_new(ctx); - x509=SSL_get_certificate(ssl); - - if (x509 != NULL) { - EVP_PKEY *pktmp; - pktmp = X509_get_pubkey(x509); - EVP_PKEY_copy_parameters(pktmp, - SSL_get_privatekey(ssl)); - EVP_PKEY_free(pktmp); - } - SSL_free(ssl); - */ - - /* - * If we are using DSA, we can copy the parameters from the - * private key - */ - - - /* - * Now we know that a key and cert have been set against the - * SSL context - */ - if (!SSL_CTX_check_private_key(ctx)) { - BIO_printf(bio_err, - "Private key does not match the certificate public key\n"); - return (0); - } + if (cert_file == NULL) + return 1; + + if (key_file == NULL) + key_file = cert_file; + + if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) { + BIO_printf(bio_err, + "unable to get certificate from '%s'\n", cert_file); + ERR_print_errors(bio_err); + return 0; } - return (1); + if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) { + BIO_printf(bio_err, "unable to get private key from '%s'\n", + key_file); + ERR_print_errors(bio_err); + return 0; + } + + /* Now we know that a key and cert have been set against the context. */ + if (!SSL_CTX_check_private_key(ctx)) { + BIO_printf(bio_err, + "Private key does not match the certificate public key\n"); + return 0; + } + + return 1; } int @@ -291,6 +264,7 @@ ssl_print_tmp_key(BIO *out, SSL *s) const char *cname; EVP_PKEY *pkey; EC_KEY *ec; + const EC_GROUP *group; int nid; if (!SSL_get_server_tmp_key(s, &pkey)) @@ -303,9 +277,12 @@ ssl_print_tmp_key(BIO *out, SSL *s) break; case EVP_PKEY_EC: - ec = EVP_PKEY_get1_EC_KEY(pkey); - nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); - EC_KEY_free(ec); + if ((ec = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) + goto err; + if ((group = EC_KEY_get0_group(ec)) == NULL) + goto err; + + nid = EC_GROUP_get_curve_name(group); if ((cname = EC_curve_nid2nist(nid)) == NULL) cname = OBJ_nid2sn(nid); @@ -318,6 +295,7 @@ ssl_print_tmp_key(BIO *out, SSL *s) EVP_PKEY_bits(pkey)); } + err: EVP_PKEY_free(pkey); return 1; } @@ -941,8 +919,12 @@ verify_cookie_callback(SSL * ssl, const unsigned char *cookie, } /* Calculate HMAC of buffer using the secret */ - HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, - buffer, length, result, &resultlength); + if (HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, + buffer, length, result, &resultlength) == NULL) { + free(buffer); + return 0; + } + free(buffer); if (cookie_len == resultlength && diff --git a/apps/openssl/s_client.c b/apps/openssl/s_client.c index df35ffbc..15ebb0c0 100644 --- a/apps/openssl/s_client.c +++ b/apps/openssl/s_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_client.c,v 1.54 2021/03/17 18:11:01 jsing Exp $ */ +/* $OpenBSD: s_client.c,v 1.58 2022/02/03 17:44:04 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -219,6 +219,7 @@ static struct { int msg; int nbio; int nbio_test; + int no_servername; char *npn_in; unsigned int off; char *passarg; @@ -633,6 +634,12 @@ static const struct option s_client_options[] = { .opt.value = &s_client_config.clr, .value = SSL_OP_LEGACY_SERVER_CONNECT, }, + { + .name = "no_servername", + .desc = "Do not send a Server Name Indication (SNI) extension", + .type = OPTION_FLAG, + .opt.value = &s_client_config.no_servername, + }, { .name = "no_ssl2", .type = OPTION_VALUE_OR, @@ -680,6 +687,11 @@ static const struct option s_client_options[] = { .opt.value = &s_client_config.off, .value = SSL_OP_NO_TLSv1_3, }, + { + .name = "noservername", + .type = OPTION_FLAG, + .opt.value = &s_client_config.no_servername, + }, { .name = "pass", .argname = "arg", @@ -894,8 +906,8 @@ s_client_main(int argc, char **argv) char *cbuf = NULL, *sbuf = NULL, *mbuf = NULL, *pbuf = NULL; int cbuf_len, cbuf_off; int sbuf_len, sbuf_off; - int pbuf_len, pbuf_off; int full_log = 1; + const char *servername; char *pass = NULL; X509 *cert = NULL; EVP_PKEY *key = NULL; @@ -1067,12 +1079,6 @@ s_client_main(int argc, char **argv) if (!SSL_CTX_set_default_verify_paths(ctx)) ERR_print_errors(bio_err); - if (s_client_config.servername != NULL) { - tlsextcbp.biodebug = bio_err; - SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); - SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); - } - con = SSL_new(ctx); if (s_client_config.sess_in) { SSL_SESSION *sess; @@ -1094,15 +1100,32 @@ s_client_main(int argc, char **argv) SSL_set_session(con, sess); SSL_SESSION_free(sess); } - if (s_client_config.servername != NULL) { - if (!SSL_set_tlsext_host_name(con, s_client_config.servername)) { + + /* Attempt to opportunistically use the host name for SNI. */ + servername = s_client_config.servername; + if (servername == NULL) + servername = s_client_config.host; + + if (!s_client_config.no_servername && servername != NULL && + !SSL_set_tlsext_host_name(con, servername)) { + long ssl_err = ERR_peek_error(); + + if (s_client_config.servername != NULL || + ERR_GET_LIB(ssl_err) != ERR_LIB_SSL || + ERR_GET_REASON(ssl_err) != SSL_R_SSL3_EXT_INVALID_SERVERNAME) { BIO_printf(bio_err, "Unable to set TLS servername extension.\n"); ERR_print_errors(bio_err); goto end; } + servername = NULL; + ERR_clear_error(); + } + if (!s_client_config.no_servername && servername != NULL) { + tlsextcbp.biodebug = bio_err; + SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); + SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); } -/* SSL_set_cipher_list(con,"RC4-MD5"); */ re_start: @@ -1195,8 +1218,6 @@ s_client_main(int argc, char **argv) cbuf_off = 0; sbuf_len = 0; sbuf_off = 0; - pbuf_len = 0; - pbuf_off = 0; /* This is an ugly hack that does a lot of assumptions */ /* @@ -1503,8 +1524,6 @@ s_client_main(int argc, char **argv) if (SSL_get_error(con, p) == SSL_ERROR_NONE) { if (p <= 0) goto end; - pbuf_off = 0; - pbuf_len = p; k = SSL_read(con, sbuf, p); } @@ -1753,10 +1772,10 @@ print_stuff(BIO *bio, SSL *s, int full) SSL_CIPHER_get_name(c)); if (peer != NULL) { EVP_PKEY *pktmp; - pktmp = X509_get_pubkey(peer); + + pktmp = X509_get0_pubkey(peer); BIO_printf(bio, "Server public key is %d bit\n", EVP_PKEY_bits(pktmp)); - EVP_PKEY_free(pktmp); } BIO_printf(bio, "Secure Renegotiation IS%s supported\n", SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); diff --git a/apps/openssl/s_server.c b/apps/openssl/s_server.c index 815519a6..9b06856a 100644 --- a/apps/openssl/s_server.c +++ b/apps/openssl/s_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_server.c,v 1.49 2021/08/29 13:16:17 tb Exp $ */ +/* $OpenBSD: s_server.c,v 1.54 2021/12/06 11:06:58 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -180,13 +180,13 @@ static void s_server_init(void); static void sv_usage(void); static void print_stats(BIO *bp, SSL_CTX *ctx); -static int sv_body(char *hostname, int s, unsigned char *context); +static int sv_body(int s, unsigned char *context); static void close_accept_socket(void); static int init_ssl_connection(SSL *s); #ifndef OPENSSL_NO_DH static DH *load_dh_param(const char *dhfile); #endif -static int www_body(char *hostname, int s, unsigned char *context); +static int www_body(int s, unsigned char *context); static int generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len); static int ssl_servername_cb(SSL *s, int *ad, void *arg); @@ -1072,7 +1072,6 @@ sv_usage(void) int s_server_main(int argc, char *argv[]) { - int badop = 0; int ret = 1; char *pass = NULL; char *dpass = NULL; @@ -1114,11 +1113,6 @@ s_server_main(int argc, char *argv[]) verify_depth = 0; if (options_parse(argc, argv, s_server_options, NULL, NULL) != 0) { - badop = 1; - goto bad; - } - if (badop) { - bad: if (s_server_config.errstr == NULL) sv_usage(); goto end; @@ -1537,7 +1531,7 @@ print_stats(BIO *bio, SSL_CTX *ssl_ctx) } static int -sv_body(char *hostname, int s, unsigned char *context) +sv_body(int s, unsigned char *context) { char *buf = NULL; int ret = 1; @@ -1962,7 +1956,7 @@ load_dh_param(const char *dhfile) #endif static int -www_body(char *hostname, int s, unsigned char *context) +www_body(int s, unsigned char *context) { char *buf = NULL; int ret = 1; @@ -2342,8 +2336,8 @@ cert_status_cb(SSL *s, void *arg) int rspderlen; STACK_OF(OPENSSL_STRING) *aia = NULL; X509 *x = NULL; - X509_STORE_CTX inctx; - X509_OBJECT obj; + X509_STORE_CTX *inctx = NULL; + X509_OBJECT *obj = NULL; OCSP_REQUEST *req = NULL; OCSP_RESPONSE *resp = NULL; OCSP_CERTID *id = NULL; @@ -2358,7 +2352,7 @@ cert_status_cb(SSL *s, void *arg) aia = X509_get1_ocsp(x); if (aia) { if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0), - &host, &port, &path, &use_ssl)) { + &host, &port, &path, &use_ssl)) { BIO_puts(err, "cert_status: can't parse AIA URL\n"); goto err; } @@ -2377,23 +2371,30 @@ cert_status_cb(SSL *s, void *arg) use_ssl = srctx->use_ssl; } - if (!X509_STORE_CTX_init(&inctx, - SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)), + if ((inctx = X509_STORE_CTX_new()) == NULL) + goto err; + + if (!X509_STORE_CTX_init(inctx, + SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)), NULL, NULL)) goto err; - if (X509_STORE_get_by_subject(&inctx, X509_LU_X509, - X509_get_issuer_name(x), &obj) <= 0) { + if ((obj = X509_OBJECT_new()) == NULL) + goto done; + if (X509_STORE_get_by_subject(inctx, X509_LU_X509, + X509_get_issuer_name(x), obj) <= 0) { BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n"); - X509_STORE_CTX_cleanup(&inctx); + X509_STORE_CTX_cleanup(inctx); goto done; } req = OCSP_REQUEST_new(); if (!req) goto err; - id = OCSP_cert_to_id(NULL, x, obj.data.x509); - X509_free(obj.data.x509); - X509_STORE_CTX_cleanup(&inctx); + id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj)); + X509_OBJECT_free(obj); + obj = NULL; + X509_STORE_CTX_free(inctx); + inctx = NULL; if (!id) goto err; if (!OCSP_request_add0_id(req, id)) @@ -2422,6 +2423,8 @@ cert_status_cb(SSL *s, void *arg) } ret = SSL_TLSEXT_ERR_OK; done: + X509_STORE_CTX_free(inctx); + X509_OBJECT_free(obj); if (ret != SSL_TLSEXT_ERR_OK) ERR_print_errors(err); if (aia) { diff --git a/apps/openssl/s_socket.c b/apps/openssl/s_socket.c index f22c88d2..db125c1e 100644 --- a/apps/openssl/s_socket.c +++ b/apps/openssl/s_socket.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_socket.c,v 1.12 2021/08/29 12:33:15 tb Exp $ */ +/* $OpenBSD: s_socket.c,v 1.13 2021/12/06 11:06:58 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -75,7 +75,7 @@ static int init_server(int *sock, int port, int type); static int init_server_long(int *sock, int port, char *ip, int type); -static int do_accept(int acc_sock, int *sock, char **host); +static int do_accept(int acc_sock, int *sock); int init_client(int *sock, char *host, char *port, int type, int af) @@ -131,11 +131,10 @@ init_client(int *sock, char *host, char *port, int type, int af) int do_server(int port, int type, int *ret, - int (*cb) (char *hostname, int s, unsigned char *context), + int (*cb)(int s, unsigned char *context), unsigned char *context, int naccept) { int sock; - char *name = NULL; int accept_socket = 0; int i; @@ -148,15 +147,14 @@ do_server(int port, int type, int *ret, } for (;;) { if (type == SOCK_STREAM) { - if (do_accept(accept_socket, &sock, &name) == 0) { + if (do_accept(accept_socket, &sock) == 0) { shutdown(accept_socket, SHUT_RD); close(accept_socket); return (0); } } else sock = accept_socket; - i = (*cb) (name, sock, context); - free(name); + i = cb(sock, context); if (type == SOCK_STREAM) { shutdown(sock, SHUT_RDWR); close(sock); @@ -227,13 +225,13 @@ init_server(int *sock, int port, int type) } static int -do_accept(int acc_sock, int *sock, char **host) +do_accept(int acc_sock, int *sock) { - int ret; struct hostent *h1, *h2; static struct sockaddr_in from; socklen_t len; -/* struct linger ling; */ + char *host = NULL; + int ret; redoit: @@ -249,47 +247,34 @@ do_accept(int acc_sock, int *sock, char **host) perror("accept"); return (0); } -/* - ling.l_onoff=1; - ling.l_linger=0; - i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling)); - if (i == -1) { perror("linger"); return(0); } - i=0; - i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); - if (i == -1) { perror("keepalive"); return(0); } -*/ - - if (host == NULL) - goto end; + h1 = gethostbyaddr((char *) &from.sin_addr.s_addr, sizeof(from.sin_addr.s_addr), AF_INET); if (h1 == NULL) { BIO_printf(bio_err, "bad gethostbyaddr\n"); - *host = NULL; - /* return(0); */ } else { - if ((*host = strdup(h1->h_name)) == NULL) { + if ((host = strdup(h1->h_name)) == NULL) { perror("strdup"); close(ret); return (0); } - h2 = gethostbyname(*host); + h2 = gethostbyname(host); if (h2 == NULL) { BIO_printf(bio_err, "gethostbyname failure\n"); close(ret); - free(*host); + free(host); return (0); } if (h2->h_addrtype != AF_INET) { BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); close(ret); - free(*host); + free(host); return (0); } } - end: + free(host); *sock = ret; return (1); } diff --git a/apps/openssl/s_time.c b/apps/openssl/s_time.c index cdaac7e8..92fdb59a 100644 --- a/apps/openssl/s_time.c +++ b/apps/openssl/s_time.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_time.c,v 1.34 2019/07/14 03:30:46 guenther Exp $ */ +/* $OpenBSD: s_time.c,v 1.35 2022/08/31 12:29:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -458,9 +458,7 @@ benchmark(int reuse_session) printf("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double) nConn / totalTime), bytes_read); printf("%d connections in %.0f real seconds, %ld bytes read per connection\n", - nConn, - elapsed, - bytes_read / nConn); + nConn, elapsed, nConn > 0 ? bytes_read / nConn : 0); ret = 0; end: diff --git a/apps/openssl/smime.c b/apps/openssl/smime.c index e8f5201e..2503177f 100644 --- a/apps/openssl/smime.c +++ b/apps/openssl/smime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smime.c,v 1.10 2018/02/07 05:47:55 jsing Exp $ */ +/* $OpenBSD: smime.c,v 1.17 2022/01/16 07:12:28 inoguchi Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -69,8 +69,8 @@ #include #include -static int save_certs(char *signerfile, STACK_OF(X509) * signers); -static int smime_cb(int ok, X509_STORE_CTX * ctx); +static int save_certs(char *signerfile, STACK_OF(X509) *signers); +static int smime_cb(int ok, X509_STORE_CTX *ctx); #define SMIME_OP 0x10 #define SMIME_IP 0x20 @@ -82,35 +82,645 @@ static int smime_cb(int ok, X509_STORE_CTX * ctx); #define SMIME_PK7OUT (5 | SMIME_IP | SMIME_OP) #define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS) +static struct { + char *CAfile; + char *CApath; + char *certfile; + const EVP_CIPHER *cipher; + char *contfile; + int flags; + char *from; + int indef; + char *infile; + int informat; + char *keyfile; + int keyform; + int operation; + char *outfile; + int outformat; + char *passargin; + char *recipfile; + const EVP_MD *sign_md; + char *signerfile; + STACK_OF(OPENSSL_STRING) *skkeys; + STACK_OF(OPENSSL_STRING) *sksigners; + char *subject; + char *to; + X509_VERIFY_PARAM *vpm; +} smime_config; + +static const EVP_CIPHER * +get_cipher_by_name(char *name) +{ + if (name == NULL || strcmp(name, "") == 0) + return (NULL); +#ifndef OPENSSL_NO_AES + else if (strcmp(name, "aes128") == 0) + return EVP_aes_128_cbc(); + else if (strcmp(name, "aes192") == 0) + return EVP_aes_192_cbc(); + else if (strcmp(name, "aes256") == 0) + return EVP_aes_256_cbc(); +#endif +#ifndef OPENSSL_NO_CAMELLIA + else if (strcmp(name, "camellia128") == 0) + return EVP_camellia_128_cbc(); + else if (strcmp(name, "camellia192") == 0) + return EVP_camellia_192_cbc(); + else if (strcmp(name, "camellia256") == 0) + return EVP_camellia_256_cbc(); +#endif +#ifndef OPENSSL_NO_DES + else if (strcmp(name, "des") == 0) + return EVP_des_cbc(); + else if (strcmp(name, "des3") == 0) + return EVP_des_ede3_cbc(); +#endif +#ifndef OPENSSL_NO_RC2 + else if (!strcmp(name, "rc2-40")) + return EVP_rc2_40_cbc(); + else if (!strcmp(name, "rc2-64")) + return EVP_rc2_64_cbc(); + else if (!strcmp(name, "rc2-128")) + return EVP_rc2_cbc(); +#endif + else + return NULL; +} + +static int +smime_opt_cipher(int argc, char **argv, int *argsused) +{ + char *name = argv[0]; + + if (*name++ != '-') + return (1); + + if ((smime_config.cipher = get_cipher_by_name(name)) == NULL) + if ((smime_config.cipher = EVP_get_cipherbyname(name)) == NULL) + return (1); + + *argsused = 1; + return (0); +} + +static int +smime_opt_inkey(char *arg) +{ + if (smime_config.keyfile == NULL) { + smime_config.keyfile = arg; + return (0); + } + + if (smime_config.signerfile == NULL) { + BIO_puts(bio_err, "Illegal -inkey without -signer\n"); + return (1); + } + + if (smime_config.sksigners == NULL) { + if ((smime_config.sksigners = sk_OPENSSL_STRING_new_null()) == NULL) + return (1); + } + if (!sk_OPENSSL_STRING_push(smime_config.sksigners, + smime_config.signerfile)) + return (1); + + smime_config.signerfile = NULL; + + if (smime_config.skkeys == NULL) { + if ((smime_config.skkeys = sk_OPENSSL_STRING_new_null()) == NULL) + return (1); + } + if (!sk_OPENSSL_STRING_push(smime_config.skkeys, smime_config.keyfile)) + return (1); + + smime_config.keyfile = arg; + return (0); +} + +static int +smime_opt_md(char *arg) +{ + if ((smime_config.sign_md = EVP_get_digestbyname(arg)) == NULL) { + BIO_printf(bio_err, "Unknown digest %s\n", arg); + return (1); + } + return (0); +} + +static int +smime_opt_signer(char *arg) +{ + if (smime_config.signerfile == NULL) { + smime_config.signerfile = arg; + return (0); + } + + if (smime_config.sksigners == NULL) { + if ((smime_config.sksigners = sk_OPENSSL_STRING_new_null()) == NULL) + return (1); + } + if (!sk_OPENSSL_STRING_push(smime_config.sksigners, + smime_config.signerfile)) + return (1); + + if (smime_config.keyfile == NULL) + smime_config.keyfile = smime_config.signerfile; + + if (smime_config.skkeys == NULL) { + if ((smime_config.skkeys = sk_OPENSSL_STRING_new_null()) == NULL) + return (1); + } + if (!sk_OPENSSL_STRING_push(smime_config.skkeys, smime_config.keyfile)) + return (1); + + smime_config.keyfile = NULL; + + smime_config.signerfile = arg; + return (0); +} + +static int +smime_opt_verify_param(int argc, char **argv, int *argsused) +{ + int oargc = argc; + int badarg = 0; + + if (!args_verify(&argv, &argc, &badarg, bio_err, &smime_config.vpm)) + return (1); + if (badarg) + return (1); + + *argsused = oargc - argc; + + return (0); +} + +static const struct option smime_options[] = { +#ifndef OPENSSL_NO_AES + { + .name = "aes128", + .desc = "Encrypt PEM output with CBC AES", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_cipher, + }, + { + .name = "aes192", + .desc = "Encrypt PEM output with CBC AES", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_cipher, + }, + { + .name = "aes256", + .desc = "Encrypt PEM output with CBC AES", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_cipher, + }, +#endif +#ifndef OPENSSL_NO_CAMELLIA + { + .name = "camellia128", + .desc = "Encrypt PEM output with CBC Camellia", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_cipher, + }, + { + .name = "camellia192", + .desc = "Encrypt PEM output with CBC Camellia", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_cipher, + }, + { + .name = "camellia256", + .desc = "Encrypt PEM output with CBC Camellia", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_cipher, + }, +#endif +#ifndef OPENSSL_NO_DES + { + .name = "des", + .desc = "Encrypt with DES", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_cipher, + }, + { + .name = "des3", + .desc = "Encrypt with triple DES", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_cipher, + }, +#endif +#ifndef OPENSSL_NO_RC2 + { + .name = "rc2-40", + .desc = "Encrypt with RC2-40 (default)", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_cipher, + }, + { + .name = "rc2-64", + .desc = "Encrypt with RC2-64", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_cipher, + }, + { + .name = "rc2-128", + .desc = "Encrypt with RC2-128", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_cipher, + }, +#endif + { + .name = "CAfile", + .argname = "file", + .desc = "Certificate Authority file", + .type = OPTION_ARG, + .opt.arg = &smime_config.CAfile, + }, + { + .name = "CApath", + .argname = "path", + .desc = "Certificate Authority path", + .type = OPTION_ARG, + .opt.arg = &smime_config.CApath, + }, + { + .name = "binary", + .desc = "Do not translate message to text", + .type = OPTION_VALUE_OR, + .opt.value = &smime_config.flags, + .value = PKCS7_BINARY, + }, + { + .name = "certfile", + .argname = "file", + .desc = "Other certificates file", + .type = OPTION_ARG, + .opt.arg = &smime_config.certfile, + }, + { + .name = "content", + .argname = "file", + .desc = "Supply or override content for detached signature", + .type = OPTION_ARG, + .opt.arg = &smime_config.contfile, + }, + { + .name = "crlfeol", + .desc = "Use CRLF as EOL termination instead of CR only", + .type = OPTION_VALUE_OR, + .opt.value = &smime_config.flags, + .value = PKCS7_CRLFEOL, + }, + { + .name = "decrypt", + .desc = "Decrypt encrypted message", + .type = OPTION_VALUE, + .opt.value = &smime_config.operation, + .value = SMIME_DECRYPT, + }, + { + .name = "encrypt", + .desc = "Encrypt message", + .type = OPTION_VALUE, + .opt.value = &smime_config.operation, + .value = SMIME_ENCRYPT, + }, + { + .name = "from", + .argname = "addr", + .desc = "From address", + .type = OPTION_ARG, + .opt.arg = &smime_config.from, + }, + { + .name = "in", + .argname = "file", + .desc = "Input file", + .type = OPTION_ARG, + .opt.arg = &smime_config.infile, + }, + { + .name = "indef", + .desc = "Same as -stream", + .type = OPTION_VALUE, + .opt.value = &smime_config.indef, + .value = 1, + }, + { + .name = "inform", + .argname = "fmt", + .desc = "Input format (DER, PEM or SMIME (default))", + .type = OPTION_ARG_FORMAT, + .opt.value = &smime_config.informat, + }, + { + .name = "inkey", + .argname = "file", + .desc = "Input key file", + .type = OPTION_ARG_FUNC, + .opt.argfunc = smime_opt_inkey, + }, + { + .name = "keyform", + .argname = "fmt", + .desc = "Input key format (DER or PEM (default))", + .type = OPTION_ARG_FORMAT, + .opt.value = &smime_config.keyform, + }, + { + .name = "md", + .argname = "digest", + .desc = "Digest to use when signing or resigning", + .type = OPTION_ARG_FUNC, + .opt.argfunc = smime_opt_md, + }, + { + .name = "noattr", + .desc = "Do not include any signed attributes", + .type = OPTION_VALUE_OR, + .opt.value = &smime_config.flags, + .value = PKCS7_NOATTR, + }, + { + .name = "nocerts", + .desc = "Do not include signer's certificate when signing", + .type = OPTION_VALUE_OR, + .opt.value = &smime_config.flags, + .value = PKCS7_NOCERTS, + }, + { + .name = "nochain", + .desc = "Do not chain verification of signer's certificates", + .type = OPTION_VALUE_OR, + .opt.value = &smime_config.flags, + .value = PKCS7_NOCHAIN, + }, + { + .name = "nodetach", + .desc = "Use opaque signing", + .type = OPTION_VALUE_AND, + .opt.value = &smime_config.flags, + .value = ~PKCS7_DETACHED, + }, + { + .name = "noindef", + .desc = "Disable streaming I/O", + .type = OPTION_VALUE, + .opt.value = &smime_config.indef, + .value = 0, + }, + { + .name = "nointern", + .desc = "Do not search certificates in message for signer", + .type = OPTION_VALUE_OR, + .opt.value = &smime_config.flags, + .value = PKCS7_NOINTERN, + }, + { + .name = "nooldmime", + .desc = "Output old S/MIME content type", + .type = OPTION_VALUE_OR, + .opt.value = &smime_config.flags, + .value = PKCS7_NOOLDMIMETYPE, + }, + { + .name = "nosigs", + .desc = "Do not verify message signature", + .type = OPTION_VALUE_OR, + .opt.value = &smime_config.flags, + .value = PKCS7_NOSIGS, + }, + { + .name = "nosmimecap", + .desc = "Omit the SMIMECapabilities attribute", + .type = OPTION_VALUE_OR, + .opt.value = &smime_config.flags, + .value = PKCS7_NOSMIMECAP, + }, + { + .name = "noverify", + .desc = "Do not verify signer's certificate", + .type = OPTION_VALUE_OR, + .opt.value = &smime_config.flags, + .value = PKCS7_NOVERIFY, + }, + { + .name = "out", + .argname = "file", + .desc = "Output file", + .type = OPTION_ARG, + .opt.arg = &smime_config.outfile, + }, + { + .name = "outform", + .argname = "fmt", + .desc = "Output format (DER, PEM or SMIME (default))", + .type = OPTION_ARG_FORMAT, + .opt.value = &smime_config.outformat, + }, + { + .name = "passin", + .argname = "src", + .desc = "Private key password source", + .type = OPTION_ARG, + .opt.arg = &smime_config.passargin, + }, + { + .name = "pk7out", + .desc = "Output PKCS#7 structure", + .type = OPTION_VALUE, + .opt.value = &smime_config.operation, + .value = SMIME_PK7OUT, + }, + { + .name = "recip", + .argname = "file", + .desc = "Recipient certificate file for decryption", + .type = OPTION_ARG, + .opt.arg = &smime_config.recipfile, + }, + { + .name = "resign", + .desc = "Resign a signed message", + .type = OPTION_VALUE, + .opt.value = &smime_config.operation, + .value = SMIME_RESIGN, + }, + { + .name = "sign", + .desc = "Sign message", + .type = OPTION_VALUE, + .opt.value = &smime_config.operation, + .value = SMIME_SIGN, + }, + { + .name = "signer", + .argname = "file", + .desc = "Signer certificate file", + .type = OPTION_ARG_FUNC, + .opt.argfunc = smime_opt_signer, + }, + { + .name = "stream", + .desc = "Enable streaming I/O", + .type = OPTION_VALUE, + .opt.value = &smime_config.indef, + .value = 1, + }, + { + .name = "subject", + .argname = "s", + .desc = "Subject", + .type = OPTION_ARG, + .opt.arg = &smime_config.subject, + }, + { + .name = "text", + .desc = "Include or delete text MIME headers", + .type = OPTION_VALUE_OR, + .opt.value = &smime_config.flags, + .value = PKCS7_TEXT, + }, + { + .name = "to", + .argname = "addr", + .desc = "To address", + .type = OPTION_ARG, + .opt.arg = &smime_config.to, + }, + { + .name = "verify", + .desc = "Verify signed message", + .type = OPTION_VALUE, + .opt.value = &smime_config.operation, + .value = SMIME_VERIFY, + }, + { + .name = "check_ss_sig", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_verify_param, + }, + { + .name = "crl_check", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_verify_param, + }, + { + .name = "crl_check_all", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_verify_param, + }, + { + .name = "extended_crl", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_verify_param, + }, + { + .name = "ignore_critical", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_verify_param, + }, + { + .name = "issuer_checks", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_verify_param, + }, + { + .name = "policy_check", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_verify_param, + }, + { + .name = "x509_strict", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_verify_param, + }, + { + .name = NULL, + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = smime_opt_cipher, + }, + { NULL }, +}; + +static const struct option verify_shared_options[] = { + { + .name = "check_ss_sig", + .desc = "Check the root CA self-signed certificate signature", + }, + { + .name = "crl_check", + .desc = "Enable CRL checking for the leaf certificate", + }, + { + .name = "crl_check_all", + .desc = "Enable CRL checking for the entire certificate chain", + }, + { + .name = "extended_crl", + .desc = "Enable extended CRL support", + }, + { + .name = "ignore_critical", + .desc = "Disable critical extension checking", + }, + { + .name = "issuer_checks", + .desc = "Enable debugging of certificate issuer checks", + }, + { + .name = "policy_check", + .desc = "Enable certificate policy checking", + }, + { + .name = "x509_strict", + .desc = "Use strict X.509 rules (disables workarounds)", + }, + { NULL }, +}; + +static void +smime_usage(void) +{ + fprintf(stderr, "usage: smime " + "[-aes128 | -aes192 | -aes256 | -des |\n" + " -des3 | -rc2-40 | -rc2-64 | -rc2-128] [-binary]\n" + " [-CAfile file] [-CApath directory] [-certfile file]\n" + " [-content file]\n" + " [-decrypt] [-encrypt]\n" + " [-from addr] [-in file] [-indef]\n" + " [-inform der | pem | smime] [-inkey file]\n" + " [-keyform der | pem] [-md digest] [-noattr] [-nocerts]\n" + " [-nochain] [-nodetach] [-noindef] [-nointern] [-nosigs]\n" + " [-nosmimecap] [-noverify] [-out file]\n" + " [-outform der | pem | smime] [-passin arg] [-pk7out]\n" + " [-recip file] [-resign] [-sign]\n" + " [-signer file] [-stream] [-subject s] [-text] [-to addr]\n" + " [-verify] [cert.pem ...]\n\n"); + + options_usage(smime_options); + + fprintf(stderr, "\nVerification options:\n\n"); + options_usage(verify_shared_options); +} + int smime_main(int argc, char **argv) { - int operation = 0; int ret = 0; char **args; + int argsused = 0; const char *inmode = "r", *outmode = "w"; - char *infile = NULL, *outfile = NULL; - char *signerfile = NULL, *recipfile = NULL; - STACK_OF(OPENSSL_STRING) * sksigners = NULL, *skkeys = NULL; - char *certfile = NULL, *keyfile = NULL, *contfile = NULL; - const EVP_CIPHER *cipher = NULL; PKCS7 *p7 = NULL; X509_STORE *store = NULL; X509 *cert = NULL, *recip = NULL, *signer = NULL; EVP_PKEY *key = NULL; - STACK_OF(X509) * encerts = NULL, *other = NULL; + STACK_OF(X509) *encerts = NULL, *other = NULL; BIO *in = NULL, *out = NULL, *indata = NULL; int badarg = 0; - int flags = PKCS7_DETACHED; - char *to = NULL, *from = NULL, *subject = NULL; - char *CAfile = NULL, *CApath = NULL; - char *passargin = NULL, *passin = NULL; - int indef = 0; - const EVP_MD *sign_md = NULL; - int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; - int keyform = FORMAT_PEM; - - X509_VERIFY_PARAM *vpm = NULL; + char *passin = NULL; if (single_execution) { if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { @@ -119,445 +729,262 @@ smime_main(int argc, char **argv) } } - args = argv + 1; - ret = 1; - - while (!badarg && *args && *args[0] == '-') { - if (!strcmp(*args, "-encrypt")) - operation = SMIME_ENCRYPT; - else if (!strcmp(*args, "-decrypt")) - operation = SMIME_DECRYPT; - else if (!strcmp(*args, "-sign")) - operation = SMIME_SIGN; - else if (!strcmp(*args, "-resign")) - operation = SMIME_RESIGN; - else if (!strcmp(*args, "-verify")) - operation = SMIME_VERIFY; - else if (!strcmp(*args, "-pk7out")) - operation = SMIME_PK7OUT; -#ifndef OPENSSL_NO_DES - else if (!strcmp(*args, "-des3")) - cipher = EVP_des_ede3_cbc(); - else if (!strcmp(*args, "-des")) - cipher = EVP_des_cbc(); -#endif -#ifndef OPENSSL_NO_RC2 - else if (!strcmp(*args, "-rc2-40")) - cipher = EVP_rc2_40_cbc(); - else if (!strcmp(*args, "-rc2-128")) - cipher = EVP_rc2_cbc(); - else if (!strcmp(*args, "-rc2-64")) - cipher = EVP_rc2_64_cbc(); -#endif -#ifndef OPENSSL_NO_AES - else if (!strcmp(*args, "-aes128")) - cipher = EVP_aes_128_cbc(); - else if (!strcmp(*args, "-aes192")) - cipher = EVP_aes_192_cbc(); - else if (!strcmp(*args, "-aes256")) - cipher = EVP_aes_256_cbc(); -#endif -#ifndef OPENSSL_NO_CAMELLIA - else if (!strcmp(*args, "-camellia128")) - cipher = EVP_camellia_128_cbc(); - else if (!strcmp(*args, "-camellia192")) - cipher = EVP_camellia_192_cbc(); - else if (!strcmp(*args, "-camellia256")) - cipher = EVP_camellia_256_cbc(); -#endif - else if (!strcmp(*args, "-text")) - flags |= PKCS7_TEXT; - else if (!strcmp(*args, "-nointern")) - flags |= PKCS7_NOINTERN; - else if (!strcmp(*args, "-noverify")) - flags |= PKCS7_NOVERIFY; - else if (!strcmp(*args, "-nochain")) - flags |= PKCS7_NOCHAIN; - else if (!strcmp(*args, "-nocerts")) - flags |= PKCS7_NOCERTS; - else if (!strcmp(*args, "-noattr")) - flags |= PKCS7_NOATTR; - else if (!strcmp(*args, "-nodetach")) - flags &= ~PKCS7_DETACHED; - else if (!strcmp(*args, "-nosmimecap")) - flags |= PKCS7_NOSMIMECAP; - else if (!strcmp(*args, "-binary")) - flags |= PKCS7_BINARY; - else if (!strcmp(*args, "-nosigs")) - flags |= PKCS7_NOSIGS; - else if (!strcmp(*args, "-stream")) - indef = 1; - else if (!strcmp(*args, "-indef")) - indef = 1; - else if (!strcmp(*args, "-noindef")) - indef = 0; - else if (!strcmp(*args, "-nooldmime")) - flags |= PKCS7_NOOLDMIMETYPE; - else if (!strcmp(*args, "-crlfeol")) - flags |= PKCS7_CRLFEOL; - else if (!strcmp(*args, "-passin")) { - if (!args[1]) - goto argerr; - passargin = *++args; - } else if (!strcmp(*args, "-to")) { - if (!args[1]) - goto argerr; - to = *++args; - } else if (!strcmp(*args, "-from")) { - if (!args[1]) - goto argerr; - from = *++args; - } else if (!strcmp(*args, "-subject")) { - if (!args[1]) - goto argerr; - subject = *++args; - } else if (!strcmp(*args, "-signer")) { - if (!args[1]) - goto argerr; - /* If previous -signer argument add signer to list */ - - if (signerfile) { - if (!sksigners) - sksigners = sk_OPENSSL_STRING_new_null(); - sk_OPENSSL_STRING_push(sksigners, signerfile); - if (!keyfile) - keyfile = signerfile; - if (!skkeys) - skkeys = sk_OPENSSL_STRING_new_null(); - sk_OPENSSL_STRING_push(skkeys, keyfile); - keyfile = NULL; - } - signerfile = *++args; - } else if (!strcmp(*args, "-recip")) { - if (!args[1]) - goto argerr; - recipfile = *++args; - } else if (!strcmp(*args, "-md")) { - if (!args[1]) - goto argerr; - sign_md = EVP_get_digestbyname(*++args); - if (sign_md == NULL) { - BIO_printf(bio_err, "Unknown digest %s\n", - *args); - goto argerr; - } - } else if (!strcmp(*args, "-inkey")) { - if (!args[1]) - goto argerr; - /* If previous -inkey arument add signer to list */ - if (keyfile) { - if (!signerfile) { - BIO_puts(bio_err, "Illegal -inkey without -signer\n"); - goto argerr; - } - if (!sksigners) - sksigners = sk_OPENSSL_STRING_new_null(); - sk_OPENSSL_STRING_push(sksigners, signerfile); - signerfile = NULL; - if (!skkeys) - skkeys = sk_OPENSSL_STRING_new_null(); - sk_OPENSSL_STRING_push(skkeys, keyfile); - } - keyfile = *++args; - } else if (!strcmp(*args, "-keyform")) { - if (!args[1]) - goto argerr; - keyform = str2fmt(*++args); - } else if (!strcmp(*args, "-certfile")) { - if (!args[1]) - goto argerr; - certfile = *++args; - } else if (!strcmp(*args, "-CAfile")) { - if (!args[1]) - goto argerr; - CAfile = *++args; - } else if (!strcmp(*args, "-CApath")) { - if (!args[1]) - goto argerr; - CApath = *++args; - } else if (!strcmp(*args, "-in")) { - if (!args[1]) - goto argerr; - infile = *++args; - } else if (!strcmp(*args, "-inform")) { - if (!args[1]) - goto argerr; - informat = str2fmt(*++args); - } else if (!strcmp(*args, "-outform")) { - if (!args[1]) - goto argerr; - outformat = str2fmt(*++args); - } else if (!strcmp(*args, "-out")) { - if (!args[1]) - goto argerr; - outfile = *++args; - } else if (!strcmp(*args, "-content")) { - if (!args[1]) - goto argerr; - contfile = *++args; - } else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) - continue; - else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL) - badarg = 1; - args++; + memset(&smime_config, 0, sizeof(smime_config)); + smime_config.flags = PKCS7_DETACHED; + smime_config.informat = FORMAT_SMIME; + smime_config.outformat = FORMAT_SMIME; + smime_config.keyform = FORMAT_PEM; + if (options_parse(argc, argv, smime_options, NULL, &argsused) != 0) { + goto argerr; } + args = argv + argsused; + ret = 1; - if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) { + if (!(smime_config.operation & SMIME_SIGNERS) && + (smime_config.skkeys != NULL || smime_config.sksigners != NULL)) { BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); goto argerr; } - if (operation & SMIME_SIGNERS) { + if (smime_config.operation & SMIME_SIGNERS) { /* Check to see if any final signer needs to be appended */ - if (keyfile && !signerfile) { + if (smime_config.keyfile != NULL && + smime_config.signerfile == NULL) { BIO_puts(bio_err, "Illegal -inkey without -signer\n"); goto argerr; } - if (signerfile) { - if (!sksigners) - sksigners = sk_OPENSSL_STRING_new_null(); - sk_OPENSSL_STRING_push(sksigners, signerfile); - if (!skkeys) - skkeys = sk_OPENSSL_STRING_new_null(); - if (!keyfile) - keyfile = signerfile; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (smime_config.signerfile != NULL) { + if (smime_config.sksigners == NULL) { + if ((smime_config.sksigners = + sk_OPENSSL_STRING_new_null()) == NULL) + goto end; + } + if (!sk_OPENSSL_STRING_push(smime_config.sksigners, + smime_config.signerfile)) + goto end; + if (smime_config.skkeys == NULL) { + if ((smime_config.skkeys = + sk_OPENSSL_STRING_new_null()) == NULL) + goto end; + } + if (smime_config.keyfile == NULL) + smime_config.keyfile = smime_config.signerfile; + if (!sk_OPENSSL_STRING_push(smime_config.skkeys, + smime_config.keyfile)) + goto end; } - if (!sksigners) { - BIO_printf(bio_err, "No signer certificate specified\n"); + if (smime_config.sksigners == NULL) { + BIO_printf(bio_err, + "No signer certificate specified\n"); badarg = 1; } - signerfile = NULL; - keyfile = NULL; - } else if (operation == SMIME_DECRYPT) { - if (!recipfile && !keyfile) { - BIO_printf(bio_err, "No recipient certificate or key specified\n"); + smime_config.signerfile = NULL; + smime_config.keyfile = NULL; + } else if (smime_config.operation == SMIME_DECRYPT) { + if (smime_config.recipfile == NULL && + smime_config.keyfile == NULL) { + BIO_printf(bio_err, + "No recipient certificate or key specified\n"); badarg = 1; } - } else if (operation == SMIME_ENCRYPT) { - if (!*args) { - BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); + } else if (smime_config.operation == SMIME_ENCRYPT) { + if (*args == NULL) { + BIO_printf(bio_err, + "No recipient(s) certificate(s) specified\n"); badarg = 1; } - } else if (!operation) + } else if (!smime_config.operation) { badarg = 1; + } if (badarg) { argerr: - BIO_printf(bio_err, "Usage smime [options] cert.pem ...\n"); - BIO_printf(bio_err, "where options are\n"); - BIO_printf(bio_err, "-encrypt encrypt message\n"); - BIO_printf(bio_err, "-decrypt decrypt encrypted message\n"); - BIO_printf(bio_err, "-sign sign message\n"); - BIO_printf(bio_err, "-verify verify signed message\n"); - BIO_printf(bio_err, "-pk7out output PKCS#7 structure\n"); -#ifndef OPENSSL_NO_DES - BIO_printf(bio_err, "-des3 encrypt with triple DES\n"); - BIO_printf(bio_err, "-des encrypt with DES\n"); -#endif -#ifndef OPENSSL_NO_RC2 - BIO_printf(bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); - BIO_printf(bio_err, "-rc2-64 encrypt with RC2-64\n"); - BIO_printf(bio_err, "-rc2-128 encrypt with RC2-128\n"); -#endif -#ifndef OPENSSL_NO_AES - BIO_printf(bio_err, "-aes128, -aes192, -aes256\n"); - BIO_printf(bio_err, " encrypt PEM output with cbc aes\n"); -#endif -#ifndef OPENSSL_NO_CAMELLIA - BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n"); - BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n"); -#endif - BIO_printf(bio_err, "-nointern don't search certificates in message for signer\n"); - BIO_printf(bio_err, "-nosigs don't verify message signature\n"); - BIO_printf(bio_err, "-noverify don't verify signers certificate\n"); - BIO_printf(bio_err, "-nocerts don't include signers certificate when signing\n"); - BIO_printf(bio_err, "-nodetach use opaque signing\n"); - BIO_printf(bio_err, "-noattr don't include any signed attributes\n"); - BIO_printf(bio_err, "-binary don't translate message to text\n"); - BIO_printf(bio_err, "-certfile file other certificates file\n"); - BIO_printf(bio_err, "-signer file signer certificate file\n"); - BIO_printf(bio_err, "-recip file recipient certificate file for decryption\n"); - BIO_printf(bio_err, "-in file input file\n"); - BIO_printf(bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); - BIO_printf(bio_err, "-inkey file input private key (if not signer or recipient)\n"); - BIO_printf(bio_err, "-keyform arg input private key format (PEM)\n"); - BIO_printf(bio_err, "-out file output file\n"); - BIO_printf(bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); - BIO_printf(bio_err, "-content file supply or override content for detached signature\n"); - BIO_printf(bio_err, "-to addr to address\n"); - BIO_printf(bio_err, "-from ad from address\n"); - BIO_printf(bio_err, "-subject s subject\n"); - BIO_printf(bio_err, "-text include or delete text MIME headers\n"); - BIO_printf(bio_err, "-CApath dir trusted certificates directory\n"); - BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); - BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); - BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); - BIO_printf(bio_err, "-passin arg input file pass phrase source\n"); - BIO_printf(bio_err, "cert.pem recipient certificate(s) for encryption\n"); + smime_usage(); goto end; } - if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { + if (!app_passwd(bio_err, smime_config.passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } ret = 2; - if (!(operation & SMIME_SIGNERS)) - flags &= ~PKCS7_DETACHED; + if (!(smime_config.operation & SMIME_SIGNERS)) + smime_config.flags &= ~PKCS7_DETACHED; - if (operation & SMIME_OP) { - if (outformat == FORMAT_ASN1) + if (smime_config.operation & SMIME_OP) { + if (smime_config.outformat == FORMAT_ASN1) outmode = "wb"; } else { - if (flags & PKCS7_BINARY) + if (smime_config.flags & PKCS7_BINARY) outmode = "wb"; } - if (operation & SMIME_IP) { - if (informat == FORMAT_ASN1) + if (smime_config.operation & SMIME_IP) { + if (smime_config.informat == FORMAT_ASN1) inmode = "rb"; } else { - if (flags & PKCS7_BINARY) + if (smime_config.flags & PKCS7_BINARY) inmode = "rb"; } - if (operation == SMIME_ENCRYPT) { - if (!cipher) { + if (smime_config.operation == SMIME_ENCRYPT) { + if (smime_config.cipher == NULL) { #ifndef OPENSSL_NO_RC2 - cipher = EVP_rc2_40_cbc(); + smime_config.cipher = EVP_rc2_40_cbc(); #else BIO_printf(bio_err, "No cipher selected\n"); goto end; #endif } - encerts = sk_X509_new_null(); - while (*args) { - if (!(cert = load_cert(bio_err, *args, FORMAT_PEM, - NULL, "recipient certificate file"))) { + if ((encerts = sk_X509_new_null()) == NULL) + goto end; + while (*args != NULL) { + if ((cert = load_cert(bio_err, *args, FORMAT_PEM, + NULL, "recipient certificate file")) == NULL) { goto end; } - sk_X509_push(encerts, cert); + if (!sk_X509_push(encerts, cert)) + goto end; cert = NULL; args++; } } - if (certfile) { - if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL, - "certificate file"))) { + if (smime_config.certfile != NULL) { + if ((other = load_certs(bio_err, smime_config.certfile, + FORMAT_PEM, NULL, "certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; } } - if (recipfile && (operation == SMIME_DECRYPT)) { - if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL, - "recipient certificate file"))) { + if (smime_config.recipfile != NULL && + (smime_config.operation == SMIME_DECRYPT)) { + if ((recip = load_cert(bio_err, smime_config.recipfile, + FORMAT_PEM, NULL, "recipient certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; } } - if (operation == SMIME_DECRYPT) { - if (!keyfile) - keyfile = recipfile; - } else if (operation == SMIME_SIGN) { - if (!keyfile) - keyfile = signerfile; - } else - keyfile = NULL; - - if (keyfile) { - key = load_key(bio_err, keyfile, keyform, 0, passin, - "signing key file"); - if (!key) + if (smime_config.operation == SMIME_DECRYPT) { + if (smime_config.keyfile == NULL) + smime_config.keyfile = smime_config.recipfile; + } else if (smime_config.operation == SMIME_SIGN) { + if (smime_config.keyfile == NULL) + smime_config.keyfile = smime_config.signerfile; + } else { + smime_config.keyfile = NULL; + } + + if (smime_config.keyfile != NULL) { + key = load_key(bio_err, smime_config.keyfile, + smime_config.keyform, 0, passin, "signing key file"); + if (key == NULL) goto end; } - if (infile) { - if (!(in = BIO_new_file(infile, inmode))) { + if (smime_config.infile != NULL) { + if ((in = BIO_new_file(smime_config.infile, inmode)) == NULL) { BIO_printf(bio_err, - "Can't open input file %s\n", infile); + "Can't open input file %s\n", smime_config.infile); goto end; } - } else - in = BIO_new_fp(stdin, BIO_NOCLOSE); + } else { + if ((in = BIO_new_fp(stdin, BIO_NOCLOSE)) == NULL) + goto end; + } - if (operation & SMIME_IP) { - if (informat == FORMAT_SMIME) + if (smime_config.operation & SMIME_IP) { + if (smime_config.informat == FORMAT_SMIME) p7 = SMIME_read_PKCS7(in, &indata); - else if (informat == FORMAT_PEM) + else if (smime_config.informat == FORMAT_PEM) p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); - else if (informat == FORMAT_ASN1) + else if (smime_config.informat == FORMAT_ASN1) p7 = d2i_PKCS7_bio(in, NULL); else { - BIO_printf(bio_err, "Bad input format for PKCS#7 file\n"); + BIO_printf(bio_err, + "Bad input format for PKCS#7 file\n"); goto end; } - if (!p7) { + if (p7 == NULL) { BIO_printf(bio_err, "Error reading S/MIME message\n"); goto end; } - if (contfile) { + if (smime_config.contfile != NULL) { BIO_free(indata); - if (!(indata = BIO_new_file(contfile, "rb"))) { - BIO_printf(bio_err, "Can't read content file %s\n", contfile); + if ((indata = BIO_new_file(smime_config.contfile, + "rb")) == NULL) { + BIO_printf(bio_err, + "Can't read content file %s\n", + smime_config.contfile); goto end; } } } - if (outfile) { - if (!(out = BIO_new_file(outfile, outmode))) { + if (smime_config.outfile != NULL) { + if ((out = BIO_new_file(smime_config.outfile, outmode)) == NULL) { BIO_printf(bio_err, - "Can't open output file %s\n", outfile); + "Can't open output file %s\n", + smime_config.outfile); goto end; } } else { - out = BIO_new_fp(stdout, BIO_NOCLOSE); + if ((out = BIO_new_fp(stdout, BIO_NOCLOSE)) == NULL) + goto end; } - if (operation == SMIME_VERIFY) { - if (!(store = setup_verify(bio_err, CAfile, CApath))) + if (smime_config.operation == SMIME_VERIFY) { + if ((store = setup_verify(bio_err, smime_config.CAfile, + smime_config.CApath)) == NULL) goto end; X509_STORE_set_verify_cb(store, smime_cb); - if (vpm) - X509_STORE_set1_param(store, vpm); + if (smime_config.vpm != NULL) { + if (!X509_STORE_set1_param(store, smime_config.vpm)) + goto end; + } } ret = 3; - if (operation == SMIME_ENCRYPT) { - if (indef) - flags |= PKCS7_STREAM; - p7 = PKCS7_encrypt(encerts, in, cipher, flags); - } else if (operation & SMIME_SIGNERS) { + if (smime_config.operation == SMIME_ENCRYPT) { + if (smime_config.indef) + smime_config.flags |= PKCS7_STREAM; + p7 = PKCS7_encrypt(encerts, in, smime_config.cipher, + smime_config.flags); + } else if (smime_config.operation & SMIME_SIGNERS) { int i; /* * If detached data content we only enable streaming if * S/MIME output format. */ - if (operation == SMIME_SIGN) { - if (flags & PKCS7_DETACHED) { - if (outformat == FORMAT_SMIME) - flags |= PKCS7_STREAM; - } else if (indef) - flags |= PKCS7_STREAM; - flags |= PKCS7_PARTIAL; - p7 = PKCS7_sign(NULL, NULL, other, in, flags); - if (!p7) + if (smime_config.operation == SMIME_SIGN) { + if (smime_config.flags & PKCS7_DETACHED) { + if (smime_config.outformat == FORMAT_SMIME) + smime_config.flags |= PKCS7_STREAM; + } else if (smime_config.indef) { + smime_config.flags |= PKCS7_STREAM; + } + smime_config.flags |= PKCS7_PARTIAL; + p7 = PKCS7_sign(NULL, NULL, other, in, + smime_config.flags); + if (p7 == NULL) goto end; - } else - flags |= PKCS7_REUSE_DIGEST; - for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { - signerfile = sk_OPENSSL_STRING_value(sksigners, i); - keyfile = sk_OPENSSL_STRING_value(skkeys, i); - signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL, - "signer certificate"); - if (!signer) + } else { + smime_config.flags |= PKCS7_REUSE_DIGEST; + } + for (i = 0; i < sk_OPENSSL_STRING_num(smime_config.sksigners); i++) { + smime_config.signerfile = + sk_OPENSSL_STRING_value(smime_config.sksigners, i); + smime_config.keyfile = + sk_OPENSSL_STRING_value(smime_config.skkeys, i); + signer = load_cert(bio_err, smime_config.signerfile, + FORMAT_PEM, NULL, "signer certificate"); + if (signer == NULL) goto end; - key = load_key(bio_err, keyfile, keyform, 0, passin, + key = load_key(bio_err, smime_config.keyfile, + smime_config.keyform, 0, passin, "signing key file"); - if (!key) + if (key == NULL) goto end; - if (!PKCS7_sign_add_signer(p7, signer, key, - sign_md, flags)) + if (PKCS7_sign_add_signer(p7, signer, key, + smime_config.sign_md, smime_config.flags) == NULL) goto end; X509_free(signer); signer = NULL; @@ -565,69 +992,88 @@ smime_main(int argc, char **argv) key = NULL; } /* If not streaming or resigning finalize structure */ - if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) { - if (!PKCS7_final(p7, in, flags)) + if ((smime_config.operation == SMIME_SIGN) && + !(smime_config.flags & PKCS7_STREAM)) { + if (!PKCS7_final(p7, in, smime_config.flags)) goto end; } } - if (!p7) { + if (p7 == NULL) { BIO_printf(bio_err, "Error creating PKCS#7 structure\n"); goto end; } ret = 4; - if (operation == SMIME_DECRYPT) { - if (!PKCS7_decrypt(p7, key, recip, out, flags)) { - BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n"); + + if (smime_config.operation == SMIME_DECRYPT) { + if (!PKCS7_decrypt(p7, key, recip, out, smime_config.flags)) { + BIO_printf(bio_err, + "Error decrypting PKCS#7 structure\n"); goto end; } - } else if (operation == SMIME_VERIFY) { - STACK_OF(X509) * signers; - if (PKCS7_verify(p7, other, store, indata, out, flags)) + } else if (smime_config.operation == SMIME_VERIFY) { + STACK_OF(X509) *signers; + if (PKCS7_verify(p7, other, store, indata, out, + smime_config.flags)) { BIO_printf(bio_err, "Verification successful\n"); - else { + } else { BIO_printf(bio_err, "Verification failure\n"); goto end; } - signers = PKCS7_get0_signers(p7, other, flags); - if (!save_certs(signerfile, signers)) { + if ((signers = PKCS7_get0_signers(p7, other, + smime_config.flags)) == NULL) + goto end; + if (!save_certs(smime_config.signerfile, signers)) { BIO_printf(bio_err, "Error writing signers to %s\n", - signerfile); + smime_config.signerfile); + sk_X509_free(signers); ret = 5; goto end; } sk_X509_free(signers); - } else if (operation == SMIME_PK7OUT) + } else if (smime_config.operation == SMIME_PK7OUT) { PEM_write_bio_PKCS7(out, p7); - else { - if (to) - BIO_printf(out, "To: %s\n", to); - if (from) - BIO_printf(out, "From: %s\n", from); - if (subject) - BIO_printf(out, "Subject: %s\n", subject); - if (outformat == FORMAT_SMIME) { - if (operation == SMIME_RESIGN) - SMIME_write_PKCS7(out, p7, indata, flags); - else - SMIME_write_PKCS7(out, p7, in, flags); - } else if (outformat == FORMAT_PEM) - PEM_write_bio_PKCS7_stream(out, p7, in, flags); - else if (outformat == FORMAT_ASN1) - i2d_PKCS7_bio_stream(out, p7, in, flags); - else { - BIO_printf(bio_err, "Bad output format for PKCS#7 file\n"); + } else { + if (smime_config.to != NULL) + BIO_printf(out, "To: %s\n", smime_config.to); + if (smime_config.from != NULL) + BIO_printf(out, "From: %s\n", smime_config.from); + if (smime_config.subject != NULL) + BIO_printf(out, "Subject: %s\n", smime_config.subject); + if (smime_config.outformat == FORMAT_SMIME) { + if (smime_config.operation == SMIME_RESIGN) { + if (!SMIME_write_PKCS7(out, p7, indata, + smime_config.flags)) + goto end; + } else { + if (!SMIME_write_PKCS7(out, p7, in, + smime_config.flags)) + goto end; + } + } else if (smime_config.outformat == FORMAT_PEM) { + if (!PEM_write_bio_PKCS7_stream(out, p7, in, + smime_config.flags)) + goto end; + } else if (smime_config.outformat == FORMAT_ASN1) { + if (!i2d_PKCS7_bio_stream(out, p7, in, + smime_config.flags)) + goto end; + } else { + BIO_printf(bio_err, + "Bad output format for PKCS#7 file\n"); goto end; } } + ret = 0; + end: if (ret) ERR_print_errors(bio_err); sk_X509_pop_free(encerts, X509_free); sk_X509_pop_free(other, X509_free); - X509_VERIFY_PARAM_free(vpm); - sk_OPENSSL_STRING_free(sksigners); - sk_OPENSSL_STRING_free(skkeys); + X509_VERIFY_PARAM_free(smime_config.vpm); + sk_OPENSSL_STRING_free(smime_config.sksigners); + sk_OPENSSL_STRING_free(smime_config.skkeys); X509_STORE_free(store); X509_free(cert); X509_free(recip); @@ -643,37 +1089,36 @@ smime_main(int argc, char **argv) } static int -save_certs(char *signerfile, STACK_OF(X509) * signers) +save_certs(char *signerfile, STACK_OF(X509) *signers) { int i; BIO *tmp; - if (!signerfile) + + if (signerfile == NULL) return 1; tmp = BIO_new_file(signerfile, "w"); - if (!tmp) + if (tmp == NULL) return 0; for (i = 0; i < sk_X509_num(signers); i++) PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); BIO_free(tmp); + return 1; } - /* Minimal callback just to output policy info (if any) */ - static int -smime_cb(int ok, X509_STORE_CTX * ctx) +smime_cb(int ok, X509_STORE_CTX *ctx) { int error; error = X509_STORE_CTX_get_error(ctx); - if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) - && ((error != X509_V_OK) || (ok != 2))) + if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) && + ((error != X509_V_OK) || (ok != 2))) return ok; policies_print(NULL, ctx); return ok; - } diff --git a/apps/openssl/speed.c b/apps/openssl/speed.c index 8875de57..c0f86c08 100644 --- a/apps/openssl/speed.c +++ b/apps/openssl/speed.c @@ -1,4 +1,4 @@ -/* $OpenBSD: speed.c,v 1.23 2018/07/13 18:36:56 cheloha Exp $ */ +/* $OpenBSD: speed.c,v 1.28 2022/01/14 09:27:30 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1048,24 +1048,37 @@ speed_main(int argc, char **argv) #if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC) if (doit[D_HMAC]) { - HMAC_CTX hctx; + HMAC_CTX *hctx; - HMAC_CTX_init(&hctx); - HMAC_Init_ex(&hctx, (unsigned char *) "This is a key...", + if ((hctx = HMAC_CTX_new()) == NULL) { + BIO_printf(bio_err, "Failed to allocate HMAC context.\n"); + goto end; + } + + HMAC_Init_ex(hctx, (unsigned char *) "This is a key...", 16, EVP_md5(), NULL); for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_HMAC], c[D_HMAC][j], lengths[j]); Time_F(START); for (count = 0, run = 1; COND(c[D_HMAC][j]); count++) { - HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL); - HMAC_Update(&hctx, buf, lengths[j]); - HMAC_Final(&hctx, &(hmac[0]), NULL); + if (!HMAC_Init_ex(hctx, NULL, 0, NULL, NULL)) { + HMAC_CTX_free(hctx); + goto end; + } + if (!HMAC_Update(hctx, buf, lengths[j])) { + HMAC_CTX_free(hctx); + goto end; + } + if (!HMAC_Final(hctx, &(hmac[0]), NULL)) { + HMAC_CTX_free(hctx); + goto end; + } } d = Time_F(STOP); print_result(D_HMAC, j, count, d); } - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_free(hctx); } #endif #ifndef OPENSSL_NO_SHA @@ -1260,9 +1273,15 @@ speed_main(int argc, char **argv) const EVP_AEAD *aead = EVP_aead_aes_128_gcm(); static const unsigned char nonce[32] = {0}; size_t buf_len, nonce_len; - EVP_AEAD_CTX ctx; + EVP_AEAD_CTX *ctx; + + if ((ctx = EVP_AEAD_CTX_new()) == NULL) { + BIO_printf(bio_err, + "Failed to allocate aead context.\n"); + goto end; + } - EVP_AEAD_CTX_init(&ctx, aead, key32, EVP_AEAD_key_length(aead), + EVP_AEAD_CTX_init(ctx, aead, key32, EVP_AEAD_key_length(aead), EVP_AEAD_DEFAULT_TAG_LENGTH, NULL); nonce_len = EVP_AEAD_nonce_length(aead); @@ -1270,21 +1289,27 @@ speed_main(int argc, char **argv) print_message(names[D_AES_128_GCM],c[D_AES_128_GCM][j],lengths[j]); Time_F(START); for (count = 0, run = 1; COND(c[D_AES_128_GCM][j]); count++) - EVP_AEAD_CTX_seal(&ctx, buf, &buf_len, BUFSIZE, nonce, + EVP_AEAD_CTX_seal(ctx, buf, &buf_len, BUFSIZE, nonce, nonce_len, buf, lengths[j], NULL, 0); d=Time_F(STOP); print_result(D_AES_128_GCM,j,count,d); } - EVP_AEAD_CTX_cleanup(&ctx); + EVP_AEAD_CTX_free(ctx); } if (doit[D_AES_256_GCM]) { const EVP_AEAD *aead = EVP_aead_aes_256_gcm(); static const unsigned char nonce[32] = {0}; size_t buf_len, nonce_len; - EVP_AEAD_CTX ctx; + EVP_AEAD_CTX *ctx; + + if ((ctx = EVP_AEAD_CTX_new()) == NULL) { + BIO_printf(bio_err, + "Failed to allocate aead context.\n"); + goto end; + } - EVP_AEAD_CTX_init(&ctx, aead, key32, EVP_AEAD_key_length(aead), + EVP_AEAD_CTX_init(ctx, aead, key32, EVP_AEAD_key_length(aead), EVP_AEAD_DEFAULT_TAG_LENGTH, NULL); nonce_len = EVP_AEAD_nonce_length(aead); @@ -1292,12 +1317,12 @@ speed_main(int argc, char **argv) print_message(names[D_AES_256_GCM],c[D_AES_256_GCM][j],lengths[j]); Time_F(START); for (count = 0, run = 1; COND(c[D_AES_256_GCM][j]); count++) - EVP_AEAD_CTX_seal(&ctx, buf, &buf_len, BUFSIZE, nonce, + EVP_AEAD_CTX_seal(ctx, buf, &buf_len, BUFSIZE, nonce, nonce_len, buf, lengths[j], NULL, 0); d=Time_F(STOP); print_result(D_AES_256_GCM, j, count, d); } - EVP_AEAD_CTX_cleanup(&ctx); + EVP_AEAD_CTX_free(ctx); } #endif #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) @@ -1305,9 +1330,15 @@ speed_main(int argc, char **argv) const EVP_AEAD *aead = EVP_aead_chacha20_poly1305(); static const unsigned char nonce[32] = {0}; size_t buf_len, nonce_len; - EVP_AEAD_CTX ctx; + EVP_AEAD_CTX *ctx; - EVP_AEAD_CTX_init(&ctx, aead, key32, EVP_AEAD_key_length(aead), + if ((ctx = EVP_AEAD_CTX_new()) == NULL) { + BIO_printf(bio_err, + "Failed to allocate aead context.\n"); + goto end; + } + + EVP_AEAD_CTX_init(ctx, aead, key32, EVP_AEAD_key_length(aead), EVP_AEAD_DEFAULT_TAG_LENGTH, NULL); nonce_len = EVP_AEAD_nonce_length(aead); @@ -1316,12 +1347,12 @@ speed_main(int argc, char **argv) c[D_CHACHA20_POLY1305][j], lengths[j]); Time_F(START); for (count = 0, run = 1; COND(c[D_CHACHA20_POLY1305][j]); count++) - EVP_AEAD_CTX_seal(&ctx, buf, &buf_len, BUFSIZE, nonce, + EVP_AEAD_CTX_seal(ctx, buf, &buf_len, BUFSIZE, nonce, nonce_len, buf, lengths[j], NULL, 0); d=Time_F(STOP); print_result(D_CHACHA20_POLY1305, j, count, d); } - EVP_AEAD_CTX_cleanup(&ctx); + EVP_AEAD_CTX_free(ctx); } #endif #ifndef OPENSSL_NO_CAMELLIA @@ -1422,10 +1453,11 @@ speed_main(int argc, char **argv) if (doit[D_EVP]) { for (j = 0; j < SIZE_NUM; j++) { if (evp_cipher) { - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; int outl; - names[D_EVP] = OBJ_nid2ln(evp_cipher->nid); + names[D_EVP] = + OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)); /* * -O3 -fschedule-insns messes up an * optimization here! names[D_EVP] somehow @@ -1434,29 +1466,33 @@ speed_main(int argc, char **argv) print_message(names[D_EVP], save_count, lengths[j]); - EVP_CIPHER_CTX_init(&ctx); + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) { + BIO_printf(bio_err, "Failed to " + "allocate cipher context.\n"); + goto end; + } if (decrypt) - EVP_DecryptInit_ex(&ctx, evp_cipher, NULL, key16, iv); + EVP_DecryptInit_ex(ctx, evp_cipher, NULL, key16, iv); else - EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, key16, iv); - EVP_CIPHER_CTX_set_padding(&ctx, 0); + EVP_EncryptInit_ex(ctx, evp_cipher, NULL, key16, iv); + EVP_CIPHER_CTX_set_padding(ctx, 0); Time_F(START); if (decrypt) for (count = 0, run = 1; COND(save_count * 4 * lengths[0] / lengths[j]); count++) - EVP_DecryptUpdate(&ctx, buf, &outl, buf, lengths[j]); + EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[j]); else for (count = 0, run = 1; COND(save_count * 4 * lengths[0] / lengths[j]); count++) - EVP_EncryptUpdate(&ctx, buf, &outl, buf, lengths[j]); + EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[j]); if (decrypt) - EVP_DecryptFinal_ex(&ctx, buf, &outl); + EVP_DecryptFinal_ex(ctx, buf, &outl); else - EVP_EncryptFinal_ex(&ctx, buf, &outl); + EVP_EncryptFinal_ex(ctx, buf, &outl); d = Time_F(STOP); - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); } if (evp_md) { - names[D_EVP] = OBJ_nid2ln(evp_md->type); + names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md)); print_message(names[D_EVP], save_count, lengths[j]); diff --git a/apps/openssl/testdsa.h b/apps/openssl/testdsa.h index 1bbb09ca..973e51f0 100644 --- a/apps/openssl/testdsa.h +++ b/apps/openssl/testdsa.h @@ -1,14 +1,21 @@ -/* $OpenBSD: testdsa.h,v 1.1 2014/08/26 17:47:25 jsing Exp $ */ +/* $OpenBSD: testdsa.h,v 1.5 2022/01/10 19:22:26 tb Exp $ */ DSA *get_dsa512(void); DSA *get_dsa1024(void); DSA *get_dsa2048(void); -static unsigned char dsa512_priv[] = { +DSA *get_dsa(const unsigned char *priv, size_t priv_size, + const unsigned char *pub, size_t pub_size, + const unsigned char *p, size_t p_size, + const unsigned char *q, size_t q_size, + const unsigned char *g, size_t g_size); + +static const unsigned char dsa512_priv[] = { 0x65, 0xe5, 0xc7, 0x38, 0x60, 0x24, 0xb5, 0x89, 0xd4, 0x9c, 0xeb, 0x4c, 0x9c, 0x1d, 0x7a, 0x22, 0xbd, 0xd1, 0xc2, 0xd2, }; -static unsigned char dsa512_pub[] = { + +static const unsigned char dsa512_pub[] = { 0x00, 0x95, 0xa7, 0x0d, 0xec, 0x93, 0x68, 0xba, 0x5f, 0xf7, 0x5f, 0x07, 0xf2, 0x3b, 0xad, 0x6b, 0x01, 0xdc, 0xbe, 0xec, 0xde, 0x04, 0x7a, 0x3a, 0x27, 0xb3, 0xec, 0x49, 0xfd, 0x08, 0x43, 0x3d, 0x7e, 0xa8, 0x2c, 0x5e, @@ -16,7 +23,8 @@ static unsigned char dsa512_pub[] = { 0x8c, 0x38, 0x5d, 0x83, 0x56, 0x7d, 0xee, 0x53, 0x05, 0x3e, 0x24, 0x84, 0xbe, 0xba, 0x0a, 0x6b, 0xc8, }; -static unsigned char dsa512_p[] = { + +static const unsigned char dsa512_p[] = { 0x9D, 0x1B, 0x69, 0x8E, 0x26, 0xDB, 0xF2, 0x2B, 0x11, 0x70, 0x19, 0x86, 0xF6, 0x19, 0xC8, 0xF8, 0x19, 0xF2, 0x18, 0x53, 0x94, 0x46, 0x06, 0xD0, 0x62, 0x50, 0x33, 0x4B, 0x02, 0x3C, 0x52, 0x30, 0x03, 0x8B, 0x3B, 0xF9, @@ -24,11 +32,13 @@ static unsigned char dsa512_p[] = { 0x96, 0xE4, 0x37, 0x33, 0xBB, 0x2D, 0x5A, 0xD7, 0x5A, 0x11, 0x40, 0x66, 0xA2, 0x76, 0x7D, 0x31, }; -static unsigned char dsa512_q[] = { + +static const unsigned char dsa512_q[] = { 0xFB, 0x53, 0xEF, 0x50, 0xB4, 0x40, 0x92, 0x31, 0x56, 0x86, 0x53, 0x7A, 0xE8, 0x8B, 0x22, 0x9A, 0x49, 0xFB, 0x71, 0x8F, }; -static unsigned char dsa512_g[] = { + +static const unsigned char dsa512_g[] = { 0x83, 0x3E, 0x88, 0xE5, 0xC5, 0x89, 0x73, 0xCE, 0x3B, 0x6C, 0x01, 0x49, 0xBF, 0xB3, 0xC7, 0x9F, 0x0A, 0xEA, 0x44, 0x91, 0xE5, 0x30, 0xAA, 0xD9, 0xBE, 0x5B, 0x5F, 0xB7, 0x10, 0xD7, 0x89, 0xB7, 0x8E, 0x74, 0xFB, 0xCF, @@ -38,28 +48,19 @@ static unsigned char dsa512_g[] = { }; DSA * -get_dsa512() +get_dsa512(void) { - DSA *dsa; - - if ((dsa = DSA_new()) == NULL) - return (NULL); - dsa->priv_key = BN_bin2bn(dsa512_priv, sizeof(dsa512_priv), NULL); - dsa->pub_key = BN_bin2bn(dsa512_pub, sizeof(dsa512_pub), NULL); - dsa->p = BN_bin2bn(dsa512_p, sizeof(dsa512_p), NULL); - dsa->q = BN_bin2bn(dsa512_q, sizeof(dsa512_q), NULL); - dsa->g = BN_bin2bn(dsa512_g, sizeof(dsa512_g), NULL); - if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || - (dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) - return (NULL); - return (dsa); + return get_dsa(dsa512_priv, sizeof(dsa512_priv), + dsa512_pub, sizeof(dsa512_pub), dsa512_p, sizeof(dsa512_p), + dsa512_q, sizeof(dsa512_q), dsa512_g, sizeof(dsa512_g)); } -static unsigned char dsa1024_priv[] = { +static const unsigned char dsa1024_priv[] = { 0x7d, 0x21, 0xda, 0xbb, 0x62, 0x15, 0x47, 0x36, 0x07, 0x67, 0x12, 0xe8, 0x8c, 0xaa, 0x1c, 0xcd, 0x38, 0x12, 0x61, 0x18, }; -static unsigned char dsa1024_pub[] = { + +static const unsigned char dsa1024_pub[] = { 0x3c, 0x4e, 0x9c, 0x2a, 0x7f, 0x16, 0xc1, 0x25, 0xeb, 0xac, 0x78, 0x63, 0x90, 0x14, 0x8c, 0x8b, 0xf4, 0x68, 0x43, 0x3c, 0x2d, 0xee, 0x65, 0x50, 0x7d, 0x9c, 0x8f, 0x8c, 0x8a, 0x51, 0xd6, 0x11, 0x2b, 0x99, 0xaf, 0x1e, @@ -72,7 +73,8 @@ static unsigned char dsa1024_pub[] = { 0x2c, 0x0b, 0xc3, 0x13, 0x50, 0x61, 0xe5, 0xad, 0xbd, 0x36, 0xb8, 0x97, 0x4e, 0x40, 0x7d, 0xe8, 0x83, 0x0d, 0xbc, 0x4b }; -static unsigned char dsa1024_p[] = { + +static const unsigned char dsa1024_p[] = { 0xA7, 0x3F, 0x6E, 0x85, 0xBF, 0x41, 0x6A, 0x29, 0x7D, 0xF0, 0x9F, 0x47, 0x19, 0x30, 0x90, 0x9A, 0x09, 0x1D, 0xDA, 0x6A, 0x33, 0x1E, 0xC5, 0x3D, 0x86, 0x96, 0xB3, 0x15, 0xE0, 0x53, 0x2E, 0x8F, 0xE0, 0x59, 0x82, 0x73, @@ -85,11 +87,13 @@ static unsigned char dsa1024_p[] = { 0x39, 0x4F, 0xFD, 0xB7, 0x43, 0x1F, 0xB5, 0xA4, 0x65, 0x6F, 0xCD, 0x80, 0x11, 0xE4, 0x70, 0x95, 0x5B, 0x50, 0xCD, 0x49, }; -static unsigned char dsa1024_q[] = { + +static const unsigned char dsa1024_q[] = { 0xF7, 0x07, 0x31, 0xED, 0xFA, 0x6C, 0x06, 0x03, 0xD5, 0x85, 0x8A, 0x1C, 0xAC, 0x9C, 0x65, 0xE7, 0x50, 0x66, 0x65, 0x6F, }; -static unsigned char dsa1024_g[] = { + +static const unsigned char dsa1024_g[] = { 0x4D, 0xDF, 0x4C, 0x03, 0xA6, 0x91, 0x8A, 0xF5, 0x19, 0x6F, 0x50, 0x46, 0x25, 0x99, 0xE5, 0x68, 0x6F, 0x30, 0xE3, 0x69, 0xE1, 0xE5, 0xB3, 0x5D, 0x98, 0xBB, 0x28, 0x86, 0x48, 0xFC, 0xDE, 0x99, 0x04, 0x3F, 0x5F, 0x88, @@ -104,28 +108,19 @@ static unsigned char dsa1024_g[] = { }; DSA * -get_dsa1024() +get_dsa1024(void) { - DSA *dsa; - - if ((dsa = DSA_new()) == NULL) - return (NULL); - dsa->priv_key = BN_bin2bn(dsa1024_priv, sizeof(dsa1024_priv), NULL); - dsa->pub_key = BN_bin2bn(dsa1024_pub, sizeof(dsa1024_pub), NULL); - dsa->p = BN_bin2bn(dsa1024_p, sizeof(dsa1024_p), NULL); - dsa->q = BN_bin2bn(dsa1024_q, sizeof(dsa1024_q), NULL); - dsa->g = BN_bin2bn(dsa1024_g, sizeof(dsa1024_g), NULL); - if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || - (dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) - return (NULL); - return (dsa); + return get_dsa(dsa1024_priv, sizeof(dsa1024_priv), + dsa1024_pub, sizeof(dsa1024_pub), dsa1024_p, sizeof(dsa1024_p), + dsa1024_q, sizeof(dsa1024_q), dsa1024_g, sizeof(dsa1024_g)); } -static unsigned char dsa2048_priv[] = { +static const unsigned char dsa2048_priv[] = { 0x32, 0x67, 0x92, 0xf6, 0xc4, 0xe2, 0xe2, 0xe8, 0xa0, 0x8b, 0x6b, 0x45, 0x0c, 0x8a, 0x76, 0xb0, 0xee, 0xcf, 0x91, 0xa7, }; -static unsigned char dsa2048_pub[] = { + +static const unsigned char dsa2048_pub[] = { 0x17, 0x8f, 0xa8, 0x11, 0x84, 0x92, 0xec, 0x83, 0x47, 0xc7, 0x6a, 0xb0, 0x92, 0xaf, 0x5a, 0x20, 0x37, 0xa3, 0x64, 0x79, 0xd2, 0xd0, 0x3d, 0xcd, 0xe0, 0x61, 0x88, 0x88, 0x21, 0xcc, 0x74, 0x5d, 0xce, 0x4c, 0x51, 0x47, @@ -149,7 +144,8 @@ static unsigned char dsa2048_pub[] = { 0x72, 0xf4, 0x10, 0xe6, 0x8d, 0x52, 0x16, 0x7f, 0xf2, 0xc9, 0xf8, 0x33, 0x8b, 0x33, 0xb7, 0xce, }; -static unsigned char dsa2048_p[] = { + +static const unsigned char dsa2048_p[] = { 0xA0, 0x25, 0xFA, 0xAD, 0xF4, 0x8E, 0xB9, 0xE5, 0x99, 0xF3, 0x5D, 0x6F, 0x4F, 0x83, 0x34, 0xE2, 0x7E, 0xCF, 0x6F, 0xBF, 0x30, 0xAF, 0x6F, 0x81, 0xEB, 0xF8, 0xC4, 0x13, 0xD9, 0xA0, 0x5D, 0x8B, 0x5C, 0x8E, 0xDC, 0xC2, @@ -173,11 +169,13 @@ static unsigned char dsa2048_p[] = { 0x5D, 0xA7, 0xD8, 0x54, 0xC3, 0x65, 0x7D, 0xC3, 0xB0, 0x1D, 0xBF, 0xAE, 0xF8, 0x68, 0xCF, 0x9B, }; -static unsigned char dsa2048_q[] = { + +static const unsigned char dsa2048_q[] = { 0x97, 0xE7, 0x33, 0x4D, 0xD3, 0x94, 0x3E, 0x0B, 0xDB, 0x62, 0x74, 0xC6, 0xA1, 0x08, 0xDD, 0x19, 0xA3, 0x75, 0x17, 0x1B, }; -static unsigned char dsa2048_g[] = { + +static const unsigned char dsa2048_g[] = { 0x2C, 0x78, 0x16, 0x59, 0x34, 0x63, 0xF4, 0xF3, 0x92, 0xFC, 0xB5, 0xA5, 0x4F, 0x13, 0xDE, 0x2F, 0x1C, 0xA4, 0x3C, 0xAE, 0xAD, 0x38, 0x3F, 0x7E, 0x90, 0xBF, 0x96, 0xA6, 0xAE, 0x25, 0x90, 0x72, 0xF5, 0x8E, 0x80, 0x0C, @@ -203,19 +201,58 @@ static unsigned char dsa2048_g[] = { }; DSA * -get_dsa2048() +get_dsa2048(void) +{ + return get_dsa(dsa2048_priv, sizeof(dsa2048_priv), + dsa2048_pub, sizeof(dsa2048_pub), dsa2048_p, sizeof(dsa2048_p), + dsa2048_q, sizeof(dsa2048_q), dsa2048_g, sizeof(dsa2048_g)); +} + +DSA * +get_dsa(const unsigned char *priv, size_t priv_size, + const unsigned char *pub, size_t pub_size, + const unsigned char *p_char, size_t p_size, + const unsigned char *q_char, size_t q_size, + const unsigned char *g_char, size_t g_size) { DSA *dsa; + BIGNUM *priv_key = NULL, *pub_key = NULL; + BIGNUM *p = NULL, *q = NULL, *g = NULL; if ((dsa = DSA_new()) == NULL) return (NULL); - dsa->priv_key = BN_bin2bn(dsa2048_priv, sizeof(dsa2048_priv), NULL); - dsa->pub_key = BN_bin2bn(dsa2048_pub, sizeof(dsa2048_pub), NULL); - dsa->p = BN_bin2bn(dsa2048_p, sizeof(dsa2048_p), NULL); - dsa->q = BN_bin2bn(dsa2048_q, sizeof(dsa2048_q), NULL); - dsa->g = BN_bin2bn(dsa2048_g, sizeof(dsa2048_g), NULL); - if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || - (dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) - return (NULL); - return (dsa); + + priv_key = BN_bin2bn(priv, priv_size, NULL); + pub_key = BN_bin2bn(pub, pub_size, NULL); + if (priv_key == NULL || pub_key == NULL) + goto err; + + if (!DSA_set0_key(dsa, pub_key, priv_key)) + goto err; + pub_key = NULL; + priv_key = NULL; + + p = BN_bin2bn(p_char, p_size, NULL); + q = BN_bin2bn(q_char, q_size, NULL); + g = BN_bin2bn(g_char, g_size, NULL); + if (p == NULL || q == NULL || g == NULL) + goto err; + + if (!DSA_set0_pqg(dsa, p, q, g)) + goto err; + p = NULL; + q = NULL; + g = NULL; + + return dsa; + + err: + DSA_free(dsa); + BN_free(priv_key); + BN_free(pub_key); + BN_free(p); + BN_free(q); + BN_free(g); + + return NULL; } diff --git a/apps/openssl/ts.c b/apps/openssl/ts.c index cac10d0d..24301b69 100644 --- a/apps/openssl/ts.c +++ b/apps/openssl/ts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts.c,v 1.15 2018/02/07 05:47:55 jsing Exp $ */ +/* $OpenBSD: ts.c,v 1.24 2022/09/11 18:08:17 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -80,74 +80,302 @@ static ASN1_OBJECT *txt2obj(const char *oid); static CONF *load_config_file(const char *configfile); /* Query related functions. */ -static int query_command(const char *data, char *digest, - const EVP_MD * md, const char *policy, int no_nonce, - int cert, const char *in, const char *out, int text); +static int query_command(const char *data, char *digest, const EVP_MD *md, + const char *policy, int no_nonce, int cert, const char *in, const char *out, + int text); static BIO *BIO_open_with_default(const char *file, const char *mode, - FILE * default_fp); -static TS_REQ *create_query(BIO * data_bio, char *digest, const EVP_MD * md, + FILE *default_fp); +static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md, const char *policy, int no_nonce, int cert); -static int create_digest(BIO * input, char *digest, - const EVP_MD * md, unsigned char **md_value); +static int create_digest(BIO *input, char *digest, const EVP_MD *md, + unsigned char **md_value); static ASN1_INTEGER *create_nonce(int bits); /* Reply related functions. */ -static int reply_command(CONF * conf, char *section, - char *queryfile, char *passin, char *inkey, - char *signer, char *chain, const char *policy, - char *in, int token_in, char *out, int token_out, - int text); -static TS_RESP *read_PKCS7(BIO * in_bio); -static TS_RESP *create_response(CONF * conf, const char *section, - char *queryfile, char *passin, char *inkey, - char *signer, char *chain, const char *policy); -static ASN1_INTEGER *serial_cb(TS_RESP_CTX * ctx, void *data); +static int reply_command(CONF *conf, char *section, char *queryfile, + char *passin, char *inkey, char *signer, char *chain, const char *policy, + char *in, int token_in, char *out, int token_out, int text); +static TS_RESP *read_PKCS7(BIO *in_bio); +static TS_RESP *create_response(CONF *conf, const char *section, + char *queryfile, char *passin, char *inkey, char *signer, char *chain, + const char *policy); +static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data); static ASN1_INTEGER *next_serial(const char *serialfile); -static int save_ts_serial(const char *serialfile, ASN1_INTEGER * serial); +static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial); /* Verify related functions. */ -static int verify_command(char *data, char *digest, char *queryfile, - char *in, int token_in, - char *ca_path, char *ca_file, char *untrusted); +static int verify_command(char *data, char *digest, char *queryfile, char *in, + int token_in, char *ca_path, char *ca_file, char *untrusted); static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest, - char *queryfile, - char *ca_path, char *ca_file, - char *untrusted); + char *queryfile, char *ca_path, char *ca_file, char *untrusted); static X509_STORE *create_cert_store(char *ca_path, char *ca_file); -static int verify_cb(int ok, X509_STORE_CTX * ctx); +static int verify_cb(int ok, X509_STORE_CTX *ctx); + +enum mode { + CMD_NONE, CMD_QUERY, CMD_REPLY, CMD_VERIFY +}; + +static struct { + char *ca_file; + char *ca_path; + int cert; + char *chain; + char *configfile; + char *data; + char *digest; + char *in; + char *inkey; + const EVP_MD *md; + int mode; + int no_nonce; + char *out; + char *passin; + char *policy; + char *queryfile; + char *section; + char *signer; + int text; + int token_in; + int token_out; + char *untrusted; +} ts_config; + +static int +ts_opt_md(int argc, char **argv, int *argsused) +{ + char *name = argv[0]; + + if (*name++ != '-') + return (1); + + if ((ts_config.md = EVP_get_digestbyname(name)) == NULL) + return (1); + + *argsused = 1; + return (0); +} + +static int +ts_opt_query(void) +{ + if (ts_config.mode != CMD_NONE) + return (1); + ts_config.mode = CMD_QUERY; + return (0); +} + +static int +ts_opt_reply(void) +{ + if (ts_config.mode != CMD_NONE) + return (1); + ts_config.mode = CMD_REPLY; + return (0); +} + +static int +ts_opt_verify(void) +{ + if (ts_config.mode != CMD_NONE) + return (1); + ts_config.mode = CMD_VERIFY; + return (0); +} + +static const struct option ts_options[] = { + { + .name = "CAfile", + .argname = "file", + .desc = "Certificate Authority file", + .type = OPTION_ARG, + .opt.arg = &ts_config.ca_file, + }, + { + .name = "CApath", + .argname = "path", + .desc = "Certificate Authority path", + .type = OPTION_ARG, + .opt.arg = &ts_config.ca_path, + }, + { + .name = "cert", + .desc = "Include signing certificate in the response", + .type = OPTION_FLAG, + .opt.flag = &ts_config.cert, + }, + { + .name = "chain", + .argname = "file", + .desc = "PEM certificates that will be included in the response", + .type = OPTION_ARG, + .opt.arg = &ts_config.chain, + }, + { + .name = "config", + .argname = "file", + .desc = "Specify an alternative configuration file", + .type = OPTION_ARG, + .opt.arg = &ts_config.configfile, + }, + { + .name = "data", + .argname = "file", + .desc = "Data file for which the time stamp request needs to be created", + .type = OPTION_ARG, + .opt.arg = &ts_config.data, + }, + { + .name = "digest", + .argname = "arg", + .desc = "Specify the message imprint explicitly without the data file", + .type = OPTION_ARG, + .opt.arg = &ts_config.digest, + }, + { + .name = "in", + .argname = "file", + .desc = "Input file", + .type = OPTION_ARG, + .opt.arg = &ts_config.in, + }, + { + .name = "inkey", + .argname = "file", + .desc = "Input key file", + .type = OPTION_ARG, + .opt.arg = &ts_config.inkey, + }, + { + .name = "no_nonce", + .desc = "Specify no nonce in the request", + .type = OPTION_FLAG, + .opt.flag = &ts_config.no_nonce, + }, + { + .name = "out", + .argname = "file", + .desc = "Output file", + .type = OPTION_ARG, + .opt.arg = &ts_config.out, + }, + { + .name = "passin", + .argname = "src", + .desc = "Private key password source", + .type = OPTION_ARG, + .opt.arg = &ts_config.passin, + }, + { + .name = "policy", + .argname = "object_id", + .desc = "Policy for the TSA to use when creating the time stamp token", + .type = OPTION_ARG, + .opt.arg = &ts_config.policy, + }, + { + .name = "query", + .desc = "Create and print a time stamp request", + .type = OPTION_FUNC, + .opt.func = ts_opt_query, + }, + { + .name = "queryfile", + .argname = "file", + .desc = "File containing a DER-encoded time stamp request", + .type = OPTION_ARG, + .opt.arg = &ts_config.queryfile, + }, + { + .name = "reply", + .desc = "Create a time stamp response", + .type = OPTION_FUNC, + .opt.func = ts_opt_reply, + }, + { + .name = "section", + .argname = "arg", + .desc = "TSA section containing the settings for response generation", + .type = OPTION_ARG, + .opt.arg = &ts_config.section, + }, + { + .name = "signer", + .argname = "file", + .desc = "Signer certificate file", + .type = OPTION_ARG, + .opt.arg = &ts_config.signer, + }, + { + .name = "text", + .desc = "Output in human-readable text format", + .type = OPTION_FLAG, + .opt.flag = &ts_config.text, + }, + { + .name = "token_in", + .desc = "Input is a DER-encoded time stamp token", + .type = OPTION_FLAG, + .opt.flag = &ts_config.token_in, + }, + { + .name = "token_out", + .desc = "Output is a DER-encoded time stamp token", + .type = OPTION_FLAG, + .opt.flag = &ts_config.token_out, + }, + { + .name = "untrusted", + .argname = "file", + .desc = "File containing untrusted certificates", + .type = OPTION_ARG, + .opt.arg = &ts_config.untrusted, + }, + { + .name = "verify", + .desc = "Verify a time stamp response", + .type = OPTION_FUNC, + .opt.func = ts_opt_verify, + }, + { + .name = NULL, + .desc = "", + .type = OPTION_ARGV_FUNC, + .opt.argvfunc = ts_opt_md, + }, + { NULL }, +}; + +static void +ts_usage(void) +{ + fprintf(stderr, "usage:\n" + "ts -query [-md4 | -md5 | -ripemd160 | -sha1] [-cert]\n" + " [-config configfile] [-data file_to_hash]\n" + " [-digest digest_bytes] [-in request.tsq] [-no_nonce]\n" + " [-out request.tsq] [-policy object_id] [-text]\n"); + fprintf(stderr, "\n" + "ts -reply [-chain certs_file.pem] [-config configfile]\n" + " [-in response.tsr] [-inkey private.pem] [-out response.tsr]\n" + " [-passin arg] [-policy object_id] [-queryfile request.tsq]\n" + " [-section tsa_section] [-signer tsa_cert.pem] [-text]\n" + " [-token_in] [-token_out]\n"); + fprintf(stderr, "\n" + "ts -verify [-CAfile trusted_certs.pem]\n" + " [-CApath trusted_cert_path] [-data file_to_hash]\n" + " [-digest digest_bytes] [-in response.tsr]\n" + " [-queryfile request.tsq] [-token_in]\n" + " [-untrusted cert_file.pem]\n"); + fprintf(stderr, "\n"); + options_usage(ts_options); + fprintf(stderr, "\n"); +} int ts_main(int argc, char **argv) { int ret = 1; - char *configfile = NULL; - char *section = NULL; CONF *conf = NULL; - enum mode { - CMD_NONE, CMD_QUERY, CMD_REPLY, CMD_VERIFY - } mode = CMD_NONE; - char *data = NULL; - char *digest = NULL; - const EVP_MD *md = NULL; - char *policy = NULL; - int no_nonce = 0; - int cert = 0; - char *in = NULL; - char *out = NULL; - int text = 0; - char *queryfile = NULL; - char *passin = NULL; /* Password source. */ char *password = NULL; /* Password itself. */ - char *inkey = NULL; - char *signer = NULL; - char *chain = NULL; - char *ca_path = NULL; - char *ca_file = NULL; - char *untrusted = NULL; - /* Input is ContentInfo instead of TimeStampResp. */ - int token_in = 0; - /* Output is ContentInfo instead of TimeStampResp. */ - int token_out = 0; if (single_execution) { if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { @@ -156,98 +384,15 @@ ts_main(int argc, char **argv) } } - for (argc--, argv++; argc > 0; argc--, argv++) { - if (strcmp(*argv, "-config") == 0) { - if (argc-- < 1) - goto usage; - configfile = *++argv; - } else if (strcmp(*argv, "-section") == 0) { - if (argc-- < 1) - goto usage; - section = *++argv; - } else if (strcmp(*argv, "-query") == 0) { - if (mode != CMD_NONE) - goto usage; - mode = CMD_QUERY; - } else if (strcmp(*argv, "-data") == 0) { - if (argc-- < 1) - goto usage; - data = *++argv; - } else if (strcmp(*argv, "-digest") == 0) { - if (argc-- < 1) - goto usage; - digest = *++argv; - } else if (strcmp(*argv, "-policy") == 0) { - if (argc-- < 1) - goto usage; - policy = *++argv; - } else if (strcmp(*argv, "-no_nonce") == 0) { - no_nonce = 1; - } else if (strcmp(*argv, "-cert") == 0) { - cert = 1; - } else if (strcmp(*argv, "-in") == 0) { - if (argc-- < 1) - goto usage; - in = *++argv; - } else if (strcmp(*argv, "-token_in") == 0) { - token_in = 1; - } else if (strcmp(*argv, "-out") == 0) { - if (argc-- < 1) - goto usage; - out = *++argv; - } else if (strcmp(*argv, "-token_out") == 0) { - token_out = 1; - } else if (strcmp(*argv, "-text") == 0) { - text = 1; - } else if (strcmp(*argv, "-reply") == 0) { - if (mode != CMD_NONE) - goto usage; - mode = CMD_REPLY; - } else if (strcmp(*argv, "-queryfile") == 0) { - if (argc-- < 1) - goto usage; - queryfile = *++argv; - } else if (strcmp(*argv, "-passin") == 0) { - if (argc-- < 1) - goto usage; - passin = *++argv; - } else if (strcmp(*argv, "-inkey") == 0) { - if (argc-- < 1) - goto usage; - inkey = *++argv; - } else if (strcmp(*argv, "-signer") == 0) { - if (argc-- < 1) - goto usage; - signer = *++argv; - } else if (strcmp(*argv, "-chain") == 0) { - if (argc-- < 1) - goto usage; - chain = *++argv; - } else if (strcmp(*argv, "-verify") == 0) { - if (mode != CMD_NONE) - goto usage; - mode = CMD_VERIFY; - } else if (strcmp(*argv, "-CApath") == 0) { - if (argc-- < 1) - goto usage; - ca_path = *++argv; - } else if (strcmp(*argv, "-CAfile") == 0) { - if (argc-- < 1) - goto usage; - ca_file = *++argv; - } else if (strcmp(*argv, "-untrusted") == 0) { - if (argc-- < 1) - goto usage; - untrusted = *++argv; - } else if ((md = EVP_get_digestbyname(*argv + 1)) != NULL) { - /* empty. */ - } else - goto usage; - } + memset(&ts_config, 0, sizeof(ts_config)); + ts_config.mode = CMD_NONE; + + if (options_parse(argc, argv, ts_options, NULL, NULL) != 0) + goto usage; /* Get the password if required. */ - if (mode == CMD_REPLY && passin && - !app_passwd(bio_err, passin, NULL, &password, NULL)) { + if (ts_config.mode == CMD_REPLY && ts_config.passin != NULL && + !app_passwd(bio_err, ts_config.passin, NULL, &password, NULL)) { BIO_printf(bio_err, "Error getting password.\n"); goto cleanup; } @@ -255,7 +400,7 @@ ts_main(int argc, char **argv) * Check consistency of parameters and execute the appropriate * function. */ - switch (mode) { + switch (ts_config.mode) { case CMD_NONE: goto usage; case CMD_QUERY: @@ -263,64 +408,56 @@ ts_main(int argc, char **argv) * Data file and message imprint cannot be specified at the * same time. */ - ret = data != NULL && digest != NULL; + ret = ts_config.data != NULL && ts_config.digest != NULL; if (ret) goto usage; /* Load the config file for possible policy OIDs. */ - conf = load_config_file(configfile); - ret = !query_command(data, digest, md, policy, no_nonce, cert, - in, out, text); + conf = load_config_file(ts_config.configfile); + ret = !query_command(ts_config.data, ts_config.digest, + ts_config.md, ts_config.policy, ts_config.no_nonce, + ts_config.cert, ts_config.in, ts_config.out, + ts_config.text); break; case CMD_REPLY: - conf = load_config_file(configfile); - if (in == NULL) { - ret = !(queryfile != NULL && conf != NULL && !token_in); + conf = load_config_file(ts_config.configfile); + if (ts_config.in == NULL) { + ret = !(ts_config.queryfile != NULL && conf != NULL && + !ts_config.token_in); if (ret) goto usage; } else { /* 'in' and 'queryfile' are exclusive. */ - ret = !(queryfile == NULL); + ret = !(ts_config.queryfile == NULL); if (ret) goto usage; } - ret = !reply_command(conf, section, queryfile, - password, inkey, signer, chain, policy, - in, token_in, out, token_out, text); + ret = !reply_command(conf, ts_config.section, + ts_config.queryfile, password, ts_config.inkey, + ts_config.signer, ts_config.chain, ts_config.policy, + ts_config.in, ts_config.token_in, ts_config.out, + ts_config.token_out, ts_config.text); break; case CMD_VERIFY: - ret = !(((queryfile && !data && !digest) || - (!queryfile && data && !digest) || - (!queryfile && !data && digest)) && in != NULL); + ret = !(((ts_config.queryfile != NULL && ts_config.data == NULL && + ts_config.digest == NULL) || + (ts_config.queryfile == NULL && ts_config.data != NULL && + ts_config.digest == NULL) || + (ts_config.queryfile == NULL && ts_config.data == NULL && + ts_config.digest != NULL)) && + ts_config.in != NULL); if (ret) goto usage; - ret = !verify_command(data, digest, queryfile, in, token_in, - ca_path, ca_file, untrusted); + ret = !verify_command(ts_config.data, ts_config.digest, + ts_config.queryfile, ts_config.in, ts_config.token_in, + ts_config.ca_path, ts_config.ca_file, ts_config.untrusted); } goto cleanup; usage: - BIO_printf(bio_err, "usage:\n" - "ts -query [-config configfile] " - "[-data file_to_hash] [-digest digest_bytes]" - "[-md4|-md5|-sha1|-ripemd160] " - "[-policy object_id] [-no_nonce] [-cert] " - "[-in request.tsq] [-out request.tsq] [-text]\n"); - BIO_printf(bio_err, "or\n" - "ts -reply [-config configfile] [-section tsa_section] " - "[-queryfile request.tsq] [-passin password] " - "[-signer tsa_cert.pem] [-inkey private_key.pem] " - "[-chain certs_file.pem] [-policy object_id] " - "[-in response.tsr] [-token_in] " - "[-out response.tsr] [-token_out] [-text]\n"); - BIO_printf(bio_err, "or\n" - "ts -verify [-data file_to_hash] [-digest digest_bytes] " - "[-queryfile request.tsq] " - "-in response.tsr [-token_in] " - "-CApath ca_path -CAfile ca_file.pem " - "-untrusted cert_file.pem\n"); + ts_usage(); cleanup: /* Clean up. */ @@ -340,7 +477,7 @@ txt2obj(const char *oid) { ASN1_OBJECT *oid_obj = NULL; - if (!(oid_obj = OBJ_txt2obj(oid, 0))) + if ((oid_obj = OBJ_txt2obj(oid, 0)) == NULL) BIO_printf(bio_err, "cannot convert %s to OID\n", oid); return oid_obj; @@ -352,11 +489,11 @@ load_config_file(const char *configfile) CONF *conf = NULL; long errorline = -1; - if (!configfile) + if (configfile == NULL) configfile = getenv("OPENSSL_CONF"); - if (configfile && - (!(conf = NCONF_new(NULL)) || + if (configfile != NULL && + ((conf = NCONF_new(NULL)) == NULL || NCONF_load(conf, configfile, &errorline) <= 0)) { if (errorline <= 0) BIO_printf(bio_err, "error loading the config file " @@ -373,7 +510,7 @@ load_config_file(const char *configfile) p = NCONF_get_string(conf, NULL, ENV_OID_FILE); if (p != NULL) { BIO *oid_bio = BIO_new_file(p, "r"); - if (!oid_bio) + if (oid_bio == NULL) ERR_print_errors(bio_err); else { OBJ_create_objects(oid_bio); @@ -392,9 +529,9 @@ load_config_file(const char *configfile) */ static int -query_command(const char *data, char *digest, const EVP_MD * md, - const char *policy, int no_nonce, int cert, const char *in, - const char *out, int text) +query_command(const char *data, char *digest, const EVP_MD *md, + const char *policy, int no_nonce, int cert, const char *in, const char *out, + int text) { int ret = 0; TS_REQ *query = NULL; @@ -409,8 +546,8 @@ query_command(const char *data, char *digest, const EVP_MD * md, query = d2i_TS_REQ_bio(in_bio, NULL); } else { /* Open the file if no explicit digest bytes were specified. */ - if (!digest && - !(data_bio = BIO_open_with_default(data, "rb", stdin))) + if (digest == NULL && + (data_bio = BIO_open_with_default(data, "rb", stdin)) == NULL) goto end; /* Creating the query object. */ query = create_query(data_bio, digest, md, @@ -448,15 +585,15 @@ query_command(const char *data, char *digest, const EVP_MD * md, } static BIO * -BIO_open_with_default(const char *file, const char *mode, FILE * default_fp) +BIO_open_with_default(const char *file, const char *mode, FILE *default_fp) { return file == NULL ? BIO_new_fp(default_fp, BIO_NOCLOSE) : BIO_new_file(file, mode); } static TS_REQ * -create_query(BIO * data_bio, char *digest, const EVP_MD * md, - const char *policy, int no_nonce, int cert) +create_query(BIO *data_bio, char *digest, const EVP_MD *md, const char *policy, + int no_nonce, int cert) { int ret = 0; TS_REQ *ts_req = NULL; @@ -468,11 +605,11 @@ create_query(BIO * data_bio, char *digest, const EVP_MD * md, ASN1_INTEGER *nonce_asn1 = NULL; /* Setting default message digest. */ - if (!md && !(md = EVP_get_digestbyname("sha1"))) + if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL) goto err; /* Creating request object. */ - if (!(ts_req = TS_REQ_new())) + if ((ts_req = TS_REQ_new()) == NULL) goto err; /* Setting version. */ @@ -480,15 +617,15 @@ create_query(BIO * data_bio, char *digest, const EVP_MD * md, goto err; /* Creating and adding MSG_IMPRINT object. */ - if (!(msg_imprint = TS_MSG_IMPRINT_new())) + if ((msg_imprint = TS_MSG_IMPRINT_new()) == NULL) goto err; /* Adding algorithm. */ - if (!(algo = X509_ALGOR_new())) + if ((algo = X509_ALGOR_new()) == NULL) goto err; - if (!(algo->algorithm = OBJ_nid2obj(EVP_MD_type(md)))) + if ((algo->algorithm = OBJ_nid2obj(EVP_MD_type(md))) == NULL) goto err; - if (!(algo->parameter = ASN1_TYPE_new())) + if ((algo->parameter = ASN1_TYPE_new()) == NULL) goto err; algo->parameter->type = V_ASN1_NULL; if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo)) @@ -504,15 +641,15 @@ create_query(BIO * data_bio, char *digest, const EVP_MD * md, goto err; /* Setting policy if requested. */ - if (policy && !(policy_obj = txt2obj(policy))) + if (policy != NULL && (policy_obj = txt2obj(policy)) == NULL) goto err; - if (policy_obj && !TS_REQ_set_policy_id(ts_req, policy_obj)) + if (policy_obj != NULL && !TS_REQ_set_policy_id(ts_req, policy_obj)) goto err; /* Setting nonce if requested. */ - if (!no_nonce && !(nonce_asn1 = create_nonce(NONCE_LENGTH))) + if (!no_nonce && (nonce_asn1 = create_nonce(NONCE_LENGTH)) == NULL) goto err; - if (nonce_asn1 && !TS_REQ_set_nonce(ts_req, nonce_asn1)) + if (nonce_asn1 != NULL && !TS_REQ_set_nonce(ts_req, nonce_asn1)) goto err; /* Setting certificate request flag if requested. */ @@ -537,34 +674,48 @@ create_query(BIO * data_bio, char *digest, const EVP_MD * md, } static int -create_digest(BIO * input, char *digest, const EVP_MD * md, +create_digest(BIO *input, char *digest, const EVP_MD *md, unsigned char **md_value) { int md_value_len; + EVP_MD_CTX *md_ctx = NULL; md_value_len = EVP_MD_size(md); if (md_value_len < 0) goto err; - if (input) { + + if (input != NULL) { /* Digest must be computed from an input file. */ - EVP_MD_CTX md_ctx; unsigned char buffer[4096]; int length; *md_value = malloc(md_value_len); - if (*md_value == 0) + if (*md_value == NULL) + goto err; + + if ((md_ctx = EVP_MD_CTX_new()) == NULL) + goto err; + + if (!EVP_DigestInit(md_ctx, md)) goto err; - EVP_DigestInit(&md_ctx, md); while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) { - EVP_DigestUpdate(&md_ctx, buffer, length); + if (!EVP_DigestUpdate(md_ctx, buffer, length)) + goto err; } - EVP_DigestFinal(&md_ctx, *md_value, NULL); + + if (!EVP_DigestFinal(md_ctx, *md_value, NULL)) + goto err; + + EVP_MD_CTX_free(md_ctx); + md_ctx = NULL; + } else { /* Digest bytes are specified with digest. */ long digest_len; + *md_value = string_to_hex(digest, &digest_len); - if (!*md_value || md_value_len != digest_len) { + if (*md_value == NULL || md_value_len != digest_len) { free(*md_value); *md_value = NULL; BIO_printf(bio_err, "bad digest, %d bytes " @@ -574,7 +725,9 @@ create_digest(BIO * input, char *digest, const EVP_MD * md, } return md_value_len; + err: + EVP_MD_CTX_free(md_ctx); return 0; } @@ -594,12 +747,12 @@ create_nonce(int bits) /* Find the first non-zero byte and creating ASN1_INTEGER object. */ for (i = 0; i < len && !buf[i]; ++i) ; - if (!(nonce = ASN1_INTEGER_new())) + if ((nonce = ASN1_INTEGER_new()) == NULL) goto err; free(nonce->data); /* Allocate at least one byte. */ nonce->length = len - i; - if (!(nonce->data = malloc(nonce->length + 1))) + if ((nonce->data = malloc(nonce->length + 1)) == NULL) goto err; memcpy(nonce->data, buf + i, nonce->length); @@ -610,14 +763,15 @@ create_nonce(int bits) ASN1_INTEGER_free(nonce); return NULL; } + /* * Reply-related method definitions. */ static int -reply_command(CONF * conf, char *section, char *queryfile, - char *passin, char *inkey, char *signer, char *chain, const char *policy, - char *in, int token_in, char *out, int token_out, int text) +reply_command(CONF *conf, char *section, char *queryfile, char *passin, + char *inkey, char *signer, char *chain, const char *policy, char *in, + int token_in, char *out, int token_out, int text) { int ret = 0; TS_RESP *response = NULL; @@ -642,10 +796,9 @@ reply_command(CONF * conf, char *section, char *queryfile, response = d2i_TS_RESP_bio(in_bio, NULL); } } else { - response = create_response(conf, section, queryfile, - passin, inkey, signer, chain, - policy); - if (response) + response = create_response(conf, section, queryfile, passin, + inkey, signer, chain, policy); + if (response != NULL) BIO_printf(bio_err, "Response has been generated.\n"); else BIO_printf(bio_err, "Response is not generated.\n"); @@ -696,7 +849,7 @@ reply_command(CONF * conf, char *section, char *queryfile, /* Reads a PKCS7 token and adds default 'granted' status info to it. */ static TS_RESP * -read_PKCS7(BIO * in_bio) +read_PKCS7(BIO *in_bio) { int ret = 0; PKCS7 *token = NULL; @@ -705,19 +858,19 @@ read_PKCS7(BIO * in_bio) TS_STATUS_INFO *si = NULL; /* Read PKCS7 object and extract the signed time stamp info. */ - if (!(token = d2i_PKCS7_bio(in_bio, NULL))) + if ((token = d2i_PKCS7_bio(in_bio, NULL)) == NULL) goto end; - if (!(tst_info = PKCS7_to_TS_TST_INFO(token))) + if ((tst_info = PKCS7_to_TS_TST_INFO(token)) == NULL) goto end; /* Creating response object. */ - if (!(resp = TS_RESP_new())) + if ((resp = TS_RESP_new()) == NULL) goto end; /* Create granted status info. */ - if (!(si = TS_STATUS_INFO_new())) + if ((si = TS_STATUS_INFO_new()) == NULL) goto end; - if (!(ASN1_INTEGER_set(si->status, TS_STATUS_GRANTED))) + if (!TS_STATUS_INFO_set_status(si, TS_STATUS_GRANTED)) goto end; if (!TS_RESP_set_status_info(resp, si)) goto end; @@ -740,24 +893,23 @@ read_PKCS7(BIO * in_bio) } static TS_RESP * -create_response(CONF * conf, const char *section, - char *queryfile, char *passin, char *inkey, - char *signer, char *chain, const char *policy) +create_response(CONF *conf, const char *section, char *queryfile, char *passin, + char *inkey, char *signer, char *chain, const char *policy) { int ret = 0; TS_RESP *response = NULL; BIO *query_bio = NULL; TS_RESP_CTX *resp_ctx = NULL; - if (!(query_bio = BIO_new_file(queryfile, "rb"))) + if ((query_bio = BIO_new_file(queryfile, "rb")) == NULL) goto end; /* Getting TSA configuration section. */ - if (!(section = TS_CONF_get_tsa_section(conf, section))) + if ((section = TS_CONF_get_tsa_section(conf, section)) == NULL) goto end; /* Setting up response generation context. */ - if (!(resp_ctx = TS_RESP_CTX_new())) + if ((resp_ctx = TS_RESP_CTX_new()) == NULL) goto end; /* Setting serial number provider callback. */ @@ -809,7 +961,7 @@ create_response(CONF * conf, const char *section, goto end; /* Creating the response. */ - if (!(response = TS_RESP_create_response(resp_ctx, query_bio))) + if ((response = TS_RESP_create_response(resp_ctx, query_bio)) == NULL) goto end; ret = 1; @@ -825,12 +977,12 @@ create_response(CONF * conf, const char *section, } static ASN1_INTEGER * -serial_cb(TS_RESP_CTX * ctx, void *data) +serial_cb(TS_RESP_CTX *ctx, void *data) { const char *serial_file = (const char *) data; ASN1_INTEGER *serial = next_serial(serial_file); - if (!serial) { + if (serial == NULL) { TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, "Error during serial number " "generation."); @@ -850,10 +1002,10 @@ next_serial(const char *serialfile) ASN1_INTEGER *serial = NULL; BIGNUM *bn = NULL; - if (!(serial = ASN1_INTEGER_new())) + if ((serial = ASN1_INTEGER_new()) == NULL) goto err; - if (!(in = BIO_new_file(serialfile, "r"))) { + if ((in = BIO_new_file(serialfile, "r")) == NULL) { ERR_clear_error(); BIO_printf(bio_err, "Warning: could not open file %s for " "reading, using serial number: 1\n", serialfile); @@ -866,13 +1018,13 @@ next_serial(const char *serialfile) serialfile); goto err; } - if (!(bn = ASN1_INTEGER_to_BN(serial, NULL))) + if ((bn = ASN1_INTEGER_to_BN(serial, NULL)) == NULL) goto err; ASN1_INTEGER_free(serial); serial = NULL; if (!BN_add_word(bn, 1)) goto err; - if (!(serial = BN_to_ASN1_INTEGER(bn, NULL))) + if ((serial = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) goto err; } ret = 1; @@ -887,12 +1039,12 @@ next_serial(const char *serialfile) } static int -save_ts_serial(const char *serialfile, ASN1_INTEGER * serial) +save_ts_serial(const char *serialfile, ASN1_INTEGER *serial) { int ret = 0; BIO *out = NULL; - if (!(out = BIO_new_file(serialfile, "w"))) + if ((out = BIO_new_file(serialfile, "w")) == NULL) goto err; if (i2a_ASN1_INTEGER(out, serial) <= 0) goto err; @@ -922,18 +1074,18 @@ verify_command(char *data, char *digest, char *queryfile, char *in, int ret = 0; /* Decode the token (PKCS7) or response (TS_RESP) files. */ - if (!(in_bio = BIO_new_file(in, "rb"))) + if ((in_bio = BIO_new_file(in, "rb")) == NULL) goto end; if (token_in) { - if (!(token = d2i_PKCS7_bio(in_bio, NULL))) + if ((token = d2i_PKCS7_bio(in_bio, NULL)) == NULL) goto end; } else { - if (!(response = d2i_TS_RESP_bio(in_bio, NULL))) + if ((response = d2i_TS_RESP_bio(in_bio, NULL)) == NULL) goto end; } - if (!(verify_ctx = create_verify_ctx(data, digest, queryfile, - ca_path, ca_file, untrusted))) + if ((verify_ctx = create_verify_ctx(data, digest, queryfile, + ca_path, ca_file, untrusted)) == NULL) goto end; /* Checking the token or response against the request. */ @@ -966,50 +1118,61 @@ create_verify_ctx(char *data, char *digest, char *queryfile, char *ca_path, TS_VERIFY_CTX *ctx = NULL; BIO *input = NULL; TS_REQ *request = NULL; + X509_STORE *store; + STACK_OF(X509) *certs; int ret = 0; if (data != NULL || digest != NULL) { - if (!(ctx = TS_VERIFY_CTX_new())) + if ((ctx = TS_VERIFY_CTX_new()) == NULL) goto err; - ctx->flags = TS_VFY_VERSION | TS_VFY_SIGNER; + TS_VERIFY_CTX_set_flags(ctx, TS_VFY_VERSION | TS_VFY_SIGNER); if (data != NULL) { - ctx->flags |= TS_VFY_DATA; - if (!(ctx->data = BIO_new_file(data, "rb"))) + BIO *data_bio; + + TS_VERIFY_CTX_add_flags(ctx, TS_VFY_DATA); + if ((data_bio = BIO_new_file(data, "rb")) == NULL) goto err; + TS_VERIFY_CTX_set_data(ctx, data_bio); } else if (digest != NULL) { + unsigned char *imprint; long imprint_len; - ctx->flags |= TS_VFY_IMPRINT; - if (!(ctx->imprint = string_to_hex(digest, - &imprint_len))) { + + TS_VERIFY_CTX_add_flags(ctx, TS_VFY_IMPRINT); + if ((imprint = string_to_hex(digest, + &imprint_len)) == NULL) { BIO_printf(bio_err, "invalid digest string\n"); goto err; } - ctx->imprint_len = imprint_len; + TS_VERIFY_CTX_set_imprint(ctx, imprint, imprint_len); } } else if (queryfile != NULL) { /* * The request has just to be read, decoded and converted to * a verify context object. */ - if (!(input = BIO_new_file(queryfile, "rb"))) + if ((input = BIO_new_file(queryfile, "rb")) == NULL) goto err; - if (!(request = d2i_TS_REQ_bio(input, NULL))) + if ((request = d2i_TS_REQ_bio(input, NULL)) == NULL) goto err; - if (!(ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL))) + if ((ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL)) == NULL) goto err; } else return NULL; /* Add the signature verification flag and arguments. */ - ctx->flags |= TS_VFY_SIGNATURE; + TS_VERIFY_CTX_add_flags(ctx, TS_VFY_SIGNATURE); /* Initialising the X509_STORE object. */ - if (!(ctx->store = create_cert_store(ca_path, ca_file))) + if ((store = create_cert_store(ca_path, ca_file)) == NULL) goto err; + TS_VERIFY_CTX_set_store(ctx, store); /* Loading untrusted certificates. */ - if (untrusted && !(ctx->certs = TS_CONF_load_certs(untrusted))) - goto err; + if (untrusted != NULL) { + if ((certs = TS_CONF_load_certs(untrusted)) == NULL) + goto err; + TS_VERIFY_CTX_set_certs(ctx, certs); + } ret = 1; err: @@ -1030,13 +1193,14 @@ create_cert_store(char *ca_path, char *ca_file) int i; /* Creating the X509_STORE object. */ - cert_ctx = X509_STORE_new(); + if ((cert_ctx = X509_STORE_new()) == NULL) + goto err; /* Setting the callback for certificate chain verification. */ X509_STORE_set_verify_cb(cert_ctx, verify_cb); /* Adding a trusted certificate directory source. */ - if (ca_path) { + if (ca_path != NULL) { lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir()); if (lookup == NULL) { @@ -1051,7 +1215,7 @@ create_cert_store(char *ca_path, char *ca_file) } } /* Adding a trusted certificate file source. */ - if (ca_file) { + if (ca_file != NULL) { lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); if (lookup == NULL) { BIO_printf(bio_err, "memory allocation failure\n"); @@ -1070,7 +1234,7 @@ create_cert_store(char *ca_path, char *ca_file) } static int -verify_cb(int ok, X509_STORE_CTX * ctx) +verify_cb(int ok, X509_STORE_CTX *ctx) { /* char buf[256]; diff --git a/apps/openssl/x509.c b/apps/openssl/x509.c index 3102be9b..c777ee9b 100644 --- a/apps/openssl/x509.c +++ b/apps/openssl/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.24 2021/08/29 19:56:40 schwarze Exp $ */ +/* $OpenBSD: x509.c,v 1.29 2021/12/12 20:34:04 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -846,22 +846,11 @@ x509_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if ((req->req_info == NULL) || - (req->req_info->pubkey == NULL) || - (req->req_info->pubkey->public_key == NULL) || - (req->req_info->pubkey->public_key->data == NULL)) { - BIO_printf(bio_err, - "The certificate request appears to corrupted\n"); - BIO_printf(bio_err, - "It does not contain a public key\n"); - goto end; - } - if ((pkey = X509_REQ_get_pubkey(req)) == NULL) { + if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) { BIO_printf(bio_err, "error unpacking public key\n"); goto end; } i = X509_REQ_verify(req, pkey); - EVP_PKEY_free(pkey); if (i < 0) { BIO_printf(bio_err, "Signature verification error\n"); ERR_print_errors(bio_err); @@ -892,9 +881,9 @@ x509_main(int argc, char **argv) } else if (!X509_set_serialNumber(x, x509_config.sno)) goto end; - if (!X509_set_issuer_name(x, req->req_info->subject)) + if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req))) goto end; - if (!X509_set_subject_name(x, req->req_info->subject)) + if (!X509_set_subject_name(x, X509_REQ_get_subject_name(req))) goto end; if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL) @@ -903,13 +892,12 @@ x509_main(int argc, char **argv) NULL) == NULL) goto end; - if ((pkey = X509_REQ_get_pubkey(req)) == NULL) + if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) goto end; if (!X509_set_pubkey(x, pkey)) { EVP_PKEY_free(pkey); goto end; } - EVP_PKEY_free(pkey); } else { x = load_cert(bio_err, x509_config.infile, x509_config.informat, NULL, "Certificate"); @@ -1055,7 +1043,7 @@ x509_main(int argc, char **argv) } else if (x509_config.modulus == i) { EVP_PKEY *pkey; - pkey = X509_get_pubkey(x); + pkey = X509_get0_pubkey(x); if (pkey == NULL) { BIO_printf(bio_err, "Modulus=unavailable\n"); @@ -1063,20 +1051,27 @@ x509_main(int argc, char **argv) goto end; } BIO_printf(STDout, "Modulus="); - if (pkey->type == EVP_PKEY_RSA) - BN_print(STDout, pkey->pkey.rsa->n); - else if (pkey->type == EVP_PKEY_DSA) - BN_print(STDout, - pkey->pkey.dsa->pub_key); - else + if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) { + RSA *rsa = EVP_PKEY_get0_RSA(pkey); + const BIGNUM *n = NULL; + + RSA_get0_key(rsa, &n, NULL, NULL); + BN_print(STDout, n); + } else if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) { + DSA *dsa = EVP_PKEY_get0_DSA(pkey); + const BIGNUM *pub_key = NULL; + + DSA_get0_key(dsa, &pub_key, NULL); + + BN_print(STDout, pub_key); + } else BIO_printf(STDout, "Wrong Algorithm type"); BIO_printf(STDout, "\n"); - EVP_PKEY_free(pkey); } else if (x509_config.pubkey == i) { EVP_PKEY *pkey; - pkey = X509_get_pubkey(x); + pkey = X509_get0_pubkey(x); if (pkey == NULL) { BIO_printf(bio_err, "Error getting public key\n"); @@ -1084,7 +1079,6 @@ x509_main(int argc, char **argv) goto end; } PEM_write_bio_PUBKEY(STDout, pkey); - EVP_PKEY_free(pkey); } else if (x509_config.C == i) { unsigned char *d; char *m; @@ -1308,16 +1302,6 @@ x509_main(int argc, char **argv) i = PEM_write_bio_X509_AUX(out, x); else i = PEM_write_bio_X509(out, x); - } else if (x509_config.outformat == FORMAT_NETSCAPE) { - NETSCAPE_X509 nx; - ASN1_OCTET_STRING hdr; - - hdr.data = (unsigned char *) NETSCAPE_CERT_HDR; - hdr.length = strlen(NETSCAPE_CERT_HDR); - nx.header = &hdr; - nx.cert = x; - - i = ASN1_item_i2d_bio(&NETSCAPE_X509_it, out, &nx); } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); @@ -1403,16 +1387,17 @@ x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509 *x, { int ret = 0; ASN1_INTEGER *bs = NULL; - X509_STORE_CTX xsc; + X509_STORE_CTX *xsc = NULL; EVP_PKEY *upkey; - upkey = X509_get_pubkey(xca); + upkey = X509_get0_pubkey(xca); if (upkey == NULL) goto end; EVP_PKEY_copy_parameters(upkey, pkey); - EVP_PKEY_free(upkey); - if (!X509_STORE_CTX_init(&xsc, ctx, x, NULL)) { + if ((xsc = X509_STORE_CTX_new()) == NULL) + goto end; + if (!X509_STORE_CTX_init(xsc, ctx, x, NULL)) { BIO_printf(bio_err, "Error initialising X509 store\n"); goto end; } @@ -1427,9 +1412,9 @@ x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509 *x, * NOTE: this certificate can/should be self signed, unless it was a * certificate request in which case it is not. */ - X509_STORE_CTX_set_cert(&xsc, x); - X509_STORE_CTX_set_flags(&xsc, X509_V_FLAG_CHECK_SS_SIGNATURE); - if (!x509_config.reqfile && X509_verify_cert(&xsc) <= 0) + X509_STORE_CTX_set_cert(xsc, x); + X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE); + if (!x509_config.reqfile && X509_verify_cert(xsc) <= 0) goto end; if (!X509_check_private_key(xca, pkey)) { @@ -1469,7 +1454,7 @@ x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509 *x, ret = 1; end: - X509_STORE_CTX_cleanup(&xsc); + X509_STORE_CTX_free(xsc); if (!ret) ERR_print_errors(bio_err); if (sno == NULL) @@ -1519,12 +1504,11 @@ sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, { EVP_PKEY *pktmp; - pktmp = X509_get_pubkey(x); + pktmp = X509_get0_pubkey(x); if (pktmp == NULL) goto err; EVP_PKEY_copy_parameters(pktmp, pkey); EVP_PKEY_save_parameters(pktmp, 1); - EVP_PKEY_free(pktmp); if (!X509_set_issuer_name(x, X509_get_subject_name(x))) goto err; diff --git a/cert.pem b/cert.pem index 0e50fe63..94a66a01 100644 --- a/cert.pem +++ b/cert.pem @@ -1,36 +1,36 @@ -# $OpenBSD: cert.pem,v 1.24 2021/09/30 18:16:11 deraadt Exp $ +# $OpenBSD: cert.pem,v 1.25 2022/07/11 09:05:16 sthen Exp $ ### /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 === /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 Certificate: Data: Version: 3 (0x2) - Serial Number: 6047274297262753887 (0x53ec3beefbb2485f) - Signature Algorithm: sha1WithRSAEncryption + Serial Number: 1977337328857672817 (0x1b70e9d2ffae6c71) + Signature Algorithm: sha256WithRSAEncryption Validity - Not Before: May 20 08:38:15 2009 GMT - Not After : Dec 31 08:38:15 2030 GMT + Not Before: Sep 23 15:22:07 2014 GMT + Not After : May 5 15:22:07 2036 GMT Subject: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 X509v3 extensions: - X509v3 Basic Constraints: critical - CA:TRUE, pathlen:1 - X509v3 Key Usage: critical - Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 65:CD:EB:AB:35:1E:00:3E:7E:D5:74:C0:1C:B4:73:47:0E:1A:64:2F + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:1 X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://www.firmaprofesional.com/cps User Notice: Explicit Text: -SHA1 Fingerprint=AE:C5:FB:3F:C8:E1:BF:C4:E5:4F:03:07:5A:9A:E8:00:B7:F7:B6:FA -SHA256 Fingerprint=04:04:80:28:BF:1F:28:64:D4:8F:9A:D4:D8:32:94:36:6A:82:88:56:55:3F:3B:14:30:3F:90:14:7F:5D:40:EF + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=0B:BE:C2:27:22:49:CB:39:AA:DB:35:5C:53:E3:8C:AE:78:FF:B6:FE +SHA256 Fingerprint=57:DE:05:83:EF:D2:B2:6E:03:61:DA:99:DA:9D:F4:64:8D:EF:7E:E8:44:1C:3B:72:8A:FA:9B:CD:E0:F9:B2:6A -----BEGIN CERTIFICATE----- -MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE +MIIGFDCCA/ygAwIBAgIIG3Dp0v+ubHEwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UE BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h -cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy -MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg +cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0xNDA5MjMxNTIyMDdaFw0zNjA1 +MDUxNTIyMDdaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM @@ -43,23 +43,23 @@ Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF 6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh -OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD -VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD -VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp -cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv -ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl -AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF -661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9 -am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1 -ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481 -PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS -3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k -SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF -3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM -ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g -StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz -Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB -jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V +OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMB0GA1UdDgQWBBRlzeurNR4APn7VdMAc +tHNHDhpkLzASBgNVHRMBAf8ECDAGAQH/AgEBMIGmBgNVHSAEgZ4wgZswgZgGBFUd +IAAwgY8wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuZmlybWFwcm9mZXNpb25hbC5j +b20vY3BzMFwGCCsGAQUFBwICMFAeTgBQAGEAcwBlAG8AIABkAGUAIABsAGEAIABC +AG8AbgBhAG4AbwB2AGEAIAA0ADcAIABCAGEAcgBjAGUAbABvAG4AYQAgADAAOAAw +ADEANzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAHSHKAIrdx9m +iWTtj3QuRhy7qPj4Cx2Dtjqn6EWKB7fgPiDL4QjbEwj4KKE1soCzC1HA01aajTNF +Sa9J8OA9B3pFE1r/yJfY0xgsfZb43aJlQ3CTkBW6kN/oGbDbLIpgD7dvlAceHabJ +hfa9NPhAeGIQcDq+fUs5gakQ1JZBu/hfHAsdCPKxsIl68veg4MSPi3i1O1ilI45P +Vf42O+AMt8oqMEEgtIDNrvx2ZnOorm7hfNoD6JQg5iKj0B+QXSBTFCZX2lSX3xZE +EAEeiGaPcjiT3SC3NL7X8e5jjkd5KAb881lFJWAiMxujX6i6KtoaPc1A6ozuBRWV +1aUsIC+nmCjuRfzxuIgALI9C2lHVnOUTaHFFQ4ueCyE8S1wF3BqfmI7avSKecs2t +CsvMo2ebKHTEm9caPARYpoKdrcd7b/+Alun4jWq9GJAd/0kakFI3ky88Al2CdgtR +5xbHV/g4+afNmyJU72OwFW1TZQNKXkqgsqeOSQBZONXH9IBk9W6VULgRfhVwOEqw +f9DEMnDAGf/JOC0ULGb0QkTmVXYbgBVX/8Cnp6o5qtjTcNAuuuuUavpfNIbnYrX9 +ivAwhZTJryQCL2/W3Wf+47BVTwSYT6RBVuKT0Gro1vP7ZeDOdcQxWQzugsgMYDNK +GbqEZycPvEJdvSRUDewdcAZfpLz6IHxV -----END CERTIFICATE----- ### ACCV @@ -369,66 +369,63 @@ aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== -----END CERTIFICATE----- -### Agencia Catalana de Certificacio (NIF Q-0801176-I) +### Agence Nationale de Certification Electronique -=== /C=ES/O=Agencia Catalana de Certificacio (NIF Q-0801176-I)/OU=Serveis Publics de Certificacio/OU=Vegeu https://www.catcert.net/verarrel (c)03/OU=Jerarquia Entitats de Certificacio Catalanes/CN=EC-ACC +=== /C=TN/O=Agence Nationale de Certification Electronique/CN=TunTrust Root CA Certificate: Data: Version: 3 (0x2) Serial Number: - (Negative)11:d4:c2:14:2b:de:21:eb:57:9d:53:fb:0c:22:3b:ff - Signature Algorithm: sha1WithRSAEncryption + 13:02:d5:e2:40:4c:92:46:86:16:67:5d:b4:bb:bb:b2:6b:3e:fc:13 + Signature Algorithm: sha256WithRSAEncryption Validity - Not Before: Jan 7 23:00:00 2003 GMT - Not After : Jan 7 22:59:59 2031 GMT - Subject: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC + Not Before: Apr 26 08:57:56 2019 GMT + Not After : Apr 26 08:57:56 2044 GMT + Subject: C=TN, O=Agence Nationale de Certification Electronique, CN=TunTrust Root CA X509v3 extensions: - X509v3 Subject Alternative Name: - email:ec_acc@catcert.net + X509v3 Subject Key Identifier: + 06:9A:9B:1F:53:7D:F1:F5:A4:C8:D3:86:3E:A1:73:59:B4:F7:44:21 X509v3 Basic Constraints: critical CA:TRUE + X509v3 Authority Key Identifier: + keyid:06:9A:9B:1F:53:7D:F1:F5:A4:C8:D3:86:3E:A1:73:59:B4:F7:44:21 + X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: - A0:C3:8B:44:AA:37:A5:45:BF:97:80:5A:D1:F1:78:A2:9B:E9:5D:8D - X509v3 Certificate Policies: - Policy: 1.3.6.1.4.1.15096.1.3.1.10 - CPS: https://www.catcert.net/verarrel - User Notice: - Explicit Text: Vegeu https://www.catcert.net/verarrel - -SHA1 Fingerprint=28:90:3A:63:5B:52:80:FA:E6:77:4C:0B:6D:A7:D6:BA:A6:4A:F2:E8 -SHA256 Fingerprint=88:49:7F:01:60:2F:31:54:24:6A:E2:8C:4D:5A:EF:10:F1:D8:7E:BB:76:62:6F:4A:E0:B7:F9:5B:A7:96:87:99 ------BEGIN CERTIFICATE----- -MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB -8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2Vy -dGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1 -YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3 -dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlh -IEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVD -LUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQG -EwJFUzE7MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8g -KE5JRiBRLTA4MDExNzYtSSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBD -ZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZlZ2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQu -bmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJhcnF1aWEgRW50aXRhdHMg -ZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUNDMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R -85iKw5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm -4CgPukLjbo73FCeTae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaV -HMf5NLWUhdWZXqBIoH7nF2W4onW4HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNd -QlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0aE9jD2z3Il3rucO2n5nzbcc8t -lGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw0JDnJwIDAQAB -o4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E -BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4 -opvpXY0wfwYDVR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBo -dHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidW -ZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAwDQYJKoZIhvcN -AQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJlF7W2u++AVtd0x7Y -/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNaAl6k -SBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhy -Rp/7SNVel+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOS -Agu+TGbrIP65y7WZf+a2E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xl -nJ2lYJU6Un/10asIbvPuW/mIPX64b24D5EI= +SHA1 Fingerprint=CF:E9:70:84:0F:E0:73:0F:9D:F6:0C:7F:2C:4B:EE:20:46:34:9C:BB +SHA256 Fingerprint=2E:44:10:2A:B5:8C:B8:54:19:45:1C:8E:19:D9:AC:F3:66:2C:AF:BC:61:4B:6A:53:96:0A:30:F7:D0:E2:EB:41 +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgIUEwLV4kBMkkaGFmddtLu7sms+/BMwDQYJKoZIhvcNAQEL +BQAwYTELMAkGA1UEBhMCVE4xNzA1BgNVBAoMLkFnZW5jZSBOYXRpb25hbGUgZGUg +Q2VydGlmaWNhdGlvbiBFbGVjdHJvbmlxdWUxGTAXBgNVBAMMEFR1blRydXN0IFJv +b3QgQ0EwHhcNMTkwNDI2MDg1NzU2WhcNNDQwNDI2MDg1NzU2WjBhMQswCQYDVQQG +EwJUTjE3MDUGA1UECgwuQWdlbmNlIE5hdGlvbmFsZSBkZSBDZXJ0aWZpY2F0aW9u +IEVsZWN0cm9uaXF1ZTEZMBcGA1UEAwwQVHVuVHJ1c3QgUm9vdCBDQTCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAMPN0/y9BFPdDCA61YguBUtB9YOCfvdZ +n56eY+hz2vYGqU8ftPkLHzmMmiDQfgbU7DTZhrx1W4eI8NLZ1KMKsmwb60ksPqxd +2JQDoOw05TDENX37Jk0bbjBU2PWARZw5rZzJJQRNmpA+TkBuimvNKWfGzC3gdOgF +VwpIUPp6Q9p+7FuaDmJ2/uqdHYVy7BG7NegfJ7/Boce7SBbdVtfMTqDhuazb1YMZ +GoXRlJfXyqNlC/M4+QKu3fZnz8k/9YosRxqZbwUN/dAdgjH8KcwAWJeRTIAAHDOF +li/LQcKLEITDCSSJH7UP2dl3RxiSlGBcx5kDPP73lad9UKGAwqmDrViWVSHbhlnU +r8a83YFuB9tgYv7sEG7aaAH0gxupPqJbI9dkxt/con3YS7qC0lH4Zr8GRuR5KiY2 +eY8fTpkdso8MDhz/yV3A/ZAQprE38806JG60hZC/gLkMjNWb1sjxVj8agIl6qeIb +MlEsPvLfe/ZdeikZjuXIvTZxi11Mwh0/rViizz1wTaZQmCXcI/m4WEEIcb9PuISg +jwBUFfyRbVinljvrS5YnzWuioYasDXxU5mZMZl+QviGaAkYt5IPCgLnPSz7ofzwB +7I9ezX/SKEIBlYrilz0QIX32nRzFNKHsLA4KUiwSVXAkPcvCFDVDXSdOvsC9qnyW +5/yeYa1E0wCXAgMBAAGjYzBhMB0GA1UdDgQWBBQGmpsfU33x9aTI04Y+oXNZtPdE +ITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFAaamx9TffH1pMjThj6hc1m0 +90QhMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAqgVutt0Vyb+z +xiD2BkewhpMl0425yAA/l/VSJ4hxyXT968pk21vvHl26v9Hr7lxpuhbI87mP0zYu +QEkHDVneixCwSQXi/5E/S7fdAo74gShczNxtr18UnH1YeA32gAm56Q6XKRm4t+v4 +FstVEuTGfbvE7Pi1HE4+Z7/FXxttbUcoqgRYYdZ2vyJ/0Adqp2RT8JeNnYA/u8EH +22Wv5psymsNUk8QcCMNE+3tjEUPRahphanltkE8pjkcFwRJpadbGNjHh/PqAulxP +xOu3Mqz4dWEX1xAZufHSCe96Qp1bWgvUxpVOKs7/B9dPfhgGiPEZtdmYu65xxBzn +dFlY7wyJz4sfdZMaBBSSSFCp61cpABbjNhzI+L/wM9VBD8TMPN3pM0MBkRArHtG5 +Xc0yGYuPjCB31yLEQtyEFpslbei0VXF/sHyz03FJuc9SpAQ/3D2gu68zngowYI7b +nV2UqL1g52KAdoGDDIzMMEZJ4gzSqK/rYXHv5yJiqfdcZGyfFoxnNidF9Ql7v/YQ +CvGwjVRDjAS6oz/v4jXH+XTgbzRB0L9zZVcg+ZtnemZoJE6AZb0QmQZZ8mWvuMZH +u/2QeItBcy6vVR/cO5JyboTT0GFMDcx2V+IthSIVNg3rAZ3r2OvEhJn7wAzMMujj +d9qDRIueVSjAi1jTkD5OGwDxFa2DK5o= -----END CERTIFICATE----- ### Amazon @@ -590,6 +587,156 @@ CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW 1KyLa2tJElMzrdfkviT8tQp21KW8EA== -----END CERTIFICATE----- +### ANF Autoridad de Certificacion + +=== /serialNumber=G63287510/C=ES/O=ANF Autoridad de Certificacion/OU=ANF CA Raiz/CN=ANF Secure Server Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 996390341000653745 (0xdd3e3bc6cf96bb1) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Sep 4 10:00:38 2019 GMT + Not After : Aug 30 10:00:38 2039 GMT + Subject: serialNumber=G63287510, C=ES, O=ANF Autoridad de Certificacion, OU=ANF CA Raiz, CN=ANF Secure Server Root CA + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:9C:5F:D0:6C:63:A3:5F:93:CA:93:98:08:AD:8C:87:A5:2C:5C:C1:37 + + X509v3 Subject Key Identifier: + 9C:5F:D0:6C:63:A3:5F:93:CA:93:98:08:AD:8C:87:A5:2C:5C:C1:37 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=5B:6E:68:D0:CC:15:B6:A0:5F:1E:C1:5F:AE:02:FC:6B:2F:5D:6F:74 +SHA256 Fingerprint=FB:8F:EC:75:91:69:B9:10:6B:1E:51:16:44:C6:18:C5:13:04:37:3F:6C:06:43:08:8D:8B:EF:FD:1B:99:75:99 +-----BEGIN CERTIFICATE----- +MIIF7zCCA9egAwIBAgIIDdPjvGz5a7EwDQYJKoZIhvcNAQELBQAwgYQxEjAQBgNV +BAUTCUc2MzI4NzUxMDELMAkGA1UEBhMCRVMxJzAlBgNVBAoTHkFORiBBdXRvcmlk +YWQgZGUgQ2VydGlmaWNhY2lvbjEUMBIGA1UECxMLQU5GIENBIFJhaXoxIjAgBgNV +BAMTGUFORiBTZWN1cmUgU2VydmVyIFJvb3QgQ0EwHhcNMTkwOTA0MTAwMDM4WhcN +MzkwODMwMTAwMDM4WjCBhDESMBAGA1UEBRMJRzYzMjg3NTEwMQswCQYDVQQGEwJF +UzEnMCUGA1UEChMeQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uMRQwEgYD +VQQLEwtBTkYgQ0EgUmFpejEiMCAGA1UEAxMZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9v +dCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANvrayvmZFSVgpCj +cqQZAZ2cC4Ffc0m6p6zzBE57lgvsEeBbphzOG9INgxwruJ4dfkUyYA8H6XdYfp9q +yGFOtibBTI3/TO80sh9l2Ll49a2pcbnvT1gdpd50IJeh7WhM3pIXS7yr/2WanvtH +2Vdy8wmhrnZEE26cLUQ5vPnHO6RYPUG9tMJJo8gN0pcvB2VSAKduyK9o7PQUlrZX +H1bDOZ8rbeTzPvY1ZNoMHKGESy9LS+IsJJ1tk0DrtSOOMspvRdOoiXsezx76W0OL +zc2oD2rKDF65nkeP8Nm2CgtYZRczuSPkdxl9y0oukntPLxB3sY0vaJxizOBQ+OyR +p1RMVwnVdmPF6GUe7m1qzwmd+nxPrWAI/VaZDxUse6mAq4xhj0oHdkLePfTdsiQz +W7i1o0TJrH93PB0j7IKppuLIBkwC/qxcmZkLLxCKpvR/1Yd0DVlJRfbwcVw5Kda/ +SiOL9V8BY9KHcyi1Swr1+KuCLH5zJTIdC2MKF4EA/7Z2Xue0sUDKIbvVgFHlSFJn +LNJhiQcND85Cd8BEc5xEUKDbEAotlRyBr+Qc5RQe8TZBAQIvfXOn3kLMTOmJDVb3 +n5HUA8ZsyY/b2BzgQJhdZpmYgG4t/wHFzstGH6wCxkPmrqKEPMVOHj1tyRRM4y5B +u8o5vzY8KhmqQYdOpc5LMnndkEl/AgMBAAGjYzBhMB8GA1UdIwQYMBaAFJxf0Gxj +o1+TypOYCK2Mh6UsXME3MB0GA1UdDgQWBBScX9BsY6Nfk8qTmAitjIelLFzBNzAO +BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AgEATh65isagmD9uw2nAalxJUqzLK114OMHVVISfk/CHGT0sZonrDUL8zPB1hT+L +9IBdeeUXZ701guLyPI59WzbLWoAAKfLOKyzxj6ptBZNscsdW699QIyjlRRA96Gej +rw5VD5AJYu9LWaL2U/HANeQvwSS9eS9OICI7/RogsKQOLHDtdD+4E5UGUcjohybK +pFtqFiGS3XNgnhAY3jyB6ugYw3yJ8otQPr0R4hUDqDZ9MwFsSBXXiJCZBMXM5gf0 +vPSQ7RPi6ovDj6MzD8EpTBNO2hVWcXNyglD2mjN8orGoGjR0ZVzO0eurU+AagNjq +OknkJjCb5RyKqKkVMoaZkgoQI1YS4PbOTOK7vtuNknMBZi9iPrJyJ0U27U1W45eZ +/zo1PqVUSlJZS2Db7v54EX9K3BR5YLZrZAPbFYPhor72I5dQ8AkzNqdxliXzuUJ9 +2zg/LFis6ELhDtjTO0wugumDLmsx2d1Hhk9tl5EuT+IocTUW0fJz/iUrB0ckYyfI ++PbZa/wSMVYIwFNCr5zQM378BvAxRAMU8Vjq8moNqRGyg77FGr8H6lnco4g175x2 +MjxNBiLOFeXdntiP2t7SxDnlF4HPOEfrf4htWRvfn0IUrn7PqLBmZdo3r5+qPeoo +tt7VMVgWglvquxl1AnMaykgaIZOQCo6ThKd9OyMYkomgjaw= +-----END CERTIFICATE----- + +### Asseco Data Systems S.A. + +=== /C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum EC-384 CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 78:8f:27:5c:81:12:52:20:a5:04:d0:2d:dd:ba:73:f4 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Mar 26 07:24:54 2018 GMT + Not After : Mar 26 07:24:54 2043 GMT + Subject: C=PL, O=Asseco Data Systems S.A., OU=Certum Certification Authority, CN=Certum EC-384 CA + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 8D:06:66:74:24:76:3A:F3:89:F7:BC:D6:BD:47:7D:2F:BC:10:5F:4B + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=F3:3E:78:3C:AC:DF:F4:A2:CC:AC:67:55:69:56:D7:E5:16:3C:E1:ED +SHA256 Fingerprint=6B:32:80:85:62:53:18:AA:50:D1:73:C9:8D:8B:DA:09:D5:7E:27:41:3D:11:4C:F7:87:A0:F5:D0:6C:03:0C:F6 +-----BEGIN CERTIFICATE----- +MIICZTCCAeugAwIBAgIQeI8nXIESUiClBNAt3bpz9DAKBggqhkjOPQQDAzB0MQsw +CQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScw +JQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAXBgNVBAMT +EENlcnR1bSBFQy0zODQgQ0EwHhcNMTgwMzI2MDcyNDU0WhcNNDMwMzI2MDcyNDU0 +WjB0MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBT +LkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAX +BgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATE +KI6rGFtqvm5kN2PkzeyrOvfMobgOgknXhimfoZTy42B4mIF4Bk3y7JoOV2CDn7Tm +Fy8as10CW4kjPMIRBSqniBMY81CE1700LCeJVf/OTOffph8oxPBUw7l8t1Ot68Kj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI0GZnQkdjrzife81r1HfS+8 +EF9LMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjADVS2m5hjEfO/J +UG7BJw+ch69u1RsIGL2SKcHvlJF40jocVYli5RsJHrpka/F2tNQCMQC0QoSZ/6vn +nvuRlydd3LBbMHHOXjgaatkl5+r3YZJW+OraNsKHZZYuciUvf9/DE8k= +-----END CERTIFICATE----- +=== /C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum Trusted Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1e:bf:59:50:b8:c9:80:37:4c:06:f7:eb:55:4f:b5:ed + Signature Algorithm: sha512WithRSAEncryption + Validity + Not Before: Mar 16 12:10:13 2018 GMT + Not After : Mar 16 12:10:13 2043 GMT + Subject: C=PL, O=Asseco Data Systems S.A., OU=Certum Certification Authority, CN=Certum Trusted Root CA + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 8C:FB:1C:75:BC:02:D3:9F:4E:2E:48:D9:F9:60:54:AA:C4:B3:4F:FA + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=C8:83:44:C0:18:AE:9F:CC:F1:87:B7:8F:22:D1:C5:D7:45:84:BA:E5 +SHA256 Fingerprint=FE:76:96:57:38:55:77:3E:37:A9:5E:7A:D4:D9:CC:96:C3:01:57:C1:5D:31:76:5B:A9:B1:57:04:E1:AE:78:FD +-----BEGIN CERTIFICATE----- +MIIFwDCCA6igAwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6 +MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEu +MScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNV +BAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwHhcNMTgwMzE2MTIxMDEzWhcNNDMw +MzE2MTIxMDEzWjB6MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEg +U3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQDRLY67tzbqbTeRn06TpwXkKQMlzhyC93yZ +n0EGze2jusDbCSzBfN8pfktlL5On1AFrAygYo9idBcEq2EXxkd7fO9CAAozPOA/q +p1x4EaTByIVcJdPTsuclzxFUl6s1wB52HO8AU5853BSlLCIls3Jy/I2z5T4IHhQq +NwuIPMqw9MjCoa68wb4pZ1Xi/K1ZXP69VyywkI3C7Te2fJmItdUDmj0VDT06qKhF +8JVOJVkdzZhpu9PMMsmN74H+rX2Ju7pgE8pllWeg8xn2A1bUatMn4qGtg/BKEiJ3 +HAVz4hlxQsDsdUaakFjgao4rpUYwBI4Zshfjvqm6f1bxJAPXsiEodg42MEx51UGa +mqi4NboMOvJEGyCI98Ul1z3G4z5D3Yf+xOr1Uz5MZf87Sst4WmsXXw3Hw09Omiqi +7VdNIuJGmj8PkTQkfVXjjJU30xrwCSss0smNtA0Aq2cpKNgB9RkEth2+dv5yXMSF +ytKAQd8FqKPVhJBPC/PgP5sZ0jeJP/J7UhyM9uH3PAeXjA6iWYEMspA90+NZRu0P +qafegGtaqge2Gcu8V/OXIXoMsSt0Puvap2ctTMSYnjYJdmZm/Bo/6khUHL4wvYBQ +v3y1zgD2DGHZ5yQD4OMBgQ692IU0iL2yNqh7XAjlRICMb/gv1SHKHRzQ+8S1h9E6 +Tsd2tTVItQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSM+xx1 +vALTn04uSNn5YFSqxLNP+jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQAD +ggIBAEii1QALLtA/vBzVtVRJHlpr9OTy4EA34MwUe7nJ+jW1dReTagVphZzNTxl4 +WxmB82M+w85bj/UvXgF2Ez8sALnNllI5SW0ETsXpD4YN4fqzX4IS8TrOZgYkNCvo +zMrnadyHncI013nR03e4qllY/p0m+jiGPp2Kh2RX5Rc64vmNueMzeMGQ2Ljdt4NR +5MTMI9UGfOZR0800McD2RrsLrfw9EAUqO0qRJe6M1ISHgCq8CYyqOhNf6DR5UMEQ +GfnTKB7U0VEwKbOukGfWHwpjscWpxkIxYxeU72nLL/qMFH3EQxiJ2fAyQOaA4kZf +5ePBAFmo+eggvIksDkc0C+pXwlM2/KfUrzHN/gLldfq5Jwn58/U7yn2fqSLLiMmq +0Uc9NneoWWRrJ8/vJ8HjJLWG965+Mk2weWjROeiQWMODvA8s1pfrzgzhIMfatz7D +P78v3DSk+yshzWePS/Tj6tQ/50+6uaWTRRxmHyH6ZF5v4HaUMst19W7l9o/HuKTM +qJZ9ZPskWkoDbGs4xugDQ5r3V7mzKWmTOPQD8rv7gmsHINFSH5pkAnuYZttcTVoP +0ISVoDwUQwbKytu4QTbaakRnh6+v40URFWkIsr4WOZckbxJF0WddCajJFdr60qZf +E2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyRVJ12AMXDuDjb +-----END CERTIFICATE----- + ### Atos === /CN=Atos TrustedRoot 2011/O=Atos/C=DE @@ -940,6 +1087,57 @@ AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ ### Chunghwa Telecom Co., Ltd. +=== /C=TW/O=Chunghwa Telecom Co., Ltd./CN=HiPKI Root CA - G1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2d:dd:ac:ce:62:97:94:a1:43:e8:b0:cd:76:6a:5e:60 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Feb 22 09:46:04 2019 GMT + Not After : Dec 31 15:59:59 2037 GMT + Subject: C=TW, O=Chunghwa Telecom Co., Ltd., CN=HiPKI Root CA - G1 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + F2:77:17:FA:5E:A8:FE:F6:3D:71:D5:68:BA:C9:46:0C:38:D8:AF:B0 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=6A:92:E4:A8:EE:1B:EC:96:45:37:E3:29:57:49:CD:96:E3:E5:D2:60 +SHA256 Fingerprint=F0:15:CE:3C:C2:39:BF:EF:06:4B:E9:F1:D2:C4:17:E1:A0:26:4A:0A:94:BE:1F:0C:8D:12:18:64:EB:69:49:CC +-----BEGIN CERTIFICATE----- +MIIFajCCA1KgAwIBAgIQLd2szmKXlKFD6LDNdmpeYDANBgkqhkiG9w0BAQsFADBP +MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 +ZC4xGzAZBgNVBAMMEkhpUEtJIFJvb3QgQ0EgLSBHMTAeFw0xOTAyMjIwOTQ2MDRa +Fw0zNzEyMzExNTU5NTlaME8xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3 +YSBUZWxlY29tIENvLiwgTHRkLjEbMBkGA1UEAwwSSGlQS0kgUm9vdCBDQSAtIEcx +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9B5/UnMyDHPkvRN0o9Qw +qNCuS9i233VHZvR85zkEHmpwINJaR3JnVfSl6J3VHiGh8Ge6zCFovkRTv4354twv +Vcg3Px+kwJyz5HdcoEb+d/oaoDjq7Zpy3iu9lFc6uux55199QmQ5eiY29yTw1S+6 +lZgRZq2XNdZ1AYDgr/SEYYwNHl98h5ZeQa/rh+r4XfEuiAU+TCK72h8q3VJGZDnz +Qs7ZngyzsHeXZJzA9KMuH5UHsBffMNsAGJZMoYFL3QRtU6M9/Aes1MU3guvklQgZ +KILSQjqj2FPseYlgSGDIcpJQ3AOPgz+yQlda22rpEZfdhSi8MEyr48KxRURHH+CK +FgeW0iEPU8DtqX7UTuybCeyvQqww1r/REEXgphaypcXTT3OUM3ECoWqj1jOXTyFj +HluP2cFeRXF3D4FdXyGarYPM+l7WjSNfGz1BryB1ZlpK9p/7qxj3ccC2HTHsOyDr +y+K49a6SsvfhhEvyovKTmiKe0xRvNlS9H15ZFblzqMF8b3ti6RZsR1pl8w4Rm0bZ +/W3c1pzAtH2lsN0/Vm+h+fbkEkj9Bn8SV7apI09bA8PgcSojt/ewsTu8mL3WmKgM +a/aOEmem8rJY5AIJEzypuxC00jBF8ez3ABHfZfjcK0NVvxaXxA/VLGGEqnKG/uY6 +fsI/fe78LxQ+5oXdUG+3Se0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQU8ncX+l6o/vY9cdVouslGDDjYr7AwDgYDVR0PAQH/BAQDAgGGMA0GCSqG +SIb3DQEBCwUAA4ICAQBQUfB13HAE4/+qddRxosuej6ip0691x1TPOhwEmSKsxBHi +7zNKpiMdDg1H2DfHb680f0+BazVP6XKlMeJ45/dOlBhbQH3PayFUhuaVevvGyuqc +SE5XCV0vrPSltJczWNWseanMX/mF+lLFjfiRFOs6DRfQUsJ748JzjkZ4Bjgs6Fza +ZsT0pPBWGTMpWmWSBUdGSquEwx4noR8RkpkndZMPvDY7l1ePJlsMu5wP1G4wB9Tc +XzZoZjmDlicmisjEOf6aIW/Vcobpf2Lll07QJNBAsNB1CI69aO4I1258EHBGG3zg +iLKecoaZAeO/n0kZtCW+VmWuF2PlHt/o/0elv+EmBYTksMCv5wiZqAxeJoBF1Pho +L5aPruJKHJwWDBNvOIf2u8g0X5IDUXlwpt/L9ZlNec1OvFefQ05rLisY+GpzjLrF +Ne85akEez3GoorKGB1s6yeHvP2UEgEcyRHCVTjFnanRbEEV16rCf0OY1/k6fi8wr +kkVbbiVghUbN0aqwdmaTd5a+g744tiROJgvM7XpWGuDpWsZkrUx6AEhEL7lAuxM+ +vhV4nYWBSipX3tUZQ9rbyltHhoMLP7YNdnhzeSJesYAfz77RP1YQmCuVh6EfnWQU +YDksswBVLuT1sw5XxJFBAJw/6KXf6vb/yPCtbVKoF6ubYfwSUTXkJf2vqmqGOQ== +-----END CERTIFICATE----- === /C=TW/O=Chunghwa Telecom Co., Ltd./OU=ePKI Root Certification Authority Certificate: Data: @@ -995,61 +1193,6 @@ W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D hNQ+IIX3Sj0rnP0qCglN6oH4EZw= -----END CERTIFICATE----- -### Comodo CA Limited - -=== /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption - Validity - Not Before: Jan 1 00:00:00 2004 GMT - Not After : Dec 31 23:59:59 2028 GMT - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services - X509v3 extensions: - X509v3 Subject Key Identifier: - A0:11:0A:23:3E:96:F1:07:EC:E2:AF:29:EF:82:A5:7F:D0:30:A4:B4 - X509v3 Key Usage: critical - Certificate Sign, CRL Sign - X509v3 Basic Constraints: critical - CA:TRUE - X509v3 CRL Distribution Points: - - Full Name: - URI:http://crl.comodoca.com/AAACertificateServices.crl - - Full Name: - URI:http://crl.comodo.net/AAACertificateServices.crl - -SHA1 Fingerprint=D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49 -SHA256 Fingerprint=D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4 ------BEGIN CERTIFICATE----- -MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb -MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow -GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj -YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL -MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE -BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM -GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua -BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe -3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 -YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR -rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm -ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU -oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF -MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v -QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t -b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF -AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q -GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz -Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 -G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi -l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 -smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== ------END CERTIFICATE----- - ### COMODO CA Limited === /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority @@ -1193,61 +1336,155 @@ QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl NVOFBkpdn627G190 -----END CERTIFICATE----- -### Cybertrust, Inc +### Comodo CA Limited -=== /O=Cybertrust, Inc/CN=Cybertrust Global Root +=== /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services Certificate: Data: Version: 3 (0x2) - Serial Number: - 04:00:00:00:00:01:0f:85:aa:2d:48 + Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Validity - Not Before: Dec 15 08:00:00 2006 GMT - Not After : Dec 15 08:00:00 2021 GMT - Subject: O=Cybertrust, Inc, CN=Cybertrust Global Root + Not Before: Jan 1 00:00:00 2004 GMT + Not After : Dec 31 23:59:59 2028 GMT + Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services X509v3 extensions: + X509v3 Subject Key Identifier: + A0:11:0A:23:3E:96:F1:07:EC:E2:AF:29:EF:82:A5:7F:D0:30:A4:B4 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: - B6:08:7B:0D:7A:CC:AC:20:4C:86:56:32:5E:CF:AB:6E:85:2D:70:57 X509v3 CRL Distribution Points: Full Name: - URI:http://www2.public-trust.com/crl/ct/ctroot.crl + URI:http://crl.comodoca.com/AAACertificateServices.crl - X509v3 Authority Key Identifier: - keyid:B6:08:7B:0D:7A:CC:AC:20:4C:86:56:32:5E:CF:AB:6E:85:2D:70:57 - -SHA1 Fingerprint=5F:43:E5:B1:BF:F8:78:8C:AC:1C:C7:CA:4A:9A:C6:22:2B:CC:34:C6 -SHA256 Fingerprint=96:0A:DF:00:63:E9:63:56:75:0C:29:65:DD:0A:08:67:DA:0B:9C:BD:6E:77:71:4A:EA:FB:23:49:AB:39:3D:A3 ------BEGIN CERTIFICATE----- -MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG -A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh -bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE -ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS -b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5 -7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS -J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y -HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP -t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz -FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY -XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ -MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw -hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js -MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA -A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj -Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx -XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o -omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc -A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW -WL1WMRJOEcgh4LMRkWXbtKaIOM5V + Full Name: + URI:http://crl.comodo.net/AAACertificateServices.crl + +SHA1 Fingerprint=D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49 +SHA256 Fingerprint=D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4 +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj +YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM +GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua +BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe +3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 +YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR +rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm +ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU +oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v +QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t +b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF +AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q +GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 +G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi +l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 +smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== -----END CERTIFICATE----- ### D-Trust GmbH +=== /C=DE/O=D-Trust GmbH/CN=D-TRUST BR Root CA 1 2020 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7c:c9:8f:2b:84:d7:df:ea:0f:c9:65:9a:d3:4b:4d:96 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Feb 11 09:45:00 2020 GMT + Not After : Feb 11 09:44:59 2035 GMT + Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST BR Root CA 1 2020 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 73:91:10:AB:FF:55:B3:5A:7C:09:25:D5:B2:BA:08:A0:6B:AB:1F:6D + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.d-trust.net/crl/d-trust_br_root_ca_1_2020.crl + + Full Name: + URI:ldap://directory.d-trust.net/CN=D-TRUST%20BR%20Root%20CA%201%202020,O=D-Trust%20GmbH,C=DE?certificaterevocationlist + +SHA1 Fingerprint=1F:5B:98:F0:E3:B5:F7:74:3C:ED:E6:B0:36:7D:32:CD:F4:09:41:67 +SHA256 Fingerprint=E5:9A:AA:81:60:09:C2:2B:FF:5B:25:BA:D3:7D:F3:06:F0:49:79:7C:1F:81:D8:5A:B0:89:E6:57:BD:8F:00:44 +-----BEGIN CERTIFICATE----- +MIIC2zCCAmCgAwIBAgIQfMmPK4TX3+oPyWWa00tNljAKBggqhkjOPQQDAzBIMQsw +CQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRS +VVNUIEJSIFJvb3QgQ0EgMSAyMDIwMB4XDTIwMDIxMTA5NDUwMFoXDTM1MDIxMTA5 +NDQ1OVowSDELMAkGA1UEBhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEiMCAG +A1UEAxMZRC1UUlVTVCBCUiBSb290IENBIDEgMjAyMDB2MBAGByqGSM49AgEGBSuB +BAAiA2IABMbLxyjR+4T1mu9CFCDhQ2tuda38KwOE1HaTJddZO0Flax7mNCq7dPYS +zuht56vkPE4/RAiLzRZxy7+SmfSk1zxQVFKQhYN4lGdnoxwJGT11NIXe7WB9xwy0 +QVK5buXuQqOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHOREKv/ +VbNafAkl1bK6CKBrqx9tMA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6g +PKA6hjhodHRwOi8vY3JsLmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X2JyX3Jvb3Rf +Y2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVjdG9yeS5kLXRydXN0Lm5l +dC9DTj1ELVRSVVNUJTIwQlIlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxPPUQtVHJ1 +c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjO +PQQDAwNpADBmAjEAlJAtE/rhY/hhY+ithXhUkZy4kzg+GkHaQBZTQgjKL47xPoFW +wKrY7RjEsK70PvomAjEA8yjixtsrmfu3Ubgko6SUeho/5jbiA1czijDLgsfWFBHV +dWNbFJWcHwHP2NVypw87 +-----END CERTIFICATE----- +=== /C=DE/O=D-Trust GmbH/CN=D-TRUST EV Root CA 1 2020 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5f:02:41:d7:7a:87:7c:4c:03:a3:ac:96:8d:fb:ff:d0 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Feb 11 10:00:00 2020 GMT + Not After : Feb 11 09:59:59 2035 GMT + Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST EV Root CA 1 2020 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 7F:10:01:16:37:3A:A4:28:E4:50:F8:A4:F7:EC:6B:32:B6:FE:E9:8B + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.d-trust.net/crl/d-trust_ev_root_ca_1_2020.crl + + Full Name: + URI:ldap://directory.d-trust.net/CN=D-TRUST%20EV%20Root%20CA%201%202020,O=D-Trust%20GmbH,C=DE?certificaterevocationlist + +SHA1 Fingerprint=61:DB:8C:21:59:69:03:90:D8:7C:9C:12:86:54:CF:9D:3D:F4:DD:07 +SHA256 Fingerprint=08:17:0D:1A:A3:64:53:90:1A:2F:95:92:45:E3:47:DB:0C:8D:37:AB:AA:BC:56:B8:1A:A1:00:DC:95:89:70:DB +-----BEGIN CERTIFICATE----- +MIIC2zCCAmCgAwIBAgIQXwJB13qHfEwDo6yWjfv/0DAKBggqhkjOPQQDAzBIMQsw +CQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRS +VVNUIEVWIFJvb3QgQ0EgMSAyMDIwMB4XDTIwMDIxMTEwMDAwMFoXDTM1MDIxMTA5 +NTk1OVowSDELMAkGA1UEBhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEiMCAG +A1UEAxMZRC1UUlVTVCBFViBSb290IENBIDEgMjAyMDB2MBAGByqGSM49AgEGBSuB +BAAiA2IABPEL3YZDIBnfl4XoIkqbz52Yv7QFJsnL46bSj8WeeHsxiamJrSc8ZRCC +/N/DnU7wMyPE0jL1HLDfMxddxfCxivnvubcUyilKwg+pf3VlSSowZ/Rk99Yad9rD +wpdhQntJraOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFH8QARY3 +OqQo5FD4pPfsazK2/umLMA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6g +PKA6hjhodHRwOi8vY3JsLmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X2V2X3Jvb3Rf +Y2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVjdG9yeS5kLXRydXN0Lm5l +dC9DTj1ELVRSVVNUJTIwRVYlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxPPUQtVHJ1 +c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjO +PQQDAwNpADBmAjEAyjzGKnXCXnViOTYAYFqLwZOZzNnbQTs7h5kXO9XMT8oi96CA +y/m0sRtW9XLS/BnRAjEAkfcwkz8QRitxpNA7RJvAKQIFskF3UfN5Wp6OFKBOQtJb +gfM0agPnIjhQW+0ZT0MW +-----END CERTIFICATE----- === /C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 2009 Certificate: Data: @@ -1875,6 +2112,64 @@ zMOl6W8KjptlwlCFtaOgUxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8x L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL -----END CERTIFICATE----- +### e-commerce monitoring GmbH + +=== /C=AT/O=e-commerce monitoring GmbH/CN=GLOBALTRUST 2020 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5a:4b:bd:5a:fb:4f:8a:5b:fa:65:e5 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Feb 10 00:00:00 2020 GMT + Not After : Jun 10 00:00:00 2040 GMT + Subject: C=AT, O=e-commerce monitoring GmbH, CN=GLOBALTRUST 2020 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + DC:2E:1F:D1:61:37:79:E4:AB:D5:D5:B3:12:71:68:3D:6A:68:9C:22 + X509v3 Authority Key Identifier: + keyid:DC:2E:1F:D1:61:37:79:E4:AB:D5:D5:B3:12:71:68:3D:6A:68:9C:22 + +SHA1 Fingerprint=D0:67:C1:13:51:01:0C:AA:D0:C7:6A:65:37:31:16:26:4F:53:71:A2 +SHA256 Fingerprint=9A:29:6A:51:82:D1:D4:51:A2:E3:7F:43:9B:74:DA:AF:A2:67:52:33:29:F9:0F:9A:0D:20:07:C3:34:E2:3C:9A +-----BEGIN CERTIFICATE----- +MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkG +A1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkw +FwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYx +MDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9u +aXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWiD59b +RatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9Z +YybNpyrOVPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3 +QWPKzv9pj2gOlTblzLmMCcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPw +yJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCmfecqQjuCgGOlYx8ZzHyyZqjC0203b+J+ +BlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKAA1GqtH6qRNdDYfOiaxaJ +SaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9ORJitHHmkH +r96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj0 +4KlGDfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9Me +dKZssCz3AwyIDMvUclOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIw +q7ejMZdnrY8XD2zHc+0klGvIg5rQmjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2 +nKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1UdIwQYMBaAFNwu +H9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA +VC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJC +XtzoRlgHNQIw4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd +6IwPS3BD0IL/qMy/pJTAvoe9iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf ++I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS8cE54+X1+NZK3TTN+2/BT+MAi1bi +kvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2HcqtbepBEX4tdJP7 +wry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxSvTOB +TI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6C +MUO+1918oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn +4rnvyOL2NSl6dPrFf4IFYqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+I +aFvowdlxfv1k7/9nR4hYJS8+hge9+6jlgqispdNpQ80xiEmEU5LAsTkbOYMBMMTy +qfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg== +-----END CERTIFICATE----- + ### E-Tu\U011Fra EBG Bili\U015Fim Teknolojileri ve Hizmetleri A.\U015E. === /C=TR/L=Ankara/O=E-Tu\xC4\x9Fra EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E./OU=E-Tugra Sertifikasyon Merkezi/CN=E-Tugra Certification Authority @@ -2437,7 +2732,7 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - 2a:38:a4:1c:96:0a:04:de:42:b2:28:a5:0b:e8:34:98:02 + 02:03:e5:7e:f5:3f:93:fd:a5:09:21:b2:a6 Signature Algorithm: ecdsa-with-SHA256 Validity Not Before: Nov 13 00:00:00 2012 GMT @@ -2445,25 +2740,24 @@ Certificate: Subject: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign X509v3 extensions: X509v3 Key Usage: critical - Certificate Sign, CRL Sign + Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 54:B0:7B:AD:45:B8:E2:40:7F:FB:0A:6E:FB:BE:33:C9:3C:A3:84:D5 -SHA1 Fingerprint=69:69:56:2E:40:80:F4:24:A1:E7:19:9F:14:BA:F3:EE:58:AB:6A:BB -SHA256 Fingerprint=BE:C9:49:11:C2:95:56:76:DB:6C:0A:55:09:86:D7:6E:3B:A0:05:66:7C:44:2C:97:62:B4:FB:B7:73:DE:22:8C +SHA1 Fingerprint=6B:A0:B0:98:E1:71:EF:5A:AD:FE:48:15:80:77:10:F4:BD:6F:0B:28 +SHA256 Fingerprint=B0:85:D7:0B:96:4F:19:1A:73:E4:AF:0D:54:AE:7A:0E:07:AA:FD:AF:9B:71:DD:08:62:13:8A:B7:32:5A:24:A2 -----BEGIN CERTIFICATE----- -MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk -MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH -bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX -DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD -QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ -FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw -DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F -uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX -kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs -ewv4n4Q= +MIIB3DCCAYOgAwIBAgINAgPlfvU/k/2lCSGypjAKBggqhkjOPQQDAjBQMSQwIgYD +VQQLExtHbG9iYWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2Jh +bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTIxMTEzMDAwMDAwWhcNMzgw +MTE5MDMxNDA3WjBQMSQwIgYDVQQLExtHbG9iYWxTaWduIEVDQyBSb290IENBIC0g +UjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wWTAT +BgcqhkjOPQIBBggqhkjOPQMBBwNCAAS4xnnTj2wlDp8uORkcA6SumuU5BwkWymOx +uYb4ilfBV85C+nOh92VC/x7BALJucw7/xyHlGKSq2XE/qNS5zowdo0IwQDAOBgNV +HQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVLB7rUW44kB/ ++wpu+74zyTyjhNUwCgYIKoZIzj0EAwIDRwAwRAIgIk90crlgr/HmnKAWBVBfw147 +bmF0774BxL4YSFlhgjICICadVGNA3jdgUM/I2O2dgq43mLyjj0xMqTQrbO/7lZsm -----END CERTIFICATE----- === /OU=GlobalSign ECC Root CA - R5/O=GlobalSign/CN=GlobalSign Certificate: @@ -2499,56 +2793,6 @@ KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg 515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO xwy8p2Fp8fc74SrL+SvzZpA3 -----END CERTIFICATE----- -=== /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 04:00:00:00:00:01:0f:86:26:e6:0d - Signature Algorithm: sha1WithRSAEncryption - Validity - Not Before: Dec 15 08:00:00 2006 GMT - Not After : Dec 15 08:00:00 2021 GMT - Subject: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign - X509v3 extensions: - X509v3 Key Usage: critical - Certificate Sign, CRL Sign - X509v3 Basic Constraints: critical - CA:TRUE - X509v3 Subject Key Identifier: - 9B:E2:07:57:67:1C:1E:C0:6A:06:DE:59:B4:9A:2D:DF:DC:19:86:2E - X509v3 CRL Distribution Points: - - Full Name: - URI:http://crl.globalsign.net/root-r2.crl - - X509v3 Authority Key Identifier: - keyid:9B:E2:07:57:67:1C:1E:C0:6A:06:DE:59:B4:9A:2D:DF:DC:19:86:2E - -SHA1 Fingerprint=75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE -SHA256 Fingerprint=CA:42:DD:41:74:5F:D0:B8:1E:B9:02:36:2C:F9:D8:BF:71:9D:A1:BD:1B:1E:FC:94:6F:5B:4C:99:F4:2C:1B:9E ------BEGIN CERTIFICATE----- -MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G -A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp -Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 -MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG -A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL -v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 -eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq -tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd -C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa -zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB -mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH -V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n -bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG -3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs -J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO -291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS -ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd -AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 -TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== ------END CERTIFICATE----- === /OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign Certificate: Data: @@ -2826,7 +3070,7 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - 6e:47:a9:c5:4b:47:0c:0d:ec:33:d0:89:b9:1c:f4:e1 + 02:03:e5:93:6f:31:b0:13:49:88:6b:a2:17 Signature Algorithm: sha384WithRSAEncryption Validity Not Before: Jun 22 00:00:00 2016 GMT @@ -2834,50 +3078,50 @@ Certificate: Subject: C=US, O=Google Trust Services LLC, CN=GTS Root R1 X509v3 extensions: X509v3 Key Usage: critical - Certificate Sign, CRL Sign + Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: E4:AF:2B:26:71:1A:2B:48:27:85:2F:52:66:2C:EF:F0:89:13:71:3E -SHA1 Fingerprint=E1:C9:50:E6:EF:22:F8:4C:56:45:72:8B:92:20:60:D7:D5:A7:A3:E8 -SHA256 Fingerprint=2A:57:54:71:E3:13:40:BC:21:58:1C:BD:2C:F1:3E:15:84:63:20:3E:CE:94:BC:F9:D3:CC:19:6B:F0:9A:54:72 ------BEGIN CERTIFICATE----- -MIIFWjCCA0KgAwIBAgIQbkepxUtHDA3sM9CJuRz04TANBgkqhkiG9w0BAQwFADBH -MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM -QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy -MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl -cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaM -f/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vX -mX7wCl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7 -zUjwTcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0P -fyblqAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtc -vfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4 -Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUsp -zBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOO -Rc92wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYW -k70paDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+ -DVrNVjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgF -lQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV -HQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBADiW -Cu49tJYeX++dnAsznyvgyv3SjgofQXSlfKqE1OXyHuY3UjKcC9FhHb8owbZEKTV1 -d5iyfNm9dKyKaOOpMQkpAWBz40d8U6iQSifvS9efk+eCNs6aaAyC58/UEBZvXw6Z -XPYfcX3v73svfuo21pdwCxXu11xWajOl40k4DLh9+42FpLFZXvRq4d2h9mREruZR -gyFmxhE+885H7pwoHyXa/6xmld01D1zvICxi/ZG6qcz8WpyTgYMpl0p8WnK0OdC3 -d8t5/Wk6kjftbjhlRn7pYL15iJdfOBL07q9bgsiG1eGZbYwE8na6SfZu6W0eX6Dv -J4J2QPim01hcDyxC2kLGe4g0x8HYRZvBPsVhHdljUEn2NIVq4BjFbkerQUIpm/Zg -DdIx02OYI5NaAIFItO/Nis3Jz5nu2Z6qNuFoS3FJFDYoOj0dzpqPJeaAcWErtXvM -+SUWgeExX6GjfhaknBZqlxi9dnKlC54dNuYvoS++cJEPqOba+MSSQGwlfnuzCdyy -F62ARPBopY+Udf90WuioAnwMCeKpSwughQtiue+hMZL77/ZRBIls6Kl0obsXs7X9 -SQ98POyDGCBDTtWTurQ0sR8WNh8M5mQ5Fkzc4P4dyKliPUDqysU0ArSuiYgzNdws -E3PYJ/HQcu51OyLemGhmW/HGY0dVHLqlCFF1pkgl +SHA1 Fingerprint=E5:8C:1C:C4:91:3B:38:63:4B:E9:10:6E:E3:AD:8E:6B:9D:D9:81:4A +SHA256 Fingerprint=D9:47:43:2A:BD:E7:B7:FA:90:FC:2E:6B:59:10:1B:12:80:E0:E1:C7:E4:E4:0F:A3:C6:88:7F:FF:57:A7:F4:CF +-----BEGIN CERTIFICATE----- +MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQsw +CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU +MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw +MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp +Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaMf/vo +27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7w +Cl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjw +TcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0Pfybl +qAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtcvfaH +szVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4Zor8 +Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUspzBmk +MiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92 +wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70p +aDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrN +VjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQID +AQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E +FgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBAJ+qQibb +C5u+/x6Wki4+omVKapi6Ist9wTrYggoGxval3sBOh2Z5ofmmWJyq+bXmYOfg6LEe +QkEzCzc9zolwFcq1JKjPa7XSQCGYzyI0zzvFIoTgxQ6KfF2I5DUkzps+GlQebtuy +h6f88/qBVRRiClmpIgUxPoLW7ttXNLwzldMXG+gnoot7TiYaelpkttGsN/H9oPM4 +7HLwEXWdyzRSjeZ2axfG34arJ45JK3VmgRAhpuo+9K4l/3wV3s6MJT/KYnAK9y8J +ZgfIPxz88NtFMN9iiMG1D53Dn0reWVlHxYciNuaCp+0KueIHoI17eko8cdLiA6Ef +MgfdG+RCzgwARWGAtQsgWSl4vflVy2PFPEz0tv/bal8xa5meLMFrUKTX5hgUvYU/ +Z6tGn6D/Qqc6f1zLXbBwHSs09dR2CQzreExZBfMzQsNhFRAbd03OIozUhfJFfbdT +6u9AWpQKXCBfTkBdYiJ23//OYb2MI3jSNwLgjt7RETeJ9r/tSQdirpLsQBqvFAnZ +0E6yove+7u7Y/9waLd64NnHi/Hm3lCXRSHNboTXns5lndcEZOitHTtNCjv0xyBZm +2tIMPNuzjsmhDYAPexZ3FL//2wmUspO8IFgV6dtxQ/PeEMMA3KgqlbbC1j+Qa3bb +bP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3gm3c -----END CERTIFICATE----- === /C=US/O=Google Trust Services LLC/CN=GTS Root R2 Certificate: Data: Version: 3 (0x2) Serial Number: - 6e:47:a9:c6:5a:b3:e7:20:c5:30:9a:3f:68:52:f2:6f + 02:03:e5:ae:c5:8d:04:25:1a:ab:11:25:aa Signature Algorithm: sha384WithRSAEncryption Validity Not Before: Jun 22 00:00:00 2016 GMT @@ -2885,50 +3129,50 @@ Certificate: Subject: C=US, O=Google Trust Services LLC, CN=GTS Root R2 X509v3 extensions: X509v3 Key Usage: critical - Certificate Sign, CRL Sign + Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: BB:FF:CA:8E:23:9F:4F:99:CA:DB:E2:68:A6:A5:15:27:17:1E:D9:0E -SHA1 Fingerprint=D2:73:96:2A:2A:5E:39:9F:73:3F:E1:C7:1E:64:3F:03:38:34:FC:4D -SHA256 Fingerprint=C4:5D:7B:B0:8E:6D:67:E6:2E:42:35:11:0B:56:4E:5F:78:FD:92:EF:05:8C:84:0A:EA:4E:64:55:D7:58:5C:60 ------BEGIN CERTIFICATE----- -MIIFWjCCA0KgAwIBAgIQbkepxlqz5yDFMJo/aFLybzANBgkqhkiG9w0BAQwFADBH -MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM -QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy -MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl -cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3Lv -CvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3Kg -GjSY6Dlo7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9Bu -XvAuMC6C/Pq8tBcKSOWIm8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOd -re7kRXuJVfeKH2JShBKzwkCX44ofR5GmdFrS+LFjKBC4swm4VndAoiaYecb+3yXu -PuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7MkogwTZq9TwtImoS1 -mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJGr61K -8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqj -x5RWIr9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsR -nTKaG73VululycslaVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0 -kzCqgc7dGtxRcw1PcOnlthYhGXmy5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9Ok -twIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV -HQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQADggIBALZp -8KZ3/p7uC4Gt4cCpx/k1HUCCq+YEtN/L9x0Pg/B+E02NjO7jMyLDOfxA325BS0JT -vhaI8dI4XsRomRyYUpOM52jtG2pzegVATX9lO9ZY8c6DR2Dj/5epnGB3GFW1fgiT -z9D2PGcDFWEJ+YF59exTpJ/JjwGLc8R3dtyDovUMSRqodt6Sm2T4syzFJ9MHwAiA -pJiS4wGWAqoC7o87xdFtCjMwc3i5T1QWvwsHoaRc5svJXISPD+AVdyx+Jn7axEvb -pxZ3B7DNdehyQtaVhJ2Gg/LkkM0JR9SLA3DaWsYDQvTtN6LwG1BUSw7YhN4ZKJmB -R64JGz9I0cNv4rBgF/XuIwKl2gBbbZCr7qLpGzvpx0QnRY5rn/WkhLx3+WuXrD5R -RaIRpsyF7gpo8j5QOHokYh4XIDdtak23CZvJ/KRY9bb7nE4Yu5UC56GtmwfuNmsk -0jmGwZODUNKBRqhfYlcsu2xkiAhu7xNUX90txGdj08+JN7+dIPT7eoOboB6BAFDC -5AwiWVIQ7UNWhwD4FFKnHYuTjKJNRn8nxnGbJN7k2oaLDX5rIMHAnuFl2GqjpuiF -izoHCBy69Y9Vmhh1fuXsgWbRIXOhNUQLgD1bnF5vKheW0YMjiGZt5obicDIvUiLn -yOd/xCxgXS/Dr55FBcOEArf9LAhST4Ldo/DUhgkC +SHA1 Fingerprint=9A:44:49:76:32:DB:DE:FA:D0:BC:FB:5A:7B:17:BD:9E:56:09:24:94 +SHA256 Fingerprint=8D:25:CD:97:22:9D:BF:70:35:6B:DA:4E:B3:CC:73:40:31:E2:4C:F0:0F:AF:CF:D3:2D:C7:6E:B5:84:1C:7E:A8 +-----BEGIN CERTIFICATE----- +MIIFVzCCAz+gAwIBAgINAgPlrsWNBCUaqxElqjANBgkqhkiG9w0BAQwFADBHMQsw +CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU +MBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw +MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp +Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3LvCvpt +nfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3KgGjSY +6Dlo7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9BuXvAu +MC6C/Pq8tBcKSOWIm8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOdre7k +RXuJVfeKH2JShBKzwkCX44ofR5GmdFrS+LFjKBC4swm4VndAoiaYecb+3yXuPuWg +f9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7MkogwTZq9TwtImoS1mKPV ++3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJGr61K8Yzo +dDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqjx5RW +Ir9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsRnTKa +G73VululycslaVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0kzCq +gc7dGtxRcw1PcOnlthYhGXmy5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9OktwID +AQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E +FgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQADggIBAB/Kzt3H +vqGf2SdMC9wXmBFqiN495nFWcrKeGk6c1SuYJF2ba3uwM4IJvd8lRuqYnrYb/oM8 +0mJhwQTtzuDFycgTE1XnqGOtjHsB/ncw4c5omwX4Eu55MaBBRTUoCnGkJE+M3DyC +B19m3H0Q/gxhswWV7uGugQ+o+MePTagjAiZrHYNSVc61LwDKgEDg4XSsYPWHgJ2u +NmSRXbBoGOqKYcl3qJfEycel/FVL8/B/uWU9J2jQzGv6U53hkRrJXRqWbTKH7QMg +yALOWr7Z6v2yTcQvG99fevX4i8buMTolUVVnjWQye+mew4K6Ki3pHrTgSAai/Gev +HyICc/sgCq+dVEuhzf9gR7A/Xe8bVr2XIZYtCtFenTgCR2y59PYjJbigapordwj6 +xLEokCZYCDzifqrXPW+6MYgKBesntaFJ7qBFVHvmJ2WZICGoo7z7GJa7Um8M7YNR +TOlZ4iBgxcJlkoKM8xAfDoqXvneCbT+PHV28SSe9zE8P4c52hgQjxcCMElv924Sg +JPFI/2R80L5cFtHvma3AH/vLrrw4IgYmZNralw4/KBVEqE8AyvCazM90arQ+POuV +7LXTWtiBmelDGDfrs7vRWGJB82bSj6p4lVQgw1oudCvV0b4YacCs1aTPObpRhANl +6WLAYv7YTVWW4tAR+kg0Eeye7QUd5MjWHYbL -----END CERTIFICATE----- === /C=US/O=Google Trust Services LLC/CN=GTS Root R3 Certificate: Data: Version: 3 (0x2) Serial Number: - 6e:47:a9:c7:6c:a9:73:24:40:89:0f:03:55:dd:8d:1d + 02:03:e5:b8:82:eb:20:f8:25:27:6d:3d:66 Signature Algorithm: ecdsa-with-SHA384 Validity Not Before: Jun 22 00:00:00 2016 GMT @@ -2936,32 +3180,32 @@ Certificate: Subject: C=US, O=Google Trust Services LLC, CN=GTS Root R3 X509v3 extensions: X509v3 Key Usage: critical - Certificate Sign, CRL Sign + Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: C1:F1:26:BA:A0:2D:AE:85:81:CF:D3:F1:2A:12:BD:B8:0A:67:FD:BC -SHA1 Fingerprint=30:D4:24:6F:07:FF:DB:91:89:8A:0B:E9:49:66:11:EB:8C:5E:46:E5 -SHA256 Fingerprint=15:D5:B8:77:46:19:EA:7D:54:CE:1C:A6:D0:B0:C4:03:E0:37:A9:17:F1:31:E8:A0:4E:1E:6B:7A:71:BA:BC:E5 +SHA1 Fingerprint=ED:E5:71:80:2B:C8:92:B9:5B:83:3C:D2:32:68:3F:09:CD:A0:1E:46 +SHA256 Fingerprint=34:D8:A7:3E:E2:08:D9:BC:DB:0D:95:65:20:93:4B:4E:40:E6:94:82:59:6E:8B:6F:73:C8:42:6B:01:0A:6F:48 -----BEGIN CERTIFICATE----- -MIICDDCCAZGgAwIBAgIQbkepx2ypcyRAiQ8DVd2NHTAKBggqhkjOPQQDAzBHMQsw -CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU -MBIGA1UEAxMLR1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw -MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp -Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQA -IgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout -736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2A -DDL24CejQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud -DgQWBBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEAgFuk -fCPAlaUs3L6JbyO5o91lAFJekazInXJ0glMLfalAvWhgxeG4VDvBNhcl2MG9AjEA -njWSdIUlUfUk7GRSJFClH9voy8l27OyCbvWFGFPouOOaKaqW04MjyaR7YbPMAuhd +MIICCTCCAY6gAwIBAgINAgPluILrIPglJ209ZjAKBggqhkjOPQQDAzBHMQswCQYD +VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG +A1UEAxMLR1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw +WjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz +IExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout736G +jOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2ADDL2 +4CejQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEA9uEglRR7 +VKOQFhG/hMjqb2sXnh5GmCCbn9MN2azTL818+FsuVbu/3ZL3pAzcMeGiAjEA/Jdm +ZuVDFhOD3cffL74UOO0BzrEXGhF16b0DjyZ+hOXJYKaV11RZt+cRLInUue4X -----END CERTIFICATE----- === /C=US/O=Google Trust Services LLC/CN=GTS Root R4 Certificate: Data: Version: 3 (0x2) Serial Number: - 6e:47:a9:c8:8b:94:b6:e8:bb:3b:2a:d8:a2:b2:c1:99 + 02:03:e5:c0:68:ef:63:1a:9c:72:90:50:52 Signature Algorithm: ecdsa-with-SHA384 Validity Not Before: Jun 22 00:00:00 2016 GMT @@ -2969,25 +3213,25 @@ Certificate: Subject: C=US, O=Google Trust Services LLC, CN=GTS Root R4 X509v3 extensions: X509v3 Key Usage: critical - Certificate Sign, CRL Sign + Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 80:4C:D6:EB:74:FF:49:36:A3:D5:D8:FC:B5:3E:C5:6A:F0:94:1D:8C -SHA1 Fingerprint=2A:1D:60:27:D9:4A:B1:0A:1C:4D:91:5C:CD:33:A0:CB:3E:2D:54:CB -SHA256 Fingerprint=71:CC:A5:39:1F:9E:79:4B:04:80:25:30:B3:63:E1:21:DA:8A:30:43:BB:26:66:2F:EA:4D:CA:7F:C9:51:A4:BD +SHA1 Fingerprint=77:D3:03:67:B5:E0:0C:15:F6:0C:38:61:DF:7C:E1:3B:92:46:4D:47 +SHA256 Fingerprint=34:9D:FA:40:58:C5:E2:63:12:3B:39:8A:E7:95:57:3C:4E:13:13:C8:3F:E6:8F:93:55:6C:D5:E8:03:1B:3C:7D -----BEGIN CERTIFICATE----- -MIICCjCCAZGgAwIBAgIQbkepyIuUtui7OyrYorLBmTAKBggqhkjOPQQDAzBHMQsw -CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU -MBIGA1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw -MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp -Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQA -IgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzu -hXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/l -xKvRHYqjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud -DgQWBBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNnADBkAjBqUFJ0 -CMRw3J5QdCHojXohw0+WbhXRIjVhLfoIN+4Zba3bssx9BzT1YBkstTTZbyACMANx -sbqjYAuG7ZoIapVon+Kz4ZNkfF6Tpt95LY2F45TPI11xzPKwTdb+mciUqXWi4w== +MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYD +VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG +A1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw +WjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz +IExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzuhXyi +QHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvR +HYqjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D +9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/Cr8deVl5c1RxYIigL9zC2L7F8AjEA8GE8 +p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh4rsUecrNIdSUtUlD -----END CERTIFICATE----- ### GUANG DONG CERTIFICATE AUTHORITY CO.,LTD. @@ -3044,6 +3288,97 @@ T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== -----END CERTIFICATE----- +### Hellenic Academic and Research Institutions CA + +=== /C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS ECC Root CA 2021 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 67:74:9d:8d:77:d8:3b:6a:db:22:f4:ff:59:e2:bf:ce + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Feb 19 11:01:10 2021 GMT + Not After : Feb 13 11:01:09 2045 GMT + Subject: C=GR, O=Hellenic Academic and Research Institutions CA, CN=HARICA TLS ECC Root CA 2021 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + C9:1B:53:81:12:FE:04:D5:16:D1:AA:BC:9A:6F:B7:A0:95:19:6E:CA + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=BC:B0:C1:9D:E9:98:92:70:19:38:57:E9:8D:A7:B4:5D:6E:EE:01:48 +SHA256 Fingerprint=3F:99:CC:47:4A:CF:CE:4D:FE:D5:87:94:66:5E:47:8D:15:47:73:9F:2E:78:0F:1B:B4:CA:9B:13:30:97:D4:01 +-----BEGIN CERTIFICATE----- +MIICVDCCAdugAwIBAgIQZ3SdjXfYO2rbIvT/WeK/zjAKBggqhkjOPQQDAzBsMQsw +CQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2Vh +cmNoIEluc3RpdHV0aW9ucyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBFQ0MgUm9v +dCBDQSAyMDIxMB4XDTIxMDIxOTExMDExMFoXDTQ1MDIxMzExMDEwOVowbDELMAkG +A1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj +aCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgRUNDIFJvb3Qg +Q0EgMjAyMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABDgI/rGgltJ6rK9JOtDA4MM7 +KKrxcm1lAEeIhPyaJmuqS7psBAqIXhfyVYf8MLA04jRYVxqEU+kw2anylnTDUR9Y +STHMmE5gEYd103KUkE+bECUqqHgtvpBBWJAVcqeht6NCMEAwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUyRtTgRL+BNUW0aq8mm+3oJUZbsowDgYDVR0PAQH/BAQD +AgGGMAoGCCqGSM49BAMDA2cAMGQCMBHervjcToiwqfAircJRQO9gcS3ujwLEXQNw +SaSS6sUUiHCm0w2wqsosQJz76YJumgIwK0eaB8bRwoF8yguWGEEbo/QwCZ61IygN +nxS2PFOiTAZpffpskcYqSUXm7LcT4Tps +-----END CERTIFICATE----- +=== /C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS RSA Root CA 2021 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 39:ca:93:1c:ef:43:f3:c6:8e:93:c7:f4:64:89:38:7e + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Feb 19 10:55:38 2021 GMT + Not After : Feb 13 10:55:37 2045 GMT + Subject: C=GR, O=Hellenic Academic and Research Institutions CA, CN=HARICA TLS RSA Root CA 2021 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 0A:48:23:A6:60:A4:92:0A:33:EA:93:5B:C5:57:EA:25:4D:BD:12:EE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=02:2D:05:82:FA:88:CE:14:0C:06:79:DE:7F:14:10:E9:45:D7:A5:6D +SHA256 Fingerprint=D9:5D:0E:8E:DA:79:52:5B:F9:BE:B1:1B:14:D2:10:0D:32:94:98:5F:0C:62:D9:FA:BD:9C:D9:99:EC:CB:7B:1D +-----BEGIN CERTIFICATE----- +MIIFpDCCA4ygAwIBAgIQOcqTHO9D88aOk8f0ZIk4fjANBgkqhkiG9w0BAQsFADBs +MQswCQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBSU0Eg +Um9vdCBDQSAyMDIxMB4XDTIxMDIxOTEwNTUzOFoXDTQ1MDIxMzEwNTUzN1owbDEL +MAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl +YXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgUlNBIFJv +b3QgQ0EgMjAyMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIvC569l +mwVnlskNJLnQDmT8zuIkGCyEf3dRywQRNrhe7Wlxp57kJQmXZ8FHws+RFjZiPTgE +4VGC/6zStGndLuwRo0Xua2s7TL+MjaQenRG56Tj5eg4MmOIjHdFOY9TnuEFE+2uv +a9of08WRiFukiZLRgeaMOVig1mlDqa2YUlhu2wr7a89o+uOkXjpFc5gH6l8Cct4M +pbOfrqkdtx2z/IpZ525yZa31MJQjB/OCFks1mJxTuy/K5FrZx40d/JiZ+yykgmvw +Kh+OC19xXFyuQnspiYHLA6OZyoieC0AJQTPb5lh6/a6ZcMBaD9YThnEvdmn8kN3b +LW7R8pv1GmuebxWMevBLKKAiOIAkbDakO/IwkfN4E8/BPzWr8R0RI7VDIp4BkrcY +AuUR0YLbFQDMYTfBKnya4dC6s1BG7oKsnTH4+yPiAwBIcKMJJnkVU2DzOFytOOqB +AGMUuTNe3QvboEUHGjMJ+E20pwKmafTCWQWIZYVWrkvL4N48fS0ayOn7H6NhStYq +E613TBoYm5EPWNgGVMWX+Ko/IIqmhaZ39qb8HOLubpQzKoNQhArlT4b4UEV4AIHr +W2jjJo3Me1xR9BQsQL4aYB16cmEdH2MtiKrOokWQCPxrvrNQKlr9qEgYRtaQQJKQ +CoReaDH46+0N0x3GfZkYVVYnZS6NRcUk7M7jAgMBAAGjQjBAMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFApII6ZgpJIKM+qTW8VX6iVNvRLuMA4GA1UdDwEB/wQE +AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAPpBIqm5iFSVmewzVjIuJndftTgfvnNAU +X15QvWiWkKQUEapobQk1OUAJ2vQJLDSle1mESSmXdMgHHkdt8s4cUCbjnj1AUz/3 +f5Z2EMVGpdAgS1D0NTsY9FVqQRtHBmg8uwkIYtlfVUKqrFOFrJVWNlar5AWMxaja +H6NpvVMPxP/cyuN+8kyIhkdGGvMA9YCRotxDQpSbIPDRzbLrLFPCU3hKTwSUQZqP +JzLB5UkZv/HywouoCjkxKLR9YjYsTewfM7Z+d21+UPCfDtcRj88YxeMn/ibvBZ3P +zzfF0HvaO7AWhAw6k9a+F9sPPg4ZeAnHqQJyIkv3N3a6dcSFA1pj1bF1BcK5vZSt +jBWZp5N99sXzqnTPBIWUmAD04vnKJGW/4GKvyMX6ssmeVkjaef2WdhW+o45WxLM0 +/L5H9MG0qPzVMIho7suuyWPEdr6sOBjhXlzPrjoiUevRi7PzKzMHVIf6tLITe7pT +BGIBnfHAT+7hOtSLIBD6Alfm78ELt5BGnBkpjNxvoEppaZS3JGWg/6w/zgH7IS79 +aPib8qXPMThcFarmlwDB31qlpzmq6YR/PFGoOtmUW4y/Twhx5duoXNTSpv4Ao8YW +xw/ogM4cKGR0GQjTQuPOAF1/sdwTsOEFy9EgqoZ0njnnkf3/W9b3raYvAwtt41dU +63ZTGI0RmLo= +-----END CERTIFICATE----- + ### Hellenic Academic and Research Institutions Cert. Authority === /C=GR/L=Athens/O=Hellenic Academic and Research Institutions Cert. Authority/CN=Hellenic Academic and Research Institutions ECC RootCA 2015 @@ -3447,6 +3782,128 @@ oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= -----END CERTIFICATE----- +=== /C=US/O=Internet Security Research Group/CN=ISRG Root X2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 41:d2:9d:d1:72:ea:ee:a7:80:c1:2c:6c:e9:2f:87:52 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Sep 4 00:00:00 2020 GMT + Not After : Sep 17 16:00:00 2040 GMT + Subject: C=US, O=Internet Security Research Group, CN=ISRG Root X2 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 7C:42:96:AE:DE:4B:48:3B:FA:92:F8:9E:8C:CF:6D:8B:A9:72:37:95 +SHA1 Fingerprint=BD:B1:B9:3C:D5:97:8D:45:C6:26:14:55:F8:DB:95:C7:5A:D1:53:AF +SHA256 Fingerprint=69:72:9B:8E:15:A8:6E:FC:17:7A:57:AF:B7:17:1D:FC:64:AD:D2:8C:2F:CA:8C:F1:50:7E:34:45:3C:CB:14:70 +-----BEGIN CERTIFICATE----- +MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQsw +CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg +R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00 +MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5ldCBT +ZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNSRyBSb290IFgyMHYw +EAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0HttwW ++1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9 +ItgKbppbd9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T +AQH/BAUwAwEB/zAdBgNVHQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZI +zj0EAwMDaAAwZQIwe3lORlCEwkSHRhtFcP9Ymd70/aTSVaYgLXTWNLxBo1BfASdW +tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1 +/q4AaOeMSQ+2b1tbFfLn +-----END CERTIFICATE----- + +### iTrusChina Co.,Ltd. + +=== /C=CN/O=iTrusChina Co.,Ltd./CN=vTrus ECC Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6e:6a:bc:59:aa:53:be:98:39:67:a2:d2:6b:a4:3b:e6:6d:1c:d6:da + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Jul 31 07:26:44 2018 GMT + Not After : Jul 31 07:26:44 2043 GMT + Subject: C=CN, O=iTrusChina Co.,Ltd., CN=vTrus ECC Root CA + X509v3 extensions: + X509v3 Subject Key Identifier: + 98:39:CD:BE:D8:B2:8C:F7:B2:AB:E1:AD:24:AF:7B:7C:A1:DB:1F:CF + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=F6:9C:DB:B0:FC:F6:02:13:B6:52:32:A6:A3:91:3F:16:70:DA:C3:E1 +SHA256 Fingerprint=30:FB:BA:2C:32:23:8E:2A:98:54:7A:F9:79:31:E5:50:42:8B:9B:3F:1C:8E:EB:66:33:DC:FA:86:C5:B2:7D:D3 +-----BEGIN CERTIFICATE----- +MIICDzCCAZWgAwIBAgIUbmq8WapTvpg5Z6LSa6Q75m0c1towCgYIKoZIzj0EAwMw +RzELMAkGA1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xGjAY +BgNVBAMTEXZUcnVzIEVDQyBSb290IENBMB4XDTE4MDczMTA3MjY0NFoXDTQzMDcz +MTA3MjY0NFowRzELMAkGA1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28u +LEx0ZC4xGjAYBgNVBAMTEXZUcnVzIEVDQyBSb290IENBMHYwEAYHKoZIzj0CAQYF +K4EEACIDYgAEZVBKrox5lkqqHAjDo6LN/llWQXf9JpRCux3NCNtzslt188+cToL0 +v/hhJoVs1oVbcnDS/dtitN9Ti72xRFhiQgnH+n9bEOf+QP3A2MMrMudwpremIFUd +e4BdS49nTPEQo0IwQDAdBgNVHQ4EFgQUmDnNvtiyjPeyq+GtJK97fKHbH88wDwYD +VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDaAAwZQIw +V53dVvHH4+m4SVBrm2nDb+zDfSXkV5UTQJtS0zvzQBm8JsctBp61ezaf9SXUY2sA +AjEA6dPGnlaaKsyh2j/IZivTWJwghfqrkYpwcBE4YGQLYgmRWAD5Tfs0aNoJrSEG +GJTO +-----END CERTIFICATE----- +=== /C=CN/O=iTrusChina Co.,Ltd./CN=vTrus Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 43:e3:71:13:d8:b3:59:14:5d:b7:ce:8c:fd:35:fd:6f:bc:05:8d:45 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jul 31 07:24:05 2018 GMT + Not After : Jul 31 07:24:05 2043 GMT + Subject: C=CN, O=iTrusChina Co.,Ltd., CN=vTrus Root CA + X509v3 extensions: + X509v3 Subject Key Identifier: + 54:62:70:63:F1:75:84:43:58:8E:D1:16:20:B1:C6:AC:1A:BC:F6:89 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=84:1A:69:FB:F5:CD:1A:25:34:13:3D:E3:F8:FC:B8:99:D0:C9:14:B7 +SHA256 Fingerprint=8A:71:DE:65:59:33:6F:42:6C:26:E5:38:80:D0:0D:88:A1:8D:A4:C6:A9:1F:0D:CB:61:94:E2:06:C5:C9:63:87 +-----BEGIN CERTIFICATE----- +MIIFVjCCAz6gAwIBAgIUQ+NxE9izWRRdt86M/TX9b7wFjUUwDQYJKoZIhvcNAQEL +BQAwQzELMAkGA1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4x +FjAUBgNVBAMTDXZUcnVzIFJvb3QgQ0EwHhcNMTgwNzMxMDcyNDA1WhcNNDMwNzMx +MDcyNDA1WjBDMQswCQYDVQQGEwJDTjEcMBoGA1UEChMTaVRydXNDaGluYSBDby4s +THRkLjEWMBQGA1UEAxMNdlRydXMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAL1VfGHTuB0EYgWgrmy3cLRB6ksDXhA/kFocizuwZotsSKYc +IrrVQJLuM7IjWcmOvFjai57QGfIvWcaMY1q6n6MLsLOaXLoRuBLpDLvPbmyAhykU +AyyNJJrIZIO1aqwTLDPxn9wsYTwaP3BVm60AUn/PBLn+NvqcwBauYv6WTEN+VRS+ +GrPSbcKvdmaVayqwlHeFXgQPYh1jdfdr58tbmnDsPmcF8P4HCIDPKNsFxhQnL4Z9 +8Cfe/+Z+M0jnCx5Y0ScrUw5XSmXX+6KAYPxMvDVTAWqXcoKv8R1w6Jz1717CbMdH +flqUhSZNO7rrTOiwCcJlwp2dCZtOtZcFrPUGoPc2BX70kLJrxLT5ZOrpGgrIDajt +J8nU57O5q4IikCc9Kuh8kO+8T/3iCiSn3mUkpF3qwHYw03dQ+A0Em5Q2AXPKBlim +0zvc+gRGE1WKyURHuFE5Gi7oNOJ5y1lKCn+8pu8fA2dqWSslYpPZUxlmPCdiKYZN +pGvu/9ROutW04o5IWgAZCfEF2c6Rsffr6TlP9m8EQ5pV9T4FFL2/s1m02I4zhKOQ +UqqzApVg+QxMaPnu1RcN+HFXtSXkKe5lXa/R7jwXC1pDxaWG6iSe4gUH3DRCEpHW +OXSuTEGC2/KmSNGzm/MzqvOmwMVO9fSddmPmAsYiS8GVP1BkLFTltvA8Kc9XAgMB +AAGjQjBAMB0GA1UdDgQWBBRUYnBj8XWEQ1iO0RYgscasGrz2iTAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAKbqSSaet +8PFww+SX8J+pJdVrnjT+5hpk9jprUrIQeBqfTNqK2uwcN1LgQkv7bHbKJAs5EhWd +nxEt/Hlk3ODg9d3gV8mlsnZwUKT+twpw1aA08XXXTUm6EdGz2OyC/+sOxL9kLX1j +bhd47F18iMjrjld22VkE+rxSH0Ws8HqA7Oxvdq6R2xCOBNyS36D25q5J08FsEhvM +Kar5CKXiNxTKsbhm7xqC5PD48acWabfbqWE8n/Uxy+QARsIvdLGx14HuqCaVvIiv +TDUHKgLKeBRtRytAVunLKmChZwOgzoy8sHJnxDHO2zTlJQNgJXtxmOTAGytfdELS +S8VZCAeHvsXDf+eW2eHcKJfWjwXj9ZtOyh1QRwVTsMo554WgicEFOwE30z9J4nfr +I8iIZjs9OXYhRvHsXyO466JmdXTBQPfYaJqT4i2pLr0cox7IdMakLXogqzu4sEb9 +b91fUlV1YvCXoHzXOP0l382gmxDPi7g4Xl7FtKYCNqEeXxzP4padKar9mK5S4fNB +UvupLnKWnyfjqnN9+BojZns7q2WwMgFLFT49ok8MKzWixtlnEjUwzXYuFrOZnk1P +Ti07NEPhmg4NpGaXutIcSkwsKouLgU9xGqndXHt7CMUADTdA43x7VF8vhV929ven +sBxXVsFy6K2ir40zSbofitzmdHxghm+Hl3s= +-----END CERTIFICATE----- ### IZENPE S.A. @@ -4403,9 +4860,6 @@ CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR 3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= -----END CERTIFICATE----- -### Sonera - - ### SSL Corporation === /C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com EV Root Certification Authority ECC @@ -5085,6 +5539,64 @@ aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== -----END CERTIFICATE----- +### Telia Finland Oyj + +=== /C=FI/O=Telia Finland Oyj/CN=Telia Root CA v2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 01:67:5f:27:d6:fe:7a:e3:e4:ac:be:09:5b:05:9e + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Nov 29 11:55:54 2018 GMT + Not After : Nov 29 11:55:54 2043 GMT + Subject: C=FI, O=Telia Finland Oyj, CN=Telia Root CA v2 + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:72:AC:E4:33:79:AA:45:87:F6:FD:AC:1D:9E:D6:C7:2F:86:D8:24:39 + + X509v3 Subject Key Identifier: + 72:AC:E4:33:79:AA:45:87:F6:FD:AC:1D:9E:D6:C7:2F:86:D8:24:39 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=B9:99:CD:D1:73:50:8A:C4:47:05:08:9C:8C:88:FB:BE:A0:2B:40:CD +SHA256 Fingerprint=24:2B:69:74:2F:CB:1E:5B:2A:BF:98:89:8B:94:57:21:87:54:4E:5B:4D:99:11:78:65:73:62:1F:6A:74:B8:2C +-----BEGIN CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIPAWdfJ9b+euPkrL4JWwWeMA0GCSqGSIb3DQEBCwUAMEQx +CzAJBgNVBAYTAkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UE +AwwQVGVsaWEgUm9vdCBDQSB2MjAeFw0xODExMjkxMTU1NTRaFw00MzExMjkxMTU1 +NTRaMEQxCzAJBgNVBAYTAkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZ +MBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2MjCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBALLQPwe84nvQa5n44ndp586dpAO8gm2h/oFlH0wnrI4AuhZ76zBq +AMCzdGh+sq/H1WKzej9Qyow2RCRj0jbpDIX2Q3bVTKFgcmfiKDOlyzG4OiIjNLh9 +vVYiQJ3q9HsDrWj8soFPmNB06o3lfc1jw6P23pLCWBnglrvFxKk9pXSW/q/5iaq9 +lRdU2HhE8Qx3FZLgmEKnpNaqIJLNwaCzlrI6hEKNfdWV5Nbb6WLEWLN5xYzTNTOD +n3WhUidhOPFZPY5Q4L15POdslv5e2QJltI5c0BE0312/UqeBAMN/mUWZFdUXyApT +7GPzmX3MaRKGwhfwAZ6/hLzRUssbkmbOpFPlob/E2wnW5olWK8jjfN7j/4nlNW4o +6GwLI1GpJQXrSPjdscr6bAhR77cYbETKJuFzxokGgeWKrLDiKca5JLNrRBH0pUPC +TEPlcDaMtjNXepUugqD0XBCzYYP2AgWGLnwtbNwDRm41k9V6lS/eINhbfpSQBGq6 +WT0EBXWdN6IOLj3rwaRSg/7Qa9RmjtzG6RJOHSpXqhC8fF6CfaamyfItufUXJ63R +DolUK5X6wK0dmBR4M0KGCqlztft0DbcbMBnEWg4cJ7faGND/isgFuvGqHKI3t+ZI +pEYslOqodmJHixBTB0hXbOKSTbauBcvcwUpej6w9GU7C7WB1K9vBykLVAgMBAAGj +YzBhMB8GA1UdIwQYMBaAFHKs5DN5qkWH9v2sHZ7Wxy+G2CQ5MB0GA1UdDgQWBBRy +rOQzeapFh/b9rB2e1scvhtgkOTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw +AwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAoDtZpwmUPjaE0n4vOaWWl/oRrfxn83EJ +8rKJhGdEr7nv7ZbsnGTbMjBvZ5qsfl+yqwE2foH65IRe0qw24GtixX1LDoJt0nZi +0f6X+J8wfBj5tFJ3gh1229MdqfDBmgC9bXXYfef6xzijnHDoRnkDry5023X4blMM +A8iZGok1GTzTyVR8qPAs5m4HeW9q4ebqkYJpCh3DflminmtGFZhb069GHWLIzoBS +SRE/yQQSwxN8PzuKlts8oB4KtItUsiRnDe+Cy748fdHif64W1lZYudogsYMVoe+K +TTJvQS8TUoKU1xrBeKJR3Stwbbca+few4GeXVtt8YVMJAygCQMez2P2ccGrGKMOF +6eLtGpOg3kuYooQ+BXcBlj37tCAPnHICehIv1aO6UXivKitEZU61/Qrowc15h2Er +3oBXRb9n8ZuRXqWk7FlIEA04x7D6w0RtBPV4UBySllva9bguulvP5fBqnUsvWHMt +Ty3EHD70sz+rFQ47GUGKpMFXEmZxTPpT41frYpUJnlTd0cI8Vzy9OK2YZLe4A5pT +VmBds9hCG1xLEooc6+t9xnppxyd/pPiL8uSUZodL6ZQHCRJ5irLrdATczvREWeAW +ysUsWNc8e89ihmpQfTU2Zqf7N+cox9jQraVplI/owd8k+BsHMYeB2F326CjYSlKA +rBPuUBQemMc= +-----END CERTIFICATE----- + ### TeliaSonera === /O=TeliaSonera/CN=TeliaSonera Root CA v1 @@ -5437,51 +5949,6 @@ As8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp 1uwJ -----END CERTIFICATE----- -### Trustis Limited - -=== /C=GB/O=Trustis Limited/OU=Trustis FPS Root CA -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 1b:1f:ad:b6:20:f9:24:d3:36:6b:f7:c7:f1:8c:a0:59 - Signature Algorithm: sha1WithRSAEncryption - Validity - Not Before: Dec 23 12:14:06 2003 GMT - Not After : Jan 21 11:36:54 2024 GMT - Subject: C=GB, O=Trustis Limited, OU=Trustis FPS Root CA - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:TRUE - X509v3 Authority Key Identifier: - keyid:BA:FA:71:25:79:8B:57:41:25:21:86:0B:71:EB:B2:64:0E:8B:21:67 - - X509v3 Subject Key Identifier: - BA:FA:71:25:79:8B:57:41:25:21:86:0B:71:EB:B2:64:0E:8B:21:67 -SHA1 Fingerprint=3B:C0:38:0B:33:C3:F6:A6:0C:86:15:22:93:D9:DF:F5:4B:81:C0:04 -SHA256 Fingerprint=C1:B4:82:99:AB:A5:20:8F:E9:63:0A:CE:55:CA:68:A0:3E:DA:5A:51:9C:88:02:A0:D3:A6:73:BE:8F:8E:55:7D ------BEGIN CERTIFICATE----- -MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBF -MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQL -ExNUcnVzdGlzIEZQUyBSb290IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTEx -MzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1RydXN0aXMgTGltaXRlZDEc -MBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQRUN+ -AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihH -iTHcDnlkH5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjj -vSkCqPoc4Vu5g6hBSLwacY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA -0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zto3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlB -OrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEAAaNTMFEwDwYDVR0TAQH/ -BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAdBgNVHQ4E -FgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01 -GX2cGE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmW -zaD+vkAMXBJV+JOCyinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP4 -1BIy+Q7DsdwyhEQsb8tGD+pmQQ9P8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZE -f1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHVl/9D7S3B2l0pKoU/rGXuhg8F -jZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYliB6XzCGcKQEN -ZetX2fNXlrtIzYE= ------END CERTIFICATE----- - ### Trustwave Holdings, Inc. === /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certification Authority diff --git a/compile b/compile index 23fcba01..df363c8f 100644 --- a/compile +++ b/compile @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2020 Free Software Foundation, Inc. +# Copyright (C) 1999-2021 Free Software Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify diff --git a/configure b/configure index 620d9ac9..9b1ff60e 100644 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libressl 3.4.3. +# Generated by GNU Autoconf 2.69 for libressl 3.6.1. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='libressl' PACKAGE_TARNAME='libressl' -PACKAGE_VERSION='3.4.3' -PACKAGE_STRING='libressl 3.4.3' +PACKAGE_VERSION='3.6.1' +PACKAGE_STRING='libressl 3.6.1' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -796,6 +796,9 @@ AM_BACKSLASH AM_DEFAULT_VERBOSITY AM_DEFAULT_V AM_V +CSCOPE +ETAGS +CTAGS am__untar am__tar AMTAR @@ -1452,7 +1455,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libressl 3.4.3 to adapt to many kinds of systems. +\`configure' configures libressl 3.6.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1523,7 +1526,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libressl 3.4.3:";; + short | recursive ) echo "Configuration of libressl 3.6.1:";; esac cat <<\_ACEOF @@ -1641,7 +1644,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libressl configure 3.4.3 +libressl configure 3.6.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2189,7 +2192,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libressl $as_me 3.4.3, which was +It was created by libressl $as_me 3.6.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2537,11 +2540,11 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu -LIBCRYPTO_VERSION=47:0:0 +LIBCRYPTO_VERSION=50:0:0 -LIBSSL_VERSION=50:0:0 +LIBSSL_VERSION=53:0:0 -LIBTLS_VERSION=22:0:0 +LIBTLS_VERSION=26:0:0 ac_aux_dir= @@ -3125,7 +3128,7 @@ fi # Define the identity of the package. PACKAGE='libressl' - VERSION='3.4.3' + VERSION='3.6.1' cat >>confdefs.h <<_ACEOF @@ -3175,6 +3178,20 @@ am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -' +# Variables for tags utilities; see am/tags.am +if test -z "$CTAGS"; then + CTAGS=ctags +fi + +if test -z "$ETAGS"; then + ETAGS=etags +fi + +if test -z "$CSCOPE"; then + CSCOPE=cscope +fi + + # POSIX will say in a future version that running "rm -f" with no argument # is OK; and we want to be able to make that assumption in our Makefile @@ -4110,298 +4127,6 @@ else fi - case $ac_cv_prog_cc_stdc in #( - no) : - ac_cv_prog_cc_c99=no; ac_cv_prog_cc_c89=no ;; #( - *) : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C99" >&5 -$as_echo_n "checking for $CC option to accept ISO C99... " >&6; } -if ${ac_cv_prog_cc_c99+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_prog_cc_c99=no -ac_save_CC=$CC -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#include -#include -#include - -// Check varargs macros. These examples are taken from C99 6.10.3.5. -#define debug(...) fprintf (stderr, __VA_ARGS__) -#define showlist(...) puts (#__VA_ARGS__) -#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__)) -static void -test_varargs_macros (void) -{ - int x = 1234; - int y = 5678; - debug ("Flag"); - debug ("X = %d\n", x); - showlist (The first, second, and third items.); - report (x>y, "x is %d but y is %d", x, y); -} - -// Check long long types. -#define BIG64 18446744073709551615ull -#define BIG32 4294967295ul -#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0) -#if !BIG_OK - your preprocessor is broken; -#endif -#if BIG_OK -#else - your preprocessor is broken; -#endif -static long long int bignum = -9223372036854775807LL; -static unsigned long long int ubignum = BIG64; - -struct incomplete_array -{ - int datasize; - double data[]; -}; - -struct named_init { - int number; - const wchar_t *name; - double average; -}; - -typedef const char *ccp; - -static inline int -test_restrict (ccp restrict text) -{ - // See if C++-style comments work. - // Iterate through items via the restricted pointer. - // Also check for declarations in for loops. - for (unsigned int i = 0; *(text+i) != '\0'; ++i) - continue; - return 0; -} - -// Check varargs and va_copy. -static void -test_varargs (const char *format, ...) -{ - va_list args; - va_start (args, format); - va_list args_copy; - va_copy (args_copy, args); - - const char *str; - int number; - float fnumber; - - while (*format) - { - switch (*format++) - { - case 's': // string - str = va_arg (args_copy, const char *); - break; - case 'd': // int - number = va_arg (args_copy, int); - break; - case 'f': // float - fnumber = va_arg (args_copy, double); - break; - default: - break; - } - } - va_end (args_copy); - va_end (args); -} - -int -main () -{ - - // Check bool. - _Bool success = false; - - // Check restrict. - if (test_restrict ("String literal") == 0) - success = true; - char *restrict newvar = "Another string"; - - // Check varargs. - test_varargs ("s, d' f .", "string", 65, 34.234); - test_varargs_macros (); - - // Check flexible array members. - struct incomplete_array *ia = - malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10)); - ia->datasize = 10; - for (int i = 0; i < ia->datasize; ++i) - ia->data[i] = i * 1.234; - - // Check named initializers. - struct named_init ni = { - .number = 34, - .name = L"Test wide string", - .average = 543.34343, - }; - - ni.number = 58; - - int dynamic_array[ni.number]; - dynamic_array[ni.number - 1] = 543; - - // work around unused variable warnings - return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x' - || dynamic_array[ni.number - 1] != 543); - - ; - return 0; -} -_ACEOF -for ac_arg in '' -std=gnu99 -std=c99 -c99 -AC99 -D_STDC_C99= -qlanglvl=extc99 -do - CC="$ac_save_CC $ac_arg" - if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_c99=$ac_arg -fi -rm -f core conftest.err conftest.$ac_objext - test "x$ac_cv_prog_cc_c99" != "xno" && break -done -rm -f conftest.$ac_ext -CC=$ac_save_CC - -fi -# AC_CACHE_VAL -case "x$ac_cv_prog_cc_c99" in - x) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 -$as_echo "none needed" >&6; } ;; - xno) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 -$as_echo "unsupported" >&6; } ;; - *) - CC="$CC $ac_cv_prog_cc_c99" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 -$as_echo "$ac_cv_prog_cc_c99" >&6; } ;; -esac -if test "x$ac_cv_prog_cc_c99" != xno; then : - ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99 -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 -$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } -if ${ac_cv_prog_cc_c89+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_prog_cc_c89=no -ac_save_CC=$CC -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -struct stat; -/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ -struct buf { int x; }; -FILE * (*rcsopen) (struct buf *, struct stat *, int); -static char *e (p, i) - char **p; - int i; -{ - return p[i]; -} -static char *f (char * (*g) (char **, int), char **p, ...) -{ - char *s; - va_list v; - va_start (v,p); - s = g (p, va_arg (v,int)); - va_end (v); - return s; -} - -/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has - function prototypes and stuff, but not '\xHH' hex character constants. - These don't provoke an error unfortunately, instead are silently treated - as 'x'. The following induces an error, until -std is added to get - proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an - array size at least. It's necessary to write '\x00'==0 to get something - that's true only with -std. */ -int osf4_cc_array ['\x00' == 0 ? 1 : -1]; - -/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters - inside strings and character constants. */ -#define FOO(x) 'x' -int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; - -int test (int i, double x); -struct s1 {int (*f) (int a);}; -struct s2 {int (*f) (double a);}; -int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); -int argc; -char **argv; -int -main () -{ -return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; - ; - return 0; -} -_ACEOF -for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ - -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" -do - CC="$ac_save_CC $ac_arg" - if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_c89=$ac_arg -fi -rm -f core conftest.err conftest.$ac_objext - test "x$ac_cv_prog_cc_c89" != "xno" && break -done -rm -f conftest.$ac_ext -CC=$ac_save_CC - -fi -# AC_CACHE_VAL -case "x$ac_cv_prog_cc_c89" in - x) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 -$as_echo "none needed" >&6; } ;; - xno) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 -$as_echo "unsupported" >&6; } ;; - *) - CC="$CC $ac_cv_prog_cc_c89" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 -$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; -esac -if test "x$ac_cv_prog_cc_c89" != xno; then : - ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89 -else - ac_cv_prog_cc_stdc=no -fi - -fi - ;; -esac - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO Standard C" >&5 -$as_echo_n "checking for $CC option to accept ISO Standard C... " >&6; } - if ${ac_cv_prog_cc_stdc+:} false; then : - $as_echo_n "(cached) " >&6 -fi - - case $ac_cv_prog_cc_stdc in #( - no) : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 -$as_echo "unsupported" >&6; } ;; #( - '') : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 -$as_echo "none needed" >&6; } ;; #( - *) : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_stdc" >&5 -$as_echo "$ac_cv_prog_cc_stdc" >&6; } ;; -esac - case `pwd` in *\ * | *\ *) @@ -12009,10 +11734,15 @@ fi ;; *hpux*) HOST_OS=hpux; - if test "`echo $CC | cut -d ' ' -f 1`" = "gcc" ; then - CFLAGS="$CFLAGS -mlp64" - else - CFLAGS="-g -O2 +DD64 +Otype_safety=off $USER_CFLAGS" + if test "`echo $host_os | cut -c 1-4`" = "ia64" ; then + if test "`echo $CC | cut -d ' ' -f 1`" = "gcc" ; then + CFLAGS="$CFLAGS -mlp64" + else + CFLAGS="+DD64" + fi + fi + if ! test "`echo $CC | cut -d ' ' -f 1`" = "gcc" ; then + CFLAGS="-g -O2 +Otype_safety=off $CFLAGS $USER_CFLAGS" fi CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT" ;; @@ -12078,7 +11808,7 @@ $as_echo "#define HAVE_ATTRIBUTE__DEAD 1" >>confdefs.h HOST_OS=solaris HOST_ABI=elf CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP" - PLATFORM_LDADD='-ldl -lnsl -lsocket' + PLATFORM_LDADD='-ldl -lmd -lnsl -lsocket' ;; *) ;; @@ -12265,9 +11995,7 @@ $as_echo_n "checking if $saved_CC supports \"-fno-strict-overflow\"... " >&6; } CFLAGS="-fno-strict-overflow -Wall -Werror" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - - #include - +#include int main () { @@ -12406,9 +12134,7 @@ $as_echo_n "checking if $saved_LD supports \"-Wl,-z,relro\"... " >&6; } LDFLAGS="-Wl,-z,relro -Wall -Werror" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - - #include - +#include int main () { @@ -12439,9 +12165,7 @@ $as_echo_n "checking if $saved_LD supports \"-Wl,-z,now\"... " >&6; } LDFLAGS="-Wl,-z,now -Wall -Werror" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - - #include - +#include int main () { @@ -12476,9 +12200,7 @@ $as_echo_n "checking if $saved_LD supports \"-Wl,--nxcompat\"... " >&6; } LDFLAGS="-Wl,--nxcompat -Wall -Werror" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - - #include - +#include int main () { @@ -12509,9 +12231,7 @@ $as_echo_n "checking if $saved_LD supports \"-Wl,--dynamicbase\"... " >&6; } LDFLAGS="-Wl,--dynamicbase -Wall -Werror" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - - #include - +#include int main () { @@ -12542,9 +12262,7 @@ $as_echo_n "checking if $saved_LD supports \"-Wl,--high-entropy-va\"... " >&6; } LDFLAGS="-Wl,--high-entropy-va -Wall -Werror" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - - #include - +#include int main () { @@ -12582,9 +12300,7 @@ $as_echo_n "checking if $saved_CC supports \"-fstack-protector-strong\"... " >&6 CFLAGS="-fstack-protector-strong -Wall -Werror" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - - #include - +#include int main () { @@ -12610,9 +12326,7 @@ $as_echo_n "checking if $saved_CC supports \"-fstack-protector-all\"... " >&6; } CFLAGS="-fstack-protector-all -Wall -Werror" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - - #include - +#include int main () { @@ -12973,7 +12687,7 @@ fi # Check for libc headers -for ac_header in err.h readpassphrase.h +for ac_header in endian.h machine/endian.h err.h readpassphrase.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" @@ -12986,6 +12700,47 @@ fi done +for ac_header in netinet/ip.h +do : + ac_fn_c_check_header_compile "$LINENO" "netinet/ip.h" "ac_cv_header_netinet_ip_h" "#include +#include + +" +if test "x$ac_cv_header_netinet_ip_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NETINET_IP_H 1 +_ACEOF + +fi + +done + +for ac_header in sys/types.h netinet/in.h arpa/nameser.h netdb.h resolv.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_NETINET_IN_H +# include /* inet_ functions / structs */ +#endif +#ifdef HAVE_ARPA_NAMESER_H +# include /* DNS HEADER struct */ +#endif +#ifdef HAVE_NETDB_H +# include +#endif +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + # Check for general libc functions for ac_func in asprintf freezero memmem do : @@ -13056,10 +12811,7 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -// Since Android NDK v16 getpagesize is defined as inline inside unistd.h -#ifdef __ANDROID__ -# include -#endif +#include int main () @@ -14949,7 +14701,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libressl $as_me 3.4.3, which was +This file was extended by libressl $as_me 3.6.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -15006,7 +14758,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libressl config.status 3.4.3 +libressl config.status 3.6.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index fdf72eeb..81195086 100644 --- a/configure.ac +++ b/configure.ac @@ -12,7 +12,7 @@ # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -AC_INIT([libressl], m4_esyscmd([tr -d '\n' < VERSION])) +AC_INIT([libressl], m4_esyscmd(tr -d '\n' < VERSION)) AC_SUBST([LIBCRYPTO_VERSION], m4_esyscmd([tr -d '\n' < crypto/VERSION])) AC_SUBST([LIBSSL_VERSION], m4_esyscmd([tr -d '\n' < ssl/VERSION])) AC_SUBST([LIBTLS_VERSION], m4_esyscmd([tr -d '\n' < tls/VERSION])) @@ -27,7 +27,6 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) USER_CFLAGS="$CFLAGS" AC_PROG_CC([cc gcc]) -AC_PROG_CC_STDC AM_PROG_CC_C_O LT_INIT([pic-only]) diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index b1ded85b..2c0268c7 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -1,3 +1,5 @@ +add_definitions(-DLIBRESSL_CRYPTO_INTERNAL) + if(HOST_ASM_ELF_ARMV4) set( ASM_ARMV4_ELF_SRC @@ -231,6 +233,7 @@ set( malloc-wrapper.c mem_clr.c mem_dbg.c + o_fips.c o_init.c o_str.c o_time.c @@ -242,49 +245,38 @@ set( aes/aes_ofb.c aes/aes_wrap.c asn1/a_bitstr.c - asn1/a_bool.c - asn1/a_d2i_fp.c - asn1/a_digest.c - asn1/a_dup.c asn1/a_enum.c - asn1/a_i2d_fp.c asn1/a_int.c asn1/a_mbstr.c asn1/a_object.c asn1/a_octet.c + asn1/a_pkey.c asn1/a_print.c - asn1/a_sign.c + asn1/a_pubkey.c asn1/a_strex.c + asn1/a_string.c asn1/a_strnid.c asn1/a_time.c asn1/a_time_tm.c asn1/a_type.c asn1/a_utf8.c - asn1/a_verify.c asn1/ameth_lib.c asn1/asn1_err.c asn1/asn1_gen.c + asn1/asn1_item.c asn1/asn1_lib.c + asn1/asn1_old.c + asn1/asn1_old_lib.c asn1/asn1_par.c + asn1/asn1_types.c asn1/asn_mime.c asn1/asn_moid.c - asn1/asn_pack.c asn1/bio_asn1.c asn1/bio_ndef.c - asn1/d2i_pr.c - asn1/d2i_pu.c - asn1/evp_asn1.c - asn1/f_enum.c - asn1/f_int.c - asn1/f_string.c - asn1/i2d_pr.c - asn1/i2d_pu.c - asn1/n_pkey.c asn1/nsseq.c asn1/p5_pbe.c asn1/p5_pbev2.c asn1/p8_pkey.c - asn1/t_bitst.c asn1/t_crl.c asn1/t_pkey.c asn1/t_req.c @@ -306,7 +298,6 @@ set( asn1/x_info.c asn1/x_long.c asn1/x_name.c - asn1/x_nx509.c asn1/x_pkey.c asn1/x_pubkey.c asn1/x_req.c @@ -342,6 +333,7 @@ set( bn/bn_add.c bn/bn_asm.c bn/bn_blind.c + bn/bn_bpsw.c bn/bn_const.c bn/bn_ctx.c bn/bn_depr.c @@ -351,6 +343,7 @@ set( bn/bn_exp2.c bn/bn_gcd.c bn/bn_gf2m.c + bn/bn_isqrt.c bn/bn_kron.c bn/bn_lib.c bn/bn_mod.c @@ -370,6 +363,9 @@ set( buffer/buf_err.c buffer/buf_str.c buffer/buffer.c + bytestring/bs_ber.c + bytestring/bs_cbb.c + bytestring/bs_cbs.c camellia/cmll_cfb.c camellia/cmll_ctr.c camellia/cmll_ecb.c @@ -409,6 +405,16 @@ set( conf/conf_mall.c conf/conf_mod.c conf/conf_sap.c + ct/ct_b64.c + ct/ct_err.c + ct/ct_log.c + ct/ct_oct.c + ct/ct_policy.c + ct/ct_prn.c + ct/ct_sct.c + ct/ct_sct_ctx.c + ct/ct_vfy.c + ct/ct_x509v3.c curve25519/curve25519-generic.c curve25519/curve25519.c des/cbc_cksm.c @@ -550,9 +556,6 @@ set( evp/evp_lib.c evp/evp_pbe.c evp/evp_pkey.c - evp/m_dss.c - evp/m_dss1.c - evp/m_ecdsa.c evp/m_gost2814789.c evp/m_gostr341194.c evp/m_md4.c @@ -601,6 +604,8 @@ set( idea/i_ecb.c idea/i_ofb64.c idea/i_skey.c + kdf/hkdf_evp.c + kdf/kdf_err.c lhash/lh_stats.c lhash/lhash.c md4/md4_dgst.c @@ -636,7 +641,6 @@ set( pem/pem_oth.c pem/pem_pk8.c pem/pem_pkey.c - pem/pem_seal.c pem/pem_sign.c pem/pem_x509.c pem/pem_xaux.c @@ -654,6 +658,7 @@ set( pkcs12/p12_npas.c pkcs12/p12_p8d.c pkcs12/p12_p8e.c + pkcs12/p12_sbag.c pkcs12/p12_utl.c pkcs12/pk12err.c pkcs7/bio_pk7.c @@ -726,9 +731,11 @@ set( x509/pcy_map.c x509/pcy_node.c x509/pcy_tree.c + x509/x509_addr.c x509/x509_akey.c x509/x509_akeya.c x509/x509_alt.c + x509/x509_asid.c x509/x509_att.c x509/x509_bcons.c x509/x509_bitst.c @@ -875,6 +882,11 @@ if(NOT HAVE_STRSEP) set(EXTRA_EXPORT ${EXTRA_EXPORT} strsep) endif() +if(NOT HAVE_STRTONUM) + set(CRYPTO_SRC ${CRYPTO_SRC} compat/strtonum.c) + set(EXTRA_EXPORT ${EXTRA_EXPORT} strtonum) +endif() + if(NOT HAVE_SYSLOG_R) set(CRYPTO_SRC ${CRYPTO_SRC} compat/syslog_r.c) endif() @@ -975,32 +987,26 @@ target_include_directories(crypto_obj PRIVATE . asn1 + bio bn + bytestring + dh dsa ec ecdh ecdsa evp + hmac modes + ocsp + pkcs12 + rsa + x509 ../include/compat PUBLIC ../include) add_library(crypto $) -target_include_directories(crypto - PRIVATE - . - asn1 - bn - dsa - ec - ecdh - ecdsa - evp - modes - ../include/compat - PUBLIC - ../include) export_symbol(crypto ${CMAKE_CURRENT_BINARY_DIR}/crypto_p.sym) target_link_libraries(crypto ${PLATFORM_LIBS}) @@ -1021,3 +1027,10 @@ if(ENABLE_LIBRESSL_INSTALL) RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} ) endif(ENABLE_LIBRESSL_INSTALL) + +# build static library for regression test +if(BUILD_SHARED_LIBS) + add_library(crypto-static STATIC $) + target_link_libraries(crypto-static ${PLATFORM_LIBS}) +endif() + diff --git a/crypto/Makefile.am b/crypto/Makefile.am index 4030eaeb..01833d2e 100644 --- a/crypto/Makefile.am +++ b/crypto/Makefile.am @@ -1,12 +1,23 @@ include $(top_srcdir)/Makefile.am.common +AM_CPPFLAGS += -DLIBRESSL_CRYPTO_INTERNAL + AM_CPPFLAGS += -I$(top_srcdir)/crypto/asn1 +AM_CPPFLAGS += -I$(top_srcdir)/crypto/bio AM_CPPFLAGS += -I$(top_srcdir)/crypto/bn +AM_CPPFLAGS += -I$(top_srcdir)/crypto/bytestring +AM_CPPFLAGS += -I$(top_srcdir)/crypto/dh +AM_CPPFLAGS += -I$(top_srcdir)/crypto/dsa AM_CPPFLAGS += -I$(top_srcdir)/crypto/ec AM_CPPFLAGS += -I$(top_srcdir)/crypto/ecdh AM_CPPFLAGS += -I$(top_srcdir)/crypto/ecdsa AM_CPPFLAGS += -I$(top_srcdir)/crypto/evp +AM_CPPFLAGS += -I$(top_srcdir)/crypto/hmac AM_CPPFLAGS += -I$(top_srcdir)/crypto/modes +AM_CPPFLAGS += -I$(top_srcdir)/crypto/ocsp +AM_CPPFLAGS += -I$(top_srcdir)/crypto/pkcs12 +AM_CPPFLAGS += -I$(top_srcdir)/crypto/rsa +AM_CPPFLAGS += -I$(top_srcdir)/crypto/x509 AM_CPPFLAGS += -I$(top_srcdir)/crypto noinst_LTLIBRARIES = libcompat.la @@ -71,6 +82,9 @@ endif if !HAVE_STRSEP -echo strsep >> crypto_portable.sym endif +if !HAVE_STRTONUM + -echo strtonum >> crypto_portable.sym +endif if !HAVE_TIMEGM -echo timegm >> crypto_portable.sym endif @@ -170,6 +184,10 @@ if !HAVE_STRSEP libcompat_la_SOURCES += compat/strsep.c endif +if !HAVE_STRTONUM +libcompat_la_SOURCES += compat/strtonum.c +endif + if !HAVE_ASPRINTF libcompat_la_SOURCES += compat/bsd-asprintf.c endif @@ -264,6 +282,7 @@ libcrypto_la_SOURCES += ex_data.c libcrypto_la_SOURCES += malloc-wrapper.c libcrypto_la_SOURCES += mem_clr.c libcrypto_la_SOURCES += mem_dbg.c +libcrypto_la_SOURCES += o_fips.c libcrypto_la_SOURCES += o_init.c libcrypto_la_SOURCES += o_str.c libcrypto_la_SOURCES += o_time.c @@ -286,49 +305,38 @@ noinst_HEADERS += aes/aes_locl.h # asn1 libcrypto_la_SOURCES += asn1/a_bitstr.c -libcrypto_la_SOURCES += asn1/a_bool.c -libcrypto_la_SOURCES += asn1/a_d2i_fp.c -libcrypto_la_SOURCES += asn1/a_digest.c -libcrypto_la_SOURCES += asn1/a_dup.c libcrypto_la_SOURCES += asn1/a_enum.c -libcrypto_la_SOURCES += asn1/a_i2d_fp.c libcrypto_la_SOURCES += asn1/a_int.c libcrypto_la_SOURCES += asn1/a_mbstr.c libcrypto_la_SOURCES += asn1/a_object.c libcrypto_la_SOURCES += asn1/a_octet.c +libcrypto_la_SOURCES += asn1/a_pkey.c libcrypto_la_SOURCES += asn1/a_print.c -libcrypto_la_SOURCES += asn1/a_sign.c +libcrypto_la_SOURCES += asn1/a_pubkey.c libcrypto_la_SOURCES += asn1/a_strex.c +libcrypto_la_SOURCES += asn1/a_string.c libcrypto_la_SOURCES += asn1/a_strnid.c libcrypto_la_SOURCES += asn1/a_time.c libcrypto_la_SOURCES += asn1/a_time_tm.c libcrypto_la_SOURCES += asn1/a_type.c libcrypto_la_SOURCES += asn1/a_utf8.c -libcrypto_la_SOURCES += asn1/a_verify.c libcrypto_la_SOURCES += asn1/ameth_lib.c libcrypto_la_SOURCES += asn1/asn1_err.c libcrypto_la_SOURCES += asn1/asn1_gen.c +libcrypto_la_SOURCES += asn1/asn1_item.c libcrypto_la_SOURCES += asn1/asn1_lib.c +libcrypto_la_SOURCES += asn1/asn1_old.c +libcrypto_la_SOURCES += asn1/asn1_old_lib.c libcrypto_la_SOURCES += asn1/asn1_par.c +libcrypto_la_SOURCES += asn1/asn1_types.c libcrypto_la_SOURCES += asn1/asn_mime.c libcrypto_la_SOURCES += asn1/asn_moid.c -libcrypto_la_SOURCES += asn1/asn_pack.c libcrypto_la_SOURCES += asn1/bio_asn1.c libcrypto_la_SOURCES += asn1/bio_ndef.c -libcrypto_la_SOURCES += asn1/d2i_pr.c -libcrypto_la_SOURCES += asn1/d2i_pu.c -libcrypto_la_SOURCES += asn1/evp_asn1.c -libcrypto_la_SOURCES += asn1/f_enum.c -libcrypto_la_SOURCES += asn1/f_int.c -libcrypto_la_SOURCES += asn1/f_string.c -libcrypto_la_SOURCES += asn1/i2d_pr.c -libcrypto_la_SOURCES += asn1/i2d_pu.c -libcrypto_la_SOURCES += asn1/n_pkey.c libcrypto_la_SOURCES += asn1/nsseq.c libcrypto_la_SOURCES += asn1/p5_pbe.c libcrypto_la_SOURCES += asn1/p5_pbev2.c libcrypto_la_SOURCES += asn1/p8_pkey.c -libcrypto_la_SOURCES += asn1/t_bitst.c libcrypto_la_SOURCES += asn1/t_crl.c libcrypto_la_SOURCES += asn1/t_pkey.c libcrypto_la_SOURCES += asn1/t_req.c @@ -350,7 +358,6 @@ libcrypto_la_SOURCES += asn1/x_exten.c libcrypto_la_SOURCES += asn1/x_info.c libcrypto_la_SOURCES += asn1/x_long.c libcrypto_la_SOURCES += asn1/x_name.c -libcrypto_la_SOURCES += asn1/x_nx509.c libcrypto_la_SOURCES += asn1/x_pkey.c libcrypto_la_SOURCES += asn1/x_pubkey.c libcrypto_la_SOURCES += asn1/x_req.c @@ -400,11 +407,13 @@ endif libcrypto_la_SOURCES += bio/bss_mem.c libcrypto_la_SOURCES += bio/bss_null.c libcrypto_la_SOURCES += bio/bss_sock.c +noinst_HEADERS += bio/bio_local.h # bn libcrypto_la_SOURCES += bn/bn_add.c libcrypto_la_SOURCES += bn/bn_asm.c libcrypto_la_SOURCES += bn/bn_blind.c +libcrypto_la_SOURCES += bn/bn_bpsw.c libcrypto_la_SOURCES += bn/bn_const.c libcrypto_la_SOURCES += bn/bn_ctx.c libcrypto_la_SOURCES += bn/bn_depr.c @@ -414,6 +423,7 @@ libcrypto_la_SOURCES += bn/bn_exp.c libcrypto_la_SOURCES += bn/bn_exp2.c libcrypto_la_SOURCES += bn/bn_gcd.c libcrypto_la_SOURCES += bn/bn_gf2m.c +libcrypto_la_SOURCES += bn/bn_isqrt.c libcrypto_la_SOURCES += bn/bn_kron.c libcrypto_la_SOURCES += bn/bn_lib.c libcrypto_la_SOURCES += bn/bn_mod.c @@ -437,6 +447,12 @@ noinst_HEADERS += bn/bn_prime.h libcrypto_la_SOURCES += buffer/buf_err.c libcrypto_la_SOURCES += buffer/buf_str.c libcrypto_la_SOURCES += buffer/buffer.c +noinst_HEADERS += bytestring/bytestring.h + +# bytestring +libcrypto_la_SOURCES += bytestring/bs_ber.c +libcrypto_la_SOURCES += bytestring/bs_cbb.c +libcrypto_la_SOURCES += bytestring/bs_cbs.c # camellia libcrypto_la_SOURCES += camellia/cmll_cfb.c @@ -487,6 +503,7 @@ libcrypto_la_SOURCES += comp/c_rle.c libcrypto_la_SOURCES += comp/c_zlib.c libcrypto_la_SOURCES += comp/comp_err.c libcrypto_la_SOURCES += comp/comp_lib.c +noinst_HEADERS += comp/comp_local.h # conf libcrypto_la_SOURCES += conf/conf_api.c @@ -498,6 +515,19 @@ libcrypto_la_SOURCES += conf/conf_mod.c libcrypto_la_SOURCES += conf/conf_sap.c noinst_HEADERS += conf/conf_def.h +# ct +libcrypto_la_SOURCES += ct/ct_b64.c +libcrypto_la_SOURCES += ct/ct_err.c +libcrypto_la_SOURCES += ct/ct_log.c +libcrypto_la_SOURCES += ct/ct_oct.c +libcrypto_la_SOURCES += ct/ct_policy.c +libcrypto_la_SOURCES += ct/ct_prn.c +libcrypto_la_SOURCES += ct/ct_sct.c +libcrypto_la_SOURCES += ct/ct_sct_ctx.c +libcrypto_la_SOURCES += ct/ct_vfy.c +libcrypto_la_SOURCES += ct/ct_x509v3.c +noinst_HEADERS += ct/ct_local.h + # curve25519 libcrypto_la_SOURCES += curve25519/curve25519-generic.c libcrypto_la_SOURCES += curve25519/curve25519.c @@ -542,6 +572,7 @@ libcrypto_la_SOURCES += dh/dh_key.c libcrypto_la_SOURCES += dh/dh_lib.c libcrypto_la_SOURCES += dh/dh_pmeth.c libcrypto_la_SOURCES += dh/dh_prn.c +noinst_HEADERS += dh/dh_local.h # dsa libcrypto_la_SOURCES += dsa/dsa_ameth.c @@ -670,9 +701,6 @@ libcrypto_la_SOURCES += evp/evp_key.c libcrypto_la_SOURCES += evp/evp_lib.c libcrypto_la_SOURCES += evp/evp_pbe.c libcrypto_la_SOURCES += evp/evp_pkey.c -libcrypto_la_SOURCES += evp/m_dss.c -libcrypto_la_SOURCES += evp/m_dss1.c -libcrypto_la_SOURCES += evp/m_ecdsa.c libcrypto_la_SOURCES += evp/m_gost2814789.c libcrypto_la_SOURCES += evp/m_gostr341194.c libcrypto_la_SOURCES += evp/m_md4.c @@ -725,6 +753,7 @@ libcrypto_la_SOURCES += hkdf/hkdf.c libcrypto_la_SOURCES += hmac/hm_ameth.c libcrypto_la_SOURCES += hmac/hm_pmeth.c libcrypto_la_SOURCES += hmac/hmac.c +noinst_HEADERS += hmac/hmac_local.h # idea libcrypto_la_SOURCES += idea/i_cbc.c @@ -734,6 +763,10 @@ libcrypto_la_SOURCES += idea/i_ofb64.c libcrypto_la_SOURCES += idea/i_skey.c noinst_HEADERS += idea/idea_lcl.h +# kdf +libcrypto_la_SOURCES += kdf/hkdf_evp.c +libcrypto_la_SOURCES += kdf/kdf_err.c + # lhash libcrypto_la_SOURCES += lhash/lh_stats.c libcrypto_la_SOURCES += lhash/lhash.c @@ -778,6 +811,7 @@ libcrypto_la_SOURCES += ocsp/ocsp_lib.c libcrypto_la_SOURCES += ocsp/ocsp_prn.c libcrypto_la_SOURCES += ocsp/ocsp_srv.c libcrypto_la_SOURCES += ocsp/ocsp_vfy.c +noinst_HEADERS += ocsp/ocsp_local.h # pem libcrypto_la_SOURCES += pem/pem_all.c @@ -787,7 +821,6 @@ libcrypto_la_SOURCES += pem/pem_lib.c libcrypto_la_SOURCES += pem/pem_oth.c libcrypto_la_SOURCES += pem/pem_pk8.c libcrypto_la_SOURCES += pem/pem_pkey.c -libcrypto_la_SOURCES += pem/pem_seal.c libcrypto_la_SOURCES += pem/pem_sign.c libcrypto_la_SOURCES += pem/pem_x509.c libcrypto_la_SOURCES += pem/pem_xaux.c @@ -807,8 +840,10 @@ libcrypto_la_SOURCES += pkcs12/p12_mutl.c libcrypto_la_SOURCES += pkcs12/p12_npas.c libcrypto_la_SOURCES += pkcs12/p12_p8d.c libcrypto_la_SOURCES += pkcs12/p12_p8e.c +libcrypto_la_SOURCES += pkcs12/p12_sbag.c libcrypto_la_SOURCES += pkcs12/p12_utl.c libcrypto_la_SOURCES += pkcs12/pk12err.c +noinst_HEADERS += pkcs12/pkcs12_local.h # pkcs7 libcrypto_la_SOURCES += pkcs7/bio_pk7.c @@ -897,6 +932,7 @@ libcrypto_la_SOURCES += ts/ts_rsp_sign.c libcrypto_la_SOURCES += ts/ts_rsp_utils.c libcrypto_la_SOURCES += ts/ts_rsp_verify.c libcrypto_la_SOURCES += ts/ts_verify_ctx.c +noinst_HEADERS += ts/ts_local.h # txt_db libcrypto_la_SOURCES += txt_db/txt_db.c diff --git a/crypto/Makefile.in b/crypto/Makefile.in index 3127279e..2bcf6ef0 100644 --- a/crypto/Makefile.in +++ b/crypto/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.3 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2020 Free Software Foundation, Inc. +# Copyright (C) 1994-2021 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -105,35 +105,36 @@ host_triplet = @host@ # the only user of strnlen is strndup, so only build it if needed @HAVE_STRNDUP_FALSE@@HAVE_STRNLEN_FALSE@am__append_12 = compat/strnlen.c @HAVE_STRSEP_FALSE@am__append_13 = compat/strsep.c -@HAVE_ASPRINTF_FALSE@am__append_14 = compat/bsd-asprintf.c -@HAVE_FREEZERO_FALSE@am__append_15 = compat/freezero.c -@HAVE_GETPAGESIZE_FALSE@am__append_16 = compat/getpagesize.c -@HAVE_GETPROGNAME_FALSE@@HOST_LINUX_TRUE@am__append_17 = compat/getprogname_linux.c -@HAVE_GETPROGNAME_FALSE@@HOST_LINUX_FALSE@@HOST_WIN_TRUE@am__append_18 = compat/getprogname_windows.c -@HAVE_GETPROGNAME_FALSE@@HOST_LINUX_FALSE@@HOST_WIN_FALSE@am__append_19 = compat/getprogname_unimpl.c -@HAVE_TIMEGM_FALSE@am__append_20 = compat/timegm.c -@HAVE_REALLOCARRAY_FALSE@am__append_21 = compat/reallocarray.c -@HAVE_RECALLOCARRAY_FALSE@am__append_22 = compat/recallocarray.c -@HAVE_SYSLOG_R_FALSE@am__append_23 = compat/syslog_r.c -@HAVE_TIMINGSAFE_MEMCMP_FALSE@am__append_24 = compat/timingsafe_memcmp.c -@HAVE_TIMINGSAFE_BCMP_FALSE@am__append_25 = compat/timingsafe_bcmp.c -@HOST_WIN_TRUE@am__append_26 = compat/posix_win.c -@HAVE_ARC4RANDOM_BUF_FALSE@am__append_27 = compat/arc4random.c \ +@HAVE_STRTONUM_FALSE@am__append_14 = compat/strtonum.c +@HAVE_ASPRINTF_FALSE@am__append_15 = compat/bsd-asprintf.c +@HAVE_FREEZERO_FALSE@am__append_16 = compat/freezero.c +@HAVE_GETPAGESIZE_FALSE@am__append_17 = compat/getpagesize.c +@HAVE_GETPROGNAME_FALSE@@HOST_LINUX_TRUE@am__append_18 = compat/getprogname_linux.c +@HAVE_GETPROGNAME_FALSE@@HOST_LINUX_FALSE@@HOST_WIN_TRUE@am__append_19 = compat/getprogname_windows.c +@HAVE_GETPROGNAME_FALSE@@HOST_LINUX_FALSE@@HOST_WIN_FALSE@am__append_20 = compat/getprogname_unimpl.c +@HAVE_TIMEGM_FALSE@am__append_21 = compat/timegm.c +@HAVE_REALLOCARRAY_FALSE@am__append_22 = compat/reallocarray.c +@HAVE_RECALLOCARRAY_FALSE@am__append_23 = compat/recallocarray.c +@HAVE_SYSLOG_R_FALSE@am__append_24 = compat/syslog_r.c +@HAVE_TIMINGSAFE_MEMCMP_FALSE@am__append_25 = compat/timingsafe_memcmp.c +@HAVE_TIMINGSAFE_BCMP_FALSE@am__append_26 = compat/timingsafe_bcmp.c +@HOST_WIN_TRUE@am__append_27 = compat/posix_win.c +@HAVE_ARC4RANDOM_BUF_FALSE@am__append_28 = compat/arc4random.c \ @HAVE_ARC4RANDOM_BUF_FALSE@ compat/arc4random_uniform.c -@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_AIX_TRUE@am__append_28 = compat/getentropy_aix.c -@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_FREEBSD_TRUE@am__append_29 = compat/getentropy_freebsd.c -@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_HPUX_TRUE@am__append_30 = compat/getentropy_hpux.c -@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_LINUX_TRUE@am__append_31 = compat/getentropy_linux.c -@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_NETBSD_TRUE@am__append_32 = compat/getentropy_netbsd.c -@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_DARWIN_TRUE@am__append_33 = compat/getentropy_osx.c -@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_SOLARIS_TRUE@am__append_34 = compat/getentropy_solaris.c -@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_WIN_TRUE@am__append_35 = compat/getentropy_win.c -@HOST_ASM_ELF_ARM_TRUE@am__append_36 = -DAES_ASM -DOPENSSL_BN_ASM_MONT \ +@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_AIX_TRUE@am__append_29 = compat/getentropy_aix.c +@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_FREEBSD_TRUE@am__append_30 = compat/getentropy_freebsd.c +@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_HPUX_TRUE@am__append_31 = compat/getentropy_hpux.c +@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_LINUX_TRUE@am__append_32 = compat/getentropy_linux.c +@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_NETBSD_TRUE@am__append_33 = compat/getentropy_netbsd.c +@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_DARWIN_TRUE@am__append_34 = compat/getentropy_osx.c +@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_SOLARIS_TRUE@am__append_35 = compat/getentropy_solaris.c +@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_WIN_TRUE@am__append_36 = compat/getentropy_win.c +@HOST_ASM_ELF_ARM_TRUE@am__append_37 = -DAES_ASM -DOPENSSL_BN_ASM_MONT \ @HOST_ASM_ELF_ARM_TRUE@ -DOPENSSL_BN_ASM_GF2m -DGHASH_ASM \ @HOST_ASM_ELF_ARM_TRUE@ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM \ @HOST_ASM_ELF_ARM_TRUE@ -DOPENSSL_CPUID_OBJ -@HOST_ASM_ELF_ARM_TRUE@am__append_37 = $(ASM_ARM_ELF) -@HOST_ASM_ELF_X86_64_TRUE@am__append_38 = -DAES_ASM -DBSAES_ASM \ +@HOST_ASM_ELF_ARM_TRUE@am__append_38 = $(ASM_ARM_ELF) +@HOST_ASM_ELF_X86_64_TRUE@am__append_39 = -DAES_ASM -DBSAES_ASM \ @HOST_ASM_ELF_X86_64_TRUE@ -DVPAES_ASM -DOPENSSL_IA32_SSE2 \ @HOST_ASM_ELF_X86_64_TRUE@ -DOPENSSL_BN_ASM_MONT \ @HOST_ASM_ELF_X86_64_TRUE@ -DOPENSSL_BN_ASM_MONT5 \ @@ -141,8 +142,8 @@ host_triplet = @host@ @HOST_ASM_ELF_X86_64_TRUE@ -DGHASH_ASM -DRSA_ASM -DSHA1_ASM \ @HOST_ASM_ELF_X86_64_TRUE@ -DSHA256_ASM -DSHA512_ASM \ @HOST_ASM_ELF_X86_64_TRUE@ -DWHIRLPOOL_ASM -DOPENSSL_CPUID_OBJ -@HOST_ASM_ELF_X86_64_TRUE@am__append_39 = $(ASM_X86_64_ELF) -@HOST_ASM_MACOSX_X86_64_TRUE@am__append_40 = -DAES_ASM -DBSAES_ASM \ +@HOST_ASM_ELF_X86_64_TRUE@am__append_40 = $(ASM_X86_64_ELF) +@HOST_ASM_MACOSX_X86_64_TRUE@am__append_41 = -DAES_ASM -DBSAES_ASM \ @HOST_ASM_MACOSX_X86_64_TRUE@ -DVPAES_ASM -DOPENSSL_IA32_SSE2 \ @HOST_ASM_MACOSX_X86_64_TRUE@ -DOPENSSL_BN_ASM_MONT \ @HOST_ASM_MACOSX_X86_64_TRUE@ -DOPENSSL_BN_ASM_MONT5 \ @@ -151,8 +152,8 @@ host_triplet = @host@ @HOST_ASM_MACOSX_X86_64_TRUE@ -DSHA256_ASM -DSHA512_ASM \ @HOST_ASM_MACOSX_X86_64_TRUE@ -DWHIRLPOOL_ASM \ @HOST_ASM_MACOSX_X86_64_TRUE@ -DOPENSSL_CPUID_OBJ -@HOST_ASM_MACOSX_X86_64_TRUE@am__append_41 = $(ASM_X86_64_MACOSX) -@HOST_ASM_MASM_X86_64_TRUE@am__append_42 = -DAES_ASM -DBSAES_ASM \ +@HOST_ASM_MACOSX_X86_64_TRUE@am__append_42 = $(ASM_X86_64_MACOSX) +@HOST_ASM_MASM_X86_64_TRUE@am__append_43 = -DAES_ASM -DBSAES_ASM \ @HOST_ASM_MASM_X86_64_TRUE@ -DVPAES_ASM -DOPENSSL_IA32_SSE2 \ @HOST_ASM_MASM_X86_64_TRUE@ -DOPENSSL_BN_ASM_MONT \ @HOST_ASM_MASM_X86_64_TRUE@ -DOPENSSL_BN_ASM_MONT5 \ @@ -160,31 +161,31 @@ host_triplet = @host@ @HOST_ASM_MASM_X86_64_TRUE@ -DGHASH_ASM -DRSA_ASM -DSHA1_ASM \ @HOST_ASM_MASM_X86_64_TRUE@ -DSHA256_ASM -DSHA512_ASM \ @HOST_ASM_MASM_X86_64_TRUE@ -DWHIRLPOOL_ASM -DOPENSSL_CPUID_OBJ -@HOST_ASM_MASM_X86_64_TRUE@am__append_43 = $(ASM_X86_64_MASM) +@HOST_ASM_MASM_X86_64_TRUE@am__append_44 = $(ASM_X86_64_MASM) #libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT #libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT5 #libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_GF2m -@HOST_ASM_MINGW64_X86_64_TRUE@am__append_44 = -DAES_ASM -DBSAES_ASM \ +@HOST_ASM_MINGW64_X86_64_TRUE@am__append_45 = -DAES_ASM -DBSAES_ASM \ @HOST_ASM_MINGW64_X86_64_TRUE@ -DVPAES_ASM -DOPENSSL_IA32_SSE2 \ @HOST_ASM_MINGW64_X86_64_TRUE@ -DMD5_ASM -DGHASH_ASM -DRSA_ASM \ @HOST_ASM_MINGW64_X86_64_TRUE@ -DSHA1_ASM -DSHA256_ASM \ @HOST_ASM_MINGW64_X86_64_TRUE@ -DSHA512_ASM -DWHIRLPOOL_ASM \ @HOST_ASM_MINGW64_X86_64_TRUE@ -DOPENSSL_CPUID_OBJ -@HOST_ASM_MINGW64_X86_64_TRUE@am__append_45 = $(ASM_X86_64_MINGW64) -@HOST_ASM_ELF_ARM_FALSE@@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@@HOST_ASM_MASM_X86_64_FALSE@@HOST_ASM_MINGW64_X86_64_FALSE@am__append_46 = aes/aes_cbc.c \ +@HOST_ASM_MINGW64_X86_64_TRUE@am__append_46 = $(ASM_X86_64_MINGW64) +@HOST_ASM_ELF_ARM_FALSE@@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@@HOST_ASM_MASM_X86_64_FALSE@@HOST_ASM_MINGW64_X86_64_FALSE@am__append_47 = aes/aes_cbc.c \ @HOST_ASM_ELF_ARM_FALSE@@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@@HOST_ASM_MASM_X86_64_FALSE@@HOST_ASM_MINGW64_X86_64_FALSE@ aes/aes_core.c \ @HOST_ASM_ELF_ARM_FALSE@@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@@HOST_ASM_MASM_X86_64_FALSE@@HOST_ASM_MINGW64_X86_64_FALSE@ camellia/camellia.c \ @HOST_ASM_ELF_ARM_FALSE@@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@@HOST_ASM_MASM_X86_64_FALSE@@HOST_ASM_MINGW64_X86_64_FALSE@ camellia/cmll_cbc.c \ @HOST_ASM_ELF_ARM_FALSE@@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@@HOST_ASM_MASM_X86_64_FALSE@@HOST_ASM_MINGW64_X86_64_FALSE@ rc4/rc4_enc.c \ @HOST_ASM_ELF_ARM_FALSE@@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@@HOST_ASM_MASM_X86_64_FALSE@@HOST_ASM_MINGW64_X86_64_FALSE@ rc4/rc4_skey.c \ @HOST_ASM_ELF_ARM_FALSE@@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@@HOST_ASM_MASM_X86_64_FALSE@@HOST_ASM_MINGW64_X86_64_FALSE@ whrlpool/wp_block.c -@HOST_WIN_FALSE@am__append_47 = crypto_lock.c -@HOST_WIN_TRUE@am__append_48 = compat/crypto_lock_win.c -@HOST_WIN_FALSE@am__append_49 = bio/b_posix.c -@HOST_WIN_TRUE@am__append_50 = bio/b_win.c -@HOST_WIN_FALSE@am__append_51 = bio/bss_log.c -@HOST_WIN_FALSE@am__append_52 = ui/ui_openssl.c -@HOST_WIN_TRUE@am__append_53 = ui/ui_openssl_win.c +@HOST_WIN_FALSE@am__append_48 = crypto_lock.c +@HOST_WIN_TRUE@am__append_49 = compat/crypto_lock_win.c +@HOST_WIN_FALSE@am__append_50 = bio/b_posix.c +@HOST_WIN_TRUE@am__append_51 = bio/b_win.c +@HOST_WIN_FALSE@am__append_52 = bio/bss_log.c +@HOST_WIN_FALSE@am__append_53 = ui/ui_openssl.c +@HOST_WIN_TRUE@am__append_54 = ui/ui_openssl_win.c subdir = crypto ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_add_fortify_source.m4 \ @@ -236,17 +237,17 @@ am__DEPENDENCIES_1 = libcompat_la_DEPENDENCIES = $(am__DEPENDENCIES_1) am__libcompat_la_SOURCES_DIST = compat/strlcat.c compat/strlcpy.c \ compat/strndup.c compat/strnlen.c compat/strsep.c \ - compat/bsd-asprintf.c compat/freezero.c compat/getpagesize.c \ - compat/getprogname_linux.c compat/getprogname_windows.c \ - compat/getprogname_unimpl.c compat/timegm.c \ - compat/reallocarray.c compat/recallocarray.c compat/syslog_r.c \ - compat/timingsafe_memcmp.c compat/timingsafe_bcmp.c \ - compat/posix_win.c compat/arc4random.c \ - compat/arc4random_uniform.c compat/getentropy_aix.c \ - compat/getentropy_freebsd.c compat/getentropy_hpux.c \ - compat/getentropy_linux.c compat/getentropy_netbsd.c \ - compat/getentropy_osx.c compat/getentropy_solaris.c \ - compat/getentropy_win.c + compat/strtonum.c compat/bsd-asprintf.c compat/freezero.c \ + compat/getpagesize.c compat/getprogname_linux.c \ + compat/getprogname_windows.c compat/getprogname_unimpl.c \ + compat/timegm.c compat/reallocarray.c compat/recallocarray.c \ + compat/syslog_r.c compat/timingsafe_memcmp.c \ + compat/timingsafe_bcmp.c compat/posix_win.c \ + compat/arc4random.c compat/arc4random_uniform.c \ + compat/getentropy_aix.c compat/getentropy_freebsd.c \ + compat/getentropy_hpux.c compat/getentropy_linux.c \ + compat/getentropy_netbsd.c compat/getentropy_osx.c \ + compat/getentropy_solaris.c compat/getentropy_win.c am__dirstamp = $(am__leading_dot)dirstamp @HAVE_STRLCAT_FALSE@am__objects_1 = compat/strlcat.lo @HAVE_STRLCPY_FALSE@am__objects_2 = compat/strlcpy.lo @@ -254,31 +255,32 @@ am__dirstamp = $(am__leading_dot)dirstamp @HAVE_STRNDUP_FALSE@@HAVE_STRNLEN_FALSE@am__objects_4 = \ @HAVE_STRNDUP_FALSE@@HAVE_STRNLEN_FALSE@ compat/strnlen.lo @HAVE_STRSEP_FALSE@am__objects_5 = compat/strsep.lo -@HAVE_ASPRINTF_FALSE@am__objects_6 = compat/bsd-asprintf.lo -@HAVE_FREEZERO_FALSE@am__objects_7 = compat/freezero.lo -@HAVE_GETPAGESIZE_FALSE@am__objects_8 = compat/getpagesize.lo -@HAVE_GETPROGNAME_FALSE@@HOST_LINUX_TRUE@am__objects_9 = compat/getprogname_linux.lo -@HAVE_GETPROGNAME_FALSE@@HOST_LINUX_FALSE@@HOST_WIN_TRUE@am__objects_10 = compat/getprogname_windows.lo -@HAVE_GETPROGNAME_FALSE@@HOST_LINUX_FALSE@@HOST_WIN_FALSE@am__objects_11 = compat/getprogname_unimpl.lo -@HAVE_TIMEGM_FALSE@am__objects_12 = compat/timegm.lo -@HAVE_REALLOCARRAY_FALSE@am__objects_13 = compat/reallocarray.lo -@HAVE_RECALLOCARRAY_FALSE@am__objects_14 = compat/recallocarray.lo -@HAVE_SYSLOG_R_FALSE@am__objects_15 = compat/syslog_r.lo -@HAVE_TIMINGSAFE_MEMCMP_FALSE@am__objects_16 = \ +@HAVE_STRTONUM_FALSE@am__objects_6 = compat/strtonum.lo +@HAVE_ASPRINTF_FALSE@am__objects_7 = compat/bsd-asprintf.lo +@HAVE_FREEZERO_FALSE@am__objects_8 = compat/freezero.lo +@HAVE_GETPAGESIZE_FALSE@am__objects_9 = compat/getpagesize.lo +@HAVE_GETPROGNAME_FALSE@@HOST_LINUX_TRUE@am__objects_10 = compat/getprogname_linux.lo +@HAVE_GETPROGNAME_FALSE@@HOST_LINUX_FALSE@@HOST_WIN_TRUE@am__objects_11 = compat/getprogname_windows.lo +@HAVE_GETPROGNAME_FALSE@@HOST_LINUX_FALSE@@HOST_WIN_FALSE@am__objects_12 = compat/getprogname_unimpl.lo +@HAVE_TIMEGM_FALSE@am__objects_13 = compat/timegm.lo +@HAVE_REALLOCARRAY_FALSE@am__objects_14 = compat/reallocarray.lo +@HAVE_RECALLOCARRAY_FALSE@am__objects_15 = compat/recallocarray.lo +@HAVE_SYSLOG_R_FALSE@am__objects_16 = compat/syslog_r.lo +@HAVE_TIMINGSAFE_MEMCMP_FALSE@am__objects_17 = \ @HAVE_TIMINGSAFE_MEMCMP_FALSE@ compat/timingsafe_memcmp.lo -@HAVE_TIMINGSAFE_BCMP_FALSE@am__objects_17 = \ +@HAVE_TIMINGSAFE_BCMP_FALSE@am__objects_18 = \ @HAVE_TIMINGSAFE_BCMP_FALSE@ compat/timingsafe_bcmp.lo -@HOST_WIN_TRUE@am__objects_18 = compat/posix_win.lo -@HAVE_ARC4RANDOM_BUF_FALSE@am__objects_19 = compat/arc4random.lo \ +@HOST_WIN_TRUE@am__objects_19 = compat/posix_win.lo +@HAVE_ARC4RANDOM_BUF_FALSE@am__objects_20 = compat/arc4random.lo \ @HAVE_ARC4RANDOM_BUF_FALSE@ compat/arc4random_uniform.lo -@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_AIX_TRUE@am__objects_20 = compat/getentropy_aix.lo -@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_FREEBSD_TRUE@am__objects_21 = compat/getentropy_freebsd.lo -@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_HPUX_TRUE@am__objects_22 = compat/getentropy_hpux.lo -@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_LINUX_TRUE@am__objects_23 = compat/getentropy_linux.lo -@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_NETBSD_TRUE@am__objects_24 = compat/getentropy_netbsd.lo -@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_DARWIN_TRUE@am__objects_25 = compat/getentropy_osx.lo -@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_SOLARIS_TRUE@am__objects_26 = compat/getentropy_solaris.lo -@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_WIN_TRUE@am__objects_27 = compat/getentropy_win.lo +@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_AIX_TRUE@am__objects_21 = compat/getentropy_aix.lo +@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_FREEBSD_TRUE@am__objects_22 = compat/getentropy_freebsd.lo +@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_HPUX_TRUE@am__objects_23 = compat/getentropy_hpux.lo +@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_LINUX_TRUE@am__objects_24 = compat/getentropy_linux.lo +@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_NETBSD_TRUE@am__objects_25 = compat/getentropy_netbsd.lo +@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_DARWIN_TRUE@am__objects_26 = compat/getentropy_osx.lo +@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_SOLARIS_TRUE@am__objects_27 = compat/getentropy_solaris.lo +@HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@@HOST_WIN_TRUE@am__objects_28 = compat/getentropy_win.lo am_libcompat_la_OBJECTS = $(am__objects_1) $(am__objects_2) \ $(am__objects_3) $(am__objects_4) $(am__objects_5) \ $(am__objects_6) $(am__objects_7) $(am__objects_8) \ @@ -288,7 +290,7 @@ am_libcompat_la_OBJECTS = $(am__objects_1) $(am__objects_2) \ $(am__objects_18) $(am__objects_19) $(am__objects_20) \ $(am__objects_21) $(am__objects_22) $(am__objects_23) \ $(am__objects_24) $(am__objects_25) $(am__objects_26) \ - $(am__objects_27) + $(am__objects_27) $(am__objects_28) libcompat_la_OBJECTS = $(am_libcompat_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -297,10 +299,10 @@ am__v_lt_1 = libcompatnoopt_la_LIBADD = am__libcompatnoopt_la_SOURCES_DIST = compat/explicit_bzero_win.c \ compat/explicit_bzero.c -@HAVE_EXPLICIT_BZERO_FALSE@@HOST_WIN_TRUE@am__objects_28 = compat/libcompatnoopt_la-explicit_bzero_win.lo -@HAVE_EXPLICIT_BZERO_FALSE@@HOST_WIN_FALSE@am__objects_29 = compat/libcompatnoopt_la-explicit_bzero.lo +@HAVE_EXPLICIT_BZERO_FALSE@@HOST_WIN_TRUE@am__objects_29 = compat/libcompatnoopt_la-explicit_bzero_win.lo +@HAVE_EXPLICIT_BZERO_FALSE@@HOST_WIN_FALSE@am__objects_30 = compat/libcompatnoopt_la-explicit_bzero.lo @HAVE_EXPLICIT_BZERO_FALSE@am_libcompatnoopt_la_OBJECTS = \ -@HAVE_EXPLICIT_BZERO_FALSE@ $(am__objects_28) $(am__objects_29) +@HAVE_EXPLICIT_BZERO_FALSE@ $(am__objects_29) $(am__objects_30) libcompatnoopt_la_OBJECTS = $(am_libcompatnoopt_la_OBJECTS) libcompatnoopt_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ @@ -352,26 +354,23 @@ am__libcrypto_la_SOURCES_DIST = aes/aes-elf-armv4.S \ cpuid-mingw64-x86_64.S aes/aes_core.c cpt_err.c cryptlib.c \ crypto_init.c crypto_lock.c compat/crypto_lock_win.c \ cversion.c ex_data.c malloc-wrapper.c mem_clr.c mem_dbg.c \ - o_init.c o_str.c o_time.c aes/aes_cfb.c aes/aes_ctr.c \ + o_fips.c o_init.c o_str.c o_time.c aes/aes_cfb.c aes/aes_ctr.c \ aes/aes_ecb.c aes/aes_ige.c aes/aes_misc.c aes/aes_ofb.c \ - aes/aes_wrap.c asn1/a_bitstr.c asn1/a_bool.c asn1/a_d2i_fp.c \ - asn1/a_digest.c asn1/a_dup.c asn1/a_enum.c asn1/a_i2d_fp.c \ - asn1/a_int.c asn1/a_mbstr.c asn1/a_object.c asn1/a_octet.c \ - asn1/a_print.c asn1/a_sign.c asn1/a_strex.c asn1/a_strnid.c \ - asn1/a_time.c asn1/a_time_tm.c asn1/a_type.c asn1/a_utf8.c \ - asn1/a_verify.c asn1/ameth_lib.c asn1/asn1_err.c \ - asn1/asn1_gen.c asn1/asn1_lib.c asn1/asn1_par.c \ - asn1/asn_mime.c asn1/asn_moid.c asn1/asn_pack.c \ - asn1/bio_asn1.c asn1/bio_ndef.c asn1/d2i_pr.c asn1/d2i_pu.c \ - asn1/evp_asn1.c asn1/f_enum.c asn1/f_int.c asn1/f_string.c \ - asn1/i2d_pr.c asn1/i2d_pu.c asn1/n_pkey.c asn1/nsseq.c \ - asn1/p5_pbe.c asn1/p5_pbev2.c asn1/p8_pkey.c asn1/t_bitst.c \ - asn1/t_crl.c asn1/t_pkey.c asn1/t_req.c asn1/t_spki.c \ - asn1/t_x509.c asn1/t_x509a.c asn1/tasn_dec.c asn1/tasn_enc.c \ - asn1/tasn_fre.c asn1/tasn_new.c asn1/tasn_prn.c \ - asn1/tasn_typ.c asn1/tasn_utl.c asn1/x_algor.c asn1/x_attrib.c \ - asn1/x_bignum.c asn1/x_crl.c asn1/x_exten.c asn1/x_info.c \ - asn1/x_long.c asn1/x_name.c asn1/x_nx509.c asn1/x_pkey.c \ + aes/aes_wrap.c asn1/a_bitstr.c asn1/a_enum.c asn1/a_int.c \ + asn1/a_mbstr.c asn1/a_object.c asn1/a_octet.c asn1/a_pkey.c \ + asn1/a_print.c asn1/a_pubkey.c asn1/a_strex.c asn1/a_string.c \ + asn1/a_strnid.c asn1/a_time.c asn1/a_time_tm.c asn1/a_type.c \ + asn1/a_utf8.c asn1/ameth_lib.c asn1/asn1_err.c asn1/asn1_gen.c \ + asn1/asn1_item.c asn1/asn1_lib.c asn1/asn1_old.c \ + asn1/asn1_old_lib.c asn1/asn1_par.c asn1/asn1_types.c \ + asn1/asn_mime.c asn1/asn_moid.c asn1/bio_asn1.c \ + asn1/bio_ndef.c asn1/nsseq.c asn1/p5_pbe.c asn1/p5_pbev2.c \ + asn1/p8_pkey.c asn1/t_crl.c asn1/t_pkey.c asn1/t_req.c \ + asn1/t_spki.c asn1/t_x509.c asn1/t_x509a.c asn1/tasn_dec.c \ + asn1/tasn_enc.c asn1/tasn_fre.c asn1/tasn_new.c \ + asn1/tasn_prn.c asn1/tasn_typ.c asn1/tasn_utl.c asn1/x_algor.c \ + asn1/x_attrib.c asn1/x_bignum.c asn1/x_crl.c asn1/x_exten.c \ + asn1/x_info.c asn1/x_long.c asn1/x_name.c asn1/x_pkey.c \ asn1/x_pubkey.c asn1/x_req.c asn1/x_sig.c asn1/x_spki.c \ asn1/x_val.c asn1/x_x509.c asn1/x_x509a.c bf/bf_cfb64.c \ bf/bf_ecb.c bf/bf_enc.c bf/bf_ofb64.c bf/bf_skey.c \ @@ -381,24 +380,27 @@ am__libcrypto_la_SOURCES_DIST = aes/aes-elf-armv4.S \ bio/bss_acpt.c bio/bss_bio.c bio/bss_conn.c bio/bss_dgram.c \ bio/bss_fd.c bio/bss_file.c bio/bss_log.c bio/bss_mem.c \ bio/bss_null.c bio/bss_sock.c bn/bn_add.c bn/bn_asm.c \ - bn/bn_blind.c bn/bn_const.c bn/bn_ctx.c bn/bn_depr.c \ - bn/bn_div.c bn/bn_err.c bn/bn_exp.c bn/bn_exp2.c bn/bn_gcd.c \ - bn/bn_gf2m.c bn/bn_kron.c bn/bn_lib.c bn/bn_mod.c bn/bn_mont.c \ - bn/bn_mpi.c bn/bn_mul.c bn/bn_nist.c bn/bn_prime.c \ - bn/bn_print.c bn/bn_rand.c bn/bn_recp.c bn/bn_shift.c \ - bn/bn_sqr.c bn/bn_sqrt.c bn/bn_word.c bn/bn_x931p.c \ - buffer/buf_err.c buffer/buf_str.c buffer/buffer.c \ - camellia/cmll_cfb.c camellia/cmll_ctr.c camellia/cmll_ecb.c \ - camellia/cmll_misc.c camellia/cmll_ofb.c cast/c_cfb64.c \ - cast/c_ecb.c cast/c_enc.c cast/c_ofb64.c cast/c_skey.c \ - chacha/chacha.c cmac/cm_ameth.c cmac/cm_pmeth.c cmac/cmac.c \ - cms/cms_asn1.c cms/cms_att.c cms/cms_cd.c cms/cms_dd.c \ - cms/cms_enc.c cms/cms_env.c cms/cms_err.c cms/cms_ess.c \ - cms/cms_io.c cms/cms_kari.c cms/cms_lib.c cms/cms_pwri.c \ - cms/cms_sd.c cms/cms_smime.c comp/c_rle.c comp/c_zlib.c \ - comp/comp_err.c comp/comp_lib.c conf/conf_api.c \ + bn/bn_blind.c bn/bn_bpsw.c bn/bn_const.c bn/bn_ctx.c \ + bn/bn_depr.c bn/bn_div.c bn/bn_err.c bn/bn_exp.c bn/bn_exp2.c \ + bn/bn_gcd.c bn/bn_gf2m.c bn/bn_isqrt.c bn/bn_kron.c \ + bn/bn_lib.c bn/bn_mod.c bn/bn_mont.c bn/bn_mpi.c bn/bn_mul.c \ + bn/bn_nist.c bn/bn_prime.c bn/bn_print.c bn/bn_rand.c \ + bn/bn_recp.c bn/bn_shift.c bn/bn_sqr.c bn/bn_sqrt.c \ + bn/bn_word.c bn/bn_x931p.c buffer/buf_err.c buffer/buf_str.c \ + buffer/buffer.c bytestring/bs_ber.c bytestring/bs_cbb.c \ + bytestring/bs_cbs.c camellia/cmll_cfb.c camellia/cmll_ctr.c \ + camellia/cmll_ecb.c camellia/cmll_misc.c camellia/cmll_ofb.c \ + cast/c_cfb64.c cast/c_ecb.c cast/c_enc.c cast/c_ofb64.c \ + cast/c_skey.c chacha/chacha.c cmac/cm_ameth.c cmac/cm_pmeth.c \ + cmac/cmac.c cms/cms_asn1.c cms/cms_att.c cms/cms_cd.c \ + cms/cms_dd.c cms/cms_enc.c cms/cms_env.c cms/cms_err.c \ + cms/cms_ess.c cms/cms_io.c cms/cms_kari.c cms/cms_lib.c \ + cms/cms_pwri.c cms/cms_sd.c cms/cms_smime.c comp/c_rle.c \ + comp/c_zlib.c comp/comp_err.c comp/comp_lib.c conf/conf_api.c \ conf/conf_def.c conf/conf_err.c conf/conf_lib.c \ - conf/conf_mall.c conf/conf_mod.c conf/conf_sap.c \ + conf/conf_mall.c conf/conf_mod.c conf/conf_sap.c ct/ct_b64.c \ + ct/ct_err.c ct/ct_log.c ct/ct_oct.c ct/ct_policy.c ct/ct_prn.c \ + ct/ct_sct.c ct/ct_sct_ctx.c ct/ct_vfy.c ct/ct_x509v3.c \ curve25519/curve25519-generic.c curve25519/curve25519.c \ des/cbc_cksm.c des/cbc_enc.c des/cfb64ede.c des/cfb64enc.c \ des/cfb_enc.c des/des_enc.c des/ecb3_enc.c des/ecb_enc.c \ @@ -437,22 +439,22 @@ am__libcrypto_la_SOURCES_DIST = aes/aes-elf-armv4.S \ evp/e_rc2.c evp/e_rc4.c evp/e_rc4_hmac_md5.c evp/e_sm4.c \ evp/e_xcbc_d.c evp/encode.c evp/evp_aead.c evp/evp_enc.c \ evp/evp_err.c evp/evp_key.c evp/evp_lib.c evp/evp_pbe.c \ - evp/evp_pkey.c evp/m_dss.c evp/m_dss1.c evp/m_ecdsa.c \ - evp/m_gost2814789.c evp/m_gostr341194.c evp/m_md4.c \ - evp/m_md5.c evp/m_md5_sha1.c evp/m_null.c evp/m_ripemd.c \ - evp/m_sha1.c evp/m_sigver.c evp/m_streebog.c evp/m_sm3.c \ - evp/m_wp.c evp/names.c evp/p5_crpt.c evp/p5_crpt2.c \ - evp/p_dec.c evp/p_enc.c evp/p_lib.c evp/p_open.c evp/p_seal.c \ - evp/p_sign.c evp/p_verify.c evp/pmeth_fn.c evp/pmeth_gn.c \ - evp/pmeth_lib.c gost/gost2814789.c gost/gost89_keywrap.c \ - gost/gost89_params.c gost/gost89imit_ameth.c \ - gost/gost89imit_pmeth.c gost/gost_asn1.c gost/gost_err.c \ - gost/gostr341001.c gost/gostr341001_ameth.c \ - gost/gostr341001_key.c gost/gostr341001_params.c \ - gost/gostr341001_pmeth.c gost/gostr341194.c gost/streebog.c \ - hkdf/hkdf.c hmac/hm_ameth.c hmac/hm_pmeth.c hmac/hmac.c \ - idea/i_cbc.c idea/i_cfb64.c idea/i_ecb.c idea/i_ofb64.c \ - idea/i_skey.c lhash/lh_stats.c lhash/lhash.c md4/md4_dgst.c \ + evp/evp_pkey.c evp/m_gost2814789.c evp/m_gostr341194.c \ + evp/m_md4.c evp/m_md5.c evp/m_md5_sha1.c evp/m_null.c \ + evp/m_ripemd.c evp/m_sha1.c evp/m_sigver.c evp/m_streebog.c \ + evp/m_sm3.c evp/m_wp.c evp/names.c evp/p5_crpt.c \ + evp/p5_crpt2.c evp/p_dec.c evp/p_enc.c evp/p_lib.c \ + evp/p_open.c evp/p_seal.c evp/p_sign.c evp/p_verify.c \ + evp/pmeth_fn.c evp/pmeth_gn.c evp/pmeth_lib.c \ + gost/gost2814789.c gost/gost89_keywrap.c gost/gost89_params.c \ + gost/gost89imit_ameth.c gost/gost89imit_pmeth.c \ + gost/gost_asn1.c gost/gost_err.c gost/gostr341001.c \ + gost/gostr341001_ameth.c gost/gostr341001_key.c \ + gost/gostr341001_params.c gost/gostr341001_pmeth.c \ + gost/gostr341194.c gost/streebog.c hkdf/hkdf.c hmac/hm_ameth.c \ + hmac/hm_pmeth.c hmac/hmac.c idea/i_cbc.c idea/i_cfb64.c \ + idea/i_ecb.c idea/i_ofb64.c idea/i_skey.c kdf/hkdf_evp.c \ + kdf/kdf_err.c lhash/lh_stats.c lhash/lhash.c md4/md4_dgst.c \ md4/md4_one.c md5/md5_dgst.c md5/md5_one.c modes/cbc128.c \ modes/ccm128.c modes/cfb128.c modes/ctr128.c modes/cts128.c \ modes/gcm128.c modes/ofb128.c modes/xts128.c objects/o_names.c \ @@ -461,12 +463,12 @@ am__libcrypto_la_SOURCES_DIST = aes/aes-elf-armv4.S \ ocsp/ocsp_err.c ocsp/ocsp_ext.c ocsp/ocsp_ht.c ocsp/ocsp_lib.c \ ocsp/ocsp_prn.c ocsp/ocsp_srv.c ocsp/ocsp_vfy.c pem/pem_all.c \ pem/pem_err.c pem/pem_info.c pem/pem_lib.c pem/pem_oth.c \ - pem/pem_pk8.c pem/pem_pkey.c pem/pem_seal.c pem/pem_sign.c \ - pem/pem_x509.c pem/pem_xaux.c pem/pvkfmt.c pkcs12/p12_add.c \ - pkcs12/p12_asn.c pkcs12/p12_attr.c pkcs12/p12_crpt.c \ - pkcs12/p12_crt.c pkcs12/p12_decr.c pkcs12/p12_init.c \ - pkcs12/p12_key.c pkcs12/p12_kiss.c pkcs12/p12_mutl.c \ - pkcs12/p12_npas.c pkcs12/p12_p8d.c pkcs12/p12_p8e.c \ + pem/pem_pk8.c pem/pem_pkey.c pem/pem_sign.c pem/pem_x509.c \ + pem/pem_xaux.c pem/pvkfmt.c pkcs12/p12_add.c pkcs12/p12_asn.c \ + pkcs12/p12_attr.c pkcs12/p12_crpt.c pkcs12/p12_crt.c \ + pkcs12/p12_decr.c pkcs12/p12_init.c pkcs12/p12_key.c \ + pkcs12/p12_kiss.c pkcs12/p12_mutl.c pkcs12/p12_npas.c \ + pkcs12/p12_p8d.c pkcs12/p12_p8e.c pkcs12/p12_sbag.c \ pkcs12/p12_utl.c pkcs12/pk12err.c pkcs7/bio_pk7.c \ pkcs7/pk7_asn1.c pkcs7/pk7_attr.c pkcs7/pk7_doit.c \ pkcs7/pk7_lib.c pkcs7/pk7_mime.c pkcs7/pk7_smime.c \ @@ -505,7 +507,7 @@ am__libcrypto_la_SOURCES_DIST = aes/aes-elf-armv4.S \ x509/x509_verify.c x509/x509_vfy.c x509/x509_vpm.c \ x509/x509cset.c x509/x509name.c x509/x509rset.c \ x509/x509spki.c x509/x509type.c x509/x_all.c -am__objects_30 = aes/libcrypto_la-aes-elf-armv4.lo \ +am__objects_31 = aes/libcrypto_la-aes-elf-armv4.lo \ bn/libcrypto_la-gf2m-elf-armv4.lo \ bn/libcrypto_la-mont-elf-armv4.lo \ sha/libcrypto_la-sha1-elf-armv4.lo \ @@ -516,8 +518,8 @@ am__objects_30 = aes/libcrypto_la-aes-elf-armv4.lo \ aes/libcrypto_la-aes_cbc.lo camellia/libcrypto_la-camellia.lo \ camellia/libcrypto_la-cmll_cbc.lo rc4/libcrypto_la-rc4_enc.lo \ rc4/libcrypto_la-rc4_skey.lo whrlpool/libcrypto_la-wp_block.lo -@HOST_ASM_ELF_ARM_TRUE@am__objects_31 = $(am__objects_30) -am__objects_32 = aes/libcrypto_la-aes-elf-x86_64.lo \ +@HOST_ASM_ELF_ARM_TRUE@am__objects_32 = $(am__objects_31) +am__objects_33 = aes/libcrypto_la-aes-elf-x86_64.lo \ aes/libcrypto_la-bsaes-elf-x86_64.lo \ aes/libcrypto_la-vpaes-elf-x86_64.lo \ aes/libcrypto_la-aesni-elf-x86_64.lo \ @@ -536,8 +538,8 @@ am__objects_32 = aes/libcrypto_la-aes-elf-x86_64.lo \ sha/libcrypto_la-sha512-elf-x86_64.lo \ whrlpool/libcrypto_la-wp-elf-x86_64.lo \ libcrypto_la-cpuid-elf-x86_64.lo -@HOST_ASM_ELF_X86_64_TRUE@am__objects_33 = $(am__objects_32) -am__objects_34 = aes/libcrypto_la-aes-macosx-x86_64.lo \ +@HOST_ASM_ELF_X86_64_TRUE@am__objects_34 = $(am__objects_33) +am__objects_35 = aes/libcrypto_la-aes-macosx-x86_64.lo \ aes/libcrypto_la-bsaes-macosx-x86_64.lo \ aes/libcrypto_la-vpaes-macosx-x86_64.lo \ aes/libcrypto_la-aesni-macosx-x86_64.lo \ @@ -556,8 +558,8 @@ am__objects_34 = aes/libcrypto_la-aes-macosx-x86_64.lo \ sha/libcrypto_la-sha512-macosx-x86_64.lo \ whrlpool/libcrypto_la-wp-macosx-x86_64.lo \ libcrypto_la-cpuid-macosx-x86_64.lo -@HOST_ASM_MACOSX_X86_64_TRUE@am__objects_35 = $(am__objects_34) -am__objects_36 = aes/libcrypto_la-aes-masm-x86_64.lo \ +@HOST_ASM_MACOSX_X86_64_TRUE@am__objects_36 = $(am__objects_35) +am__objects_37 = aes/libcrypto_la-aes-masm-x86_64.lo \ aes/libcrypto_la-bsaes-masm-x86_64.lo \ aes/libcrypto_la-vpaes-masm-x86_64.lo \ aes/libcrypto_la-aesni-masm-x86_64.lo \ @@ -576,8 +578,8 @@ am__objects_36 = aes/libcrypto_la-aes-masm-x86_64.lo \ sha/libcrypto_la-sha512-masm-x86_64.lo \ whrlpool/libcrypto_la-wp-masm-x86_64.lo \ libcrypto_la-cpuid-masm-x86_64.lo -@HOST_ASM_MASM_X86_64_TRUE@am__objects_37 = $(am__objects_36) -am__objects_38 = aes/libcrypto_la-aes-mingw64-x86_64.lo \ +@HOST_ASM_MASM_X86_64_TRUE@am__objects_38 = $(am__objects_37) +am__objects_39 = aes/libcrypto_la-aes-mingw64-x86_64.lo \ aes/libcrypto_la-bsaes-mingw64-x86_64.lo \ aes/libcrypto_la-vpaes-mingw64-x86_64.lo \ aes/libcrypto_la-aesni-mingw64-x86_64.lo \ @@ -592,56 +594,52 @@ am__objects_38 = aes/libcrypto_la-aes-mingw64-x86_64.lo \ sha/libcrypto_la-sha512-mingw64-x86_64.lo \ whrlpool/libcrypto_la-wp-mingw64-x86_64.lo \ libcrypto_la-cpuid-mingw64-x86_64.lo -@HOST_ASM_MINGW64_X86_64_TRUE@am__objects_39 = $(am__objects_38) -@HOST_ASM_ELF_ARM_FALSE@@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@@HOST_ASM_MASM_X86_64_FALSE@@HOST_ASM_MINGW64_X86_64_FALSE@am__objects_40 = aes/libcrypto_la-aes_cbc.lo \ +@HOST_ASM_MINGW64_X86_64_TRUE@am__objects_40 = $(am__objects_39) +@HOST_ASM_ELF_ARM_FALSE@@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@@HOST_ASM_MASM_X86_64_FALSE@@HOST_ASM_MINGW64_X86_64_FALSE@am__objects_41 = aes/libcrypto_la-aes_cbc.lo \ @HOST_ASM_ELF_ARM_FALSE@@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@@HOST_ASM_MASM_X86_64_FALSE@@HOST_ASM_MINGW64_X86_64_FALSE@ aes/libcrypto_la-aes_core.lo \ @HOST_ASM_ELF_ARM_FALSE@@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@@HOST_ASM_MASM_X86_64_FALSE@@HOST_ASM_MINGW64_X86_64_FALSE@ camellia/libcrypto_la-camellia.lo \ @HOST_ASM_ELF_ARM_FALSE@@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@@HOST_ASM_MASM_X86_64_FALSE@@HOST_ASM_MINGW64_X86_64_FALSE@ camellia/libcrypto_la-cmll_cbc.lo \ @HOST_ASM_ELF_ARM_FALSE@@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@@HOST_ASM_MASM_X86_64_FALSE@@HOST_ASM_MINGW64_X86_64_FALSE@ rc4/libcrypto_la-rc4_enc.lo \ @HOST_ASM_ELF_ARM_FALSE@@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@@HOST_ASM_MASM_X86_64_FALSE@@HOST_ASM_MINGW64_X86_64_FALSE@ rc4/libcrypto_la-rc4_skey.lo \ @HOST_ASM_ELF_ARM_FALSE@@HOST_ASM_ELF_X86_64_FALSE@@HOST_ASM_MACOSX_X86_64_FALSE@@HOST_ASM_MASM_X86_64_FALSE@@HOST_ASM_MINGW64_X86_64_FALSE@ whrlpool/libcrypto_la-wp_block.lo -@HOST_WIN_FALSE@am__objects_41 = libcrypto_la-crypto_lock.lo -@HOST_WIN_TRUE@am__objects_42 = \ +@HOST_WIN_FALSE@am__objects_42 = libcrypto_la-crypto_lock.lo +@HOST_WIN_TRUE@am__objects_43 = \ @HOST_WIN_TRUE@ compat/libcrypto_la-crypto_lock_win.lo -@HOST_WIN_FALSE@am__objects_43 = bio/libcrypto_la-b_posix.lo -@HOST_WIN_TRUE@am__objects_44 = bio/libcrypto_la-b_win.lo -@HOST_WIN_FALSE@am__objects_45 = bio/libcrypto_la-bss_log.lo -@HOST_WIN_FALSE@am__objects_46 = ui/libcrypto_la-ui_openssl.lo -@HOST_WIN_TRUE@am__objects_47 = ui/libcrypto_la-ui_openssl_win.lo -am_libcrypto_la_OBJECTS = $(am__objects_31) $(am__objects_33) \ - $(am__objects_35) $(am__objects_37) $(am__objects_39) \ - $(am__objects_40) libcrypto_la-cpt_err.lo \ +@HOST_WIN_FALSE@am__objects_44 = bio/libcrypto_la-b_posix.lo +@HOST_WIN_TRUE@am__objects_45 = bio/libcrypto_la-b_win.lo +@HOST_WIN_FALSE@am__objects_46 = bio/libcrypto_la-bss_log.lo +@HOST_WIN_FALSE@am__objects_47 = ui/libcrypto_la-ui_openssl.lo +@HOST_WIN_TRUE@am__objects_48 = ui/libcrypto_la-ui_openssl_win.lo +am_libcrypto_la_OBJECTS = $(am__objects_32) $(am__objects_34) \ + $(am__objects_36) $(am__objects_38) $(am__objects_40) \ + $(am__objects_41) libcrypto_la-cpt_err.lo \ libcrypto_la-cryptlib.lo libcrypto_la-crypto_init.lo \ - $(am__objects_41) $(am__objects_42) libcrypto_la-cversion.lo \ + $(am__objects_42) $(am__objects_43) libcrypto_la-cversion.lo \ libcrypto_la-ex_data.lo libcrypto_la-malloc-wrapper.lo \ libcrypto_la-mem_clr.lo libcrypto_la-mem_dbg.lo \ - libcrypto_la-o_init.lo libcrypto_la-o_str.lo \ - libcrypto_la-o_time.lo aes/libcrypto_la-aes_cfb.lo \ - aes/libcrypto_la-aes_ctr.lo aes/libcrypto_la-aes_ecb.lo \ - aes/libcrypto_la-aes_ige.lo aes/libcrypto_la-aes_misc.lo \ - aes/libcrypto_la-aes_ofb.lo aes/libcrypto_la-aes_wrap.lo \ - asn1/libcrypto_la-a_bitstr.lo asn1/libcrypto_la-a_bool.lo \ - asn1/libcrypto_la-a_d2i_fp.lo asn1/libcrypto_la-a_digest.lo \ - asn1/libcrypto_la-a_dup.lo asn1/libcrypto_la-a_enum.lo \ - asn1/libcrypto_la-a_i2d_fp.lo asn1/libcrypto_la-a_int.lo \ + libcrypto_la-o_fips.lo libcrypto_la-o_init.lo \ + libcrypto_la-o_str.lo libcrypto_la-o_time.lo \ + aes/libcrypto_la-aes_cfb.lo aes/libcrypto_la-aes_ctr.lo \ + aes/libcrypto_la-aes_ecb.lo aes/libcrypto_la-aes_ige.lo \ + aes/libcrypto_la-aes_misc.lo aes/libcrypto_la-aes_ofb.lo \ + aes/libcrypto_la-aes_wrap.lo asn1/libcrypto_la-a_bitstr.lo \ + asn1/libcrypto_la-a_enum.lo asn1/libcrypto_la-a_int.lo \ asn1/libcrypto_la-a_mbstr.lo asn1/libcrypto_la-a_object.lo \ - asn1/libcrypto_la-a_octet.lo asn1/libcrypto_la-a_print.lo \ - asn1/libcrypto_la-a_sign.lo asn1/libcrypto_la-a_strex.lo \ + asn1/libcrypto_la-a_octet.lo asn1/libcrypto_la-a_pkey.lo \ + asn1/libcrypto_la-a_print.lo asn1/libcrypto_la-a_pubkey.lo \ + asn1/libcrypto_la-a_strex.lo asn1/libcrypto_la-a_string.lo \ asn1/libcrypto_la-a_strnid.lo asn1/libcrypto_la-a_time.lo \ asn1/libcrypto_la-a_time_tm.lo asn1/libcrypto_la-a_type.lo \ - asn1/libcrypto_la-a_utf8.lo asn1/libcrypto_la-a_verify.lo \ - asn1/libcrypto_la-ameth_lib.lo asn1/libcrypto_la-asn1_err.lo \ - asn1/libcrypto_la-asn1_gen.lo asn1/libcrypto_la-asn1_lib.lo \ - asn1/libcrypto_la-asn1_par.lo asn1/libcrypto_la-asn_mime.lo \ - asn1/libcrypto_la-asn_moid.lo asn1/libcrypto_la-asn_pack.lo \ + asn1/libcrypto_la-a_utf8.lo asn1/libcrypto_la-ameth_lib.lo \ + asn1/libcrypto_la-asn1_err.lo asn1/libcrypto_la-asn1_gen.lo \ + asn1/libcrypto_la-asn1_item.lo asn1/libcrypto_la-asn1_lib.lo \ + asn1/libcrypto_la-asn1_old.lo \ + asn1/libcrypto_la-asn1_old_lib.lo \ + asn1/libcrypto_la-asn1_par.lo asn1/libcrypto_la-asn1_types.lo \ + asn1/libcrypto_la-asn_mime.lo asn1/libcrypto_la-asn_moid.lo \ asn1/libcrypto_la-bio_asn1.lo asn1/libcrypto_la-bio_ndef.lo \ - asn1/libcrypto_la-d2i_pr.lo asn1/libcrypto_la-d2i_pu.lo \ - asn1/libcrypto_la-evp_asn1.lo asn1/libcrypto_la-f_enum.lo \ - asn1/libcrypto_la-f_int.lo asn1/libcrypto_la-f_string.lo \ - asn1/libcrypto_la-i2d_pr.lo asn1/libcrypto_la-i2d_pu.lo \ - asn1/libcrypto_la-n_pkey.lo asn1/libcrypto_la-nsseq.lo \ - asn1/libcrypto_la-p5_pbe.lo asn1/libcrypto_la-p5_pbev2.lo \ - asn1/libcrypto_la-p8_pkey.lo asn1/libcrypto_la-t_bitst.lo \ + asn1/libcrypto_la-nsseq.lo asn1/libcrypto_la-p5_pbe.lo \ + asn1/libcrypto_la-p5_pbev2.lo asn1/libcrypto_la-p8_pkey.lo \ asn1/libcrypto_la-t_crl.lo asn1/libcrypto_la-t_pkey.lo \ asn1/libcrypto_la-t_req.lo asn1/libcrypto_la-t_spki.lo \ asn1/libcrypto_la-t_x509.lo asn1/libcrypto_la-t_x509a.lo \ @@ -652,40 +650,44 @@ am_libcrypto_la_OBJECTS = $(am__objects_31) $(am__objects_33) \ asn1/libcrypto_la-x_attrib.lo asn1/libcrypto_la-x_bignum.lo \ asn1/libcrypto_la-x_crl.lo asn1/libcrypto_la-x_exten.lo \ asn1/libcrypto_la-x_info.lo asn1/libcrypto_la-x_long.lo \ - asn1/libcrypto_la-x_name.lo asn1/libcrypto_la-x_nx509.lo \ - asn1/libcrypto_la-x_pkey.lo asn1/libcrypto_la-x_pubkey.lo \ - asn1/libcrypto_la-x_req.lo asn1/libcrypto_la-x_sig.lo \ - asn1/libcrypto_la-x_spki.lo asn1/libcrypto_la-x_val.lo \ - asn1/libcrypto_la-x_x509.lo asn1/libcrypto_la-x_x509a.lo \ - bf/libcrypto_la-bf_cfb64.lo bf/libcrypto_la-bf_ecb.lo \ - bf/libcrypto_la-bf_enc.lo bf/libcrypto_la-bf_ofb64.lo \ - bf/libcrypto_la-bf_skey.lo bio/libcrypto_la-b_dump.lo \ - $(am__objects_43) bio/libcrypto_la-b_print.lo \ - bio/libcrypto_la-b_sock.lo $(am__objects_44) \ - bio/libcrypto_la-bf_buff.lo bio/libcrypto_la-bf_nbio.lo \ - bio/libcrypto_la-bf_null.lo bio/libcrypto_la-bio_cb.lo \ - bio/libcrypto_la-bio_err.lo bio/libcrypto_la-bio_lib.lo \ - bio/libcrypto_la-bio_meth.lo bio/libcrypto_la-bss_acpt.lo \ - bio/libcrypto_la-bss_bio.lo bio/libcrypto_la-bss_conn.lo \ - bio/libcrypto_la-bss_dgram.lo bio/libcrypto_la-bss_fd.lo \ - bio/libcrypto_la-bss_file.lo $(am__objects_45) \ - bio/libcrypto_la-bss_mem.lo bio/libcrypto_la-bss_null.lo \ - bio/libcrypto_la-bss_sock.lo bn/libcrypto_la-bn_add.lo \ - bn/libcrypto_la-bn_asm.lo bn/libcrypto_la-bn_blind.lo \ + asn1/libcrypto_la-x_name.lo asn1/libcrypto_la-x_pkey.lo \ + asn1/libcrypto_la-x_pubkey.lo asn1/libcrypto_la-x_req.lo \ + asn1/libcrypto_la-x_sig.lo asn1/libcrypto_la-x_spki.lo \ + asn1/libcrypto_la-x_val.lo asn1/libcrypto_la-x_x509.lo \ + asn1/libcrypto_la-x_x509a.lo bf/libcrypto_la-bf_cfb64.lo \ + bf/libcrypto_la-bf_ecb.lo bf/libcrypto_la-bf_enc.lo \ + bf/libcrypto_la-bf_ofb64.lo bf/libcrypto_la-bf_skey.lo \ + bio/libcrypto_la-b_dump.lo $(am__objects_44) \ + bio/libcrypto_la-b_print.lo bio/libcrypto_la-b_sock.lo \ + $(am__objects_45) bio/libcrypto_la-bf_buff.lo \ + bio/libcrypto_la-bf_nbio.lo bio/libcrypto_la-bf_null.lo \ + bio/libcrypto_la-bio_cb.lo bio/libcrypto_la-bio_err.lo \ + bio/libcrypto_la-bio_lib.lo bio/libcrypto_la-bio_meth.lo \ + bio/libcrypto_la-bss_acpt.lo bio/libcrypto_la-bss_bio.lo \ + bio/libcrypto_la-bss_conn.lo bio/libcrypto_la-bss_dgram.lo \ + bio/libcrypto_la-bss_fd.lo bio/libcrypto_la-bss_file.lo \ + $(am__objects_46) bio/libcrypto_la-bss_mem.lo \ + bio/libcrypto_la-bss_null.lo bio/libcrypto_la-bss_sock.lo \ + bn/libcrypto_la-bn_add.lo bn/libcrypto_la-bn_asm.lo \ + bn/libcrypto_la-bn_blind.lo bn/libcrypto_la-bn_bpsw.lo \ bn/libcrypto_la-bn_const.lo bn/libcrypto_la-bn_ctx.lo \ bn/libcrypto_la-bn_depr.lo bn/libcrypto_la-bn_div.lo \ bn/libcrypto_la-bn_err.lo bn/libcrypto_la-bn_exp.lo \ bn/libcrypto_la-bn_exp2.lo bn/libcrypto_la-bn_gcd.lo \ - bn/libcrypto_la-bn_gf2m.lo bn/libcrypto_la-bn_kron.lo \ - bn/libcrypto_la-bn_lib.lo bn/libcrypto_la-bn_mod.lo \ - bn/libcrypto_la-bn_mont.lo bn/libcrypto_la-bn_mpi.lo \ - bn/libcrypto_la-bn_mul.lo bn/libcrypto_la-bn_nist.lo \ - bn/libcrypto_la-bn_prime.lo bn/libcrypto_la-bn_print.lo \ - bn/libcrypto_la-bn_rand.lo bn/libcrypto_la-bn_recp.lo \ - bn/libcrypto_la-bn_shift.lo bn/libcrypto_la-bn_sqr.lo \ - bn/libcrypto_la-bn_sqrt.lo bn/libcrypto_la-bn_word.lo \ - bn/libcrypto_la-bn_x931p.lo buffer/libcrypto_la-buf_err.lo \ - buffer/libcrypto_la-buf_str.lo buffer/libcrypto_la-buffer.lo \ + bn/libcrypto_la-bn_gf2m.lo bn/libcrypto_la-bn_isqrt.lo \ + bn/libcrypto_la-bn_kron.lo bn/libcrypto_la-bn_lib.lo \ + bn/libcrypto_la-bn_mod.lo bn/libcrypto_la-bn_mont.lo \ + bn/libcrypto_la-bn_mpi.lo bn/libcrypto_la-bn_mul.lo \ + bn/libcrypto_la-bn_nist.lo bn/libcrypto_la-bn_prime.lo \ + bn/libcrypto_la-bn_print.lo bn/libcrypto_la-bn_rand.lo \ + bn/libcrypto_la-bn_recp.lo bn/libcrypto_la-bn_shift.lo \ + bn/libcrypto_la-bn_sqr.lo bn/libcrypto_la-bn_sqrt.lo \ + bn/libcrypto_la-bn_word.lo bn/libcrypto_la-bn_x931p.lo \ + buffer/libcrypto_la-buf_err.lo buffer/libcrypto_la-buf_str.lo \ + buffer/libcrypto_la-buffer.lo \ + bytestring/libcrypto_la-bs_ber.lo \ + bytestring/libcrypto_la-bs_cbb.lo \ + bytestring/libcrypto_la-bs_cbs.lo \ camellia/libcrypto_la-cmll_cfb.lo \ camellia/libcrypto_la-cmll_ctr.lo \ camellia/libcrypto_la-cmll_ecb.lo \ @@ -707,7 +709,12 @@ am_libcrypto_la_OBJECTS = $(am__objects_31) $(am__objects_33) \ conf/libcrypto_la-conf_api.lo conf/libcrypto_la-conf_def.lo \ conf/libcrypto_la-conf_err.lo conf/libcrypto_la-conf_lib.lo \ conf/libcrypto_la-conf_mall.lo conf/libcrypto_la-conf_mod.lo \ - conf/libcrypto_la-conf_sap.lo \ + conf/libcrypto_la-conf_sap.lo ct/libcrypto_la-ct_b64.lo \ + ct/libcrypto_la-ct_err.lo ct/libcrypto_la-ct_log.lo \ + ct/libcrypto_la-ct_oct.lo ct/libcrypto_la-ct_policy.lo \ + ct/libcrypto_la-ct_prn.lo ct/libcrypto_la-ct_sct.lo \ + ct/libcrypto_la-ct_sct_ctx.lo ct/libcrypto_la-ct_vfy.lo \ + ct/libcrypto_la-ct_x509v3.lo \ curve25519/libcrypto_la-curve25519-generic.lo \ curve25519/libcrypto_la-curve25519.lo \ des/libcrypto_la-cbc_cksm.lo des/libcrypto_la-cbc_enc.lo \ @@ -783,9 +790,7 @@ am_libcrypto_la_OBJECTS = $(am__objects_31) $(am__objects_33) \ evp/libcrypto_la-evp_aead.lo evp/libcrypto_la-evp_enc.lo \ evp/libcrypto_la-evp_err.lo evp/libcrypto_la-evp_key.lo \ evp/libcrypto_la-evp_lib.lo evp/libcrypto_la-evp_pbe.lo \ - evp/libcrypto_la-evp_pkey.lo evp/libcrypto_la-m_dss.lo \ - evp/libcrypto_la-m_dss1.lo evp/libcrypto_la-m_ecdsa.lo \ - evp/libcrypto_la-m_gost2814789.lo \ + evp/libcrypto_la-evp_pkey.lo evp/libcrypto_la-m_gost2814789.lo \ evp/libcrypto_la-m_gostr341194.lo evp/libcrypto_la-m_md4.lo \ evp/libcrypto_la-m_md5.lo evp/libcrypto_la-m_md5_sha1.lo \ evp/libcrypto_la-m_null.lo evp/libcrypto_la-m_ripemd.lo \ @@ -814,7 +819,8 @@ am_libcrypto_la_OBJECTS = $(am__objects_31) $(am__objects_33) \ hmac/libcrypto_la-hm_pmeth.lo hmac/libcrypto_la-hmac.lo \ idea/libcrypto_la-i_cbc.lo idea/libcrypto_la-i_cfb64.lo \ idea/libcrypto_la-i_ecb.lo idea/libcrypto_la-i_ofb64.lo \ - idea/libcrypto_la-i_skey.lo lhash/libcrypto_la-lh_stats.lo \ + idea/libcrypto_la-i_skey.lo kdf/libcrypto_la-hkdf_evp.lo \ + kdf/libcrypto_la-kdf_err.lo lhash/libcrypto_la-lh_stats.lo \ lhash/libcrypto_la-lhash.lo md4/libcrypto_la-md4_dgst.lo \ md4/libcrypto_la-md4_one.lo md5/libcrypto_la-md5_dgst.lo \ md5/libcrypto_la-md5_one.lo modes/libcrypto_la-cbc128.lo \ @@ -833,23 +839,22 @@ am_libcrypto_la_OBJECTS = $(am__objects_31) $(am__objects_33) \ pem/libcrypto_la-pem_all.lo pem/libcrypto_la-pem_err.lo \ pem/libcrypto_la-pem_info.lo pem/libcrypto_la-pem_lib.lo \ pem/libcrypto_la-pem_oth.lo pem/libcrypto_la-pem_pk8.lo \ - pem/libcrypto_la-pem_pkey.lo pem/libcrypto_la-pem_seal.lo \ - pem/libcrypto_la-pem_sign.lo pem/libcrypto_la-pem_x509.lo \ - pem/libcrypto_la-pem_xaux.lo pem/libcrypto_la-pvkfmt.lo \ - pkcs12/libcrypto_la-p12_add.lo pkcs12/libcrypto_la-p12_asn.lo \ - pkcs12/libcrypto_la-p12_attr.lo \ + pem/libcrypto_la-pem_pkey.lo pem/libcrypto_la-pem_sign.lo \ + pem/libcrypto_la-pem_x509.lo pem/libcrypto_la-pem_xaux.lo \ + pem/libcrypto_la-pvkfmt.lo pkcs12/libcrypto_la-p12_add.lo \ + pkcs12/libcrypto_la-p12_asn.lo pkcs12/libcrypto_la-p12_attr.lo \ pkcs12/libcrypto_la-p12_crpt.lo pkcs12/libcrypto_la-p12_crt.lo \ pkcs12/libcrypto_la-p12_decr.lo \ pkcs12/libcrypto_la-p12_init.lo pkcs12/libcrypto_la-p12_key.lo \ pkcs12/libcrypto_la-p12_kiss.lo \ pkcs12/libcrypto_la-p12_mutl.lo \ pkcs12/libcrypto_la-p12_npas.lo pkcs12/libcrypto_la-p12_p8d.lo \ - pkcs12/libcrypto_la-p12_p8e.lo pkcs12/libcrypto_la-p12_utl.lo \ - pkcs12/libcrypto_la-pk12err.lo pkcs7/libcrypto_la-bio_pk7.lo \ - pkcs7/libcrypto_la-pk7_asn1.lo pkcs7/libcrypto_la-pk7_attr.lo \ - pkcs7/libcrypto_la-pk7_doit.lo pkcs7/libcrypto_la-pk7_lib.lo \ - pkcs7/libcrypto_la-pk7_mime.lo pkcs7/libcrypto_la-pk7_smime.lo \ - pkcs7/libcrypto_la-pkcs7err.lo \ + pkcs12/libcrypto_la-p12_p8e.lo pkcs12/libcrypto_la-p12_sbag.lo \ + pkcs12/libcrypto_la-p12_utl.lo pkcs12/libcrypto_la-pk12err.lo \ + pkcs7/libcrypto_la-bio_pk7.lo pkcs7/libcrypto_la-pk7_asn1.lo \ + pkcs7/libcrypto_la-pk7_attr.lo pkcs7/libcrypto_la-pk7_doit.lo \ + pkcs7/libcrypto_la-pk7_lib.lo pkcs7/libcrypto_la-pk7_mime.lo \ + pkcs7/libcrypto_la-pk7_smime.lo pkcs7/libcrypto_la-pkcs7err.lo \ poly1305/libcrypto_la-poly1305.lo \ rand/libcrypto_la-rand_err.lo rand/libcrypto_la-rand_lib.lo \ rand/libcrypto_la-randfile.lo rc2/libcrypto_la-rc2_cbc.lo \ @@ -878,7 +883,7 @@ am_libcrypto_la_OBJECTS = $(am__objects_31) $(am__objects_33) \ ts/libcrypto_la-ts_rsp_verify.lo \ ts/libcrypto_la-ts_verify_ctx.lo txt_db/libcrypto_la-txt_db.lo \ ui/libcrypto_la-ui_err.lo ui/libcrypto_la-ui_lib.lo \ - $(am__objects_46) $(am__objects_47) ui/libcrypto_la-ui_util.lo \ + $(am__objects_47) $(am__objects_48) ui/libcrypto_la-ui_util.lo \ whrlpool/libcrypto_la-wp_dgst.lo x509/libcrypto_la-by_dir.lo \ x509/libcrypto_la-by_file.lo x509/libcrypto_la-by_mem.lo \ x509/libcrypto_la-pcy_cache.lo x509/libcrypto_la-pcy_data.lo \ @@ -949,6 +954,7 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ ./$(DEPDIR)/libcrypto_la-malloc-wrapper.Plo \ ./$(DEPDIR)/libcrypto_la-mem_clr.Plo \ ./$(DEPDIR)/libcrypto_la-mem_dbg.Plo \ + ./$(DEPDIR)/libcrypto_la-o_fips.Plo \ ./$(DEPDIR)/libcrypto_la-o_init.Plo \ ./$(DEPDIR)/libcrypto_la-o_str.Plo \ ./$(DEPDIR)/libcrypto_la-o_time.Plo \ @@ -983,49 +989,38 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ aes/$(DEPDIR)/libcrypto_la-vpaes-masm-x86_64.Plo \ aes/$(DEPDIR)/libcrypto_la-vpaes-mingw64-x86_64.Plo \ asn1/$(DEPDIR)/libcrypto_la-a_bitstr.Plo \ - asn1/$(DEPDIR)/libcrypto_la-a_bool.Plo \ - asn1/$(DEPDIR)/libcrypto_la-a_d2i_fp.Plo \ - asn1/$(DEPDIR)/libcrypto_la-a_digest.Plo \ - asn1/$(DEPDIR)/libcrypto_la-a_dup.Plo \ asn1/$(DEPDIR)/libcrypto_la-a_enum.Plo \ - asn1/$(DEPDIR)/libcrypto_la-a_i2d_fp.Plo \ asn1/$(DEPDIR)/libcrypto_la-a_int.Plo \ asn1/$(DEPDIR)/libcrypto_la-a_mbstr.Plo \ asn1/$(DEPDIR)/libcrypto_la-a_object.Plo \ asn1/$(DEPDIR)/libcrypto_la-a_octet.Plo \ + asn1/$(DEPDIR)/libcrypto_la-a_pkey.Plo \ asn1/$(DEPDIR)/libcrypto_la-a_print.Plo \ - asn1/$(DEPDIR)/libcrypto_la-a_sign.Plo \ + asn1/$(DEPDIR)/libcrypto_la-a_pubkey.Plo \ asn1/$(DEPDIR)/libcrypto_la-a_strex.Plo \ + asn1/$(DEPDIR)/libcrypto_la-a_string.Plo \ asn1/$(DEPDIR)/libcrypto_la-a_strnid.Plo \ asn1/$(DEPDIR)/libcrypto_la-a_time.Plo \ asn1/$(DEPDIR)/libcrypto_la-a_time_tm.Plo \ asn1/$(DEPDIR)/libcrypto_la-a_type.Plo \ asn1/$(DEPDIR)/libcrypto_la-a_utf8.Plo \ - asn1/$(DEPDIR)/libcrypto_la-a_verify.Plo \ asn1/$(DEPDIR)/libcrypto_la-ameth_lib.Plo \ asn1/$(DEPDIR)/libcrypto_la-asn1_err.Plo \ asn1/$(DEPDIR)/libcrypto_la-asn1_gen.Plo \ + asn1/$(DEPDIR)/libcrypto_la-asn1_item.Plo \ asn1/$(DEPDIR)/libcrypto_la-asn1_lib.Plo \ + asn1/$(DEPDIR)/libcrypto_la-asn1_old.Plo \ + asn1/$(DEPDIR)/libcrypto_la-asn1_old_lib.Plo \ asn1/$(DEPDIR)/libcrypto_la-asn1_par.Plo \ + asn1/$(DEPDIR)/libcrypto_la-asn1_types.Plo \ asn1/$(DEPDIR)/libcrypto_la-asn_mime.Plo \ asn1/$(DEPDIR)/libcrypto_la-asn_moid.Plo \ - asn1/$(DEPDIR)/libcrypto_la-asn_pack.Plo \ asn1/$(DEPDIR)/libcrypto_la-bio_asn1.Plo \ asn1/$(DEPDIR)/libcrypto_la-bio_ndef.Plo \ - asn1/$(DEPDIR)/libcrypto_la-d2i_pr.Plo \ - asn1/$(DEPDIR)/libcrypto_la-d2i_pu.Plo \ - asn1/$(DEPDIR)/libcrypto_la-evp_asn1.Plo \ - asn1/$(DEPDIR)/libcrypto_la-f_enum.Plo \ - asn1/$(DEPDIR)/libcrypto_la-f_int.Plo \ - asn1/$(DEPDIR)/libcrypto_la-f_string.Plo \ - asn1/$(DEPDIR)/libcrypto_la-i2d_pr.Plo \ - asn1/$(DEPDIR)/libcrypto_la-i2d_pu.Plo \ - asn1/$(DEPDIR)/libcrypto_la-n_pkey.Plo \ asn1/$(DEPDIR)/libcrypto_la-nsseq.Plo \ asn1/$(DEPDIR)/libcrypto_la-p5_pbe.Plo \ asn1/$(DEPDIR)/libcrypto_la-p5_pbev2.Plo \ asn1/$(DEPDIR)/libcrypto_la-p8_pkey.Plo \ - asn1/$(DEPDIR)/libcrypto_la-t_bitst.Plo \ asn1/$(DEPDIR)/libcrypto_la-t_crl.Plo \ asn1/$(DEPDIR)/libcrypto_la-t_pkey.Plo \ asn1/$(DEPDIR)/libcrypto_la-t_req.Plo \ @@ -1047,7 +1042,6 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ asn1/$(DEPDIR)/libcrypto_la-x_info.Plo \ asn1/$(DEPDIR)/libcrypto_la-x_long.Plo \ asn1/$(DEPDIR)/libcrypto_la-x_name.Plo \ - asn1/$(DEPDIR)/libcrypto_la-x_nx509.Plo \ asn1/$(DEPDIR)/libcrypto_la-x_pkey.Plo \ asn1/$(DEPDIR)/libcrypto_la-x_pubkey.Plo \ asn1/$(DEPDIR)/libcrypto_la-x_req.Plo \ @@ -1086,6 +1080,7 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ bn/$(DEPDIR)/libcrypto_la-bn_add.Plo \ bn/$(DEPDIR)/libcrypto_la-bn_asm.Plo \ bn/$(DEPDIR)/libcrypto_la-bn_blind.Plo \ + bn/$(DEPDIR)/libcrypto_la-bn_bpsw.Plo \ bn/$(DEPDIR)/libcrypto_la-bn_const.Plo \ bn/$(DEPDIR)/libcrypto_la-bn_ctx.Plo \ bn/$(DEPDIR)/libcrypto_la-bn_depr.Plo \ @@ -1095,6 +1090,7 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ bn/$(DEPDIR)/libcrypto_la-bn_exp2.Plo \ bn/$(DEPDIR)/libcrypto_la-bn_gcd.Plo \ bn/$(DEPDIR)/libcrypto_la-bn_gf2m.Plo \ + bn/$(DEPDIR)/libcrypto_la-bn_isqrt.Plo \ bn/$(DEPDIR)/libcrypto_la-bn_kron.Plo \ bn/$(DEPDIR)/libcrypto_la-bn_lib.Plo \ bn/$(DEPDIR)/libcrypto_la-bn_mod.Plo \ @@ -1128,6 +1124,9 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ buffer/$(DEPDIR)/libcrypto_la-buf_err.Plo \ buffer/$(DEPDIR)/libcrypto_la-buf_str.Plo \ buffer/$(DEPDIR)/libcrypto_la-buffer.Plo \ + bytestring/$(DEPDIR)/libcrypto_la-bs_ber.Plo \ + bytestring/$(DEPDIR)/libcrypto_la-bs_cbb.Plo \ + bytestring/$(DEPDIR)/libcrypto_la-bs_cbs.Plo \ camellia/$(DEPDIR)/libcrypto_la-camellia.Plo \ camellia/$(DEPDIR)/libcrypto_la-cmll-elf-x86_64.Plo \ camellia/$(DEPDIR)/libcrypto_la-cmll-macosx-x86_64.Plo \ @@ -1191,8 +1190,8 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ compat/$(DEPDIR)/recallocarray.Plo \ compat/$(DEPDIR)/strlcat.Plo compat/$(DEPDIR)/strlcpy.Plo \ compat/$(DEPDIR)/strndup.Plo compat/$(DEPDIR)/strnlen.Plo \ - compat/$(DEPDIR)/strsep.Plo compat/$(DEPDIR)/syslog_r.Plo \ - compat/$(DEPDIR)/timegm.Plo \ + compat/$(DEPDIR)/strsep.Plo compat/$(DEPDIR)/strtonum.Plo \ + compat/$(DEPDIR)/syslog_r.Plo compat/$(DEPDIR)/timegm.Plo \ compat/$(DEPDIR)/timingsafe_bcmp.Plo \ compat/$(DEPDIR)/timingsafe_memcmp.Plo \ conf/$(DEPDIR)/libcrypto_la-conf_api.Plo \ @@ -1202,6 +1201,16 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ conf/$(DEPDIR)/libcrypto_la-conf_mall.Plo \ conf/$(DEPDIR)/libcrypto_la-conf_mod.Plo \ conf/$(DEPDIR)/libcrypto_la-conf_sap.Plo \ + ct/$(DEPDIR)/libcrypto_la-ct_b64.Plo \ + ct/$(DEPDIR)/libcrypto_la-ct_err.Plo \ + ct/$(DEPDIR)/libcrypto_la-ct_log.Plo \ + ct/$(DEPDIR)/libcrypto_la-ct_oct.Plo \ + ct/$(DEPDIR)/libcrypto_la-ct_policy.Plo \ + ct/$(DEPDIR)/libcrypto_la-ct_prn.Plo \ + ct/$(DEPDIR)/libcrypto_la-ct_sct.Plo \ + ct/$(DEPDIR)/libcrypto_la-ct_sct_ctx.Plo \ + ct/$(DEPDIR)/libcrypto_la-ct_vfy.Plo \ + ct/$(DEPDIR)/libcrypto_la-ct_x509v3.Plo \ curve25519/$(DEPDIR)/libcrypto_la-curve25519-generic.Plo \ curve25519/$(DEPDIR)/libcrypto_la-curve25519.Plo \ des/$(DEPDIR)/libcrypto_la-cbc_cksm.Plo \ @@ -1344,9 +1353,6 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ evp/$(DEPDIR)/libcrypto_la-evp_lib.Plo \ evp/$(DEPDIR)/libcrypto_la-evp_pbe.Plo \ evp/$(DEPDIR)/libcrypto_la-evp_pkey.Plo \ - evp/$(DEPDIR)/libcrypto_la-m_dss.Plo \ - evp/$(DEPDIR)/libcrypto_la-m_dss1.Plo \ - evp/$(DEPDIR)/libcrypto_la-m_ecdsa.Plo \ evp/$(DEPDIR)/libcrypto_la-m_gost2814789.Plo \ evp/$(DEPDIR)/libcrypto_la-m_gostr341194.Plo \ evp/$(DEPDIR)/libcrypto_la-m_md4.Plo \ @@ -1395,6 +1401,8 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ idea/$(DEPDIR)/libcrypto_la-i_ecb.Plo \ idea/$(DEPDIR)/libcrypto_la-i_ofb64.Plo \ idea/$(DEPDIR)/libcrypto_la-i_skey.Plo \ + kdf/$(DEPDIR)/libcrypto_la-hkdf_evp.Plo \ + kdf/$(DEPDIR)/libcrypto_la-kdf_err.Plo \ lhash/$(DEPDIR)/libcrypto_la-lh_stats.Plo \ lhash/$(DEPDIR)/libcrypto_la-lhash.Plo \ md4/$(DEPDIR)/libcrypto_la-md4_dgst.Plo \ @@ -1439,7 +1447,6 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ pem/$(DEPDIR)/libcrypto_la-pem_oth.Plo \ pem/$(DEPDIR)/libcrypto_la-pem_pk8.Plo \ pem/$(DEPDIR)/libcrypto_la-pem_pkey.Plo \ - pem/$(DEPDIR)/libcrypto_la-pem_seal.Plo \ pem/$(DEPDIR)/libcrypto_la-pem_sign.Plo \ pem/$(DEPDIR)/libcrypto_la-pem_x509.Plo \ pem/$(DEPDIR)/libcrypto_la-pem_xaux.Plo \ @@ -1457,6 +1464,7 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ pkcs12/$(DEPDIR)/libcrypto_la-p12_npas.Plo \ pkcs12/$(DEPDIR)/libcrypto_la-p12_p8d.Plo \ pkcs12/$(DEPDIR)/libcrypto_la-p12_p8e.Plo \ + pkcs12/$(DEPDIR)/libcrypto_la-p12_sbag.Plo \ pkcs12/$(DEPDIR)/libcrypto_la-p12_utl.Plo \ pkcs12/$(DEPDIR)/libcrypto_la-pk12err.Plo \ pkcs7/$(DEPDIR)/libcrypto_la-bio_pk7.Plo \ @@ -1673,8 +1681,6 @@ am__define_uniq_tagged_files = \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags am__DIST_COMMON = $(srcdir)/Makefile.am.arc4random \ $(srcdir)/Makefile.am.elf-arm $(srcdir)/Makefile.am.elf-x86_64 \ $(srcdir)/Makefile.am.macosx-x86_64 \ @@ -1698,6 +1704,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ @@ -1708,6 +1716,7 @@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ +ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ @@ -1809,10 +1818,15 @@ top_srcdir = @top_srcdir@ AM_CFLAGS = AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \ -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \ - -D__END_HIDDEN_DECLS= -I$(top_srcdir)/crypto/asn1 \ - -I$(top_srcdir)/crypto/bn -I$(top_srcdir)/crypto/ec \ - -I$(top_srcdir)/crypto/ecdh -I$(top_srcdir)/crypto/ecdsa \ - -I$(top_srcdir)/crypto/evp -I$(top_srcdir)/crypto/modes \ + -D__END_HIDDEN_DECLS= -DLIBRESSL_CRYPTO_INTERNAL \ + -I$(top_srcdir)/crypto/asn1 -I$(top_srcdir)/crypto/bio \ + -I$(top_srcdir)/crypto/bn -I$(top_srcdir)/crypto/bytestring \ + -I$(top_srcdir)/crypto/dh -I$(top_srcdir)/crypto/dsa \ + -I$(top_srcdir)/crypto/ec -I$(top_srcdir)/crypto/ecdh \ + -I$(top_srcdir)/crypto/ecdsa -I$(top_srcdir)/crypto/evp \ + -I$(top_srcdir)/crypto/hmac -I$(top_srcdir)/crypto/modes \ + -I$(top_srcdir)/crypto/ocsp -I$(top_srcdir)/crypto/pkcs12 \ + -I$(top_srcdir)/crypto/rsa -I$(top_srcdir)/crypto/x509 \ -I$(top_srcdir)/crypto noinst_LTLIBRARIES = libcompat.la $(am__append_1) $(am__append_6) @ENABLE_LIBTLS_ONLY_FALSE@lib_LTLIBRARIES = libcrypto.la @@ -1829,8 +1843,8 @@ EXTRA_libcrypto_la_DEPENDENCIES = crypto_portable.sym \ libcrypto_la_LIBADD = libcompat.la $(am__append_2) libcrypto_la_CPPFLAGS = $(AM_CPPFLAGS) -DLIBRESSL_INTERNAL \ -DOPENSSL_NO_HW_PADLOCK $(am__append_3) $(am__append_4) \ - $(am__append_5) $(am__append_36) $(am__append_38) \ - $(am__append_40) $(am__append_42) $(am__append_44) + $(am__append_5) $(am__append_37) $(am__append_39) \ + $(am__append_41) $(am__append_43) $(am__append_45) @HAVE_EXPLICIT_BZERO_FALSE@libcompatnoopt_la_CFLAGS = -O0 @HAVE_EXPLICIT_BZERO_FALSE@libcompatnoopt_la_SOURCES = \ @HAVE_EXPLICIT_BZERO_FALSE@ $(am__append_7) $(am__append_8) @@ -1845,7 +1859,7 @@ libcompat_la_SOURCES = $(am__append_9) $(am__append_10) \ $(am__append_26) $(am__append_27) $(am__append_28) \ $(am__append_29) $(am__append_30) $(am__append_31) \ $(am__append_32) $(am__append_33) $(am__append_34) \ - $(am__append_35) + $(am__append_35) $(am__append_36) libcompat_la_LIBADD = $(PLATFORM_LDADD) # rc4 @@ -1856,16 +1870,19 @@ noinst_HEADERS = compat/arc4random.h compat/arc4random_aix.h \ compat/arc4random_win.h compat/chacha_private.h arm_arch.h \ constant_time_locl.h cryptlib.h md32_common.h o_time.h \ x86_arch.h aes/aes_locl.h asn1/asn1_locl.h asn1/charmap.h \ - bf/bf_locl.h bf/bf_pi.h bn/bn_lcl.h bn/bn_prime.h \ - camellia/camellia.h camellia/cmll_locl.h cast/cast_lcl.h \ - cast/cast_s.h cms/cms_lcl.h conf/conf_def.h \ + bf/bf_locl.h bf/bf_pi.h bio/bio_local.h bn/bn_lcl.h \ + bn/bn_prime.h bytestring/bytestring.h camellia/camellia.h \ + camellia/cmll_locl.h cast/cast_lcl.h cast/cast_s.h \ + cms/cms_lcl.h comp/comp_local.h conf/conf_def.h ct/ct_local.h \ curve25519/curve25519_internal.h des/des_locl.h des/spr.h \ - dsa/dsa_locl.h ec/ec_lcl.h ecdh/ech_locl.h ecdsa/ecs_locl.h \ - engine/eng_int.h evp/evp_locl.h gost/gost_asn1.h \ - gost/gost_locl.h idea/idea_lcl.h md4/md4_locl.h md5/md5_locl.h \ + dh/dh_local.h dsa/dsa_locl.h ec/ec_lcl.h ecdh/ech_locl.h \ + ecdsa/ecs_locl.h engine/eng_int.h evp/evp_locl.h \ + gost/gost_asn1.h gost/gost_locl.h hmac/hmac_local.h \ + idea/idea_lcl.h md4/md4_locl.h md5/md5_locl.h \ modes/modes_lcl.h objects/obj_dat.h objects/obj_xref.h \ - rc2/rc2_locl.h rc4/rc4_locl.h ripemd/rmd_locl.h \ - ripemd/rmdconst.h rsa/rsa_locl.h sha/sha_locl.h sm3/sm3_locl.h \ + ocsp/ocsp_local.h pkcs12/pkcs12_local.h rc2/rc2_locl.h \ + rc4/rc4_locl.h ripemd/rmd_locl.h ripemd/rmdconst.h \ + rsa/rsa_locl.h sha/sha_locl.h sm3/sm3_locl.h ts/ts_local.h \ ui/ui_locl.h whrlpool/wp_locl.h x509/ext_dat.h x509/pcy_int.h \ x509/vpm_int.h x509/x509_internal.h x509/x509_issuer_cache.h \ x509/x509_lcl.h @@ -1882,6 +1899,8 @@ noinst_HEADERS = compat/arc4random.h compat/arc4random_aix.h \ # buffer +# bytestring + # camellia # cast @@ -1894,6 +1913,8 @@ noinst_HEADERS = compat/arc4random.h compat/arc4random_aix.h \ # conf +# ct + # curve25519 # des @@ -1924,6 +1945,8 @@ noinst_HEADERS = compat/arc4random.h compat/arc4random_aix.h \ # idea +# kdf + # lhash # md4 @@ -1967,47 +1990,46 @@ noinst_HEADERS = compat/arc4random.h compat/arc4random_aix.h \ # whrlpool # x509 -libcrypto_la_SOURCES = $(am__append_37) $(am__append_39) \ - $(am__append_41) $(am__append_43) $(am__append_45) \ - $(am__append_46) cpt_err.c cryptlib.c crypto_init.c \ - $(am__append_47) $(am__append_48) cversion.c ex_data.c \ - malloc-wrapper.c mem_clr.c mem_dbg.c o_init.c o_str.c o_time.c \ - aes/aes_cfb.c aes/aes_ctr.c aes/aes_ecb.c aes/aes_ige.c \ - aes/aes_misc.c aes/aes_ofb.c aes/aes_wrap.c asn1/a_bitstr.c \ - asn1/a_bool.c asn1/a_d2i_fp.c asn1/a_digest.c asn1/a_dup.c \ - asn1/a_enum.c asn1/a_i2d_fp.c asn1/a_int.c asn1/a_mbstr.c \ - asn1/a_object.c asn1/a_octet.c asn1/a_print.c asn1/a_sign.c \ - asn1/a_strex.c asn1/a_strnid.c asn1/a_time.c asn1/a_time_tm.c \ - asn1/a_type.c asn1/a_utf8.c asn1/a_verify.c asn1/ameth_lib.c \ - asn1/asn1_err.c asn1/asn1_gen.c asn1/asn1_lib.c \ - asn1/asn1_par.c asn1/asn_mime.c asn1/asn_moid.c \ - asn1/asn_pack.c asn1/bio_asn1.c asn1/bio_ndef.c asn1/d2i_pr.c \ - asn1/d2i_pu.c asn1/evp_asn1.c asn1/f_enum.c asn1/f_int.c \ - asn1/f_string.c asn1/i2d_pr.c asn1/i2d_pu.c asn1/n_pkey.c \ - asn1/nsseq.c asn1/p5_pbe.c asn1/p5_pbev2.c asn1/p8_pkey.c \ - asn1/t_bitst.c asn1/t_crl.c asn1/t_pkey.c asn1/t_req.c \ +libcrypto_la_SOURCES = $(am__append_38) $(am__append_40) \ + $(am__append_42) $(am__append_44) $(am__append_46) \ + $(am__append_47) cpt_err.c cryptlib.c crypto_init.c \ + $(am__append_48) $(am__append_49) cversion.c ex_data.c \ + malloc-wrapper.c mem_clr.c mem_dbg.c o_fips.c o_init.c o_str.c \ + o_time.c aes/aes_cfb.c aes/aes_ctr.c aes/aes_ecb.c \ + aes/aes_ige.c aes/aes_misc.c aes/aes_ofb.c aes/aes_wrap.c \ + asn1/a_bitstr.c asn1/a_enum.c asn1/a_int.c asn1/a_mbstr.c \ + asn1/a_object.c asn1/a_octet.c asn1/a_pkey.c asn1/a_print.c \ + asn1/a_pubkey.c asn1/a_strex.c asn1/a_string.c asn1/a_strnid.c \ + asn1/a_time.c asn1/a_time_tm.c asn1/a_type.c asn1/a_utf8.c \ + asn1/ameth_lib.c asn1/asn1_err.c asn1/asn1_gen.c \ + asn1/asn1_item.c asn1/asn1_lib.c asn1/asn1_old.c \ + asn1/asn1_old_lib.c asn1/asn1_par.c asn1/asn1_types.c \ + asn1/asn_mime.c asn1/asn_moid.c asn1/bio_asn1.c \ + asn1/bio_ndef.c asn1/nsseq.c asn1/p5_pbe.c asn1/p5_pbev2.c \ + asn1/p8_pkey.c asn1/t_crl.c asn1/t_pkey.c asn1/t_req.c \ asn1/t_spki.c asn1/t_x509.c asn1/t_x509a.c asn1/tasn_dec.c \ asn1/tasn_enc.c asn1/tasn_fre.c asn1/tasn_new.c \ asn1/tasn_prn.c asn1/tasn_typ.c asn1/tasn_utl.c asn1/x_algor.c \ asn1/x_attrib.c asn1/x_bignum.c asn1/x_crl.c asn1/x_exten.c \ - asn1/x_info.c asn1/x_long.c asn1/x_name.c asn1/x_nx509.c \ - asn1/x_pkey.c asn1/x_pubkey.c asn1/x_req.c asn1/x_sig.c \ - asn1/x_spki.c asn1/x_val.c asn1/x_x509.c asn1/x_x509a.c \ - bf/bf_cfb64.c bf/bf_ecb.c bf/bf_enc.c bf/bf_ofb64.c \ - bf/bf_skey.c bio/b_dump.c $(am__append_49) bio/b_print.c \ - bio/b_sock.c $(am__append_50) bio/bf_buff.c bio/bf_nbio.c \ - bio/bf_null.c bio/bio_cb.c bio/bio_err.c bio/bio_lib.c \ - bio/bio_meth.c bio/bss_acpt.c bio/bss_bio.c bio/bss_conn.c \ - bio/bss_dgram.c bio/bss_fd.c bio/bss_file.c $(am__append_51) \ - bio/bss_mem.c bio/bss_null.c bio/bss_sock.c bn/bn_add.c \ - bn/bn_asm.c bn/bn_blind.c bn/bn_const.c bn/bn_ctx.c \ + asn1/x_info.c asn1/x_long.c asn1/x_name.c asn1/x_pkey.c \ + asn1/x_pubkey.c asn1/x_req.c asn1/x_sig.c asn1/x_spki.c \ + asn1/x_val.c asn1/x_x509.c asn1/x_x509a.c bf/bf_cfb64.c \ + bf/bf_ecb.c bf/bf_enc.c bf/bf_ofb64.c bf/bf_skey.c \ + bio/b_dump.c $(am__append_50) bio/b_print.c bio/b_sock.c \ + $(am__append_51) bio/bf_buff.c bio/bf_nbio.c bio/bf_null.c \ + bio/bio_cb.c bio/bio_err.c bio/bio_lib.c bio/bio_meth.c \ + bio/bss_acpt.c bio/bss_bio.c bio/bss_conn.c bio/bss_dgram.c \ + bio/bss_fd.c bio/bss_file.c $(am__append_52) bio/bss_mem.c \ + bio/bss_null.c bio/bss_sock.c bn/bn_add.c bn/bn_asm.c \ + bn/bn_blind.c bn/bn_bpsw.c bn/bn_const.c bn/bn_ctx.c \ bn/bn_depr.c bn/bn_div.c bn/bn_err.c bn/bn_exp.c bn/bn_exp2.c \ - bn/bn_gcd.c bn/bn_gf2m.c bn/bn_kron.c bn/bn_lib.c bn/bn_mod.c \ - bn/bn_mont.c bn/bn_mpi.c bn/bn_mul.c bn/bn_nist.c \ - bn/bn_prime.c bn/bn_print.c bn/bn_rand.c bn/bn_recp.c \ - bn/bn_shift.c bn/bn_sqr.c bn/bn_sqrt.c bn/bn_word.c \ - bn/bn_x931p.c buffer/buf_err.c buffer/buf_str.c \ - buffer/buffer.c camellia/cmll_cfb.c camellia/cmll_ctr.c \ + bn/bn_gcd.c bn/bn_gf2m.c bn/bn_isqrt.c bn/bn_kron.c \ + bn/bn_lib.c bn/bn_mod.c bn/bn_mont.c bn/bn_mpi.c bn/bn_mul.c \ + bn/bn_nist.c bn/bn_prime.c bn/bn_print.c bn/bn_rand.c \ + bn/bn_recp.c bn/bn_shift.c bn/bn_sqr.c bn/bn_sqrt.c \ + bn/bn_word.c bn/bn_x931p.c buffer/buf_err.c buffer/buf_str.c \ + buffer/buffer.c bytestring/bs_ber.c bytestring/bs_cbb.c \ + bytestring/bs_cbs.c camellia/cmll_cfb.c camellia/cmll_ctr.c \ camellia/cmll_ecb.c camellia/cmll_misc.c camellia/cmll_ofb.c \ cast/c_cfb64.c cast/c_ecb.c cast/c_enc.c cast/c_ofb64.c \ cast/c_skey.c chacha/chacha.c cmac/cm_ameth.c cmac/cm_pmeth.c \ @@ -2017,7 +2039,9 @@ libcrypto_la_SOURCES = $(am__append_37) $(am__append_39) \ cms/cms_pwri.c cms/cms_sd.c cms/cms_smime.c comp/c_rle.c \ comp/c_zlib.c comp/comp_err.c comp/comp_lib.c conf/conf_api.c \ conf/conf_def.c conf/conf_err.c conf/conf_lib.c \ - conf/conf_mall.c conf/conf_mod.c conf/conf_sap.c \ + conf/conf_mall.c conf/conf_mod.c conf/conf_sap.c ct/ct_b64.c \ + ct/ct_err.c ct/ct_log.c ct/ct_oct.c ct/ct_policy.c ct/ct_prn.c \ + ct/ct_sct.c ct/ct_sct_ctx.c ct/ct_vfy.c ct/ct_x509v3.c \ curve25519/curve25519-generic.c curve25519/curve25519.c \ des/cbc_cksm.c des/cbc_enc.c des/cfb64ede.c des/cfb64enc.c \ des/cfb_enc.c des/des_enc.c des/ecb3_enc.c des/ecb_enc.c \ @@ -2056,22 +2080,22 @@ libcrypto_la_SOURCES = $(am__append_37) $(am__append_39) \ evp/e_rc2.c evp/e_rc4.c evp/e_rc4_hmac_md5.c evp/e_sm4.c \ evp/e_xcbc_d.c evp/encode.c evp/evp_aead.c evp/evp_enc.c \ evp/evp_err.c evp/evp_key.c evp/evp_lib.c evp/evp_pbe.c \ - evp/evp_pkey.c evp/m_dss.c evp/m_dss1.c evp/m_ecdsa.c \ - evp/m_gost2814789.c evp/m_gostr341194.c evp/m_md4.c \ - evp/m_md5.c evp/m_md5_sha1.c evp/m_null.c evp/m_ripemd.c \ - evp/m_sha1.c evp/m_sigver.c evp/m_streebog.c evp/m_sm3.c \ - evp/m_wp.c evp/names.c evp/p5_crpt.c evp/p5_crpt2.c \ - evp/p_dec.c evp/p_enc.c evp/p_lib.c evp/p_open.c evp/p_seal.c \ - evp/p_sign.c evp/p_verify.c evp/pmeth_fn.c evp/pmeth_gn.c \ - evp/pmeth_lib.c gost/gost2814789.c gost/gost89_keywrap.c \ - gost/gost89_params.c gost/gost89imit_ameth.c \ - gost/gost89imit_pmeth.c gost/gost_asn1.c gost/gost_err.c \ - gost/gostr341001.c gost/gostr341001_ameth.c \ - gost/gostr341001_key.c gost/gostr341001_params.c \ - gost/gostr341001_pmeth.c gost/gostr341194.c gost/streebog.c \ - hkdf/hkdf.c hmac/hm_ameth.c hmac/hm_pmeth.c hmac/hmac.c \ - idea/i_cbc.c idea/i_cfb64.c idea/i_ecb.c idea/i_ofb64.c \ - idea/i_skey.c lhash/lh_stats.c lhash/lhash.c md4/md4_dgst.c \ + evp/evp_pkey.c evp/m_gost2814789.c evp/m_gostr341194.c \ + evp/m_md4.c evp/m_md5.c evp/m_md5_sha1.c evp/m_null.c \ + evp/m_ripemd.c evp/m_sha1.c evp/m_sigver.c evp/m_streebog.c \ + evp/m_sm3.c evp/m_wp.c evp/names.c evp/p5_crpt.c \ + evp/p5_crpt2.c evp/p_dec.c evp/p_enc.c evp/p_lib.c \ + evp/p_open.c evp/p_seal.c evp/p_sign.c evp/p_verify.c \ + evp/pmeth_fn.c evp/pmeth_gn.c evp/pmeth_lib.c \ + gost/gost2814789.c gost/gost89_keywrap.c gost/gost89_params.c \ + gost/gost89imit_ameth.c gost/gost89imit_pmeth.c \ + gost/gost_asn1.c gost/gost_err.c gost/gostr341001.c \ + gost/gostr341001_ameth.c gost/gostr341001_key.c \ + gost/gostr341001_params.c gost/gostr341001_pmeth.c \ + gost/gostr341194.c gost/streebog.c hkdf/hkdf.c hmac/hm_ameth.c \ + hmac/hm_pmeth.c hmac/hmac.c idea/i_cbc.c idea/i_cfb64.c \ + idea/i_ecb.c idea/i_ofb64.c idea/i_skey.c kdf/hkdf_evp.c \ + kdf/kdf_err.c lhash/lh_stats.c lhash/lhash.c md4/md4_dgst.c \ md4/md4_one.c md5/md5_dgst.c md5/md5_one.c modes/cbc128.c \ modes/ccm128.c modes/cfb128.c modes/ctr128.c modes/cts128.c \ modes/gcm128.c modes/ofb128.c modes/xts128.c objects/o_names.c \ @@ -2080,12 +2104,12 @@ libcrypto_la_SOURCES = $(am__append_37) $(am__append_39) \ ocsp/ocsp_err.c ocsp/ocsp_ext.c ocsp/ocsp_ht.c ocsp/ocsp_lib.c \ ocsp/ocsp_prn.c ocsp/ocsp_srv.c ocsp/ocsp_vfy.c pem/pem_all.c \ pem/pem_err.c pem/pem_info.c pem/pem_lib.c pem/pem_oth.c \ - pem/pem_pk8.c pem/pem_pkey.c pem/pem_seal.c pem/pem_sign.c \ - pem/pem_x509.c pem/pem_xaux.c pem/pvkfmt.c pkcs12/p12_add.c \ - pkcs12/p12_asn.c pkcs12/p12_attr.c pkcs12/p12_crpt.c \ - pkcs12/p12_crt.c pkcs12/p12_decr.c pkcs12/p12_init.c \ - pkcs12/p12_key.c pkcs12/p12_kiss.c pkcs12/p12_mutl.c \ - pkcs12/p12_npas.c pkcs12/p12_p8d.c pkcs12/p12_p8e.c \ + pem/pem_pk8.c pem/pem_pkey.c pem/pem_sign.c pem/pem_x509.c \ + pem/pem_xaux.c pem/pvkfmt.c pkcs12/p12_add.c pkcs12/p12_asn.c \ + pkcs12/p12_attr.c pkcs12/p12_crpt.c pkcs12/p12_crt.c \ + pkcs12/p12_decr.c pkcs12/p12_init.c pkcs12/p12_key.c \ + pkcs12/p12_kiss.c pkcs12/p12_mutl.c pkcs12/p12_npas.c \ + pkcs12/p12_p8d.c pkcs12/p12_p8e.c pkcs12/p12_sbag.c \ pkcs12/p12_utl.c pkcs12/pk12err.c pkcs7/bio_pk7.c \ pkcs7/pk7_asn1.c pkcs7/pk7_attr.c pkcs7/pk7_doit.c \ pkcs7/pk7_lib.c pkcs7/pk7_mime.c pkcs7/pk7_smime.c \ @@ -2102,7 +2126,7 @@ libcrypto_la_SOURCES = $(am__append_37) $(am__append_39) \ ts/ts_err.c ts/ts_lib.c ts/ts_req_print.c ts/ts_req_utils.c \ ts/ts_rsp_print.c ts/ts_rsp_sign.c ts/ts_rsp_utils.c \ ts/ts_rsp_verify.c ts/ts_verify_ctx.c txt_db/txt_db.c \ - ui/ui_err.c ui/ui_lib.c $(am__append_52) $(am__append_53) \ + ui/ui_err.c ui/ui_lib.c $(am__append_53) $(am__append_54) \ ui/ui_util.c whrlpool/wp_dgst.c x509/by_dir.c x509/by_file.c \ x509/by_mem.c x509/pcy_cache.c x509/pcy_data.c x509/pcy_lib.c \ x509/pcy_map.c x509/pcy_node.c x509/pcy_tree.c \ @@ -2275,6 +2299,8 @@ compat/strnlen.lo: compat/$(am__dirstamp) \ compat/$(DEPDIR)/$(am__dirstamp) compat/strsep.lo: compat/$(am__dirstamp) \ compat/$(DEPDIR)/$(am__dirstamp) +compat/strtonum.lo: compat/$(am__dirstamp) \ + compat/$(DEPDIR)/$(am__dirstamp) compat/bsd-asprintf.lo: compat/$(am__dirstamp) \ compat/$(DEPDIR)/$(am__dirstamp) compat/freezero.lo: compat/$(am__dirstamp) \ @@ -2567,18 +2593,8 @@ asn1/$(DEPDIR)/$(am__dirstamp): @: > asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-a_bitstr.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-a_bool.lo: asn1/$(am__dirstamp) \ - asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-a_d2i_fp.lo: asn1/$(am__dirstamp) \ - asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-a_digest.lo: asn1/$(am__dirstamp) \ - asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-a_dup.lo: asn1/$(am__dirstamp) \ - asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-a_enum.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-a_i2d_fp.lo: asn1/$(am__dirstamp) \ - asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-a_int.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-a_mbstr.lo: asn1/$(am__dirstamp) \ @@ -2587,12 +2603,16 @@ asn1/libcrypto_la-a_object.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-a_octet.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) +asn1/libcrypto_la-a_pkey.lo: asn1/$(am__dirstamp) \ + asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-a_print.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-a_sign.lo: asn1/$(am__dirstamp) \ +asn1/libcrypto_la-a_pubkey.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-a_strex.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) +asn1/libcrypto_la-a_string.lo: asn1/$(am__dirstamp) \ + asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-a_strnid.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-a_time.lo: asn1/$(am__dirstamp) \ @@ -2603,46 +2623,32 @@ asn1/libcrypto_la-a_type.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-a_utf8.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-a_verify.lo: asn1/$(am__dirstamp) \ - asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-ameth_lib.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-asn1_err.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-asn1_gen.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) +asn1/libcrypto_la-asn1_item.lo: asn1/$(am__dirstamp) \ + asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-asn1_lib.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) +asn1/libcrypto_la-asn1_old.lo: asn1/$(am__dirstamp) \ + asn1/$(DEPDIR)/$(am__dirstamp) +asn1/libcrypto_la-asn1_old_lib.lo: asn1/$(am__dirstamp) \ + asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-asn1_par.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) +asn1/libcrypto_la-asn1_types.lo: asn1/$(am__dirstamp) \ + asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-asn_mime.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-asn_moid.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-asn_pack.lo: asn1/$(am__dirstamp) \ - asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-bio_asn1.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-bio_ndef.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-d2i_pr.lo: asn1/$(am__dirstamp) \ - asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-d2i_pu.lo: asn1/$(am__dirstamp) \ - asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-evp_asn1.lo: asn1/$(am__dirstamp) \ - asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-f_enum.lo: asn1/$(am__dirstamp) \ - asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-f_int.lo: asn1/$(am__dirstamp) \ - asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-f_string.lo: asn1/$(am__dirstamp) \ - asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-i2d_pr.lo: asn1/$(am__dirstamp) \ - asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-i2d_pu.lo: asn1/$(am__dirstamp) \ - asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-n_pkey.lo: asn1/$(am__dirstamp) \ - asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-nsseq.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-p5_pbe.lo: asn1/$(am__dirstamp) \ @@ -2651,8 +2657,6 @@ asn1/libcrypto_la-p5_pbev2.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-p8_pkey.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-t_bitst.lo: asn1/$(am__dirstamp) \ - asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-t_crl.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-t_pkey.lo: asn1/$(am__dirstamp) \ @@ -2695,8 +2699,6 @@ asn1/libcrypto_la-x_long.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-x_name.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-x_nx509.lo: asn1/$(am__dirstamp) \ - asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-x_pkey.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-x_pubkey.lo: asn1/$(am__dirstamp) \ @@ -2785,6 +2787,8 @@ bn/libcrypto_la-bn_asm.lo: bn/$(am__dirstamp) \ bn/$(DEPDIR)/$(am__dirstamp) bn/libcrypto_la-bn_blind.lo: bn/$(am__dirstamp) \ bn/$(DEPDIR)/$(am__dirstamp) +bn/libcrypto_la-bn_bpsw.lo: bn/$(am__dirstamp) \ + bn/$(DEPDIR)/$(am__dirstamp) bn/libcrypto_la-bn_const.lo: bn/$(am__dirstamp) \ bn/$(DEPDIR)/$(am__dirstamp) bn/libcrypto_la-bn_ctx.lo: bn/$(am__dirstamp) \ @@ -2803,6 +2807,8 @@ bn/libcrypto_la-bn_gcd.lo: bn/$(am__dirstamp) \ bn/$(DEPDIR)/$(am__dirstamp) bn/libcrypto_la-bn_gf2m.lo: bn/$(am__dirstamp) \ bn/$(DEPDIR)/$(am__dirstamp) +bn/libcrypto_la-bn_isqrt.lo: bn/$(am__dirstamp) \ + bn/$(DEPDIR)/$(am__dirstamp) bn/libcrypto_la-bn_kron.lo: bn/$(am__dirstamp) \ bn/$(DEPDIR)/$(am__dirstamp) bn/libcrypto_la-bn_lib.lo: bn/$(am__dirstamp) \ @@ -2847,6 +2853,18 @@ buffer/libcrypto_la-buf_str.lo: buffer/$(am__dirstamp) \ buffer/$(DEPDIR)/$(am__dirstamp) buffer/libcrypto_la-buffer.lo: buffer/$(am__dirstamp) \ buffer/$(DEPDIR)/$(am__dirstamp) +bytestring/$(am__dirstamp): + @$(MKDIR_P) bytestring + @: > bytestring/$(am__dirstamp) +bytestring/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) bytestring/$(DEPDIR) + @: > bytestring/$(DEPDIR)/$(am__dirstamp) +bytestring/libcrypto_la-bs_ber.lo: bytestring/$(am__dirstamp) \ + bytestring/$(DEPDIR)/$(am__dirstamp) +bytestring/libcrypto_la-bs_cbb.lo: bytestring/$(am__dirstamp) \ + bytestring/$(DEPDIR)/$(am__dirstamp) +bytestring/libcrypto_la-bs_cbs.lo: bytestring/$(am__dirstamp) \ + bytestring/$(DEPDIR)/$(am__dirstamp) camellia/libcrypto_la-cmll_cfb.lo: camellia/$(am__dirstamp) \ camellia/$(DEPDIR)/$(am__dirstamp) camellia/libcrypto_la-cmll_ctr.lo: camellia/$(am__dirstamp) \ @@ -2961,6 +2979,32 @@ conf/libcrypto_la-conf_mod.lo: conf/$(am__dirstamp) \ conf/$(DEPDIR)/$(am__dirstamp) conf/libcrypto_la-conf_sap.lo: conf/$(am__dirstamp) \ conf/$(DEPDIR)/$(am__dirstamp) +ct/$(am__dirstamp): + @$(MKDIR_P) ct + @: > ct/$(am__dirstamp) +ct/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) ct/$(DEPDIR) + @: > ct/$(DEPDIR)/$(am__dirstamp) +ct/libcrypto_la-ct_b64.lo: ct/$(am__dirstamp) \ + ct/$(DEPDIR)/$(am__dirstamp) +ct/libcrypto_la-ct_err.lo: ct/$(am__dirstamp) \ + ct/$(DEPDIR)/$(am__dirstamp) +ct/libcrypto_la-ct_log.lo: ct/$(am__dirstamp) \ + ct/$(DEPDIR)/$(am__dirstamp) +ct/libcrypto_la-ct_oct.lo: ct/$(am__dirstamp) \ + ct/$(DEPDIR)/$(am__dirstamp) +ct/libcrypto_la-ct_policy.lo: ct/$(am__dirstamp) \ + ct/$(DEPDIR)/$(am__dirstamp) +ct/libcrypto_la-ct_prn.lo: ct/$(am__dirstamp) \ + ct/$(DEPDIR)/$(am__dirstamp) +ct/libcrypto_la-ct_sct.lo: ct/$(am__dirstamp) \ + ct/$(DEPDIR)/$(am__dirstamp) +ct/libcrypto_la-ct_sct_ctx.lo: ct/$(am__dirstamp) \ + ct/$(DEPDIR)/$(am__dirstamp) +ct/libcrypto_la-ct_vfy.lo: ct/$(am__dirstamp) \ + ct/$(DEPDIR)/$(am__dirstamp) +ct/libcrypto_la-ct_x509v3.lo: ct/$(am__dirstamp) \ + ct/$(DEPDIR)/$(am__dirstamp) curve25519/$(am__dirstamp): @$(MKDIR_P) curve25519 @: > curve25519/$(am__dirstamp) @@ -3310,12 +3354,6 @@ evp/libcrypto_la-evp_pbe.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-evp_pkey.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-m_dss.lo: evp/$(am__dirstamp) \ - evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-m_dss1.lo: evp/$(am__dirstamp) \ - evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-m_ecdsa.lo: evp/$(am__dirstamp) \ - evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-m_gost2814789.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-m_gostr341194.lo: evp/$(am__dirstamp) \ @@ -3436,6 +3474,16 @@ idea/libcrypto_la-i_ofb64.lo: idea/$(am__dirstamp) \ idea/$(DEPDIR)/$(am__dirstamp) idea/libcrypto_la-i_skey.lo: idea/$(am__dirstamp) \ idea/$(DEPDIR)/$(am__dirstamp) +kdf/$(am__dirstamp): + @$(MKDIR_P) kdf + @: > kdf/$(am__dirstamp) +kdf/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) kdf/$(DEPDIR) + @: > kdf/$(DEPDIR)/$(am__dirstamp) +kdf/libcrypto_la-hkdf_evp.lo: kdf/$(am__dirstamp) \ + kdf/$(DEPDIR)/$(am__dirstamp) +kdf/libcrypto_la-kdf_err.lo: kdf/$(am__dirstamp) \ + kdf/$(DEPDIR)/$(am__dirstamp) lhash/$(am__dirstamp): @$(MKDIR_P) lhash @: > lhash/$(am__dirstamp) @@ -3536,8 +3584,6 @@ pem/libcrypto_la-pem_pk8.lo: pem/$(am__dirstamp) \ pem/$(DEPDIR)/$(am__dirstamp) pem/libcrypto_la-pem_pkey.lo: pem/$(am__dirstamp) \ pem/$(DEPDIR)/$(am__dirstamp) -pem/libcrypto_la-pem_seal.lo: pem/$(am__dirstamp) \ - pem/$(DEPDIR)/$(am__dirstamp) pem/libcrypto_la-pem_sign.lo: pem/$(am__dirstamp) \ pem/$(DEPDIR)/$(am__dirstamp) pem/libcrypto_la-pem_x509.lo: pem/$(am__dirstamp) \ @@ -3578,6 +3624,8 @@ pkcs12/libcrypto_la-p12_p8d.lo: pkcs12/$(am__dirstamp) \ pkcs12/$(DEPDIR)/$(am__dirstamp) pkcs12/libcrypto_la-p12_p8e.lo: pkcs12/$(am__dirstamp) \ pkcs12/$(DEPDIR)/$(am__dirstamp) +pkcs12/libcrypto_la-p12_sbag.lo: pkcs12/$(am__dirstamp) \ + pkcs12/$(DEPDIR)/$(am__dirstamp) pkcs12/libcrypto_la-p12_utl.lo: pkcs12/$(am__dirstamp) \ pkcs12/$(DEPDIR)/$(am__dirstamp) pkcs12/libcrypto_la-pk12err.lo: pkcs12/$(am__dirstamp) \ @@ -3936,6 +3984,8 @@ mostlyclean-compile: -rm -f bn/*.lo -rm -f buffer/*.$(OBJEXT) -rm -f buffer/*.lo + -rm -f bytestring/*.$(OBJEXT) + -rm -f bytestring/*.lo -rm -f camellia/*.$(OBJEXT) -rm -f camellia/*.lo -rm -f cast/*.$(OBJEXT) @@ -3952,6 +4002,8 @@ mostlyclean-compile: -rm -f compat/*.lo -rm -f conf/*.$(OBJEXT) -rm -f conf/*.lo + -rm -f ct/*.$(OBJEXT) + -rm -f ct/*.lo -rm -f curve25519/*.$(OBJEXT) -rm -f curve25519/*.lo -rm -f des/*.$(OBJEXT) @@ -3982,6 +4034,8 @@ mostlyclean-compile: -rm -f hmac/*.lo -rm -f idea/*.$(OBJEXT) -rm -f idea/*.lo + -rm -f kdf/*.$(OBJEXT) + -rm -f kdf/*.lo -rm -f lhash/*.$(OBJEXT) -rm -f lhash/*.lo -rm -f md4/*.$(OBJEXT) @@ -4049,6 +4103,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-malloc-wrapper.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-mem_clr.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-mem_dbg.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-o_fips.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-o_init.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-o_str.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_la-o_time.Plo@am__quote@ # am--include-marker @@ -4083,49 +4138,38 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-vpaes-masm-x86_64.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@aes/$(DEPDIR)/libcrypto_la-vpaes-mingw64-x86_64.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_bitstr.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_bool.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_d2i_fp.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_digest.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_dup.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_enum.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_i2d_fp.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_int.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_mbstr.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_object.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_octet.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_pkey.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_print.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_sign.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_pubkey.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_strex.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_string.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_strnid.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_time.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_time_tm.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_type.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_utf8.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_verify.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-ameth_lib.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-asn1_err.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-asn1_gen.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-asn1_item.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-asn1_lib.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-asn1_old.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-asn1_old_lib.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-asn1_par.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-asn1_types.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-asn_mime.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-asn_moid.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-asn_pack.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-bio_asn1.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-bio_ndef.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-d2i_pr.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-d2i_pu.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-evp_asn1.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-f_enum.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-f_int.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-f_string.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-i2d_pr.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-i2d_pu.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-n_pkey.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-nsseq.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-p5_pbe.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-p5_pbev2.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-p8_pkey.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-t_bitst.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-t_crl.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-t_pkey.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-t_req.Plo@am__quote@ # am--include-marker @@ -4147,7 +4191,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-x_info.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-x_long.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-x_name.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-x_nx509.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-x_pkey.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-x_pubkey.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-x_req.Plo@am__quote@ # am--include-marker @@ -4186,6 +4229,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_add.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_asm.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_blind.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_bpsw.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_const.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_ctx.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_depr.Plo@am__quote@ # am--include-marker @@ -4195,6 +4239,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_exp2.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_gcd.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_gf2m.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_isqrt.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_kron.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_lib.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@bn/$(DEPDIR)/libcrypto_la-bn_mod.Plo@am__quote@ # am--include-marker @@ -4228,6 +4273,9 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@buffer/$(DEPDIR)/libcrypto_la-buf_err.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@buffer/$(DEPDIR)/libcrypto_la-buf_str.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@buffer/$(DEPDIR)/libcrypto_la-buffer.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@bytestring/$(DEPDIR)/libcrypto_la-bs_ber.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@bytestring/$(DEPDIR)/libcrypto_la-bs_cbb.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@bytestring/$(DEPDIR)/libcrypto_la-bs_cbs.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@camellia/$(DEPDIR)/libcrypto_la-camellia.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@camellia/$(DEPDIR)/libcrypto_la-cmll-elf-x86_64.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@camellia/$(DEPDIR)/libcrypto_la-cmll-macosx-x86_64.Plo@am__quote@ # am--include-marker @@ -4294,6 +4342,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/strndup.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/strnlen.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/strsep.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/strtonum.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/syslog_r.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/timegm.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/timingsafe_bcmp.Plo@am__quote@ # am--include-marker @@ -4305,6 +4354,16 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@conf/$(DEPDIR)/libcrypto_la-conf_mall.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@conf/$(DEPDIR)/libcrypto_la-conf_mod.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@conf/$(DEPDIR)/libcrypto_la-conf_sap.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@ct/$(DEPDIR)/libcrypto_la-ct_b64.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@ct/$(DEPDIR)/libcrypto_la-ct_err.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@ct/$(DEPDIR)/libcrypto_la-ct_log.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@ct/$(DEPDIR)/libcrypto_la-ct_oct.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@ct/$(DEPDIR)/libcrypto_la-ct_policy.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@ct/$(DEPDIR)/libcrypto_la-ct_prn.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@ct/$(DEPDIR)/libcrypto_la-ct_sct.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@ct/$(DEPDIR)/libcrypto_la-ct_sct_ctx.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@ct/$(DEPDIR)/libcrypto_la-ct_vfy.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@ct/$(DEPDIR)/libcrypto_la-ct_x509v3.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@curve25519/$(DEPDIR)/libcrypto_la-curve25519-generic.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@curve25519/$(DEPDIR)/libcrypto_la-curve25519.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-cbc_cksm.Plo@am__quote@ # am--include-marker @@ -4447,9 +4506,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-evp_lib.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-evp_pbe.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-evp_pkey.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_dss.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_dss1.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_ecdsa.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_gost2814789.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_gostr341194.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_md4.Plo@am__quote@ # am--include-marker @@ -4498,6 +4554,8 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@idea/$(DEPDIR)/libcrypto_la-i_ecb.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@idea/$(DEPDIR)/libcrypto_la-i_ofb64.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@idea/$(DEPDIR)/libcrypto_la-i_skey.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@kdf/$(DEPDIR)/libcrypto_la-hkdf_evp.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@kdf/$(DEPDIR)/libcrypto_la-kdf_err.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@lhash/$(DEPDIR)/libcrypto_la-lh_stats.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@lhash/$(DEPDIR)/libcrypto_la-lhash.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@md4/$(DEPDIR)/libcrypto_la-md4_dgst.Plo@am__quote@ # am--include-marker @@ -4542,7 +4600,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@pem/$(DEPDIR)/libcrypto_la-pem_oth.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@pem/$(DEPDIR)/libcrypto_la-pem_pk8.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@pem/$(DEPDIR)/libcrypto_la-pem_pkey.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@pem/$(DEPDIR)/libcrypto_la-pem_seal.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@pem/$(DEPDIR)/libcrypto_la-pem_sign.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@pem/$(DEPDIR)/libcrypto_la-pem_x509.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@pem/$(DEPDIR)/libcrypto_la-pem_xaux.Plo@am__quote@ # am--include-marker @@ -4560,6 +4617,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@pkcs12/$(DEPDIR)/libcrypto_la-p12_npas.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@pkcs12/$(DEPDIR)/libcrypto_la-p12_p8d.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@pkcs12/$(DEPDIR)/libcrypto_la-p12_p8e.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs12/$(DEPDIR)/libcrypto_la-p12_sbag.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@pkcs12/$(DEPDIR)/libcrypto_la-p12_utl.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@pkcs12/$(DEPDIR)/libcrypto_la-pk12err.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@pkcs7/$(DEPDIR)/libcrypto_la-bio_pk7.Plo@am__quote@ # am--include-marker @@ -5474,6 +5532,13 @@ libcrypto_la-mem_dbg.lo: mem_dbg.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcrypto_la-mem_dbg.lo `test -f 'mem_dbg.c' || echo '$(srcdir)/'`mem_dbg.c +libcrypto_la-o_fips.lo: o_fips.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libcrypto_la-o_fips.lo -MD -MP -MF $(DEPDIR)/libcrypto_la-o_fips.Tpo -c -o libcrypto_la-o_fips.lo `test -f 'o_fips.c' || echo '$(srcdir)/'`o_fips.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcrypto_la-o_fips.Tpo $(DEPDIR)/libcrypto_la-o_fips.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='o_fips.c' object='libcrypto_la-o_fips.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcrypto_la-o_fips.lo `test -f 'o_fips.c' || echo '$(srcdir)/'`o_fips.c + libcrypto_la-o_init.lo: o_init.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libcrypto_la-o_init.lo -MD -MP -MF $(DEPDIR)/libcrypto_la-o_init.Tpo -c -o libcrypto_la-o_init.lo `test -f 'o_init.c' || echo '$(srcdir)/'`o_init.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcrypto_la-o_init.Tpo $(DEPDIR)/libcrypto_la-o_init.Plo @@ -5551,34 +5616,6 @@ asn1/libcrypto_la-a_bitstr.lo: asn1/a_bitstr.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-a_bitstr.lo `test -f 'asn1/a_bitstr.c' || echo '$(srcdir)/'`asn1/a_bitstr.c -asn1/libcrypto_la-a_bool.lo: asn1/a_bool.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-a_bool.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-a_bool.Tpo -c -o asn1/libcrypto_la-a_bool.lo `test -f 'asn1/a_bool.c' || echo '$(srcdir)/'`asn1/a_bool.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-a_bool.Tpo asn1/$(DEPDIR)/libcrypto_la-a_bool.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/a_bool.c' object='asn1/libcrypto_la-a_bool.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-a_bool.lo `test -f 'asn1/a_bool.c' || echo '$(srcdir)/'`asn1/a_bool.c - -asn1/libcrypto_la-a_d2i_fp.lo: asn1/a_d2i_fp.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-a_d2i_fp.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-a_d2i_fp.Tpo -c -o asn1/libcrypto_la-a_d2i_fp.lo `test -f 'asn1/a_d2i_fp.c' || echo '$(srcdir)/'`asn1/a_d2i_fp.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-a_d2i_fp.Tpo asn1/$(DEPDIR)/libcrypto_la-a_d2i_fp.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/a_d2i_fp.c' object='asn1/libcrypto_la-a_d2i_fp.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-a_d2i_fp.lo `test -f 'asn1/a_d2i_fp.c' || echo '$(srcdir)/'`asn1/a_d2i_fp.c - -asn1/libcrypto_la-a_digest.lo: asn1/a_digest.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-a_digest.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-a_digest.Tpo -c -o asn1/libcrypto_la-a_digest.lo `test -f 'asn1/a_digest.c' || echo '$(srcdir)/'`asn1/a_digest.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-a_digest.Tpo asn1/$(DEPDIR)/libcrypto_la-a_digest.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/a_digest.c' object='asn1/libcrypto_la-a_digest.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-a_digest.lo `test -f 'asn1/a_digest.c' || echo '$(srcdir)/'`asn1/a_digest.c - -asn1/libcrypto_la-a_dup.lo: asn1/a_dup.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-a_dup.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-a_dup.Tpo -c -o asn1/libcrypto_la-a_dup.lo `test -f 'asn1/a_dup.c' || echo '$(srcdir)/'`asn1/a_dup.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-a_dup.Tpo asn1/$(DEPDIR)/libcrypto_la-a_dup.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/a_dup.c' object='asn1/libcrypto_la-a_dup.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-a_dup.lo `test -f 'asn1/a_dup.c' || echo '$(srcdir)/'`asn1/a_dup.c - asn1/libcrypto_la-a_enum.lo: asn1/a_enum.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-a_enum.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-a_enum.Tpo -c -o asn1/libcrypto_la-a_enum.lo `test -f 'asn1/a_enum.c' || echo '$(srcdir)/'`asn1/a_enum.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-a_enum.Tpo asn1/$(DEPDIR)/libcrypto_la-a_enum.Plo @@ -5586,13 +5623,6 @@ asn1/libcrypto_la-a_enum.lo: asn1/a_enum.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-a_enum.lo `test -f 'asn1/a_enum.c' || echo '$(srcdir)/'`asn1/a_enum.c -asn1/libcrypto_la-a_i2d_fp.lo: asn1/a_i2d_fp.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-a_i2d_fp.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-a_i2d_fp.Tpo -c -o asn1/libcrypto_la-a_i2d_fp.lo `test -f 'asn1/a_i2d_fp.c' || echo '$(srcdir)/'`asn1/a_i2d_fp.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-a_i2d_fp.Tpo asn1/$(DEPDIR)/libcrypto_la-a_i2d_fp.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/a_i2d_fp.c' object='asn1/libcrypto_la-a_i2d_fp.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-a_i2d_fp.lo `test -f 'asn1/a_i2d_fp.c' || echo '$(srcdir)/'`asn1/a_i2d_fp.c - asn1/libcrypto_la-a_int.lo: asn1/a_int.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-a_int.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-a_int.Tpo -c -o asn1/libcrypto_la-a_int.lo `test -f 'asn1/a_int.c' || echo '$(srcdir)/'`asn1/a_int.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-a_int.Tpo asn1/$(DEPDIR)/libcrypto_la-a_int.Plo @@ -5621,6 +5651,13 @@ asn1/libcrypto_la-a_octet.lo: asn1/a_octet.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-a_octet.lo `test -f 'asn1/a_octet.c' || echo '$(srcdir)/'`asn1/a_octet.c +asn1/libcrypto_la-a_pkey.lo: asn1/a_pkey.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-a_pkey.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-a_pkey.Tpo -c -o asn1/libcrypto_la-a_pkey.lo `test -f 'asn1/a_pkey.c' || echo '$(srcdir)/'`asn1/a_pkey.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-a_pkey.Tpo asn1/$(DEPDIR)/libcrypto_la-a_pkey.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/a_pkey.c' object='asn1/libcrypto_la-a_pkey.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-a_pkey.lo `test -f 'asn1/a_pkey.c' || echo '$(srcdir)/'`asn1/a_pkey.c + asn1/libcrypto_la-a_print.lo: asn1/a_print.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-a_print.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-a_print.Tpo -c -o asn1/libcrypto_la-a_print.lo `test -f 'asn1/a_print.c' || echo '$(srcdir)/'`asn1/a_print.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-a_print.Tpo asn1/$(DEPDIR)/libcrypto_la-a_print.Plo @@ -5628,12 +5665,12 @@ asn1/libcrypto_la-a_print.lo: asn1/a_print.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-a_print.lo `test -f 'asn1/a_print.c' || echo '$(srcdir)/'`asn1/a_print.c -asn1/libcrypto_la-a_sign.lo: asn1/a_sign.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-a_sign.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-a_sign.Tpo -c -o asn1/libcrypto_la-a_sign.lo `test -f 'asn1/a_sign.c' || echo '$(srcdir)/'`asn1/a_sign.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-a_sign.Tpo asn1/$(DEPDIR)/libcrypto_la-a_sign.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/a_sign.c' object='asn1/libcrypto_la-a_sign.lo' libtool=yes @AMDEPBACKSLASH@ +asn1/libcrypto_la-a_pubkey.lo: asn1/a_pubkey.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-a_pubkey.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-a_pubkey.Tpo -c -o asn1/libcrypto_la-a_pubkey.lo `test -f 'asn1/a_pubkey.c' || echo '$(srcdir)/'`asn1/a_pubkey.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-a_pubkey.Tpo asn1/$(DEPDIR)/libcrypto_la-a_pubkey.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/a_pubkey.c' object='asn1/libcrypto_la-a_pubkey.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-a_sign.lo `test -f 'asn1/a_sign.c' || echo '$(srcdir)/'`asn1/a_sign.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-a_pubkey.lo `test -f 'asn1/a_pubkey.c' || echo '$(srcdir)/'`asn1/a_pubkey.c asn1/libcrypto_la-a_strex.lo: asn1/a_strex.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-a_strex.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-a_strex.Tpo -c -o asn1/libcrypto_la-a_strex.lo `test -f 'asn1/a_strex.c' || echo '$(srcdir)/'`asn1/a_strex.c @@ -5642,6 +5679,13 @@ asn1/libcrypto_la-a_strex.lo: asn1/a_strex.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-a_strex.lo `test -f 'asn1/a_strex.c' || echo '$(srcdir)/'`asn1/a_strex.c +asn1/libcrypto_la-a_string.lo: asn1/a_string.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-a_string.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-a_string.Tpo -c -o asn1/libcrypto_la-a_string.lo `test -f 'asn1/a_string.c' || echo '$(srcdir)/'`asn1/a_string.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-a_string.Tpo asn1/$(DEPDIR)/libcrypto_la-a_string.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/a_string.c' object='asn1/libcrypto_la-a_string.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-a_string.lo `test -f 'asn1/a_string.c' || echo '$(srcdir)/'`asn1/a_string.c + asn1/libcrypto_la-a_strnid.lo: asn1/a_strnid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-a_strnid.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-a_strnid.Tpo -c -o asn1/libcrypto_la-a_strnid.lo `test -f 'asn1/a_strnid.c' || echo '$(srcdir)/'`asn1/a_strnid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-a_strnid.Tpo asn1/$(DEPDIR)/libcrypto_la-a_strnid.Plo @@ -5677,13 +5721,6 @@ asn1/libcrypto_la-a_utf8.lo: asn1/a_utf8.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-a_utf8.lo `test -f 'asn1/a_utf8.c' || echo '$(srcdir)/'`asn1/a_utf8.c -asn1/libcrypto_la-a_verify.lo: asn1/a_verify.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-a_verify.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-a_verify.Tpo -c -o asn1/libcrypto_la-a_verify.lo `test -f 'asn1/a_verify.c' || echo '$(srcdir)/'`asn1/a_verify.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-a_verify.Tpo asn1/$(DEPDIR)/libcrypto_la-a_verify.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/a_verify.c' object='asn1/libcrypto_la-a_verify.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-a_verify.lo `test -f 'asn1/a_verify.c' || echo '$(srcdir)/'`asn1/a_verify.c - asn1/libcrypto_la-ameth_lib.lo: asn1/ameth_lib.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-ameth_lib.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-ameth_lib.Tpo -c -o asn1/libcrypto_la-ameth_lib.lo `test -f 'asn1/ameth_lib.c' || echo '$(srcdir)/'`asn1/ameth_lib.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-ameth_lib.Tpo asn1/$(DEPDIR)/libcrypto_la-ameth_lib.Plo @@ -5705,6 +5742,13 @@ asn1/libcrypto_la-asn1_gen.lo: asn1/asn1_gen.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-asn1_gen.lo `test -f 'asn1/asn1_gen.c' || echo '$(srcdir)/'`asn1/asn1_gen.c +asn1/libcrypto_la-asn1_item.lo: asn1/asn1_item.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-asn1_item.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-asn1_item.Tpo -c -o asn1/libcrypto_la-asn1_item.lo `test -f 'asn1/asn1_item.c' || echo '$(srcdir)/'`asn1/asn1_item.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-asn1_item.Tpo asn1/$(DEPDIR)/libcrypto_la-asn1_item.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/asn1_item.c' object='asn1/libcrypto_la-asn1_item.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-asn1_item.lo `test -f 'asn1/asn1_item.c' || echo '$(srcdir)/'`asn1/asn1_item.c + asn1/libcrypto_la-asn1_lib.lo: asn1/asn1_lib.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-asn1_lib.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-asn1_lib.Tpo -c -o asn1/libcrypto_la-asn1_lib.lo `test -f 'asn1/asn1_lib.c' || echo '$(srcdir)/'`asn1/asn1_lib.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-asn1_lib.Tpo asn1/$(DEPDIR)/libcrypto_la-asn1_lib.Plo @@ -5712,6 +5756,20 @@ asn1/libcrypto_la-asn1_lib.lo: asn1/asn1_lib.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-asn1_lib.lo `test -f 'asn1/asn1_lib.c' || echo '$(srcdir)/'`asn1/asn1_lib.c +asn1/libcrypto_la-asn1_old.lo: asn1/asn1_old.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-asn1_old.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-asn1_old.Tpo -c -o asn1/libcrypto_la-asn1_old.lo `test -f 'asn1/asn1_old.c' || echo '$(srcdir)/'`asn1/asn1_old.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-asn1_old.Tpo asn1/$(DEPDIR)/libcrypto_la-asn1_old.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/asn1_old.c' object='asn1/libcrypto_la-asn1_old.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-asn1_old.lo `test -f 'asn1/asn1_old.c' || echo '$(srcdir)/'`asn1/asn1_old.c + +asn1/libcrypto_la-asn1_old_lib.lo: asn1/asn1_old_lib.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-asn1_old_lib.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-asn1_old_lib.Tpo -c -o asn1/libcrypto_la-asn1_old_lib.lo `test -f 'asn1/asn1_old_lib.c' || echo '$(srcdir)/'`asn1/asn1_old_lib.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-asn1_old_lib.Tpo asn1/$(DEPDIR)/libcrypto_la-asn1_old_lib.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/asn1_old_lib.c' object='asn1/libcrypto_la-asn1_old_lib.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-asn1_old_lib.lo `test -f 'asn1/asn1_old_lib.c' || echo '$(srcdir)/'`asn1/asn1_old_lib.c + asn1/libcrypto_la-asn1_par.lo: asn1/asn1_par.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-asn1_par.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-asn1_par.Tpo -c -o asn1/libcrypto_la-asn1_par.lo `test -f 'asn1/asn1_par.c' || echo '$(srcdir)/'`asn1/asn1_par.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-asn1_par.Tpo asn1/$(DEPDIR)/libcrypto_la-asn1_par.Plo @@ -5719,6 +5777,13 @@ asn1/libcrypto_la-asn1_par.lo: asn1/asn1_par.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-asn1_par.lo `test -f 'asn1/asn1_par.c' || echo '$(srcdir)/'`asn1/asn1_par.c +asn1/libcrypto_la-asn1_types.lo: asn1/asn1_types.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-asn1_types.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-asn1_types.Tpo -c -o asn1/libcrypto_la-asn1_types.lo `test -f 'asn1/asn1_types.c' || echo '$(srcdir)/'`asn1/asn1_types.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-asn1_types.Tpo asn1/$(DEPDIR)/libcrypto_la-asn1_types.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/asn1_types.c' object='asn1/libcrypto_la-asn1_types.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-asn1_types.lo `test -f 'asn1/asn1_types.c' || echo '$(srcdir)/'`asn1/asn1_types.c + asn1/libcrypto_la-asn_mime.lo: asn1/asn_mime.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-asn_mime.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-asn_mime.Tpo -c -o asn1/libcrypto_la-asn_mime.lo `test -f 'asn1/asn_mime.c' || echo '$(srcdir)/'`asn1/asn_mime.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-asn_mime.Tpo asn1/$(DEPDIR)/libcrypto_la-asn_mime.Plo @@ -5733,13 +5798,6 @@ asn1/libcrypto_la-asn_moid.lo: asn1/asn_moid.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-asn_moid.lo `test -f 'asn1/asn_moid.c' || echo '$(srcdir)/'`asn1/asn_moid.c -asn1/libcrypto_la-asn_pack.lo: asn1/asn_pack.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-asn_pack.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-asn_pack.Tpo -c -o asn1/libcrypto_la-asn_pack.lo `test -f 'asn1/asn_pack.c' || echo '$(srcdir)/'`asn1/asn_pack.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-asn_pack.Tpo asn1/$(DEPDIR)/libcrypto_la-asn_pack.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/asn_pack.c' object='asn1/libcrypto_la-asn_pack.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-asn_pack.lo `test -f 'asn1/asn_pack.c' || echo '$(srcdir)/'`asn1/asn_pack.c - asn1/libcrypto_la-bio_asn1.lo: asn1/bio_asn1.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-bio_asn1.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-bio_asn1.Tpo -c -o asn1/libcrypto_la-bio_asn1.lo `test -f 'asn1/bio_asn1.c' || echo '$(srcdir)/'`asn1/bio_asn1.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-bio_asn1.Tpo asn1/$(DEPDIR)/libcrypto_la-bio_asn1.Plo @@ -5754,69 +5812,6 @@ asn1/libcrypto_la-bio_ndef.lo: asn1/bio_ndef.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-bio_ndef.lo `test -f 'asn1/bio_ndef.c' || echo '$(srcdir)/'`asn1/bio_ndef.c -asn1/libcrypto_la-d2i_pr.lo: asn1/d2i_pr.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-d2i_pr.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-d2i_pr.Tpo -c -o asn1/libcrypto_la-d2i_pr.lo `test -f 'asn1/d2i_pr.c' || echo '$(srcdir)/'`asn1/d2i_pr.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-d2i_pr.Tpo asn1/$(DEPDIR)/libcrypto_la-d2i_pr.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/d2i_pr.c' object='asn1/libcrypto_la-d2i_pr.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-d2i_pr.lo `test -f 'asn1/d2i_pr.c' || echo '$(srcdir)/'`asn1/d2i_pr.c - -asn1/libcrypto_la-d2i_pu.lo: asn1/d2i_pu.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-d2i_pu.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-d2i_pu.Tpo -c -o asn1/libcrypto_la-d2i_pu.lo `test -f 'asn1/d2i_pu.c' || echo '$(srcdir)/'`asn1/d2i_pu.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-d2i_pu.Tpo asn1/$(DEPDIR)/libcrypto_la-d2i_pu.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/d2i_pu.c' object='asn1/libcrypto_la-d2i_pu.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-d2i_pu.lo `test -f 'asn1/d2i_pu.c' || echo '$(srcdir)/'`asn1/d2i_pu.c - -asn1/libcrypto_la-evp_asn1.lo: asn1/evp_asn1.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-evp_asn1.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-evp_asn1.Tpo -c -o asn1/libcrypto_la-evp_asn1.lo `test -f 'asn1/evp_asn1.c' || echo '$(srcdir)/'`asn1/evp_asn1.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-evp_asn1.Tpo asn1/$(DEPDIR)/libcrypto_la-evp_asn1.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/evp_asn1.c' object='asn1/libcrypto_la-evp_asn1.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-evp_asn1.lo `test -f 'asn1/evp_asn1.c' || echo '$(srcdir)/'`asn1/evp_asn1.c - -asn1/libcrypto_la-f_enum.lo: asn1/f_enum.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-f_enum.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-f_enum.Tpo -c -o asn1/libcrypto_la-f_enum.lo `test -f 'asn1/f_enum.c' || echo '$(srcdir)/'`asn1/f_enum.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-f_enum.Tpo asn1/$(DEPDIR)/libcrypto_la-f_enum.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/f_enum.c' object='asn1/libcrypto_la-f_enum.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-f_enum.lo `test -f 'asn1/f_enum.c' || echo '$(srcdir)/'`asn1/f_enum.c - -asn1/libcrypto_la-f_int.lo: asn1/f_int.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-f_int.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-f_int.Tpo -c -o asn1/libcrypto_la-f_int.lo `test -f 'asn1/f_int.c' || echo '$(srcdir)/'`asn1/f_int.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-f_int.Tpo asn1/$(DEPDIR)/libcrypto_la-f_int.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/f_int.c' object='asn1/libcrypto_la-f_int.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-f_int.lo `test -f 'asn1/f_int.c' || echo '$(srcdir)/'`asn1/f_int.c - -asn1/libcrypto_la-f_string.lo: asn1/f_string.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-f_string.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-f_string.Tpo -c -o asn1/libcrypto_la-f_string.lo `test -f 'asn1/f_string.c' || echo '$(srcdir)/'`asn1/f_string.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-f_string.Tpo asn1/$(DEPDIR)/libcrypto_la-f_string.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/f_string.c' object='asn1/libcrypto_la-f_string.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-f_string.lo `test -f 'asn1/f_string.c' || echo '$(srcdir)/'`asn1/f_string.c - -asn1/libcrypto_la-i2d_pr.lo: asn1/i2d_pr.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-i2d_pr.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-i2d_pr.Tpo -c -o asn1/libcrypto_la-i2d_pr.lo `test -f 'asn1/i2d_pr.c' || echo '$(srcdir)/'`asn1/i2d_pr.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-i2d_pr.Tpo asn1/$(DEPDIR)/libcrypto_la-i2d_pr.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/i2d_pr.c' object='asn1/libcrypto_la-i2d_pr.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-i2d_pr.lo `test -f 'asn1/i2d_pr.c' || echo '$(srcdir)/'`asn1/i2d_pr.c - -asn1/libcrypto_la-i2d_pu.lo: asn1/i2d_pu.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-i2d_pu.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-i2d_pu.Tpo -c -o asn1/libcrypto_la-i2d_pu.lo `test -f 'asn1/i2d_pu.c' || echo '$(srcdir)/'`asn1/i2d_pu.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-i2d_pu.Tpo asn1/$(DEPDIR)/libcrypto_la-i2d_pu.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/i2d_pu.c' object='asn1/libcrypto_la-i2d_pu.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-i2d_pu.lo `test -f 'asn1/i2d_pu.c' || echo '$(srcdir)/'`asn1/i2d_pu.c - -asn1/libcrypto_la-n_pkey.lo: asn1/n_pkey.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-n_pkey.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-n_pkey.Tpo -c -o asn1/libcrypto_la-n_pkey.lo `test -f 'asn1/n_pkey.c' || echo '$(srcdir)/'`asn1/n_pkey.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-n_pkey.Tpo asn1/$(DEPDIR)/libcrypto_la-n_pkey.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/n_pkey.c' object='asn1/libcrypto_la-n_pkey.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-n_pkey.lo `test -f 'asn1/n_pkey.c' || echo '$(srcdir)/'`asn1/n_pkey.c - asn1/libcrypto_la-nsseq.lo: asn1/nsseq.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-nsseq.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-nsseq.Tpo -c -o asn1/libcrypto_la-nsseq.lo `test -f 'asn1/nsseq.c' || echo '$(srcdir)/'`asn1/nsseq.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-nsseq.Tpo asn1/$(DEPDIR)/libcrypto_la-nsseq.Plo @@ -5845,13 +5840,6 @@ asn1/libcrypto_la-p8_pkey.lo: asn1/p8_pkey.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-p8_pkey.lo `test -f 'asn1/p8_pkey.c' || echo '$(srcdir)/'`asn1/p8_pkey.c -asn1/libcrypto_la-t_bitst.lo: asn1/t_bitst.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-t_bitst.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-t_bitst.Tpo -c -o asn1/libcrypto_la-t_bitst.lo `test -f 'asn1/t_bitst.c' || echo '$(srcdir)/'`asn1/t_bitst.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-t_bitst.Tpo asn1/$(DEPDIR)/libcrypto_la-t_bitst.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/t_bitst.c' object='asn1/libcrypto_la-t_bitst.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-t_bitst.lo `test -f 'asn1/t_bitst.c' || echo '$(srcdir)/'`asn1/t_bitst.c - asn1/libcrypto_la-t_crl.lo: asn1/t_crl.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-t_crl.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-t_crl.Tpo -c -o asn1/libcrypto_la-t_crl.lo `test -f 'asn1/t_crl.c' || echo '$(srcdir)/'`asn1/t_crl.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-t_crl.Tpo asn1/$(DEPDIR)/libcrypto_la-t_crl.Plo @@ -5999,13 +5987,6 @@ asn1/libcrypto_la-x_name.lo: asn1/x_name.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-x_name.lo `test -f 'asn1/x_name.c' || echo '$(srcdir)/'`asn1/x_name.c -asn1/libcrypto_la-x_nx509.lo: asn1/x_nx509.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-x_nx509.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-x_nx509.Tpo -c -o asn1/libcrypto_la-x_nx509.lo `test -f 'asn1/x_nx509.c' || echo '$(srcdir)/'`asn1/x_nx509.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-x_nx509.Tpo asn1/$(DEPDIR)/libcrypto_la-x_nx509.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/x_nx509.c' object='asn1/libcrypto_la-x_nx509.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-x_nx509.lo `test -f 'asn1/x_nx509.c' || echo '$(srcdir)/'`asn1/x_nx509.c - asn1/libcrypto_la-x_pkey.lo: asn1/x_pkey.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-x_pkey.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-x_pkey.Tpo -c -o asn1/libcrypto_la-x_pkey.lo `test -f 'asn1/x_pkey.c' || echo '$(srcdir)/'`asn1/x_pkey.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-x_pkey.Tpo asn1/$(DEPDIR)/libcrypto_la-x_pkey.Plo @@ -6272,6 +6253,13 @@ bn/libcrypto_la-bn_blind.lo: bn/bn_blind.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bn/libcrypto_la-bn_blind.lo `test -f 'bn/bn_blind.c' || echo '$(srcdir)/'`bn/bn_blind.c +bn/libcrypto_la-bn_bpsw.lo: bn/bn_bpsw.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bn/libcrypto_la-bn_bpsw.lo -MD -MP -MF bn/$(DEPDIR)/libcrypto_la-bn_bpsw.Tpo -c -o bn/libcrypto_la-bn_bpsw.lo `test -f 'bn/bn_bpsw.c' || echo '$(srcdir)/'`bn/bn_bpsw.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) bn/$(DEPDIR)/libcrypto_la-bn_bpsw.Tpo bn/$(DEPDIR)/libcrypto_la-bn_bpsw.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bn/bn_bpsw.c' object='bn/libcrypto_la-bn_bpsw.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bn/libcrypto_la-bn_bpsw.lo `test -f 'bn/bn_bpsw.c' || echo '$(srcdir)/'`bn/bn_bpsw.c + bn/libcrypto_la-bn_const.lo: bn/bn_const.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bn/libcrypto_la-bn_const.lo -MD -MP -MF bn/$(DEPDIR)/libcrypto_la-bn_const.Tpo -c -o bn/libcrypto_la-bn_const.lo `test -f 'bn/bn_const.c' || echo '$(srcdir)/'`bn/bn_const.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) bn/$(DEPDIR)/libcrypto_la-bn_const.Tpo bn/$(DEPDIR)/libcrypto_la-bn_const.Plo @@ -6335,6 +6323,13 @@ bn/libcrypto_la-bn_gf2m.lo: bn/bn_gf2m.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bn/libcrypto_la-bn_gf2m.lo `test -f 'bn/bn_gf2m.c' || echo '$(srcdir)/'`bn/bn_gf2m.c +bn/libcrypto_la-bn_isqrt.lo: bn/bn_isqrt.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bn/libcrypto_la-bn_isqrt.lo -MD -MP -MF bn/$(DEPDIR)/libcrypto_la-bn_isqrt.Tpo -c -o bn/libcrypto_la-bn_isqrt.lo `test -f 'bn/bn_isqrt.c' || echo '$(srcdir)/'`bn/bn_isqrt.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) bn/$(DEPDIR)/libcrypto_la-bn_isqrt.Tpo bn/$(DEPDIR)/libcrypto_la-bn_isqrt.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bn/bn_isqrt.c' object='bn/libcrypto_la-bn_isqrt.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bn/libcrypto_la-bn_isqrt.lo `test -f 'bn/bn_isqrt.c' || echo '$(srcdir)/'`bn/bn_isqrt.c + bn/libcrypto_la-bn_kron.lo: bn/bn_kron.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bn/libcrypto_la-bn_kron.lo -MD -MP -MF bn/$(DEPDIR)/libcrypto_la-bn_kron.Tpo -c -o bn/libcrypto_la-bn_kron.lo `test -f 'bn/bn_kron.c' || echo '$(srcdir)/'`bn/bn_kron.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) bn/$(DEPDIR)/libcrypto_la-bn_kron.Tpo bn/$(DEPDIR)/libcrypto_la-bn_kron.Plo @@ -6468,6 +6463,27 @@ buffer/libcrypto_la-buffer.lo: buffer/buffer.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o buffer/libcrypto_la-buffer.lo `test -f 'buffer/buffer.c' || echo '$(srcdir)/'`buffer/buffer.c +bytestring/libcrypto_la-bs_ber.lo: bytestring/bs_ber.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bytestring/libcrypto_la-bs_ber.lo -MD -MP -MF bytestring/$(DEPDIR)/libcrypto_la-bs_ber.Tpo -c -o bytestring/libcrypto_la-bs_ber.lo `test -f 'bytestring/bs_ber.c' || echo '$(srcdir)/'`bytestring/bs_ber.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) bytestring/$(DEPDIR)/libcrypto_la-bs_ber.Tpo bytestring/$(DEPDIR)/libcrypto_la-bs_ber.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bytestring/bs_ber.c' object='bytestring/libcrypto_la-bs_ber.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bytestring/libcrypto_la-bs_ber.lo `test -f 'bytestring/bs_ber.c' || echo '$(srcdir)/'`bytestring/bs_ber.c + +bytestring/libcrypto_la-bs_cbb.lo: bytestring/bs_cbb.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bytestring/libcrypto_la-bs_cbb.lo -MD -MP -MF bytestring/$(DEPDIR)/libcrypto_la-bs_cbb.Tpo -c -o bytestring/libcrypto_la-bs_cbb.lo `test -f 'bytestring/bs_cbb.c' || echo '$(srcdir)/'`bytestring/bs_cbb.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) bytestring/$(DEPDIR)/libcrypto_la-bs_cbb.Tpo bytestring/$(DEPDIR)/libcrypto_la-bs_cbb.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bytestring/bs_cbb.c' object='bytestring/libcrypto_la-bs_cbb.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bytestring/libcrypto_la-bs_cbb.lo `test -f 'bytestring/bs_cbb.c' || echo '$(srcdir)/'`bytestring/bs_cbb.c + +bytestring/libcrypto_la-bs_cbs.lo: bytestring/bs_cbs.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bytestring/libcrypto_la-bs_cbs.lo -MD -MP -MF bytestring/$(DEPDIR)/libcrypto_la-bs_cbs.Tpo -c -o bytestring/libcrypto_la-bs_cbs.lo `test -f 'bytestring/bs_cbs.c' || echo '$(srcdir)/'`bytestring/bs_cbs.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) bytestring/$(DEPDIR)/libcrypto_la-bs_cbs.Tpo bytestring/$(DEPDIR)/libcrypto_la-bs_cbs.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bytestring/bs_cbs.c' object='bytestring/libcrypto_la-bs_cbs.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bytestring/libcrypto_la-bs_cbs.lo `test -f 'bytestring/bs_cbs.c' || echo '$(srcdir)/'`bytestring/bs_cbs.c + camellia/libcrypto_la-cmll_cfb.lo: camellia/cmll_cfb.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT camellia/libcrypto_la-cmll_cfb.lo -MD -MP -MF camellia/$(DEPDIR)/libcrypto_la-cmll_cfb.Tpo -c -o camellia/libcrypto_la-cmll_cfb.lo `test -f 'camellia/cmll_cfb.c' || echo '$(srcdir)/'`camellia/cmll_cfb.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) camellia/$(DEPDIR)/libcrypto_la-cmll_cfb.Tpo camellia/$(DEPDIR)/libcrypto_la-cmll_cfb.Plo @@ -6741,6 +6757,76 @@ conf/libcrypto_la-conf_sap.lo: conf/conf_sap.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o conf/libcrypto_la-conf_sap.lo `test -f 'conf/conf_sap.c' || echo '$(srcdir)/'`conf/conf_sap.c +ct/libcrypto_la-ct_b64.lo: ct/ct_b64.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ct/libcrypto_la-ct_b64.lo -MD -MP -MF ct/$(DEPDIR)/libcrypto_la-ct_b64.Tpo -c -o ct/libcrypto_la-ct_b64.lo `test -f 'ct/ct_b64.c' || echo '$(srcdir)/'`ct/ct_b64.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ct/$(DEPDIR)/libcrypto_la-ct_b64.Tpo ct/$(DEPDIR)/libcrypto_la-ct_b64.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ct/ct_b64.c' object='ct/libcrypto_la-ct_b64.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ct/libcrypto_la-ct_b64.lo `test -f 'ct/ct_b64.c' || echo '$(srcdir)/'`ct/ct_b64.c + +ct/libcrypto_la-ct_err.lo: ct/ct_err.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ct/libcrypto_la-ct_err.lo -MD -MP -MF ct/$(DEPDIR)/libcrypto_la-ct_err.Tpo -c -o ct/libcrypto_la-ct_err.lo `test -f 'ct/ct_err.c' || echo '$(srcdir)/'`ct/ct_err.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ct/$(DEPDIR)/libcrypto_la-ct_err.Tpo ct/$(DEPDIR)/libcrypto_la-ct_err.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ct/ct_err.c' object='ct/libcrypto_la-ct_err.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ct/libcrypto_la-ct_err.lo `test -f 'ct/ct_err.c' || echo '$(srcdir)/'`ct/ct_err.c + +ct/libcrypto_la-ct_log.lo: ct/ct_log.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ct/libcrypto_la-ct_log.lo -MD -MP -MF ct/$(DEPDIR)/libcrypto_la-ct_log.Tpo -c -o ct/libcrypto_la-ct_log.lo `test -f 'ct/ct_log.c' || echo '$(srcdir)/'`ct/ct_log.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ct/$(DEPDIR)/libcrypto_la-ct_log.Tpo ct/$(DEPDIR)/libcrypto_la-ct_log.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ct/ct_log.c' object='ct/libcrypto_la-ct_log.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ct/libcrypto_la-ct_log.lo `test -f 'ct/ct_log.c' || echo '$(srcdir)/'`ct/ct_log.c + +ct/libcrypto_la-ct_oct.lo: ct/ct_oct.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ct/libcrypto_la-ct_oct.lo -MD -MP -MF ct/$(DEPDIR)/libcrypto_la-ct_oct.Tpo -c -o ct/libcrypto_la-ct_oct.lo `test -f 'ct/ct_oct.c' || echo '$(srcdir)/'`ct/ct_oct.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ct/$(DEPDIR)/libcrypto_la-ct_oct.Tpo ct/$(DEPDIR)/libcrypto_la-ct_oct.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ct/ct_oct.c' object='ct/libcrypto_la-ct_oct.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ct/libcrypto_la-ct_oct.lo `test -f 'ct/ct_oct.c' || echo '$(srcdir)/'`ct/ct_oct.c + +ct/libcrypto_la-ct_policy.lo: ct/ct_policy.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ct/libcrypto_la-ct_policy.lo -MD -MP -MF ct/$(DEPDIR)/libcrypto_la-ct_policy.Tpo -c -o ct/libcrypto_la-ct_policy.lo `test -f 'ct/ct_policy.c' || echo '$(srcdir)/'`ct/ct_policy.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ct/$(DEPDIR)/libcrypto_la-ct_policy.Tpo ct/$(DEPDIR)/libcrypto_la-ct_policy.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ct/ct_policy.c' object='ct/libcrypto_la-ct_policy.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ct/libcrypto_la-ct_policy.lo `test -f 'ct/ct_policy.c' || echo '$(srcdir)/'`ct/ct_policy.c + +ct/libcrypto_la-ct_prn.lo: ct/ct_prn.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ct/libcrypto_la-ct_prn.lo -MD -MP -MF ct/$(DEPDIR)/libcrypto_la-ct_prn.Tpo -c -o ct/libcrypto_la-ct_prn.lo `test -f 'ct/ct_prn.c' || echo '$(srcdir)/'`ct/ct_prn.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ct/$(DEPDIR)/libcrypto_la-ct_prn.Tpo ct/$(DEPDIR)/libcrypto_la-ct_prn.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ct/ct_prn.c' object='ct/libcrypto_la-ct_prn.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ct/libcrypto_la-ct_prn.lo `test -f 'ct/ct_prn.c' || echo '$(srcdir)/'`ct/ct_prn.c + +ct/libcrypto_la-ct_sct.lo: ct/ct_sct.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ct/libcrypto_la-ct_sct.lo -MD -MP -MF ct/$(DEPDIR)/libcrypto_la-ct_sct.Tpo -c -o ct/libcrypto_la-ct_sct.lo `test -f 'ct/ct_sct.c' || echo '$(srcdir)/'`ct/ct_sct.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ct/$(DEPDIR)/libcrypto_la-ct_sct.Tpo ct/$(DEPDIR)/libcrypto_la-ct_sct.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ct/ct_sct.c' object='ct/libcrypto_la-ct_sct.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ct/libcrypto_la-ct_sct.lo `test -f 'ct/ct_sct.c' || echo '$(srcdir)/'`ct/ct_sct.c + +ct/libcrypto_la-ct_sct_ctx.lo: ct/ct_sct_ctx.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ct/libcrypto_la-ct_sct_ctx.lo -MD -MP -MF ct/$(DEPDIR)/libcrypto_la-ct_sct_ctx.Tpo -c -o ct/libcrypto_la-ct_sct_ctx.lo `test -f 'ct/ct_sct_ctx.c' || echo '$(srcdir)/'`ct/ct_sct_ctx.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ct/$(DEPDIR)/libcrypto_la-ct_sct_ctx.Tpo ct/$(DEPDIR)/libcrypto_la-ct_sct_ctx.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ct/ct_sct_ctx.c' object='ct/libcrypto_la-ct_sct_ctx.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ct/libcrypto_la-ct_sct_ctx.lo `test -f 'ct/ct_sct_ctx.c' || echo '$(srcdir)/'`ct/ct_sct_ctx.c + +ct/libcrypto_la-ct_vfy.lo: ct/ct_vfy.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ct/libcrypto_la-ct_vfy.lo -MD -MP -MF ct/$(DEPDIR)/libcrypto_la-ct_vfy.Tpo -c -o ct/libcrypto_la-ct_vfy.lo `test -f 'ct/ct_vfy.c' || echo '$(srcdir)/'`ct/ct_vfy.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ct/$(DEPDIR)/libcrypto_la-ct_vfy.Tpo ct/$(DEPDIR)/libcrypto_la-ct_vfy.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ct/ct_vfy.c' object='ct/libcrypto_la-ct_vfy.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ct/libcrypto_la-ct_vfy.lo `test -f 'ct/ct_vfy.c' || echo '$(srcdir)/'`ct/ct_vfy.c + +ct/libcrypto_la-ct_x509v3.lo: ct/ct_x509v3.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ct/libcrypto_la-ct_x509v3.lo -MD -MP -MF ct/$(DEPDIR)/libcrypto_la-ct_x509v3.Tpo -c -o ct/libcrypto_la-ct_x509v3.lo `test -f 'ct/ct_x509v3.c' || echo '$(srcdir)/'`ct/ct_x509v3.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ct/$(DEPDIR)/libcrypto_la-ct_x509v3.Tpo ct/$(DEPDIR)/libcrypto_la-ct_x509v3.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ct/ct_x509v3.c' object='ct/libcrypto_la-ct_x509v3.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ct/libcrypto_la-ct_x509v3.lo `test -f 'ct/ct_x509v3.c' || echo '$(srcdir)/'`ct/ct_x509v3.c + curve25519/libcrypto_la-curve25519-generic.lo: curve25519/curve25519-generic.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT curve25519/libcrypto_la-curve25519-generic.lo -MD -MP -MF curve25519/$(DEPDIR)/libcrypto_la-curve25519-generic.Tpo -c -o curve25519/libcrypto_la-curve25519-generic.lo `test -f 'curve25519/curve25519-generic.c' || echo '$(srcdir)/'`curve25519/curve25519-generic.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) curve25519/$(DEPDIR)/libcrypto_la-curve25519-generic.Tpo curve25519/$(DEPDIR)/libcrypto_la-curve25519-generic.Plo @@ -7728,27 +7814,6 @@ evp/libcrypto_la-evp_pkey.lo: evp/evp_pkey.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-evp_pkey.lo `test -f 'evp/evp_pkey.c' || echo '$(srcdir)/'`evp/evp_pkey.c -evp/libcrypto_la-m_dss.lo: evp/m_dss.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-m_dss.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-m_dss.Tpo -c -o evp/libcrypto_la-m_dss.lo `test -f 'evp/m_dss.c' || echo '$(srcdir)/'`evp/m_dss.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-m_dss.Tpo evp/$(DEPDIR)/libcrypto_la-m_dss.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/m_dss.c' object='evp/libcrypto_la-m_dss.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-m_dss.lo `test -f 'evp/m_dss.c' || echo '$(srcdir)/'`evp/m_dss.c - -evp/libcrypto_la-m_dss1.lo: evp/m_dss1.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-m_dss1.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-m_dss1.Tpo -c -o evp/libcrypto_la-m_dss1.lo `test -f 'evp/m_dss1.c' || echo '$(srcdir)/'`evp/m_dss1.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-m_dss1.Tpo evp/$(DEPDIR)/libcrypto_la-m_dss1.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/m_dss1.c' object='evp/libcrypto_la-m_dss1.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-m_dss1.lo `test -f 'evp/m_dss1.c' || echo '$(srcdir)/'`evp/m_dss1.c - -evp/libcrypto_la-m_ecdsa.lo: evp/m_ecdsa.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-m_ecdsa.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-m_ecdsa.Tpo -c -o evp/libcrypto_la-m_ecdsa.lo `test -f 'evp/m_ecdsa.c' || echo '$(srcdir)/'`evp/m_ecdsa.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-m_ecdsa.Tpo evp/$(DEPDIR)/libcrypto_la-m_ecdsa.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/m_ecdsa.c' object='evp/libcrypto_la-m_ecdsa.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-m_ecdsa.lo `test -f 'evp/m_ecdsa.c' || echo '$(srcdir)/'`evp/m_ecdsa.c - evp/libcrypto_la-m_gost2814789.lo: evp/m_gost2814789.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-m_gost2814789.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-m_gost2814789.Tpo -c -o evp/libcrypto_la-m_gost2814789.lo `test -f 'evp/m_gost2814789.c' || echo '$(srcdir)/'`evp/m_gost2814789.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-m_gost2814789.Tpo evp/$(DEPDIR)/libcrypto_la-m_gost2814789.Plo @@ -8085,6 +8150,20 @@ idea/libcrypto_la-i_skey.lo: idea/i_skey.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o idea/libcrypto_la-i_skey.lo `test -f 'idea/i_skey.c' || echo '$(srcdir)/'`idea/i_skey.c +kdf/libcrypto_la-hkdf_evp.lo: kdf/hkdf_evp.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kdf/libcrypto_la-hkdf_evp.lo -MD -MP -MF kdf/$(DEPDIR)/libcrypto_la-hkdf_evp.Tpo -c -o kdf/libcrypto_la-hkdf_evp.lo `test -f 'kdf/hkdf_evp.c' || echo '$(srcdir)/'`kdf/hkdf_evp.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) kdf/$(DEPDIR)/libcrypto_la-hkdf_evp.Tpo kdf/$(DEPDIR)/libcrypto_la-hkdf_evp.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kdf/hkdf_evp.c' object='kdf/libcrypto_la-hkdf_evp.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kdf/libcrypto_la-hkdf_evp.lo `test -f 'kdf/hkdf_evp.c' || echo '$(srcdir)/'`kdf/hkdf_evp.c + +kdf/libcrypto_la-kdf_err.lo: kdf/kdf_err.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kdf/libcrypto_la-kdf_err.lo -MD -MP -MF kdf/$(DEPDIR)/libcrypto_la-kdf_err.Tpo -c -o kdf/libcrypto_la-kdf_err.lo `test -f 'kdf/kdf_err.c' || echo '$(srcdir)/'`kdf/kdf_err.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) kdf/$(DEPDIR)/libcrypto_la-kdf_err.Tpo kdf/$(DEPDIR)/libcrypto_la-kdf_err.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kdf/kdf_err.c' object='kdf/libcrypto_la-kdf_err.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kdf/libcrypto_la-kdf_err.lo `test -f 'kdf/kdf_err.c' || echo '$(srcdir)/'`kdf/kdf_err.c + lhash/libcrypto_la-lh_stats.lo: lhash/lh_stats.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lhash/libcrypto_la-lh_stats.lo -MD -MP -MF lhash/$(DEPDIR)/libcrypto_la-lh_stats.Tpo -c -o lhash/libcrypto_la-lh_stats.lo `test -f 'lhash/lh_stats.c' || echo '$(srcdir)/'`lhash/lh_stats.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lhash/$(DEPDIR)/libcrypto_la-lh_stats.Tpo lhash/$(DEPDIR)/libcrypto_la-lh_stats.Plo @@ -8330,13 +8409,6 @@ pem/libcrypto_la-pem_pkey.lo: pem/pem_pkey.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pem/libcrypto_la-pem_pkey.lo `test -f 'pem/pem_pkey.c' || echo '$(srcdir)/'`pem/pem_pkey.c -pem/libcrypto_la-pem_seal.lo: pem/pem_seal.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pem/libcrypto_la-pem_seal.lo -MD -MP -MF pem/$(DEPDIR)/libcrypto_la-pem_seal.Tpo -c -o pem/libcrypto_la-pem_seal.lo `test -f 'pem/pem_seal.c' || echo '$(srcdir)/'`pem/pem_seal.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) pem/$(DEPDIR)/libcrypto_la-pem_seal.Tpo pem/$(DEPDIR)/libcrypto_la-pem_seal.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pem/pem_seal.c' object='pem/libcrypto_la-pem_seal.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pem/libcrypto_la-pem_seal.lo `test -f 'pem/pem_seal.c' || echo '$(srcdir)/'`pem/pem_seal.c - pem/libcrypto_la-pem_sign.lo: pem/pem_sign.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pem/libcrypto_la-pem_sign.lo -MD -MP -MF pem/$(DEPDIR)/libcrypto_la-pem_sign.Tpo -c -o pem/libcrypto_la-pem_sign.lo `test -f 'pem/pem_sign.c' || echo '$(srcdir)/'`pem/pem_sign.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) pem/$(DEPDIR)/libcrypto_la-pem_sign.Tpo pem/$(DEPDIR)/libcrypto_la-pem_sign.Plo @@ -8456,6 +8528,13 @@ pkcs12/libcrypto_la-p12_p8e.lo: pkcs12/p12_p8e.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pkcs12/libcrypto_la-p12_p8e.lo `test -f 'pkcs12/p12_p8e.c' || echo '$(srcdir)/'`pkcs12/p12_p8e.c +pkcs12/libcrypto_la-p12_sbag.lo: pkcs12/p12_sbag.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pkcs12/libcrypto_la-p12_sbag.lo -MD -MP -MF pkcs12/$(DEPDIR)/libcrypto_la-p12_sbag.Tpo -c -o pkcs12/libcrypto_la-p12_sbag.lo `test -f 'pkcs12/p12_sbag.c' || echo '$(srcdir)/'`pkcs12/p12_sbag.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) pkcs12/$(DEPDIR)/libcrypto_la-p12_sbag.Tpo pkcs12/$(DEPDIR)/libcrypto_la-p12_sbag.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pkcs12/p12_sbag.c' object='pkcs12/libcrypto_la-p12_sbag.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pkcs12/libcrypto_la-p12_sbag.lo `test -f 'pkcs12/p12_sbag.c' || echo '$(srcdir)/'`pkcs12/p12_sbag.c + pkcs12/libcrypto_la-p12_utl.lo: pkcs12/p12_utl.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pkcs12/libcrypto_la-p12_utl.lo -MD -MP -MF pkcs12/$(DEPDIR)/libcrypto_la-p12_utl.Tpo -c -o pkcs12/libcrypto_la-p12_utl.lo `test -f 'pkcs12/p12_utl.c' || echo '$(srcdir)/'`pkcs12/p12_utl.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) pkcs12/$(DEPDIR)/libcrypto_la-p12_utl.Tpo pkcs12/$(DEPDIR)/libcrypto_la-p12_utl.Plo @@ -9384,6 +9463,7 @@ clean-libtool: -rm -rf bio/.libs bio/_libs -rm -rf bn/.libs bn/_libs -rm -rf buffer/.libs buffer/_libs + -rm -rf bytestring/.libs bytestring/_libs -rm -rf camellia/.libs camellia/_libs -rm -rf cast/.libs cast/_libs -rm -rf chacha/.libs chacha/_libs @@ -9392,6 +9472,7 @@ clean-libtool: -rm -rf comp/.libs comp/_libs -rm -rf compat/.libs compat/_libs -rm -rf conf/.libs conf/_libs + -rm -rf ct/.libs ct/_libs -rm -rf curve25519/.libs curve25519/_libs -rm -rf des/.libs des/_libs -rm -rf dh/.libs dh/_libs @@ -9407,6 +9488,7 @@ clean-libtool: -rm -rf hkdf/.libs hkdf/_libs -rm -rf hmac/.libs hmac/_libs -rm -rf idea/.libs idea/_libs + -rm -rf kdf/.libs kdf/_libs -rm -rf lhash/.libs lhash/_libs -rm -rf md4/.libs md4/_libs -rm -rf md5/.libs md5/_libs @@ -9483,7 +9565,6 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am @@ -9566,6 +9647,8 @@ distclean-generic: -rm -f bn/$(am__dirstamp) -rm -f buffer/$(DEPDIR)/$(am__dirstamp) -rm -f buffer/$(am__dirstamp) + -rm -f bytestring/$(DEPDIR)/$(am__dirstamp) + -rm -f bytestring/$(am__dirstamp) -rm -f camellia/$(DEPDIR)/$(am__dirstamp) -rm -f camellia/$(am__dirstamp) -rm -f cast/$(DEPDIR)/$(am__dirstamp) @@ -9582,6 +9665,8 @@ distclean-generic: -rm -f compat/$(am__dirstamp) -rm -f conf/$(DEPDIR)/$(am__dirstamp) -rm -f conf/$(am__dirstamp) + -rm -f ct/$(DEPDIR)/$(am__dirstamp) + -rm -f ct/$(am__dirstamp) -rm -f curve25519/$(DEPDIR)/$(am__dirstamp) -rm -f curve25519/$(am__dirstamp) -rm -f des/$(DEPDIR)/$(am__dirstamp) @@ -9612,6 +9697,8 @@ distclean-generic: -rm -f hmac/$(am__dirstamp) -rm -f idea/$(DEPDIR)/$(am__dirstamp) -rm -f idea/$(am__dirstamp) + -rm -f kdf/$(DEPDIR)/$(am__dirstamp) + -rm -f kdf/$(am__dirstamp) -rm -f lhash/$(DEPDIR)/$(am__dirstamp) -rm -f lhash/$(am__dirstamp) -rm -f md4/$(DEPDIR)/$(am__dirstamp) @@ -9686,6 +9773,7 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/libcrypto_la-malloc-wrapper.Plo -rm -f ./$(DEPDIR)/libcrypto_la-mem_clr.Plo -rm -f ./$(DEPDIR)/libcrypto_la-mem_dbg.Plo + -rm -f ./$(DEPDIR)/libcrypto_la-o_fips.Plo -rm -f ./$(DEPDIR)/libcrypto_la-o_init.Plo -rm -f ./$(DEPDIR)/libcrypto_la-o_str.Plo -rm -f ./$(DEPDIR)/libcrypto_la-o_time.Plo @@ -9720,49 +9808,38 @@ distclean: distclean-am -rm -f aes/$(DEPDIR)/libcrypto_la-vpaes-masm-x86_64.Plo -rm -f aes/$(DEPDIR)/libcrypto_la-vpaes-mingw64-x86_64.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_bitstr.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-a_bool.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-a_d2i_fp.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-a_digest.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-a_dup.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_enum.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-a_i2d_fp.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_int.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_mbstr.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_object.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_octet.Plo + -rm -f asn1/$(DEPDIR)/libcrypto_la-a_pkey.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_print.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-a_sign.Plo + -rm -f asn1/$(DEPDIR)/libcrypto_la-a_pubkey.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_strex.Plo + -rm -f asn1/$(DEPDIR)/libcrypto_la-a_string.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_strnid.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_time.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_time_tm.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_type.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_utf8.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-a_verify.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-ameth_lib.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_err.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_gen.Plo + -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_item.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_lib.Plo + -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_old.Plo + -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_old_lib.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_par.Plo + -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_types.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-asn_mime.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-asn_moid.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-asn_pack.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-bio_asn1.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-bio_ndef.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-d2i_pr.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-d2i_pu.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-evp_asn1.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-f_enum.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-f_int.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-f_string.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-i2d_pr.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-i2d_pu.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-n_pkey.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-nsseq.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-p5_pbe.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-p5_pbev2.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-p8_pkey.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-t_bitst.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-t_crl.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-t_pkey.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-t_req.Plo @@ -9784,7 +9861,6 @@ distclean: distclean-am -rm -f asn1/$(DEPDIR)/libcrypto_la-x_info.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-x_long.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-x_name.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-x_nx509.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-x_pkey.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-x_pubkey.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-x_req.Plo @@ -9823,6 +9899,7 @@ distclean: distclean-am -rm -f bn/$(DEPDIR)/libcrypto_la-bn_add.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_asm.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_blind.Plo + -rm -f bn/$(DEPDIR)/libcrypto_la-bn_bpsw.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_const.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_ctx.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_depr.Plo @@ -9832,6 +9909,7 @@ distclean: distclean-am -rm -f bn/$(DEPDIR)/libcrypto_la-bn_exp2.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_gcd.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_gf2m.Plo + -rm -f bn/$(DEPDIR)/libcrypto_la-bn_isqrt.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_kron.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_lib.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_mod.Plo @@ -9865,6 +9943,9 @@ distclean: distclean-am -rm -f buffer/$(DEPDIR)/libcrypto_la-buf_err.Plo -rm -f buffer/$(DEPDIR)/libcrypto_la-buf_str.Plo -rm -f buffer/$(DEPDIR)/libcrypto_la-buffer.Plo + -rm -f bytestring/$(DEPDIR)/libcrypto_la-bs_ber.Plo + -rm -f bytestring/$(DEPDIR)/libcrypto_la-bs_cbb.Plo + -rm -f bytestring/$(DEPDIR)/libcrypto_la-bs_cbs.Plo -rm -f camellia/$(DEPDIR)/libcrypto_la-camellia.Plo -rm -f camellia/$(DEPDIR)/libcrypto_la-cmll-elf-x86_64.Plo -rm -f camellia/$(DEPDIR)/libcrypto_la-cmll-macosx-x86_64.Plo @@ -9931,6 +10012,7 @@ distclean: distclean-am -rm -f compat/$(DEPDIR)/strndup.Plo -rm -f compat/$(DEPDIR)/strnlen.Plo -rm -f compat/$(DEPDIR)/strsep.Plo + -rm -f compat/$(DEPDIR)/strtonum.Plo -rm -f compat/$(DEPDIR)/syslog_r.Plo -rm -f compat/$(DEPDIR)/timegm.Plo -rm -f compat/$(DEPDIR)/timingsafe_bcmp.Plo @@ -9942,6 +10024,16 @@ distclean: distclean-am -rm -f conf/$(DEPDIR)/libcrypto_la-conf_mall.Plo -rm -f conf/$(DEPDIR)/libcrypto_la-conf_mod.Plo -rm -f conf/$(DEPDIR)/libcrypto_la-conf_sap.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_b64.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_err.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_log.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_oct.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_policy.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_prn.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_sct.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_sct_ctx.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_vfy.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_x509v3.Plo -rm -f curve25519/$(DEPDIR)/libcrypto_la-curve25519-generic.Plo -rm -f curve25519/$(DEPDIR)/libcrypto_la-curve25519.Plo -rm -f des/$(DEPDIR)/libcrypto_la-cbc_cksm.Plo @@ -10084,9 +10176,6 @@ distclean: distclean-am -rm -f evp/$(DEPDIR)/libcrypto_la-evp_lib.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-evp_pbe.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-evp_pkey.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-m_dss.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-m_dss1.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-m_ecdsa.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-m_gost2814789.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-m_gostr341194.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-m_md4.Plo @@ -10135,6 +10224,8 @@ distclean: distclean-am -rm -f idea/$(DEPDIR)/libcrypto_la-i_ecb.Plo -rm -f idea/$(DEPDIR)/libcrypto_la-i_ofb64.Plo -rm -f idea/$(DEPDIR)/libcrypto_la-i_skey.Plo + -rm -f kdf/$(DEPDIR)/libcrypto_la-hkdf_evp.Plo + -rm -f kdf/$(DEPDIR)/libcrypto_la-kdf_err.Plo -rm -f lhash/$(DEPDIR)/libcrypto_la-lh_stats.Plo -rm -f lhash/$(DEPDIR)/libcrypto_la-lhash.Plo -rm -f md4/$(DEPDIR)/libcrypto_la-md4_dgst.Plo @@ -10179,7 +10270,6 @@ distclean: distclean-am -rm -f pem/$(DEPDIR)/libcrypto_la-pem_oth.Plo -rm -f pem/$(DEPDIR)/libcrypto_la-pem_pk8.Plo -rm -f pem/$(DEPDIR)/libcrypto_la-pem_pkey.Plo - -rm -f pem/$(DEPDIR)/libcrypto_la-pem_seal.Plo -rm -f pem/$(DEPDIR)/libcrypto_la-pem_sign.Plo -rm -f pem/$(DEPDIR)/libcrypto_la-pem_x509.Plo -rm -f pem/$(DEPDIR)/libcrypto_la-pem_xaux.Plo @@ -10197,6 +10287,7 @@ distclean: distclean-am -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_npas.Plo -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_p8d.Plo -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_p8e.Plo + -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_sbag.Plo -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_utl.Plo -rm -f pkcs12/$(DEPDIR)/libcrypto_la-pk12err.Plo -rm -f pkcs7/$(DEPDIR)/libcrypto_la-bio_pk7.Plo @@ -10416,6 +10507,7 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/libcrypto_la-malloc-wrapper.Plo -rm -f ./$(DEPDIR)/libcrypto_la-mem_clr.Plo -rm -f ./$(DEPDIR)/libcrypto_la-mem_dbg.Plo + -rm -f ./$(DEPDIR)/libcrypto_la-o_fips.Plo -rm -f ./$(DEPDIR)/libcrypto_la-o_init.Plo -rm -f ./$(DEPDIR)/libcrypto_la-o_str.Plo -rm -f ./$(DEPDIR)/libcrypto_la-o_time.Plo @@ -10450,49 +10542,38 @@ maintainer-clean: maintainer-clean-am -rm -f aes/$(DEPDIR)/libcrypto_la-vpaes-masm-x86_64.Plo -rm -f aes/$(DEPDIR)/libcrypto_la-vpaes-mingw64-x86_64.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_bitstr.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-a_bool.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-a_d2i_fp.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-a_digest.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-a_dup.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_enum.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-a_i2d_fp.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_int.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_mbstr.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_object.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_octet.Plo + -rm -f asn1/$(DEPDIR)/libcrypto_la-a_pkey.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_print.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-a_sign.Plo + -rm -f asn1/$(DEPDIR)/libcrypto_la-a_pubkey.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_strex.Plo + -rm -f asn1/$(DEPDIR)/libcrypto_la-a_string.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_strnid.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_time.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_time_tm.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_type.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_utf8.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-a_verify.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-ameth_lib.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_err.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_gen.Plo + -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_item.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_lib.Plo + -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_old.Plo + -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_old_lib.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_par.Plo + -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_types.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-asn_mime.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-asn_moid.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-asn_pack.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-bio_asn1.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-bio_ndef.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-d2i_pr.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-d2i_pu.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-evp_asn1.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-f_enum.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-f_int.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-f_string.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-i2d_pr.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-i2d_pu.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-n_pkey.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-nsseq.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-p5_pbe.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-p5_pbev2.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-p8_pkey.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-t_bitst.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-t_crl.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-t_pkey.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-t_req.Plo @@ -10514,7 +10595,6 @@ maintainer-clean: maintainer-clean-am -rm -f asn1/$(DEPDIR)/libcrypto_la-x_info.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-x_long.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-x_name.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-x_nx509.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-x_pkey.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-x_pubkey.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-x_req.Plo @@ -10553,6 +10633,7 @@ maintainer-clean: maintainer-clean-am -rm -f bn/$(DEPDIR)/libcrypto_la-bn_add.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_asm.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_blind.Plo + -rm -f bn/$(DEPDIR)/libcrypto_la-bn_bpsw.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_const.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_ctx.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_depr.Plo @@ -10562,6 +10643,7 @@ maintainer-clean: maintainer-clean-am -rm -f bn/$(DEPDIR)/libcrypto_la-bn_exp2.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_gcd.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_gf2m.Plo + -rm -f bn/$(DEPDIR)/libcrypto_la-bn_isqrt.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_kron.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_lib.Plo -rm -f bn/$(DEPDIR)/libcrypto_la-bn_mod.Plo @@ -10595,6 +10677,9 @@ maintainer-clean: maintainer-clean-am -rm -f buffer/$(DEPDIR)/libcrypto_la-buf_err.Plo -rm -f buffer/$(DEPDIR)/libcrypto_la-buf_str.Plo -rm -f buffer/$(DEPDIR)/libcrypto_la-buffer.Plo + -rm -f bytestring/$(DEPDIR)/libcrypto_la-bs_ber.Plo + -rm -f bytestring/$(DEPDIR)/libcrypto_la-bs_cbb.Plo + -rm -f bytestring/$(DEPDIR)/libcrypto_la-bs_cbs.Plo -rm -f camellia/$(DEPDIR)/libcrypto_la-camellia.Plo -rm -f camellia/$(DEPDIR)/libcrypto_la-cmll-elf-x86_64.Plo -rm -f camellia/$(DEPDIR)/libcrypto_la-cmll-macosx-x86_64.Plo @@ -10661,6 +10746,7 @@ maintainer-clean: maintainer-clean-am -rm -f compat/$(DEPDIR)/strndup.Plo -rm -f compat/$(DEPDIR)/strnlen.Plo -rm -f compat/$(DEPDIR)/strsep.Plo + -rm -f compat/$(DEPDIR)/strtonum.Plo -rm -f compat/$(DEPDIR)/syslog_r.Plo -rm -f compat/$(DEPDIR)/timegm.Plo -rm -f compat/$(DEPDIR)/timingsafe_bcmp.Plo @@ -10672,6 +10758,16 @@ maintainer-clean: maintainer-clean-am -rm -f conf/$(DEPDIR)/libcrypto_la-conf_mall.Plo -rm -f conf/$(DEPDIR)/libcrypto_la-conf_mod.Plo -rm -f conf/$(DEPDIR)/libcrypto_la-conf_sap.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_b64.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_err.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_log.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_oct.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_policy.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_prn.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_sct.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_sct_ctx.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_vfy.Plo + -rm -f ct/$(DEPDIR)/libcrypto_la-ct_x509v3.Plo -rm -f curve25519/$(DEPDIR)/libcrypto_la-curve25519-generic.Plo -rm -f curve25519/$(DEPDIR)/libcrypto_la-curve25519.Plo -rm -f des/$(DEPDIR)/libcrypto_la-cbc_cksm.Plo @@ -10814,9 +10910,6 @@ maintainer-clean: maintainer-clean-am -rm -f evp/$(DEPDIR)/libcrypto_la-evp_lib.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-evp_pbe.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-evp_pkey.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-m_dss.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-m_dss1.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-m_ecdsa.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-m_gost2814789.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-m_gostr341194.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-m_md4.Plo @@ -10865,6 +10958,8 @@ maintainer-clean: maintainer-clean-am -rm -f idea/$(DEPDIR)/libcrypto_la-i_ecb.Plo -rm -f idea/$(DEPDIR)/libcrypto_la-i_ofb64.Plo -rm -f idea/$(DEPDIR)/libcrypto_la-i_skey.Plo + -rm -f kdf/$(DEPDIR)/libcrypto_la-hkdf_evp.Plo + -rm -f kdf/$(DEPDIR)/libcrypto_la-kdf_err.Plo -rm -f lhash/$(DEPDIR)/libcrypto_la-lh_stats.Plo -rm -f lhash/$(DEPDIR)/libcrypto_la-lhash.Plo -rm -f md4/$(DEPDIR)/libcrypto_la-md4_dgst.Plo @@ -10909,7 +11004,6 @@ maintainer-clean: maintainer-clean-am -rm -f pem/$(DEPDIR)/libcrypto_la-pem_oth.Plo -rm -f pem/$(DEPDIR)/libcrypto_la-pem_pk8.Plo -rm -f pem/$(DEPDIR)/libcrypto_la-pem_pkey.Plo - -rm -f pem/$(DEPDIR)/libcrypto_la-pem_seal.Plo -rm -f pem/$(DEPDIR)/libcrypto_la-pem_sign.Plo -rm -f pem/$(DEPDIR)/libcrypto_la-pem_x509.Plo -rm -f pem/$(DEPDIR)/libcrypto_la-pem_xaux.Plo @@ -10927,6 +11021,7 @@ maintainer-clean: maintainer-clean-am -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_npas.Plo -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_p8d.Plo -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_p8e.Plo + -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_sbag.Plo -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_utl.Plo -rm -f pkcs12/$(DEPDIR)/libcrypto_la-pk12err.Plo -rm -f pkcs7/$(DEPDIR)/libcrypto_la-bio_pk7.Plo @@ -11143,6 +11238,7 @@ crypto_portable.sym: crypto.sym Makefile @HAVE_STRNDUP_FALSE@ -echo strndup >> crypto_portable.sym @HAVE_STRNLEN_FALSE@ -echo strnlen >> crypto_portable.sym @HAVE_STRSEP_FALSE@ -echo strsep >> crypto_portable.sym +@HAVE_STRTONUM_FALSE@ -echo strtonum >> crypto_portable.sym @HAVE_TIMEGM_FALSE@ -echo timegm >> crypto_portable.sym @HAVE_TIMINGSAFE_BCMP_FALSE@ -echo timingsafe_bcmp >> crypto_portable.sym @HAVE_TIMINGSAFE_MEMCMP_FALSE@ -echo timingsafe_memcmp >> crypto_portable.sym diff --git a/crypto/VERSION b/crypto/VERSION index b10dcdd4..5525aec1 100644 --- a/crypto/VERSION +++ b/crypto/VERSION @@ -1 +1 @@ -47:0:0 +50:0:0 diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c index 16ef5612..244a5a36 100644 --- a/crypto/aes/aes_ige.c +++ b/crypto/aes/aes_ige.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aes_ige.c,v 1.7 2015/02/10 09:46:30 miod Exp $ */ +/* $OpenBSD: aes_ige.c,v 1.8 2022/01/22 00:43:41 inoguchi Exp $ */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * @@ -109,8 +109,8 @@ AES_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length, in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } - memcpy(ivec, ivp->data, AES_BLOCK_SIZE); - memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); + memmove(ivec, ivp->data, AES_BLOCK_SIZE); + memmove(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); } else { aes_block_t tmp, tmp2; aes_block_t iv; @@ -161,8 +161,8 @@ AES_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length, in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } - memcpy(ivec, ivp->data, AES_BLOCK_SIZE); - memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); + memmove(ivec, ivp->data, AES_BLOCK_SIZE); + memmove(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); } else { aes_block_t tmp, tmp2; aes_block_t iv; diff --git a/crypto/aes/aesni-elf-x86_64.S b/crypto/aes/aesni-elf-x86_64.S index 3b3dabf8..6d06f547 100644 --- a/crypto/aes/aesni-elf-x86_64.S +++ b/crypto/aes/aesni-elf-x86_64.S @@ -887,6 +887,10 @@ aesni_ccm64_decrypt_blocks: .type aesni_ctr32_encrypt_blocks,@function .align 16 aesni_ctr32_encrypt_blocks: + leaq (%rsp),%rax + pushq %rbp + subq $32,%rsp + leaq -8(%rax),%rbp cmpq $1,%rdx je .Lctr32_one_shortcut @@ -911,9 +915,9 @@ aesni_ctr32_encrypt_blocks: .byte 102,69,15,58,34,226,2 incq %r11 .byte 102,69,15,58,34,235,2 - movdqa %xmm12,-40(%rsp) + movdqa %xmm12,0(%rsp) .byte 102,69,15,56,0,231 - movdqa %xmm13,-24(%rsp) + movdqa %xmm13,16(%rsp) .byte 102,69,15,56,0,239 pshufd $192,%xmm12,%xmm2 @@ -953,7 +957,7 @@ aesni_ctr32_encrypt_blocks: movdqa .Lincrement32(%rip),%xmm13 pxor %xmm0,%xmm5 aesenc %xmm1,%xmm4 - movdqa -40(%rsp),%xmm12 + movdqa (%rsp),%xmm12 pxor %xmm0,%xmm6 aesenc %xmm1,%xmm5 pxor %xmm0,%xmm7 @@ -986,11 +990,11 @@ aesni_ctr32_encrypt_blocks: aesenc %xmm1,%xmm2 paddd %xmm13,%xmm12 aesenc %xmm1,%xmm3 - paddd -24(%rsp),%xmm13 + paddd 16(%rsp),%xmm13 aesenc %xmm1,%xmm4 - movdqa %xmm12,-40(%rsp) + movdqa %xmm12,0(%rsp) aesenc %xmm1,%xmm5 - movdqa %xmm13,-24(%rsp) + movdqa %xmm13,16(%rsp) aesenc %xmm1,%xmm6 .byte 102,69,15,56,0,231 aesenc %xmm1,%xmm7 @@ -1129,13 +1133,19 @@ aesni_ctr32_encrypt_blocks: movups %xmm11,48(%rsi) .Lctr32_done: + leaq (%rbp),%rsp + popq %rbp +.Lctr32_ret: retq .size aesni_ctr32_encrypt_blocks,.-aesni_ctr32_encrypt_blocks .globl aesni_xts_encrypt .type aesni_xts_encrypt,@function .align 16 aesni_xts_encrypt: - leaq -104(%rsp),%rsp + leaq (%rsp),%rax + pushq %rbp + subq $96,%rsp + leaq -8(%rax),%rbp movups (%r9),%xmm15 movl 240(%r8),%eax movl 240(%rcx),%r10d @@ -1523,7 +1533,8 @@ aesni_xts_encrypt: movups %xmm2,-16(%rsi) .Lxts_enc_ret: - leaq 104(%rsp),%rsp + leaq (%rbp),%rsp + popq %rbp .Lxts_enc_epilogue: retq .size aesni_xts_encrypt,.-aesni_xts_encrypt @@ -1531,7 +1542,10 @@ aesni_xts_encrypt: .type aesni_xts_decrypt,@function .align 16 aesni_xts_decrypt: - leaq -104(%rsp),%rsp + leaq (%rsp),%rax + pushq %rbp + subq $96,%rsp + leaq -8(%rax),%rbp movups (%r9),%xmm15 movl 240(%r8),%eax movl 240(%rcx),%r10d @@ -1963,7 +1977,8 @@ aesni_xts_decrypt: movups %xmm2,(%rsi) .Lxts_dec_ret: - leaq 104(%rsp),%rsp + leaq (%rbp),%rsp + popq %rbp .Lxts_dec_epilogue: retq .size aesni_xts_decrypt,.-aesni_xts_decrypt @@ -2030,6 +2045,10 @@ aesni_cbc_encrypt: .align 16 .Lcbc_decrypt: + leaq (%rsp),%rax + pushq %rbp + subq $16,%rsp + leaq -8(%rax),%rbp movups (%r8),%xmm9 movl %r10d,%eax cmpq $112,%rdx @@ -2037,11 +2056,11 @@ aesni_cbc_encrypt: shrl $1,%r10d subq $112,%rdx movl %r10d,%eax - movaps %xmm9,-24(%rsp) + movaps %xmm9,(%rsp) jmp .Lcbc_dec_loop8_enter .align 16 .Lcbc_dec_loop8: - movaps %xmm0,-24(%rsp) + movaps %xmm0,(%rsp) movups %xmm9,(%rsi) leaq 16(%rsi),%rsi .Lcbc_dec_loop8_enter: @@ -2081,7 +2100,7 @@ aesni_cbc_encrypt: movups (%rdi),%xmm1 movups 16(%rdi),%xmm0 - xorps -24(%rsp),%xmm2 + xorps (%rsp),%xmm2 xorps %xmm1,%xmm3 movups 32(%rdi),%xmm1 xorps %xmm0,%xmm4 @@ -2145,11 +2164,11 @@ aesni_cbc_encrypt: jbe .Lcbc_dec_six movups 96(%rdi),%xmm8 - movaps %xmm9,-24(%rsp) + movaps %xmm9,(%rsp) call _aesni_decrypt8 movups (%rdi),%xmm1 movups 16(%rdi),%xmm0 - xorps -24(%rsp),%xmm2 + xorps (%rsp),%xmm2 xorps %xmm1,%xmm3 movups 32(%rdi),%xmm1 xorps %xmm0,%xmm4 @@ -2281,14 +2300,16 @@ aesni_cbc_encrypt: jmp .Lcbc_dec_ret .align 16 .Lcbc_dec_tail_partial: - movaps %xmm2,-24(%rsp) + movaps %xmm2,(%rsp) movq $16,%rcx movq %rsi,%rdi subq %rdx,%rcx - leaq -24(%rsp),%rsi + leaq (%rsp),%rsi .long 0x9066A4F3 .Lcbc_dec_ret: + leaq (%rbp),%rsp + popq %rbp .Lcbc_ret: retq .size aesni_cbc_encrypt,.-aesni_cbc_encrypt diff --git a/crypto/aes/aesni-macosx-x86_64.S b/crypto/aes/aesni-macosx-x86_64.S index 6b3216b8..f6c81ca4 100644 --- a/crypto/aes/aesni-macosx-x86_64.S +++ b/crypto/aes/aesni-macosx-x86_64.S @@ -887,6 +887,10 @@ L$oop_enc1_6: .p2align 4 _aesni_ctr32_encrypt_blocks: + leaq (%rsp),%rax + pushq %rbp + subq $32,%rsp + leaq -8(%rax),%rbp cmpq $1,%rdx je L$ctr32_one_shortcut @@ -911,9 +915,9 @@ _aesni_ctr32_encrypt_blocks: .byte 102,69,15,58,34,226,2 incq %r11 .byte 102,69,15,58,34,235,2 - movdqa %xmm12,-40(%rsp) + movdqa %xmm12,0(%rsp) .byte 102,69,15,56,0,231 - movdqa %xmm13,-24(%rsp) + movdqa %xmm13,16(%rsp) .byte 102,69,15,56,0,239 pshufd $192,%xmm12,%xmm2 @@ -953,7 +957,7 @@ L$ctr32_loop6: movdqa L$increment32(%rip),%xmm13 pxor %xmm0,%xmm5 aesenc %xmm1,%xmm4 - movdqa -40(%rsp),%xmm12 + movdqa (%rsp),%xmm12 pxor %xmm0,%xmm6 aesenc %xmm1,%xmm5 pxor %xmm0,%xmm7 @@ -986,11 +990,11 @@ L$ctr32_enc_loop6_enter: aesenc %xmm1,%xmm2 paddd %xmm13,%xmm12 aesenc %xmm1,%xmm3 - paddd -24(%rsp),%xmm13 + paddd 16(%rsp),%xmm13 aesenc %xmm1,%xmm4 - movdqa %xmm12,-40(%rsp) + movdqa %xmm12,0(%rsp) aesenc %xmm1,%xmm5 - movdqa %xmm13,-24(%rsp) + movdqa %xmm13,16(%rsp) aesenc %xmm1,%xmm6 .byte 102,69,15,56,0,231 aesenc %xmm1,%xmm7 @@ -1129,13 +1133,19 @@ L$ctr32_four: movups %xmm11,48(%rsi) L$ctr32_done: + leaq (%rbp),%rsp + popq %rbp +L$ctr32_ret: retq .globl _aesni_xts_encrypt .p2align 4 _aesni_xts_encrypt: - leaq -104(%rsp),%rsp + leaq (%rsp),%rax + pushq %rbp + subq $96,%rsp + leaq -8(%rax),%rbp movups (%r9),%xmm15 movl 240(%r8),%eax movl 240(%rcx),%r10d @@ -1523,7 +1533,8 @@ L$oop_enc1_10: movups %xmm2,-16(%rsi) L$xts_enc_ret: - leaq 104(%rsp),%rsp + leaq (%rbp),%rsp + popq %rbp L$xts_enc_epilogue: retq @@ -1531,7 +1542,10 @@ L$xts_enc_epilogue: .p2align 4 _aesni_xts_decrypt: - leaq -104(%rsp),%rsp + leaq (%rsp),%rax + pushq %rbp + subq $96,%rsp + leaq -8(%rax),%rbp movups (%r9),%xmm15 movl 240(%r8),%eax movl 240(%rcx),%r10d @@ -1963,7 +1977,8 @@ L$oop_dec1_14: movups %xmm2,(%rsi) L$xts_dec_ret: - leaq 104(%rsp),%rsp + leaq (%rbp),%rsp + popq %rbp L$xts_dec_epilogue: retq @@ -2030,6 +2045,10 @@ L$cbc_enc_tail: .p2align 4 L$cbc_decrypt: + leaq (%rsp),%rax + pushq %rbp + subq $16,%rsp + leaq -8(%rax),%rbp movups (%r8),%xmm9 movl %r10d,%eax cmpq $112,%rdx @@ -2037,11 +2056,11 @@ L$cbc_decrypt: shrl $1,%r10d subq $112,%rdx movl %r10d,%eax - movaps %xmm9,-24(%rsp) + movaps %xmm9,(%rsp) jmp L$cbc_dec_loop8_enter .p2align 4 L$cbc_dec_loop8: - movaps %xmm0,-24(%rsp) + movaps %xmm0,(%rsp) movups %xmm9,(%rsi) leaq 16(%rsi),%rsi L$cbc_dec_loop8_enter: @@ -2081,7 +2100,7 @@ L$cbc_dec_loop8_enter: movups (%rdi),%xmm1 movups 16(%rdi),%xmm0 - xorps -24(%rsp),%xmm2 + xorps (%rsp),%xmm2 xorps %xmm1,%xmm3 movups 32(%rdi),%xmm1 xorps %xmm0,%xmm4 @@ -2145,11 +2164,11 @@ L$cbc_dec_tail: jbe L$cbc_dec_six movups 96(%rdi),%xmm8 - movaps %xmm9,-24(%rsp) + movaps %xmm9,(%rsp) call _aesni_decrypt8 movups (%rdi),%xmm1 movups 16(%rdi),%xmm0 - xorps -24(%rsp),%xmm2 + xorps (%rsp),%xmm2 xorps %xmm1,%xmm3 movups 32(%rdi),%xmm1 xorps %xmm0,%xmm4 @@ -2281,14 +2300,16 @@ L$cbc_dec_tail_collected: jmp L$cbc_dec_ret .p2align 4 L$cbc_dec_tail_partial: - movaps %xmm2,-24(%rsp) + movaps %xmm2,(%rsp) movq $16,%rcx movq %rsi,%rdi subq %rdx,%rcx - leaq -24(%rsp),%rsi + leaq (%rsp),%rsi .long 0x9066A4F3 L$cbc_dec_ret: + leaq (%rbp),%rsp + popq %rbp L$cbc_ret: retq diff --git a/crypto/aes/aesni-masm-x86_64.S b/crypto/aes/aesni-masm-x86_64.S index 7c9224f8..df5a191e 100644 --- a/crypto/aes/aesni-masm-x86_64.S +++ b/crypto/aes/aesni-masm-x86_64.S @@ -1034,7 +1034,9 @@ $L$SEH_begin_aesni_ctr32_encrypt_blocks:: mov r8,QWORD PTR[40+rsp] - lea rsp,QWORD PTR[((-200))+rsp] + lea rax,QWORD PTR[rsp] + push rbp + sub rsp,192 movaps XMMWORD PTR[32+rsp],xmm6 movaps XMMWORD PTR[48+rsp],xmm7 movaps XMMWORD PTR[64+rsp],xmm8 @@ -1046,6 +1048,7 @@ $L$SEH_begin_aesni_ctr32_encrypt_blocks:: movaps XMMWORD PTR[160+rsp],xmm14 movaps XMMWORD PTR[176+rsp],xmm15 $L$ctr32_body:: + lea rbp,QWORD PTR[((-8))+rax] cmp rdx,1 je $L$ctr32_one_shortcut @@ -1298,7 +1301,8 @@ $L$ctr32_done:: movaps xmm13,XMMWORD PTR[144+rsp] movaps xmm14,XMMWORD PTR[160+rsp] movaps xmm15,XMMWORD PTR[176+rsp] - lea rsp,QWORD PTR[200+rsp] + lea rsp,QWORD PTR[rbp] + pop rbp $L$ctr32_ret:: mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue mov rsi,QWORD PTR[16+rsp] @@ -1321,7 +1325,9 @@ $L$SEH_begin_aesni_xts_encrypt:: mov r9,QWORD PTR[48+rsp] - lea rsp,QWORD PTR[((-264))+rsp] + lea rax,QWORD PTR[rsp] + push rbp + sub rsp,256 movaps XMMWORD PTR[96+rsp],xmm6 movaps XMMWORD PTR[112+rsp],xmm7 movaps XMMWORD PTR[128+rsp],xmm8 @@ -1333,6 +1339,7 @@ $L$SEH_begin_aesni_xts_encrypt:: movaps XMMWORD PTR[224+rsp],xmm14 movaps XMMWORD PTR[240+rsp],xmm15 $L$xts_enc_body:: + lea rbp,QWORD PTR[((-8))+rax] movups xmm15,XMMWORD PTR[r9] mov eax,DWORD PTR[240+r8] mov r10d,DWORD PTR[240+rcx] @@ -1730,7 +1737,8 @@ $L$xts_enc_ret:: movaps xmm13,XMMWORD PTR[208+rsp] movaps xmm14,XMMWORD PTR[224+rsp] movaps xmm15,XMMWORD PTR[240+rsp] - lea rsp,QWORD PTR[264+rsp] + lea rsp,QWORD PTR[rbp] + pop rbp $L$xts_enc_epilogue:: mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue mov rsi,QWORD PTR[16+rsp] @@ -1753,7 +1761,9 @@ $L$SEH_begin_aesni_xts_decrypt:: mov r9,QWORD PTR[48+rsp] - lea rsp,QWORD PTR[((-264))+rsp] + lea rax,QWORD PTR[rsp] + push rbp + sub rsp,256 movaps XMMWORD PTR[96+rsp],xmm6 movaps XMMWORD PTR[112+rsp],xmm7 movaps XMMWORD PTR[128+rsp],xmm8 @@ -1765,6 +1775,7 @@ $L$SEH_begin_aesni_xts_decrypt:: movaps XMMWORD PTR[224+rsp],xmm14 movaps XMMWORD PTR[240+rsp],xmm15 $L$xts_dec_body:: + lea rbp,QWORD PTR[((-8))+rax] movups xmm15,XMMWORD PTR[r9] mov eax,DWORD PTR[240+r8] mov r10d,DWORD PTR[240+rcx] @@ -2206,7 +2217,8 @@ $L$xts_dec_ret:: movaps xmm13,XMMWORD PTR[208+rsp] movaps xmm14,XMMWORD PTR[224+rsp] movaps xmm15,XMMWORD PTR[240+rsp] - lea rsp,QWORD PTR[264+rsp] + lea rsp,QWORD PTR[rbp] + pop rbp $L$xts_dec_epilogue:: mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue mov rsi,QWORD PTR[16+rsp] @@ -2288,12 +2300,15 @@ $L$cbc_enc_tail:: ALIGN 16 $L$cbc_decrypt:: - lea rsp,QWORD PTR[((-88))+rsp] - movaps XMMWORD PTR[rsp],xmm6 - movaps XMMWORD PTR[16+rsp],xmm7 - movaps XMMWORD PTR[32+rsp],xmm8 - movaps XMMWORD PTR[48+rsp],xmm9 + lea rax,QWORD PTR[rsp] + push rbp + sub rsp,80 + movaps XMMWORD PTR[16+rsp],xmm6 + movaps XMMWORD PTR[32+rsp],xmm7 + movaps XMMWORD PTR[48+rsp],xmm8 + movaps XMMWORD PTR[64+rsp],xmm9 $L$cbc_decrypt_body:: + lea rbp,QWORD PTR[((-8))+rax] movups xmm9,XMMWORD PTR[r8] mov eax,r10d cmp rdx,070h @@ -2301,11 +2316,11 @@ $L$cbc_decrypt_body:: shr r10d,1 sub rdx,070h mov eax,r10d - movaps XMMWORD PTR[64+rsp],xmm9 + movaps XMMWORD PTR[rsp],xmm9 jmp $L$cbc_dec_loop8_enter ALIGN 16 $L$cbc_dec_loop8:: - movaps XMMWORD PTR[64+rsp],xmm0 + movaps XMMWORD PTR[rsp],xmm0 movups XMMWORD PTR[rsi],xmm9 lea rsi,QWORD PTR[16+rsi] $L$cbc_dec_loop8_enter:: @@ -2345,7 +2360,7 @@ $L$cbc_dec_loop8_enter:: movups xmm1,XMMWORD PTR[rdi] movups xmm0,XMMWORD PTR[16+rdi] - xorps xmm2,XMMWORD PTR[64+rsp] + xorps xmm2,XMMWORD PTR[rsp] xorps xmm3,xmm1 movups xmm1,XMMWORD PTR[32+rdi] xorps xmm4,xmm0 @@ -2409,11 +2424,11 @@ $L$cbc_dec_tail:: jbe $L$cbc_dec_six movups xmm8,XMMWORD PTR[96+rdi] - movaps XMMWORD PTR[64+rsp],xmm9 + movaps XMMWORD PTR[rsp],xmm9 call _aesni_decrypt8 movups xmm1,XMMWORD PTR[rdi] movups xmm0,XMMWORD PTR[16+rdi] - xorps xmm2,XMMWORD PTR[64+rsp] + xorps xmm2,XMMWORD PTR[rsp] xorps xmm3,xmm1 movups xmm1,XMMWORD PTR[32+rdi] xorps xmm4,xmm0 @@ -2545,19 +2560,20 @@ $L$cbc_dec_tail_collected:: jmp $L$cbc_dec_ret ALIGN 16 $L$cbc_dec_tail_partial:: - movaps XMMWORD PTR[64+rsp],xmm2 + movaps XMMWORD PTR[rsp],xmm2 mov rcx,16 mov rdi,rsi sub rcx,rdx - lea rsi,QWORD PTR[64+rsp] + lea rsi,QWORD PTR[rsp] DD 09066A4F3h $L$cbc_dec_ret:: - movaps xmm6,XMMWORD PTR[rsp] - movaps xmm7,XMMWORD PTR[16+rsp] - movaps xmm8,XMMWORD PTR[32+rsp] - movaps xmm9,XMMWORD PTR[48+rsp] - lea rsp,QWORD PTR[88+rsp] + movaps xmm6,XMMWORD PTR[16+rsp] + movaps xmm7,XMMWORD PTR[32+rsp] + movaps xmm8,XMMWORD PTR[48+rsp] + movaps xmm9,XMMWORD PTR[64+rsp] + lea rsp,QWORD PTR[rbp] + pop rbp $L$cbc_ret:: mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue mov rsi,QWORD PTR[16+rsp] @@ -2901,9 +2917,8 @@ ctr32_se_handler PROC PRIVATE lea rdi,QWORD PTR[512+r8] mov ecx,20 DD 0a548f3fch - lea rax,QWORD PTR[200+rax] - jmp $L$common_seh_tail + jmp $L$common_rbp_tail ctr32_se_handler ENDP @@ -2942,9 +2957,8 @@ xts_se_handler PROC PRIVATE lea rdi,QWORD PTR[512+r8] mov ecx,20 DD 0a548f3fch - lea rax,QWORD PTR[((104+160))+rax] - jmp $L$common_seh_tail + jmp $L$common_rbp_tail xts_se_handler ENDP ALIGN 16 @@ -2975,11 +2989,16 @@ cbc_se_handler PROC PRIVATE cmp rbx,r10 jae $L$common_seh_tail - lea rsi,QWORD PTR[rax] + lea rsi,QWORD PTR[16+rax] lea rdi,QWORD PTR[512+r8] mov ecx,8 DD 0a548f3fch - lea rax,QWORD PTR[88+rax] + +$L$common_rbp_tail:: + mov rax,QWORD PTR[160+r8] + mov rbp,QWORD PTR[rax] + lea rax,QWORD PTR[8+rax] + mov QWORD PTR[160+r8],rbp jmp $L$common_seh_tail $L$restore_cbc_rax:: diff --git a/crypto/aes/aesni-mingw64-x86_64.S b/crypto/aes/aesni-mingw64-x86_64.S index 0a82a10c..4eca1698 100644 --- a/crypto/aes/aesni-mingw64-x86_64.S +++ b/crypto/aes/aesni-mingw64-x86_64.S @@ -959,7 +959,9 @@ aesni_ctr32_encrypt_blocks: movq %r9,%rcx movq 40(%rsp),%r8 - leaq -200(%rsp),%rsp + leaq (%rsp),%rax + pushq %rbp + subq $192,%rsp movaps %xmm6,32(%rsp) movaps %xmm7,48(%rsp) movaps %xmm8,64(%rsp) @@ -971,6 +973,7 @@ aesni_ctr32_encrypt_blocks: movaps %xmm14,160(%rsp) movaps %xmm15,176(%rsp) .Lctr32_body: + leaq -8(%rax),%rbp cmpq $1,%rdx je .Lctr32_one_shortcut @@ -1037,7 +1040,7 @@ aesni_ctr32_encrypt_blocks: movdqa .Lincrement32(%rip),%xmm13 pxor %xmm0,%xmm5 aesenc %xmm1,%xmm4 - movdqa 0(%rsp),%xmm12 + movdqa (%rsp),%xmm12 pxor %xmm0,%xmm6 aesenc %xmm1,%xmm5 pxor %xmm0,%xmm7 @@ -1223,7 +1226,8 @@ aesni_ctr32_encrypt_blocks: movaps 144(%rsp),%xmm13 movaps 160(%rsp),%xmm14 movaps 176(%rsp),%xmm15 - leaq 200(%rsp),%rsp + leaq (%rbp),%rsp + popq %rbp .Lctr32_ret: movq 8(%rsp),%rdi movq 16(%rsp),%rsi @@ -1244,7 +1248,9 @@ aesni_xts_encrypt: movq 40(%rsp),%r8 movq 48(%rsp),%r9 - leaq -264(%rsp),%rsp + leaq (%rsp),%rax + pushq %rbp + subq $256,%rsp movaps %xmm6,96(%rsp) movaps %xmm7,112(%rsp) movaps %xmm8,128(%rsp) @@ -1256,6 +1262,7 @@ aesni_xts_encrypt: movaps %xmm14,224(%rsp) movaps %xmm15,240(%rsp) .Lxts_enc_body: + leaq -8(%rax),%rbp movups (%r9),%xmm15 movl 240(%r8),%eax movl 240(%rcx),%r10d @@ -1653,7 +1660,8 @@ aesni_xts_encrypt: movaps 208(%rsp),%xmm13 movaps 224(%rsp),%xmm14 movaps 240(%rsp),%xmm15 - leaq 264(%rsp),%rsp + leaq (%rbp),%rsp + popq %rbp .Lxts_enc_epilogue: movq 8(%rsp),%rdi movq 16(%rsp),%rsi @@ -1674,7 +1682,9 @@ aesni_xts_decrypt: movq 40(%rsp),%r8 movq 48(%rsp),%r9 - leaq -264(%rsp),%rsp + leaq (%rsp),%rax + pushq %rbp + subq $256,%rsp movaps %xmm6,96(%rsp) movaps %xmm7,112(%rsp) movaps %xmm8,128(%rsp) @@ -1686,6 +1696,7 @@ aesni_xts_decrypt: movaps %xmm14,224(%rsp) movaps %xmm15,240(%rsp) .Lxts_dec_body: + leaq -8(%rax),%rbp movups (%r9),%xmm15 movl 240(%r8),%eax movl 240(%rcx),%r10d @@ -2127,7 +2138,8 @@ aesni_xts_decrypt: movaps 208(%rsp),%xmm13 movaps 224(%rsp),%xmm14 movaps 240(%rsp),%xmm15 - leaq 264(%rsp),%rsp + leaq (%rbp),%rsp + popq %rbp .Lxts_dec_epilogue: movq 8(%rsp),%rdi movq 16(%rsp),%rsi @@ -2207,12 +2219,15 @@ aesni_cbc_encrypt: .p2align 4 .Lcbc_decrypt: - leaq -88(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,16(%rsp) - movaps %xmm8,32(%rsp) - movaps %xmm9,48(%rsp) + leaq (%rsp),%rax + pushq %rbp + subq $80,%rsp + movaps %xmm6,16(%rsp) + movaps %xmm7,32(%rsp) + movaps %xmm8,48(%rsp) + movaps %xmm9,64(%rsp) .Lcbc_decrypt_body: + leaq -8(%rax),%rbp movups (%r8),%xmm9 movl %r10d,%eax cmpq $112,%rdx @@ -2220,11 +2235,11 @@ aesni_cbc_encrypt: shrl $1,%r10d subq $112,%rdx movl %r10d,%eax - movaps %xmm9,64(%rsp) + movaps %xmm9,(%rsp) jmp .Lcbc_dec_loop8_enter .p2align 4 .Lcbc_dec_loop8: - movaps %xmm0,64(%rsp) + movaps %xmm0,(%rsp) movups %xmm9,(%rsi) leaq 16(%rsi),%rsi .Lcbc_dec_loop8_enter: @@ -2264,7 +2279,7 @@ aesni_cbc_encrypt: movups (%rdi),%xmm1 movups 16(%rdi),%xmm0 - xorps 64(%rsp),%xmm2 + xorps (%rsp),%xmm2 xorps %xmm1,%xmm3 movups 32(%rdi),%xmm1 xorps %xmm0,%xmm4 @@ -2328,11 +2343,11 @@ aesni_cbc_encrypt: jbe .Lcbc_dec_six movups 96(%rdi),%xmm8 - movaps %xmm9,64(%rsp) + movaps %xmm9,(%rsp) call _aesni_decrypt8 movups (%rdi),%xmm1 movups 16(%rdi),%xmm0 - xorps 64(%rsp),%xmm2 + xorps (%rsp),%xmm2 xorps %xmm1,%xmm3 movups 32(%rdi),%xmm1 xorps %xmm0,%xmm4 @@ -2464,19 +2479,20 @@ aesni_cbc_encrypt: jmp .Lcbc_dec_ret .p2align 4 .Lcbc_dec_tail_partial: - movaps %xmm2,64(%rsp) + movaps %xmm2,(%rsp) movq $16,%rcx movq %rsi,%rdi subq %rdx,%rcx - leaq 64(%rsp),%rsi + leaq (%rsp),%rsi .long 0x9066A4F3 .Lcbc_dec_ret: - movaps (%rsp),%xmm6 - movaps 16(%rsp),%xmm7 - movaps 32(%rsp),%xmm8 - movaps 48(%rsp),%xmm9 - leaq 88(%rsp),%rsp + movaps 16(%rsp),%xmm6 + movaps 32(%rsp),%xmm7 + movaps 48(%rsp),%xmm8 + movaps 64(%rsp),%xmm9 + leaq (%rbp),%rsp + popq %rbp .Lcbc_ret: movq 8(%rsp),%rdi movq 16(%rsp),%rsi @@ -2816,9 +2832,8 @@ ctr32_se_handler: leaq 512(%r8),%rdi movl $20,%ecx .long 0xa548f3fc - leaq 200(%rax),%rax - jmp .Lcommon_seh_tail + jmp .Lcommon_rbp_tail .def xts_se_handler; .scl 3; .type 32; .endef @@ -2857,9 +2872,8 @@ xts_se_handler: leaq 512(%r8),%rdi movl $20,%ecx .long 0xa548f3fc - leaq 104+160(%rax),%rax - jmp .Lcommon_seh_tail + jmp .Lcommon_rbp_tail .def cbc_se_handler; .scl 3; .type 32; .endef .p2align 4 @@ -2890,11 +2904,16 @@ cbc_se_handler: cmpq %r10,%rbx jae .Lcommon_seh_tail - leaq 0(%rax),%rsi + leaq 16(%rax),%rsi leaq 512(%r8),%rdi movl $8,%ecx .long 0xa548f3fc - leaq 88(%rax),%rax + +.Lcommon_rbp_tail: + movq 160(%r8),%rax + movq (%rax),%rbp + leaq 8(%rax),%rax + movq %rbp,160(%r8) jmp .Lcommon_seh_tail .Lrestore_cbc_rax: diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h index 8c5115ea..5ac3b935 100644 --- a/crypto/arm_arch.h +++ b/crypto/arm_arch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: arm_arch.h,v 1.10 2019/07/02 19:31:28 patrick Exp $ */ +/* $OpenBSD: arm_arch.h,v 1.1 2022/03/23 15:13:31 tb Exp $ */ #ifndef __ARM_ARCH_H__ #define __ARM_ARCH_H__ diff --git a/crypto/armcap.c b/crypto/armcap.c index 8c498328..e1a721b7 100644 --- a/crypto/armcap.c +++ b/crypto/armcap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: armcap.c,v 1.8 2019/03/13 10:18:30 patrick Exp $ */ +/* $OpenBSD: armcap.c,v 1.1 2022/03/23 15:13:31 tb Exp $ */ #include #include #include diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index f217f13d..c30b8f5b 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_bitstr.c,v 1.30 2020/09/03 17:19:27 tb Exp $ */ +/* $OpenBSD: a_bitstr.c,v 1.36 2022/05/17 09:17:20 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,11 +56,54 @@ * [including the GNU Public Licence.] */ +#include #include #include #include +#include +#include #include +#include + +#include "bytestring.h" + +const ASN1_ITEM ASN1_BIT_STRING_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_BIT_STRING, + .sname = "ASN1_BIT_STRING", +}; + +ASN1_BIT_STRING * +ASN1_BIT_STRING_new(void) +{ + return (ASN1_BIT_STRING *)ASN1_item_new(&ASN1_BIT_STRING_it); +} + +void +ASN1_BIT_STRING_free(ASN1_BIT_STRING *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_BIT_STRING_it); +} + +static void +asn1_abs_clear_unused_bits(ASN1_BIT_STRING *abs) +{ + abs->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); +} + +int +asn1_abs_set_unused_bits(ASN1_BIT_STRING *abs, uint8_t unused_bits) +{ + if (unused_bits > 7) + return 0; + + asn1_abs_clear_unused_bits(abs); + + abs->flags |= ASN1_STRING_FLAG_BITS_LEFT | unused_bits; + + return 1; +} int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) @@ -68,6 +111,127 @@ ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) return ASN1_STRING_set(x, d, len); } +int +ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) +{ + int w, v, iv; + unsigned char *c; + + w = n/8; + v = 1 << (7 - (n & 0x07)); + iv = ~v; + if (!value) + v = 0; + + if (a == NULL) + return 0; + + asn1_abs_clear_unused_bits(a); + + if ((a->length < (w + 1)) || (a->data == NULL)) { + if (!value) + return(1); /* Don't need to set */ + if ((c = recallocarray(a->data, a->length, w + 1, 1)) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return 0; + } + a->data = c; + a->length = w + 1; + } + a->data[w] = ((a->data[w]) & iv) | v; + while ((a->length > 0) && (a->data[a->length - 1] == 0)) + a->length--; + + return (1); +} + +int +ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n) +{ + int w, v; + + w = n / 8; + v = 1 << (7 - (n & 0x07)); + if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL)) + return (0); + return ((a->data[w] & v) != 0); +} + +/* + * Checks if the given bit string contains only bits specified by + * the flags vector. Returns 0 if there is at least one bit set in 'a' + * which is not specified in 'flags', 1 otherwise. + * 'len' is the length of 'flags'. + */ +int +ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, const unsigned char *flags, + int flags_len) +{ + int i, ok; + + /* Check if there is one bit set at all. */ + if (!a || !a->data) + return 1; + + /* Check each byte of the internal representation of the bit string. */ + ok = 1; + for (i = 0; i < a->length && ok; ++i) { + unsigned char mask = i < flags_len ? ~flags[i] : 0xff; + /* We are done if there is an unneeded bit set. */ + ok = (a->data[i] & mask) == 0; + } + return ok; +} + +int +ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + BIT_STRING_BITNAME *tbl, int indent) +{ + BIT_STRING_BITNAME *bnam; + char first = 1; + + BIO_printf(out, "%*s", indent, ""); + for (bnam = tbl; bnam->lname; bnam++) { + if (ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) { + if (!first) + BIO_puts(out, ", "); + BIO_puts(out, bnam->lname); + first = 0; + } + } + BIO_puts(out, "\n"); + return 1; +} + +int +ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, + BIT_STRING_BITNAME *tbl) +{ + int bitnum; + + bitnum = ASN1_BIT_STRING_num_asc(name, tbl); + if (bitnum < 0) + return 0; + if (bs) { + if (!ASN1_BIT_STRING_set_bit(bs, bitnum, value)) + return 0; + } + return 1; +} + +int +ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl) +{ + BIT_STRING_BITNAME *bnam; + + for (bnam = tbl; bnam->lname; bnam++) { + if (!strcmp(bnam->sname, name) || + !strcmp(bnam->lname, name)) + return bnam->bitnum; + } + return -1; +} + int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) { @@ -127,138 +291,101 @@ i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) return (ret); } -ASN1_BIT_STRING * -c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char **pp, long len) +int +c2i_ASN1_BIT_STRING_cbs(ASN1_BIT_STRING **out_abs, CBS *cbs) { - ASN1_BIT_STRING *ret = NULL; - const unsigned char *p; - unsigned char *s; - int i; + ASN1_BIT_STRING *abs = NULL; + uint8_t *data = NULL; + size_t data_len = 0; + uint8_t unused_bits; + int ret = 0; + + if (out_abs == NULL) + goto err; - if (len < 1) { + if (*out_abs != NULL) { + ASN1_BIT_STRING_free(*out_abs); + *out_abs = NULL; + } + + if (!CBS_get_u8(cbs, &unused_bits)) { ASN1error(ASN1_R_STRING_TOO_SHORT); goto err; } - if (a == NULL || *a == NULL) { - if ((ret = ASN1_BIT_STRING_new()) == NULL) - return (NULL); - } else - ret = *a; + if (!CBS_stow(cbs, &data, &data_len)) + goto err; + if (data_len > INT_MAX) + goto err; - p = *pp; - i = *(p++); - if (i > 7) { - ASN1error(ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + if ((abs = ASN1_BIT_STRING_new()) == NULL) goto err; - } + + abs->data = data; + abs->length = (int)data_len; + data = NULL; /* * We do this to preserve the settings. If we modify the settings, * via the _set_bit function, we will recalculate on output. */ - ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */ - ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | i); /* set */ - - /* using one because of the bits left byte */ - if (len-- > 1) { - if ((s = malloc(len)) == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); - goto err; - } - memcpy(s, p, len); - s[len - 1] &= (0xff << i); - p += len; - } else - s = NULL; - - free(ret->data); - ret->data = s; - ret->length = (int)len; - ret->type = V_ASN1_BIT_STRING; - - if (a != NULL) - *a = ret; + if (!asn1_abs_set_unused_bits(abs, unused_bits)) { + ASN1error(ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + goto err; + } + if (abs->length > 0) + abs->data[abs->length - 1] &= 0xff << unused_bits; - *pp = p; + *out_abs = abs; + abs = NULL; - return (ret); + ret = 1; err: - if (a == NULL || *a != ret) - ASN1_BIT_STRING_free(ret); + ASN1_BIT_STRING_free(abs); + freezero(data, data_len); - return (NULL); + return ret; } -int -ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) +ASN1_BIT_STRING * +c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **out_abs, const unsigned char **pp, long len) { - int w, v, iv; - unsigned char *c; + ASN1_BIT_STRING *abs = NULL; + CBS content; - w = n/8; - v = 1 << (7 - (n & 0x07)); - iv = ~v; - if (!value) - v = 0; + if (out_abs != NULL) { + ASN1_BIT_STRING_free(*out_abs); + *out_abs = NULL; + } - if (a == NULL) - return 0; + if (len < 0) { + ASN1error(ASN1_R_LENGTH_ERROR); + return NULL; + } - a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */ + CBS_init(&content, *pp, len); - if ((a->length < (w + 1)) || (a->data == NULL)) { - if (!value) - return(1); /* Don't need to set */ - if ((c = recallocarray(a->data, a->length, w + 1, 1)) == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); - return 0; - } - a->data = c; - a->length = w + 1; - } - a->data[w] = ((a->data[w]) & iv) | v; - while ((a->length > 0) && (a->data[a->length - 1] == 0)) - a->length--; + if (!c2i_ASN1_BIT_STRING_cbs(&abs, &content)) + return NULL; - return (1); -} + *pp = CBS_data(&content); -int -ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n) -{ - int w, v; + if (out_abs != NULL) + *out_abs = abs; - w = n / 8; - v = 1 << (7 - (n & 0x07)); - if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL)) - return (0); - return ((a->data[w] & v) != 0); + return abs; } -/* - * Checks if the given bit string contains only bits specified by - * the flags vector. Returns 0 if there is at least one bit set in 'a' - * which is not specified in 'flags', 1 otherwise. - * 'len' is the length of 'flags'. - */ int -ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, const unsigned char *flags, - int flags_len) +i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **out) { - int i, ok; - - /* Check if there is one bit set at all. */ - if (!a || !a->data) - return 1; + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_BIT_STRING_it); +} - /* Check each byte of the internal representation of the bit string. */ - ok = 1; - for (i = 0; i < a->length && ok; ++i) { - unsigned char mask = i < flags_len ? ~flags[i] : 0xff; - /* We are done if there is an unneeded bit set. */ - ok = (a->data[i] & mask) == 0; - } - return ok; +ASN1_BIT_STRING * +d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char **in, long len) +{ + return (ASN1_BIT_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_BIT_STRING_it); } diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c index 0952e049..b35fe436 100644 --- a/crypto/asn1/a_enum.c +++ b/crypto/asn1/a_enum.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_enum.c,v 1.20 2019/04/28 05:05:56 tb Exp $ */ +/* $OpenBSD: a_enum.c,v 1.27 2022/09/03 18:45:51 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,85 +57,110 @@ */ #include -#include +#include #include +#include #include +#include #include +#include "asn1_locl.h" +#include "bytestring.h" + /* * Code for ENUMERATED type: identical to INTEGER apart from a different tag. * for comments on encoding see a_int.c */ +const ASN1_ITEM ASN1_ENUMERATED_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_ENUMERATED, + .sname = "ASN1_ENUMERATED", +}; + +ASN1_ENUMERATED * +ASN1_ENUMERATED_new(void) +{ + return (ASN1_ENUMERATED *)ASN1_item_new(&ASN1_ENUMERATED_it); +} + +static void +asn1_aenum_clear(ASN1_ENUMERATED *aenum) +{ + freezero(aenum->data, aenum->length); + + memset(aenum, 0, sizeof(*aenum)); + + aenum->type = V_ASN1_ENUMERATED; +} + +void +ASN1_ENUMERATED_free(ASN1_ENUMERATED *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_ENUMERATED_it); +} + int -ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) +ASN1_ENUMERATED_get_int64(int64_t *out_val, const ASN1_ENUMERATED *aenum) { - int j, k; - unsigned int i; - unsigned char buf[sizeof(long) + 1]; - long d; - - a->type = V_ASN1_ENUMERATED; - if (a->length < (int)(sizeof(long) + 1)) { - free(a->data); - a->data = calloc(1, sizeof(long) + 1); - } - if (a->data == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); - return (0); - } - d = v; - if (d < 0) { - d = -d; - a->type = V_ASN1_NEG_ENUMERATED; + CBS cbs; + + *out_val = 0; + + if (aenum == NULL || aenum->length < 0) + return 0; + + if (aenum->type != V_ASN1_ENUMERATED && + aenum->type != V_ASN1_NEG_ENUMERATED) { + ASN1error(ASN1_R_WRONG_INTEGER_TYPE); + return 0; } - for (i = 0; i < sizeof(long); i++) { - if (d == 0) - break; - buf[i] = (int)d & 0xff; - d >>= 8; + CBS_init(&cbs, aenum->data, aenum->length); + + return asn1_aint_get_int64(&cbs, (aenum->type == V_ASN1_NEG_ENUMERATED), + out_val); +} + +int +ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *aenum, int64_t val) +{ + uint64_t uval; + + asn1_aenum_clear(aenum); + + uval = (uint64_t)val; + + if (val < 0) { + aenum->type = V_ASN1_NEG_ENUMERATED; + uval = -uval; } - j = 0; - for (k = i - 1; k >= 0; k--) - a->data[j++] = buf[k]; - a->length = j; - return (1); + + return asn1_aint_set_uint64(uval, &aenum->data, &aenum->length); } long -ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a) +ASN1_ENUMERATED_get(const ASN1_ENUMERATED *aenum) { - int neg = 0, i; - unsigned long r = 0; + int64_t val; - if (a == NULL) - return (0L); - i = a->type; - if (i == V_ASN1_NEG_ENUMERATED) - neg = 1; - else if (i != V_ASN1_ENUMERATED) + if (aenum == NULL) + return 0; + if (!ASN1_ENUMERATED_get_int64(&val, aenum)) return -1; - - if (a->length > (int)sizeof(long)) { - /* hmm... a bit ugly */ + if (val < LONG_MIN || val > LONG_MAX) { + /* hmm... a bit ugly, return all ones */ return -1; } - if (a->data == NULL) - return 0; - - for (i = 0; i < a->length; i++) { - r <<= 8; - r |= (unsigned char)a->data[i]; - } - if (r > LONG_MAX) - return -1; + return (long)val; +} - if (neg) - return -(long)r; - return (long)r; +int +ASN1_ENUMERATED_set(ASN1_ENUMERATED *aenum, long val) +{ + return ASN1_ENUMERATED_set_int64(aenum, val); } ASN1_ENUMERATED * @@ -175,7 +200,7 @@ BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai) } return (ret); -err: + err: if (ret != ai) ASN1_ENUMERATED_free(ret); return (NULL); @@ -192,3 +217,165 @@ ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn) BN_set_negative(ret, 1); return (ret); } + +/* Based on a_int.c: equivalent ENUMERATED functions */ + +int +i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a) +{ + int i, n = 0; + static const char h[] = "0123456789ABCDEF"; + char buf[2]; + + if (a == NULL) + return (0); + + if (a->length == 0) { + if (BIO_write(bp, "00", 2) != 2) + goto err; + n = 2; + } else { + for (i = 0; i < a->length; i++) { + if ((i != 0) && (i % 35 == 0)) { + if (BIO_write(bp, "\\\n", 2) != 2) + goto err; + n += 2; + } + buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; + buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; + if (BIO_write(bp, buf, 2) != 2) + goto err; + n += 2; + } + } + return (n); + + err: + return (-1); +} + +int +a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) +{ + int ret = 0; + int i, j,k, m,n, again, bufsize; + unsigned char *s = NULL, *sp; + unsigned char *bufp; + int first = 1; + size_t num = 0, slen = 0; + + bs->type = V_ASN1_ENUMERATED; + + bufsize = BIO_gets(bp, buf, size); + for (;;) { + if (bufsize < 1) + goto err_sl; + i = bufsize; + if (buf[i-1] == '\n') + buf[--i] = '\0'; + if (i == 0) + goto err_sl; + if (buf[i-1] == '\r') + buf[--i] = '\0'; + if (i == 0) + goto err_sl; + if (buf[i - 1] == '\\') { + i--; + again = 1; + } else + again = 0; + buf[i] = '\0'; + if (i < 2) + goto err_sl; + + bufp = (unsigned char *)buf; + if (first) { + first = 0; + if ((bufp[0] == '0') && (buf[1] == '0')) { + bufp += 2; + i -= 2; + } + } + k = 0; + if (i % 2 != 0) { + ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS); + goto err; + } + i /= 2; + if (num + i > slen) { + sp = realloc(s, num + i); + if (sp == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + s = sp; + slen = num + i; + } + for (j = 0; j < i; j++, k += 2) { + for (n = 0; n < 2; n++) { + m = bufp[k + n]; + if ((m >= '0') && (m <= '9')) + m -= '0'; + else if ((m >= 'a') && (m <= 'f')) + m = m - 'a' + 10; + else if ((m >= 'A') && (m <= 'F')) + m = m - 'A' + 10; + else { + ASN1error(ASN1_R_NON_HEX_CHARACTERS); + goto err; + } + s[num + j] <<= 4; + s[num + j] |= m; + } + } + num += i; + if (again) + bufsize = BIO_gets(bp, buf, size); + else + break; + } + bs->length = num; + bs->data = s; + return (1); + + err_sl: + ASN1error(ASN1_R_SHORT_LINE); + err: + free(s); + return (ret); +} + +int +c2i_ASN1_ENUMERATED_cbs(ASN1_ENUMERATED **out_aenum, CBS *cbs) +{ + ASN1_ENUMERATED *aenum = NULL; + + if (out_aenum == NULL) + return 0; + + if (*out_aenum != NULL) { + ASN1_INTEGER_free(*out_aenum); + *out_aenum = NULL; + } + + if (!c2i_ASN1_INTEGER_cbs((ASN1_INTEGER **)&aenum, cbs)) + return 0; + + aenum->type = V_ASN1_ENUMERATED | (aenum->type & V_ASN1_NEG); + *out_aenum = aenum; + + return 1; +} + +int +i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_ENUMERATED_it); +} + +ASN1_ENUMERATED * +d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, const unsigned char **in, long len) +{ + return (ASN1_ENUMERATED *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_ENUMERATED_it); +} diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index d14bd795..1f477892 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_int.c,v 1.34 2019/04/28 05:03:56 tb Exp $ */ +/* $OpenBSD: a_int.c,v 1.46 2022/08/28 17:49:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,9 +61,41 @@ #include #include +#include #include +#include #include +#include "bytestring.h" + +const ASN1_ITEM ASN1_INTEGER_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_INTEGER, + .sname = "ASN1_INTEGER", +}; + +ASN1_INTEGER * +ASN1_INTEGER_new(void) +{ + return (ASN1_INTEGER *)ASN1_item_new(&ASN1_INTEGER_it); +} + +static void +asn1_aint_clear(ASN1_INTEGER *aint) +{ + freezero(aint->data, aint->length); + + memset(aint, 0, sizeof(*aint)); + + aint->type = V_ASN1_INTEGER; +} + +void +ASN1_INTEGER_free(ASN1_INTEGER *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_INTEGER_it); +} + static int ASN1_INTEGER_valid(const ASN1_INTEGER *a) { @@ -80,375 +112,211 @@ ASN1_INTEGER_dup(const ASN1_INTEGER *x) } int -ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) +ASN1_INTEGER_cmp(const ASN1_INTEGER *a, const ASN1_INTEGER *b) { - int neg, ret; - - /* Compare signs */ - neg = x->type & V_ASN1_NEG; - if (neg != (y->type & V_ASN1_NEG)) { - if (neg) - return -1; - else - return 1; - } + int ret = 1; - ret = ASN1_STRING_cmp(x, y); + /* Compare sign, then content. */ + if ((a->type & V_ASN1_NEG) == (b->type & V_ASN1_NEG)) + ret = ASN1_STRING_cmp(a, b); - if (neg) + if ((a->type & V_ASN1_NEG) != 0) return -ret; - else - return ret; -} - -/* - * This converts an ASN1 INTEGER into its content encoding. - * The internal representation is an ASN1_STRING whose data is a big endian - * representation of the value, ignoring the sign. The sign is determined by - * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. - * - * Positive integers are no problem: they are almost the same as the DER - * encoding, except if the first byte is >= 0x80 we need to add a zero pad. - * - * Negative integers are a bit trickier... - * The DER representation of negative integers is in 2s complement form. - * The internal form is converted by complementing each octet and finally - * adding one to the result. This can be done less messily with a little trick. - * If the internal form has trailing zeroes then they will become FF by the - * complement and 0 by the add one (due to carry) so just copy as many trailing - * zeros to the destination as there are in the source. The carry will add one - * to the last none zero octet: so complement this octet and add one and finally - * complement any left over until you get to the start of the string. - * - * Padding is a little trickier too. If the first bytes is > 0x80 then we pad - * with 0xff. However if the first byte is 0x80 and one of the following bytes - * is non-zero we pad with 0xff. The reason for this distinction is that 0x80 - * followed by optional zeros isn't padded. - */ + return ret; +} int -i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) +asn1_aint_get_uint64(CBS *cbs, uint64_t *out_val) { - int pad = 0, ret, i, neg; - unsigned char *p, *n, pb = 0; + uint64_t val = 0; + uint8_t u8; - if (!ASN1_INTEGER_valid(a)) - return 0; + *out_val = 0; - neg = a->type & V_ASN1_NEG; - if (a->length == 0) - ret = 1; - else { - ret = a->length; - i = a->data[0]; - if (!neg && (i > 127)) { - pad = 1; - pb = 0; - } else if (neg) { - if (i > 128) { - pad = 1; - pb = 0xFF; - } else if (i == 128) { - /* - * Special case: if any other bytes non zero we pad: - * otherwise we don't. - */ - for (i = 1; i < a->length; i++) if (a->data[i]) { - pad = 1; - pb = 0xFF; - break; - } - } - } - ret += pad; - } - if (pp == NULL) - return (ret); - p= *pp; - - if (pad) - *(p++) = pb; - if (a->length == 0) - *(p++) = 0; - else if (!neg) - memcpy(p, a->data, a->length); - else { - /* Begin at the end of the encoding */ - n = a->data + a->length - 1; - p += a->length - 1; - i = a->length; - /* Copy zeros to destination as long as source is zero */ - while (!*n) { - *(p--) = 0; - n--; - i--; + while (CBS_len(cbs) > 0) { + if (!CBS_get_u8(cbs, &u8)) + return 0; + if (val > (UINT64_MAX >> 8)) { + ASN1error(ASN1_R_TOO_LARGE); + return 0; } - /* Complement and increment next octet */ - *(p--) = ((*(n--)) ^ 0xff) + 1; - i--; - /* Complement any octets left */ - for (; i > 0; i--) - *(p--) = *(n--) ^ 0xff; + val = val << 8 | u8; } - *pp += ret; - return (ret); -} + *out_val = val; -/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */ + return 1; +} -ASN1_INTEGER * -c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, long len) +int +asn1_aint_set_uint64(uint64_t val, uint8_t **out_data, int *out_len) { - ASN1_INTEGER *ret = NULL; - const unsigned char *p, *pend; - unsigned char *to, *s; + uint8_t *data = NULL; + size_t data_len = 0; + int started = 0; + uint8_t u8; + CBB cbb; int i; + int ret = 0; - if ((a == NULL) || ((*a) == NULL)) { - if ((ret = ASN1_INTEGER_new()) == NULL) - return (NULL); - } else - ret = (*a); + if (!CBB_init(&cbb, sizeof(long))) + goto err; - if (!ASN1_INTEGER_valid(ret)) { - /* - * XXX using i for an alert is confusing, - * we should call this al - */ - i = ERR_R_ASN1_LENGTH_MISMATCH; + if (out_data == NULL || out_len == NULL) + goto err; + if (*out_data != NULL || *out_len != 0) goto err; - } - p = *pp; - pend = p + len; + for (i = sizeof(uint64_t) - 1; i >= 0; i--) { + u8 = (val >> (i * 8)) & 0xff; + if (!started && i != 0 && u8 == 0) + continue; + if (!CBB_add_u8(&cbb, u8)) + goto err; + started = 1; + } - /* We must malloc stuff, even for 0 bytes otherwise it - * signifies a missing NULL parameter. */ - if (len < 0 || len > INT_MAX) { - i = ERR_R_ASN1_LENGTH_MISMATCH; + if (!CBB_finish(&cbb, &data, &data_len)) goto err; - } - s = malloc(len + 1); - if (s == NULL) { - i = ERR_R_MALLOC_FAILURE; + if (data_len > INT_MAX) goto err; - } - to = s; - if (!len) { - /* Strictly speaking this is an illegal INTEGER but we - * tolerate it. - */ - ret->type = V_ASN1_INTEGER; - } else if (*p & 0x80) /* a negative number */ { - ret->type = V_ASN1_NEG_INTEGER; - if ((*p == 0xff) && (len != 1)) { - p++; - len--; - } - i = len; - p += i - 1; - to += i - 1; - while((!*p) && i) { - *(to--) = 0; - i--; - p--; - } - /* Special case: if all zeros then the number will be of - * the form FF followed by n zero bytes: this corresponds to - * 1 followed by n zero bytes. We've already written n zeros - * so we just append an extra one and set the first byte to - * a 1. This is treated separately because it is the only case - * where the number of bytes is larger than len. - */ - if (!i) { - *s = 1; - s[len] = 0; - len++; - } else { - *(to--) = (*(p--) ^ 0xff) + 1; - i--; - for (; i > 0; i--) - *(to--) = *(p--) ^ 0xff; + + *out_data = data; + *out_len = (int)data_len; + data = NULL; + + ret = 1; + err: + CBB_cleanup(&cbb); + freezero(data, data_len); + + return ret; +} + +int +asn1_aint_get_int64(CBS *cbs, int negative, int64_t *out_val) +{ + uint64_t val; + + if (!asn1_aint_get_uint64(cbs, &val)) + return 0; + + if (negative) { + if (val > (uint64_t)INT64_MIN) { + ASN1error(ASN1_R_TOO_SMALL); + return 0; } + *out_val = (int64_t)-val; } else { - ret->type = V_ASN1_INTEGER; - if ((*p == 0) && (len != 1)) { - p++; - len--; + if (val > (uint64_t)INT64_MAX) { + ASN1error(ASN1_R_TOO_LARGE); + return 0; } - memcpy(s, p, len); + *out_val = (int64_t)val; } - free(ret->data); - ret->data = s; - ret->length = (int)len; - if (a != NULL) - (*a) = ret; - *pp = pend; - return (ret); - -err: - ASN1error(i); - if (a == NULL || *a != ret) - ASN1_INTEGER_free(ret); - return (NULL); + return 1; } +int +ASN1_INTEGER_get_uint64(uint64_t *out_val, const ASN1_INTEGER *aint) +{ + uint64_t val; + CBS cbs; -/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of - * ASN1 integers: some broken software can encode a positive INTEGER - * with its MSB set as negative (it doesn't add a padding zero). - */ + *out_val = 0; -ASN1_INTEGER * -d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, long length) + if (aint == NULL || aint->length < 0) + return 0; + + if (aint->type == V_ASN1_NEG_INTEGER) { + ASN1error(ASN1_R_ILLEGAL_NEGATIVE_VALUE); + return 0; + } + if (aint->type != V_ASN1_INTEGER) { + ASN1error(ASN1_R_WRONG_INTEGER_TYPE); + return 0; + } + + CBS_init(&cbs, aint->data, aint->length); + + if (!asn1_aint_get_uint64(&cbs, &val)) + return 0; + + *out_val = val; + + return 1; +} + +int +ASN1_INTEGER_set_uint64(ASN1_INTEGER *aint, uint64_t val) { - ASN1_INTEGER *ret = NULL; - const unsigned char *p; - unsigned char *s; - long len; - int inf, tag, xclass; - int i; + asn1_aint_clear(aint); - if ((a == NULL) || ((*a) == NULL)) { - if ((ret = ASN1_INTEGER_new()) == NULL) - return (NULL); - } else - ret = (*a); + return asn1_aint_set_uint64(val, &aint->data, &aint->length); +} - if (!ASN1_INTEGER_valid(ret)) { - i = ERR_R_ASN1_LENGTH_MISMATCH; - goto err; - } +int +ASN1_INTEGER_get_int64(int64_t *out_val, const ASN1_INTEGER *aint) +{ + CBS cbs; - p = *pp; - inf = ASN1_get_object(&p, &len, &tag, &xclass, length); - if (inf & 0x80) { - i = ASN1_R_BAD_OBJECT_HEADER; - goto err; - } + *out_val = 0; - if (tag != V_ASN1_INTEGER) { - i = ASN1_R_EXPECTING_AN_INTEGER; - goto err; - } + if (aint == NULL || aint->length < 0) + return 0; - /* We must malloc stuff, even for 0 bytes otherwise it - * signifies a missing NULL parameter. */ - if (len < 0 || len > INT_MAX) { - i = ERR_R_ASN1_LENGTH_MISMATCH; - goto err; - } - s = malloc(len + 1); - if (s == NULL) { - i = ERR_R_MALLOC_FAILURE; - goto err; - } - ret->type = V_ASN1_INTEGER; - if (len) { - if ((*p == 0) && (len != 1)) { - p++; - len--; - } - memcpy(s, p, len); - p += len; + if (aint->type != V_ASN1_INTEGER && + aint->type != V_ASN1_NEG_INTEGER) { + ASN1error(ASN1_R_WRONG_INTEGER_TYPE); + return 0; } - free(ret->data); - ret->data = s; - ret->length = (int)len; - if (a != NULL) - (*a) = ret; - *pp = p; - return (ret); + CBS_init(&cbs, aint->data, aint->length); -err: - ASN1error(i); - if (a == NULL || *a != ret) - ASN1_INTEGER_free(ret); - return (NULL); + return asn1_aint_get_int64(&cbs, (aint->type == V_ASN1_NEG_INTEGER), + out_val); } int -ASN1_INTEGER_set(ASN1_INTEGER *a, long v) +ASN1_INTEGER_set_int64(ASN1_INTEGER *aint, int64_t val) { - int j, k; - unsigned int i; - unsigned char buf[sizeof(long) + 1]; - long d; - - a->type = V_ASN1_INTEGER; - /* XXX ssl/ssl_asn1.c:i2d_SSL_SESSION() depends upon this bound vae */ - if (a->length < (int)(sizeof(long) + 1)) { - free(a->data); - a->data = calloc(1, sizeof(long) + 1); - } - if (a->data == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); - return (0); - } - d = v; - if (d < 0) { - d = -d; - a->type = V_ASN1_NEG_INTEGER; - } + uint64_t uval; - for (i = 0; i < sizeof(long); i++) { - if (d == 0) - break; - buf[i] = (int)d & 0xff; - d >>= 8; + asn1_aint_clear(aint); + + uval = (uint64_t)val; + + if (val < 0) { + aint->type = V_ASN1_NEG_INTEGER; + uval = -uval; } - j = 0; - for (k = i - 1; k >= 0; k--) - a->data[j++] = buf[k]; - a->length = j; - return (1); + + return asn1_aint_set_uint64(uval, &aint->data, &aint->length); } -/* - * XXX this particular API is a gibbering eidrich horror that makes it - * impossible to determine valid return cases from errors.. "a bit - * ugly" is preserved for posterity, unfortunately this is probably - * unfixable without changing public API - */ long -ASN1_INTEGER_get(const ASN1_INTEGER *a) +ASN1_INTEGER_get(const ASN1_INTEGER *aint) { - int neg = 0, i; - unsigned long r = 0; + int64_t val; - if (a == NULL) - return (0L); - i = a->type; - if (i == V_ASN1_NEG_INTEGER) - neg = 1; - else if (i != V_ASN1_INTEGER) + if (aint == NULL) + return 0; + if (!ASN1_INTEGER_get_int64(&val, aint)) return -1; - - if (!ASN1_INTEGER_valid(a)) - return -1; /* XXX best effort */ - - if (a->length > (int)sizeof(long)) { + if (val < LONG_MIN || val > LONG_MAX) { /* hmm... a bit ugly, return all ones */ return -1; } - if (a->data == NULL) - return 0; - - for (i = 0; i < a->length; i++) { - r <<= 8; - r |= (unsigned char)a->data[i]; - } - if (r > LONG_MAX) - return -1; + return (long)val; +} - if (neg) - return -(long)r; - return (long)r; +int +ASN1_INTEGER_set(ASN1_INTEGER *aint, long val) +{ + return ASN1_INTEGER_set_int64(aint, val); } ASN1_INTEGER * @@ -492,7 +360,7 @@ BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) } return (ret); -err: + err: if (ret != ai) ASN1_INTEGER_free(ret); return (NULL); @@ -512,3 +380,461 @@ ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) BN_set_negative(ret, 1); return (ret); } + +int +i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a) +{ + int i, n = 0; + static const char h[] = "0123456789ABCDEF"; + char buf[2]; + + if (a == NULL) + return (0); + + if (a->type & V_ASN1_NEG) { + if (BIO_write(bp, "-", 1) != 1) + goto err; + n = 1; + } + + if (a->length == 0) { + if (BIO_write(bp, "00", 2) != 2) + goto err; + n += 2; + } else { + for (i = 0; i < a->length; i++) { + if ((i != 0) && (i % 35 == 0)) { + if (BIO_write(bp, "\\\n", 2) != 2) + goto err; + n += 2; + } + buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; + buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; + if (BIO_write(bp, buf, 2) != 2) + goto err; + n += 2; + } + } + return (n); + + err: + return (-1); +} + +int +a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) +{ + int ret = 0; + int i, j,k, m,n, again, bufsize; + unsigned char *s = NULL, *sp; + unsigned char *bufp; + int num = 0, slen = 0, first = 1; + + bs->type = V_ASN1_INTEGER; + + bufsize = BIO_gets(bp, buf, size); + for (;;) { + if (bufsize < 1) + goto err_sl; + i = bufsize; + if (buf[i - 1] == '\n') + buf[--i] = '\0'; + if (i == 0) + goto err_sl; + if (buf[i - 1] == '\r') + buf[--i] = '\0'; + if (i == 0) + goto err_sl; + if (buf[i - 1] == '\\') { + i--; + again = 1; + } else + again = 0; + buf[i] = '\0'; + if (i < 2) + goto err_sl; + + bufp = (unsigned char *)buf; + if (first) { + first = 0; + if ((bufp[0] == '0') && (buf[1] == '0')) { + bufp += 2; + i -= 2; + } + } + k = 0; + if (i % 2 != 0) { + ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS); + goto err; + } + i /= 2; + if (num + i > slen) { + if ((sp = recallocarray(s, slen, num + i, 1)) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + s = sp; + slen = num + i; + } + for (j = 0; j < i; j++, k += 2) { + for (n = 0; n < 2; n++) { + m = bufp[k + n]; + if ((m >= '0') && (m <= '9')) + m -= '0'; + else if ((m >= 'a') && (m <= 'f')) + m = m - 'a' + 10; + else if ((m >= 'A') && (m <= 'F')) + m = m - 'A' + 10; + else { + ASN1error(ASN1_R_NON_HEX_CHARACTERS); + goto err; + } + s[num + j] <<= 4; + s[num + j] |= m; + } + } + num += i; + if (again) + bufsize = BIO_gets(bp, buf, size); + else + break; + } + bs->length = num; + bs->data = s; + return (1); + + err_sl: + ASN1error(ASN1_R_SHORT_LINE); + err: + free(s); + return (ret); +} + +static void +asn1_aint_twos_complement(uint8_t *data, size_t data_len) +{ + uint8_t carry = 1; + ssize_t i; + + for (i = data_len - 1; i >= 0; i--) { + data[i] = (data[i] ^ 0xff) + carry; + if (data[i] != 0) + carry = 0; + } +} + +static int +asn1_aint_keep_twos_padding(const uint8_t *data, size_t data_len) +{ + size_t i; + + /* + * If a two's complement value has a padding byte (0xff) and the rest + * of the value is all zeros, the padding byte cannot be removed as when + * converted from two's complement this becomes 0x01 (in the place of + * the padding byte) followed by the same number of zero bytes. + */ + if (data_len <= 1 || data[0] != 0xff) + return 0; + for (i = 1; i < data_len; i++) { + if (data[i] != 0) + return 0; + } + return 1; +} + +static int +i2c_ASN1_INTEGER_cbb(ASN1_INTEGER *aint, CBB *cbb) +{ + uint8_t *data = NULL; + size_t data_len = 0; + uint8_t padding, val; + uint8_t msb; + CBS cbs; + int ret = 0; + + if (aint->length < 0) + goto err; + if (aint->data == NULL && aint->length != 0) + goto err; + + if ((aint->type & ~V_ASN1_NEG) != V_ASN1_ENUMERATED && + (aint->type & ~V_ASN1_NEG) != V_ASN1_INTEGER) + goto err; + + CBS_init(&cbs, aint->data, aint->length); + + /* Find the first non-zero byte. */ + while (CBS_len(&cbs) > 0) { + if (!CBS_peek_u8(&cbs, &val)) + goto err; + if (val != 0) + break; + if (!CBS_skip(&cbs, 1)) + goto err; + } + + /* A zero value is encoded as a single octet. */ + if (CBS_len(&cbs) == 0) { + if (!CBB_add_u8(cbb, 0)) + goto err; + goto done; + } + + if (!CBS_stow(&cbs, &data, &data_len)) + goto err; + + if ((aint->type & V_ASN1_NEG) != 0) + asn1_aint_twos_complement(data, data_len); + + /* Topmost bit indicates sign, padding is all zeros or all ones. */ + msb = (data[0] >> 7); + padding = (msb - 1) & 0xff; + + /* See if we need a padding octet to avoid incorrect sign. */ + if (((aint->type & V_ASN1_NEG) == 0 && msb == 1) || + ((aint->type & V_ASN1_NEG) != 0 && msb == 0)) { + if (!CBB_add_u8(cbb, padding)) + goto err; + } + if (!CBB_add_bytes(cbb, data, data_len)) + goto err; + + done: + ret = 1; + + err: + freezero(data, data_len); + + return ret; +} + +int +i2c_ASN1_INTEGER(ASN1_INTEGER *aint, unsigned char **pp) +{ + uint8_t *data = NULL; + size_t data_len = 0; + CBB cbb; + int ret = -3; + + if (!CBB_init(&cbb, 0)) + goto err; + if (!i2c_ASN1_INTEGER_cbb(aint, &cbb)) + goto err; + if (!CBB_finish(&cbb, &data, &data_len)) + goto err; + if (data_len > INT_MAX) + goto err; + + if (pp != NULL) { + if ((uintptr_t)*pp > UINTPTR_MAX - data_len) + goto err; + memcpy(*pp, data, data_len); + *pp += data_len; + } + + ret = data_len; + + err: + freezero(data, data_len); + CBB_cleanup(&cbb); + + return ret; +} + +int +c2i_ASN1_INTEGER_cbs(ASN1_INTEGER **out_aint, CBS *cbs) +{ + ASN1_INTEGER *aint = NULL; + uint8_t *data = NULL; + size_t data_len = 0; + uint8_t padding, val; + uint8_t negative; + int ret = 0; + + if (out_aint == NULL) + goto err; + + if (*out_aint != NULL) { + ASN1_INTEGER_free(*out_aint); + *out_aint = NULL; + } + + if (CBS_len(cbs) == 0) { + /* XXX INVALID ENCODING? */ + ASN1error(ERR_R_ASN1_LENGTH_MISMATCH); + goto err; + } + if (!CBS_peek_u8(cbs, &val)) + goto err; + + /* Topmost bit indicates sign, padding is all zeros or all ones. */ + negative = (val >> 7); + padding = ~(negative - 1) & 0xff; + + /* + * Ensure that the first 9 bits are not all zero or all one, as per + * X.690 section 8.3.2. Remove the padding octet if possible. + */ + if (CBS_len(cbs) > 1 && val == padding) { + if (!asn1_aint_keep_twos_padding(CBS_data(cbs), CBS_len(cbs))) { + if (!CBS_get_u8(cbs, &padding)) + goto err; + if (!CBS_peek_u8(cbs, &val)) + goto err; + if ((val >> 7) == (padding >> 7)) { + /* XXX INVALID ENCODING? */ + ASN1error(ERR_R_ASN1_LENGTH_MISMATCH); + goto err; + } + } + } + + if (!CBS_stow(cbs, &data, &data_len)) + goto err; + if (data_len > INT_MAX) + goto err; + + if ((aint = ASN1_INTEGER_new()) == NULL) + goto err; + + /* + * Negative integers are handled as a separate type - convert from + * two's complement for internal representation. + */ + if (negative) { + aint->type = V_ASN1_NEG_INTEGER; + asn1_aint_twos_complement(data, data_len); + } + + aint->data = data; + aint->length = (int)data_len; + data = NULL; + + *out_aint = aint; + aint = NULL; + + ret = 1; + + err: + ASN1_INTEGER_free(aint); + freezero(data, data_len); + + return ret; +} + +ASN1_INTEGER * +c2i_ASN1_INTEGER(ASN1_INTEGER **out_aint, const unsigned char **pp, long len) +{ + ASN1_INTEGER *aint = NULL; + CBS content; + + if (out_aint != NULL) { + ASN1_INTEGER_free(*out_aint); + *out_aint = NULL; + } + + if (len < 0) { + ASN1error(ASN1_R_LENGTH_ERROR); + return NULL; + } + + CBS_init(&content, *pp, len); + + if (!c2i_ASN1_INTEGER_cbs(&aint, &content)) + return NULL; + + *pp = CBS_data(&content); + + if (out_aint != NULL) + *out_aint = aint; + + return aint; +} + +int +i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_INTEGER_it); +} + +ASN1_INTEGER * +d2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **in, long len) +{ + return (ASN1_INTEGER *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_INTEGER_it); +} + +/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of + * ASN1 integers: some broken software can encode a positive INTEGER + * with its MSB set as negative (it doesn't add a padding zero). + */ + +ASN1_INTEGER * +d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, long length) +{ + ASN1_INTEGER *ret = NULL; + const unsigned char *p; + unsigned char *s; + long len; + int inf, tag, xclass; + int i; + + if ((a == NULL) || ((*a) == NULL)) { + if ((ret = ASN1_INTEGER_new()) == NULL) + return (NULL); + } else + ret = (*a); + + if (!ASN1_INTEGER_valid(ret)) { + i = ERR_R_ASN1_LENGTH_MISMATCH; + goto err; + } + + p = *pp; + inf = ASN1_get_object(&p, &len, &tag, &xclass, length); + if (inf & 0x80) { + i = ASN1_R_BAD_OBJECT_HEADER; + goto err; + } + + if (tag != V_ASN1_INTEGER) { + i = ASN1_R_EXPECTING_AN_INTEGER; + goto err; + } + + /* We must malloc stuff, even for 0 bytes otherwise it + * signifies a missing NULL parameter. */ + if (len < 0 || len > INT_MAX) { + i = ERR_R_ASN1_LENGTH_MISMATCH; + goto err; + } + s = malloc(len + 1); + if (s == NULL) { + i = ERR_R_MALLOC_FAILURE; + goto err; + } + ret->type = V_ASN1_INTEGER; + if (len) { + if ((*p == 0) && (len != 1)) { + p++; + len--; + } + memcpy(s, p, len); + p += len; + } + + free(ret->data); + ret->data = s; + ret->length = (int)len; + if (a != NULL) + (*a) = ret; + *pp = p; + return (ret); + + err: + ASN1error(i); + if (a == NULL || *a != ret) + ASN1_INTEGER_free(ret); + return (NULL); +} diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index b7cfba37..8cff3ae1 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_mbstr.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: a_mbstr.c,v 1.24 2021/12/25 13:17:48 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -248,7 +248,7 @@ ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, traverse_string(in, len, inform, cpyfunc, &p); return str_type; -err: + err: if (free_out) { ASN1_STRING_free(dest); *out = NULL; diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 8600f804..2ee6c17d 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_object.c,v 1.32 2021/05/01 13:16:30 tb Exp $ */ +/* $OpenBSD: a_object.c,v 1.48 2022/05/13 16:32:10 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,346 +61,605 @@ #include #include -#include +#include #include #include #include -int -i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) -{ - unsigned char *p; - int objsize; +#include "asn1_locl.h" - if ((a == NULL) || (a->data == NULL)) - return (0); +const ASN1_ITEM ASN1_OBJECT_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_OBJECT, + .sname = "ASN1_OBJECT", +}; - objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT); - if (pp == NULL) - return objsize; +ASN1_OBJECT * +ASN1_OBJECT_new(void) +{ + ASN1_OBJECT *a; - p = *pp; - ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); - memcpy(p, a->data, a->length); - p += a->length; + if ((a = calloc(1, sizeof(ASN1_OBJECT))) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (NULL); + } + a->flags = ASN1_OBJECT_FLAG_DYNAMIC; - *pp = p; - return (objsize); + return a; } -int -a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) +void +ASN1_OBJECT_free(ASN1_OBJECT *a) { - int i, first, len = 0, c, use_bn; - char ftmp[24], *tmp = ftmp; - int tmpsize = sizeof ftmp; - const char *p; - unsigned long l; - BIGNUM *bl = NULL; - - if (num == 0) - return (0); - else if (num == -1) - num = strlen(buf); - - p = buf; - c = *(p++); - num--; - if ((c >= '0') && (c <= '2')) { - first= c-'0'; - } else { - ASN1error(ASN1_R_FIRST_NUM_TOO_LARGE); - goto err; + if (a == NULL) + return; + if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) { + free((void *)a->sn); + free((void *)a->ln); + a->sn = a->ln = NULL; } + if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) { + freezero((void *)a->data, a->length); + a->data = NULL; + a->length = 0; + } + if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC) + free(a); +} - if (num <= 0) { - ASN1error(ASN1_R_MISSING_SECOND_NUMBER); - goto err; +ASN1_OBJECT * +ASN1_OBJECT_create(int nid, unsigned char *data, int len, + const char *sn, const char *ln) +{ + ASN1_OBJECT o; + + o.sn = sn; + o.ln = ln; + o.data = data; + o.nid = nid; + o.length = len; + o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | + ASN1_OBJECT_FLAG_DYNAMIC_DATA; + return (OBJ_dup(&o)); +} + +static int +oid_add_arc(CBB *cbb, uint64_t arc) +{ + int started = 0; + uint8_t val; + int i; + + for (i = (sizeof(arc) * 8) / 7; i >= 0; i--) { + val = (arc >> (i * 7)) & 0x7f; + if (!started && i != 0 && val == 0) + continue; + if (i > 0) + val |= 0x80; + if (!CBB_add_u8(cbb, val)) + return 0; + started = 1; } - c = *(p++); - num--; - for (;;) { - if (num <= 0) - break; - if ((c != '.') && (c != ' ')) { + + return 1; +} + +static int +oid_parse_arc(CBS *cbs, uint64_t *out_arc) +{ + uint64_t arc = 0; + uint8_t val; + + do { + if (!CBS_get_u8(cbs, &val)) + return 0; + if (arc == 0 && val == 0x80) + return 0; + if (out_arc != NULL && arc > (UINT64_MAX >> 7)) + return 0; + arc = (arc << 7) | (val & 0x7f); + } while (val & 0x80); + + if (out_arc != NULL) + *out_arc = arc; + + return 1; +} + +static int +oid_add_arc_txt(CBB *cbb, uint64_t arc, int first) +{ + const char *fmt = ".%llu"; + char s[22]; /* Digits in decimal representation of 2^64-1, plus '.' and NUL. */ + int n; + + if (first) + fmt = "%llu"; + n = snprintf(s, sizeof(s), fmt, (unsigned long long)arc); + if (n < 0 || (size_t)n >= sizeof(s)) + return 0; + if (!CBB_add_bytes(cbb, s, n)) + return 0; + + return 1; +} + +static int +oid_parse_arc_txt(CBS *cbs, uint64_t *out_arc, char *separator, int first) +{ + uint64_t arc = 0; + int digits = 0; + uint8_t val; + + if (!first) { + if (!CBS_get_u8(cbs, &val)) + return 0; + if ((*separator == 0 && val != '.' && val != ' ') || + (*separator != 0 && val != *separator)) { ASN1error(ASN1_R_INVALID_SEPARATOR); - goto err; + return 0; } - l = 0; - use_bn = 0; - for (;;) { - if (num <= 0) - break; - num--; - c = *(p++); - if ((c == ' ') || (c == '.')) - break; - if ((c < '0') || (c > '9')) { - ASN1error(ASN1_R_INVALID_DIGIT); - goto err; - } - if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) { - use_bn = 1; - if (!bl) - bl = BN_new(); - if (!bl || !BN_set_word(bl, l)) - goto err; + *separator = val; + } + + while (CBS_len(cbs) > 0) { + if (!CBS_peek_u8(cbs, &val)) + return 0; + if (val == '.' || val == ' ') + break; + + if (!CBS_get_u8(cbs, &val)) + return 0; + if (val < '0' || val > '9') { + /* For the first arc we treat this as the separator. */ + if (first) { + ASN1error(ASN1_R_INVALID_SEPARATOR); + return 0; } - if (use_bn) { - if (!BN_mul_word(bl, 10L) || - !BN_add_word(bl, c-'0')) - goto err; - } else - l = l * 10L + (long)(c - '0'); + ASN1error(ASN1_R_INVALID_DIGIT); + return 0; } - if (len == 0) { - if ((first < 2) && (l >= 40)) { - ASN1error(ASN1_R_SECOND_NUMBER_TOO_LARGE); - goto err; - } - if (use_bn) { - if (!BN_add_word(bl, first * 40)) - goto err; - } else - l += (long)first * 40; + val -= '0'; + + if (digits > 0 && arc == 0 && val == 0) { + ASN1error(ASN1_R_INVALID_NUMBER); + return 0; } - i = 0; - if (use_bn) { - int blsize; - blsize = BN_num_bits(bl); - blsize = (blsize + 6) / 7; - if (blsize > tmpsize) { - if (tmp != ftmp) - free(tmp); - tmpsize = blsize + 32; - tmp = malloc(tmpsize); - if (!tmp) - goto err; - } - while (blsize--) - tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L); - } else { - - for (;;) { - tmp[i++] = (unsigned char)l & 0x7f; - l >>= 7L; - if (l == 0L) - break; - } + digits++; + if (arc > UINT64_MAX / 10) { + ASN1error(ASN1_R_TOO_LONG); + return 0; } - if (out != NULL) { - if (len + i > olen) { - ASN1error(ASN1_R_BUFFER_TOO_SMALL); - goto err; - } - while (--i > 0) - out[len++] = tmp[i]|0x80; - out[len++] = tmp[0]; - } else - len += i; + arc = arc * 10 + val; } - if (tmp != ftmp) - free(tmp); - BN_free(bl); - return (len); - -err: - if (tmp != ftmp) - free(tmp); - BN_free(bl); - return (0); + + if (digits < 1) { + ASN1error(ASN1_R_INVALID_NUMBER); + return 0; + } + + *out_arc = arc; + + return 1; } -int -i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a) +static int +a2c_ASN1_OBJECT_internal(CBB *cbb, CBS *cbs) { - return OBJ_obj2txt(buf, buf_len, a, 0); + uint64_t arc, si1, si2; + char separator = 0; + + if (!oid_parse_arc_txt(cbs, &si1, &separator, 1)) + return 0; + + if (CBS_len(cbs) == 0) { + ASN1error(ASN1_R_MISSING_SECOND_NUMBER); + return 0; + } + + if (!oid_parse_arc_txt(cbs, &si2, &separator, 0)) + return 0; + + /* + * X.690 section 8.19 - the first two subidentifiers are encoded as + * (x * 40) + y, with x being limited to [0,1,2]. The second + * subidentifier cannot exceed 39 for x < 2. + */ + if (si1 > 2) { + ASN1error(ASN1_R_FIRST_NUM_TOO_LARGE); + return 0; + } + if ((si1 < 2 && si2 >= 40) || si2 > UINT64_MAX - si1 * 40) { + ASN1error(ASN1_R_SECOND_NUMBER_TOO_LARGE); + return 0; + } + arc = si1 * 40 + si2; + + if (!oid_add_arc(cbb, arc)) + return 0; + + while (CBS_len(cbs) > 0) { + if (!oid_parse_arc_txt(cbs, &arc, &separator, 0)) + return 0; + if (!oid_add_arc(cbb, arc)) + return 0; + } + + return 1; } -int -i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a) +static int +c2a_ASN1_OBJECT(CBS *cbs, CBB *cbb) { - char *tmp = NULL; - size_t tlen = 256; - int i = -1; + uint64_t arc, si1, si2; - if ((a == NULL) || (a->data == NULL)) - return(BIO_write(bp, "NULL", 4)); - if ((tmp = malloc(tlen)) == NULL) - return -1; - i = i2t_ASN1_OBJECT(tmp, tlen, a); - if (i > (int)(tlen - 1)) { - freezero(tmp, tlen); - if ((tmp = malloc(i + 1)) == NULL) - return -1; - tlen = i + 1; - i = i2t_ASN1_OBJECT(tmp, tlen, a); + /* + * X.690 section 8.19 - the first two subidentifiers are encoded as + * (x * 40) + y, with x being limited to [0,1,2]. + */ + if (!oid_parse_arc(cbs, &arc)) + return 0; + if ((si1 = arc / 40) > 2) + si1 = 2; + si2 = arc - si1 * 40; + + if (!oid_add_arc_txt(cbb, si1, 1)) + return 0; + if (!oid_add_arc_txt(cbb, si2, 0)) + return 0; + + while (CBS_len(cbs) > 0) { + if (!oid_parse_arc(cbs, &arc)) + return 0; + if (!oid_add_arc_txt(cbb, arc, 0)) + return 0; } - if (i <= 0) - i = BIO_write(bp, "", 9); - else - i = BIO_write(bp, tmp, i); - freezero(tmp, tlen); - return (i); + + /* NUL terminate. */ + if (!CBB_add_u8(cbb, 0)) + return 0; + + return 1; } -ASN1_OBJECT * -d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long length) +int +a2d_ASN1_OBJECT(unsigned char *out, int out_len, const char *in, int in_len) { - const unsigned char *p; - long len; - int tag, xclass; - int inf, i; - ASN1_OBJECT *ret = NULL; + uint8_t *data = NULL; + size_t data_len; + CBS cbs; + CBB cbb; + int ret = 0; - p = *pp; - inf = ASN1_get_object(&p, &len, &tag, &xclass, length); - if (inf & 0x80) { - i = ASN1_R_BAD_OBJECT_HEADER; + memset(&cbb, 0, sizeof(cbb)); + + if (in_len == -1) + in_len = strlen(in); + if (in_len <= 0) + goto err; + + CBS_init(&cbs, in, in_len); + + if (!CBB_init(&cbb, 0)) + goto err; + if (!a2c_ASN1_OBJECT_internal(&cbb, &cbs)) + goto err; + if (!CBB_finish(&cbb, &data, &data_len)) goto err; - } - if (tag != V_ASN1_OBJECT) { - i = ASN1_R_EXPECTING_AN_OBJECT; + if (data_len > INT_MAX) goto err; + + if (out != NULL) { + if (out_len <= 0 || (size_t)out_len < data_len) { + ASN1error(ASN1_R_BUFFER_TOO_SMALL); + goto err; + } + memcpy(out, data, data_len); + } + + ret = (int)data_len; + + err: + CBB_cleanup(&cbb); + free(data); + + return ret; +} + +static int +i2t_ASN1_OBJECT_oid(const ASN1_OBJECT *aobj, CBB *cbb) +{ + CBS cbs; + + CBS_init(&cbs, aobj->data, aobj->length); + + return c2a_ASN1_OBJECT(&cbs, cbb); +} + +static int +i2t_ASN1_OBJECT_name(const ASN1_OBJECT *aobj, CBB *cbb, const char **out_name) +{ + const char *name; + int nid; + + *out_name = NULL; + + if ((nid = OBJ_obj2nid(aobj)) == NID_undef) + return 0; + + if ((name = OBJ_nid2ln(nid)) == NULL) + name = OBJ_nid2sn(nid); + if (name == NULL) + return 0; + + *out_name = name; + + if (!CBB_add_bytes(cbb, name, strlen(name))) + return 0; + + /* NUL terminate. */ + if (!CBB_add_u8(cbb, 0)) + return 0; + + return 1; +} + +static int +i2t_ASN1_OBJECT_cbb(const ASN1_OBJECT *aobj, CBB *cbb, int no_name) +{ + const char *name; + + if (!no_name) { + if (i2t_ASN1_OBJECT_name(aobj, cbb, &name)) + return 1; + if (name != NULL) + return 0; } - ret = c2i_ASN1_OBJECT(a, &p, len); - if (ret) - *pp = p; + return i2t_ASN1_OBJECT_oid(aobj, cbb); +} + +int +i2t_ASN1_OBJECT_internal(const ASN1_OBJECT *aobj, char *buf, int buf_len, int no_name) +{ + uint8_t *data = NULL; + size_t data_len; + CBB cbb; + int ret = 0; + + if (buf_len < 0) + return 0; + if (buf_len > 0) + buf[0] = '\0'; + + if (!CBB_init(&cbb, 0)) + goto err; + if (!i2t_ASN1_OBJECT_cbb(aobj, &cbb, no_name)) + goto err; + if (!CBB_finish(&cbb, &data, &data_len)) + goto err; + + ret = strlcpy(buf, data, buf_len); + err: + CBB_cleanup(&cbb); + free(data); + return ret; +} -err: - ASN1error(i); - return (NULL); +int +i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *aobj) +{ + return i2t_ASN1_OBJECT_internal(aobj, buf, buf_len, 0); } ASN1_OBJECT * -c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len) +t2i_ASN1_OBJECT_internal(const char *oid) { - ASN1_OBJECT *ret; - const unsigned char *p; - unsigned char *data; - int i, length; + ASN1_OBJECT *aobj = NULL; + uint8_t *data = NULL; + size_t data_len; + CBB cbb; + CBS cbs; - /* - * Sanity check OID encoding: - * - need at least one content octet - * - MSB must be clear in the last octet - * - can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 - */ - if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || - p[len - 1] & 0x80) { - ASN1error(ASN1_R_INVALID_OBJECT_ENCODING); - return (NULL); + memset(&cbb, 0, sizeof(cbb)); + + CBS_init(&cbs, oid, strlen(oid)); + + if (!CBB_init(&cbb, 0)) + goto err; + if (!a2c_ASN1_OBJECT_internal(&cbb, &cbs)) + goto err; + if (!CBB_finish(&cbb, &data, &data_len)) + goto err; + + if (data_len > INT_MAX) + goto err; + + if ((aobj = ASN1_OBJECT_new()) == NULL) + goto err; + + aobj->data = data; + aobj->length = (int)data_len; + aobj->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA; + data = NULL; + + err: + CBB_cleanup(&cbb); + free(data); + + return aobj; +} + +int +i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *aobj) +{ + uint8_t *data = NULL; + size_t data_len; + CBB cbb; + int ret = -1; + + if (aobj == NULL || aobj->data == NULL) + return BIO_write(bp, "NULL", 4); + + if (!CBB_init(&cbb, 0)) + goto err; + if (!i2t_ASN1_OBJECT_cbb(aobj, &cbb, 0)) { + ret = BIO_write(bp, "", 9); + goto err; + } + if (!CBB_finish(&cbb, &data, &data_len)) + goto err; + + ret = BIO_write(bp, data, strlen(data)); + + err: + CBB_cleanup(&cbb); + free(data); + + return ret; +} + +int +c2i_ASN1_OBJECT_cbs(ASN1_OBJECT **out_aobj, CBS *content) +{ + ASN1_OBJECT *aobj = NULL; + uint8_t *data = NULL; + size_t data_len; + CBS cbs; + + if (out_aobj == NULL) + goto err; + + if (*out_aobj != NULL) { + ASN1_OBJECT_free(*out_aobj); + *out_aobj = NULL; } - /* Now 0 < len <= INT_MAX, so the cast is safe. */ - length = (int)len; - for (i = 0; i < length; i++, p++) { - if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { + /* Parse and validate OID encoding per X.690 8.19.2. */ + CBS_dup(content, &cbs); + if (CBS_len(&cbs) == 0) { + ASN1error(ASN1_R_INVALID_OBJECT_ENCODING); + goto err; + } + while (CBS_len(&cbs) > 0) { + if (!oid_parse_arc(&cbs, NULL)) { ASN1error(ASN1_R_INVALID_OBJECT_ENCODING); - return (NULL); + goto err; } } - if ((a == NULL) || ((*a) == NULL) || - !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) { - if ((ret = ASN1_OBJECT_new()) == NULL) - return (NULL); - } else - ret = *a; - - p = *pp; + if (!CBS_stow(content, &data, &data_len)) + goto err; - /* detach data from object */ - data = (unsigned char *)ret->data; - freezero(data, ret->length); + if (data_len > INT_MAX) + goto err; - data = malloc(length); - if (data == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); + if ((aobj = ASN1_OBJECT_new()) == NULL) goto err; - } - memcpy(data, p, length); + aobj->data = data; + aobj->length = (int)data_len; /* XXX - change length to size_t. */ + aobj->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA; - /* If there are dynamic strings, free them here, and clear the flag. */ - if ((ret->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) != 0) { - free((void *)ret->sn); - free((void *)ret->ln); - ret->flags &= ~ASN1_OBJECT_FLAG_DYNAMIC_STRINGS; - } + *out_aobj = aobj; - /* reattach data to object, after which it remains const */ - ret->data = data; - ret->length = length; - ret->sn = NULL; - ret->ln = NULL; - ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA; - p += length; + return 1; - if (a != NULL) - *a = ret; - *pp = p; - return (ret); + err: + ASN1_OBJECT_free(aobj); + free(data); -err: - if (a == NULL || ret != *a) - ASN1_OBJECT_free(ret); - return (NULL); + return 0; } ASN1_OBJECT * -ASN1_OBJECT_new(void) +c2i_ASN1_OBJECT(ASN1_OBJECT **out_aobj, const unsigned char **pp, long len) { - ASN1_OBJECT *ret; + ASN1_OBJECT *aobj = NULL; + CBS content; - ret = malloc(sizeof(ASN1_OBJECT)); - if (ret == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); - return (NULL); + if (out_aobj != NULL) { + ASN1_OBJECT_free(*out_aobj); + *out_aobj = NULL; } - ret->length = 0; - ret->data = NULL; - ret->nid = 0; - ret->sn = NULL; - ret->ln = NULL; - ret->flags = ASN1_OBJECT_FLAG_DYNAMIC; - return (ret); + + if (len < 0) { + ASN1error(ASN1_R_LENGTH_ERROR); + return NULL; + } + + CBS_init(&content, *pp, len); + + if (!c2i_ASN1_OBJECT_cbs(&aobj, &content)) + return NULL; + + *pp = CBS_data(&content); + + if (out_aobj != NULL) + *out_aobj = aobj; + + return aobj; } -void -ASN1_OBJECT_free(ASN1_OBJECT *a) +int +i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) { - if (a == NULL) - return; - if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) { - free((void *)a->sn); - free((void *)a->ln); - a->sn = a->ln = NULL; - } - if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) { - freezero((void *)a->data, a->length); - a->data = NULL; - a->length = 0; - } - if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC) - free(a); + unsigned char *p; + int objsize; + + if ((a == NULL) || (a->data == NULL)) + return (0); + + objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT); + if (pp == NULL) + return objsize; + + p = *pp; + ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); + memcpy(p, a->data, a->length); + p += a->length; + + *pp = p; + return (objsize); } ASN1_OBJECT * -ASN1_OBJECT_create(int nid, unsigned char *data, int len, - const char *sn, const char *ln) +d2i_ASN1_OBJECT(ASN1_OBJECT **out_aobj, const unsigned char **pp, long length) { - ASN1_OBJECT o; + ASN1_OBJECT *aobj = NULL; + uint32_t tag_number; + CBS cbs, content; - o.sn = sn; - o.ln = ln; - o.data = data; - o.nid = nid; - o.length = len; - o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | - ASN1_OBJECT_FLAG_DYNAMIC_DATA; - return (OBJ_dup(&o)); + if (out_aobj != NULL) { + ASN1_OBJECT_free(*out_aobj); + *out_aobj = NULL; + } + + if (length < 0) { + ASN1error(ASN1_R_LENGTH_ERROR); + return NULL; + } + + CBS_init(&cbs, *pp, length); + + if (!asn1_get_primitive(&cbs, 0, &tag_number, &content)) { + ASN1error(ASN1_R_BAD_OBJECT_HEADER); + return NULL; + } + if (tag_number != V_ASN1_OBJECT) { + ASN1error(ASN1_R_EXPECTING_AN_OBJECT); + return NULL; + } + + if (!c2i_ASN1_OBJECT_cbs(&aobj, &content)) + return NULL; + + *pp = CBS_data(&cbs); + + if (out_aobj != NULL) + *out_aobj = aobj; + + return aobj; } diff --git a/crypto/asn1/a_octet.c b/crypto/asn1/a_octet.c index d998675d..c1a25202 100644 --- a/crypto/asn1/a_octet.c +++ b/crypto/asn1/a_octet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_octet.c,v 1.10 2015/07/29 14:58:34 jsing Exp $ */ +/* $OpenBSD: a_octet.c,v 1.11 2021/12/25 08:52:44 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,6 +59,26 @@ #include #include +#include + +const ASN1_ITEM ASN1_OCTET_STRING_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_OCTET_STRING, + .sname = "ASN1_OCTET_STRING", +}; + +ASN1_OCTET_STRING * +ASN1_OCTET_STRING_new(void) +{ + return (ASN1_OCTET_STRING *)ASN1_item_new(&ASN1_OCTET_STRING_it); +} + +void +ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_OCTET_STRING_it); +} + ASN1_OCTET_STRING * ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x) @@ -77,3 +97,16 @@ ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len) { return ASN1_STRING_set(x, d, len); } + +int +i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_OCTET_STRING_it); +} + +ASN1_OCTET_STRING * +d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a, const unsigned char **in, long len) +{ + return (ASN1_OCTET_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_OCTET_STRING_it); +} diff --git a/crypto/asn1/a_pkey.c b/crypto/asn1/a_pkey.c new file mode 100644 index 00000000..3b8dea7d --- /dev/null +++ b/crypto/asn1/a_pkey.c @@ -0,0 +1,186 @@ +/* $OpenBSD: a_pkey.c,v 1.3 2021/12/25 13:17:48 jsing Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include + +#include + +#include +#include +#include +#include +#include +#include + +#ifndef OPENSSL_NO_ENGINE +#include +#endif + +#include "asn1_locl.h" +#include "evp_locl.h" + +EVP_PKEY * +d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) +{ + const unsigned char *p = *pp; + EVP_PKEY *ret; + + if ((a == NULL) || (*a == NULL)) { + if ((ret = EVP_PKEY_new()) == NULL) { + ASN1error(ERR_R_EVP_LIB); + return (NULL); + } + } else { + ret = *a; +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(ret->engine); + ret->engine = NULL; +#endif + } + + if (!EVP_PKEY_set_type(ret, type)) { + ASN1error(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); + goto err; + } + + if (!ret->ameth->old_priv_decode || + !ret->ameth->old_priv_decode(ret, pp, length)) { + if (ret->ameth->priv_decode) { + PKCS8_PRIV_KEY_INFO *p8 = NULL; + *pp = p; /* XXX */ + p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length); + if (!p8) + goto err; + EVP_PKEY_free(ret); + ret = EVP_PKCS82PKEY(p8); + PKCS8_PRIV_KEY_INFO_free(p8); + } else { + ASN1error(ERR_R_ASN1_LIB); + goto err; + } + } + if (a != NULL) + (*a) = ret; + return (ret); + + err: + if (a == NULL || *a != ret) + EVP_PKEY_free(ret); + return (NULL); +} + +int +i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) +{ + if (a->ameth && a->ameth->old_priv_encode) { + return a->ameth->old_priv_encode(a, pp); + } + if (a->ameth && a->ameth->priv_encode) { + PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a); + int ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp); + PKCS8_PRIV_KEY_INFO_free(p8); + return ret; + } + ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return (-1); +} + +/* This works like d2i_PrivateKey() except it automatically works out the type */ + +EVP_PKEY * +d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, long length) +{ + STACK_OF(ASN1_TYPE) *inkey; + const unsigned char *p; + int keytype; + + p = *pp; + /* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): + * by analyzing it we can determine the passed structure: this + * assumes the input is surrounded by an ASN1 SEQUENCE. + */ + inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length); + /* Since we only need to discern "traditional format" RSA and DSA + * keys we can just count the elements. + */ + if (sk_ASN1_TYPE_num(inkey) == 6) + keytype = EVP_PKEY_DSA; + else if (sk_ASN1_TYPE_num(inkey) == 4) + keytype = EVP_PKEY_EC; + else if (sk_ASN1_TYPE_num(inkey) == 3) { + /* This seems to be PKCS8, not traditional format */ + PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO( + NULL, pp, length); + EVP_PKEY *ret; + + sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); + if (!p8) { + ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return NULL; + } + ret = EVP_PKCS82PKEY(p8); + PKCS8_PRIV_KEY_INFO_free(p8); + if (a) { + *a = ret; + } + return ret; + } else + keytype = EVP_PKEY_RSA; + sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); + return d2i_PrivateKey(keytype, a, pp, length); +} diff --git a/crypto/asn1/a_pubkey.c b/crypto/asn1/a_pubkey.c new file mode 100644 index 00000000..f3bb5d81 --- /dev/null +++ b/crypto/asn1/a_pubkey.c @@ -0,0 +1,160 @@ +/* $OpenBSD: a_pubkey.c,v 1.3 2021/12/25 13:17:48 jsing Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include + +#include + +#include +#include +#include +#include +#include + +#ifndef OPENSSL_NO_DSA +#include +#endif +#ifndef OPENSSL_NO_EC +#include +#endif +#ifndef OPENSSL_NO_RSA +#include +#endif + +#include "evp_locl.h" + +EVP_PKEY * +d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) +{ + EVP_PKEY *ret; + + if ((a == NULL) || (*a == NULL)) { + if ((ret = EVP_PKEY_new()) == NULL) { + ASN1error(ERR_R_EVP_LIB); + return (NULL); + } + } else + ret = *a; + + if (!EVP_PKEY_set_type(ret, type)) { + ASN1error(ERR_R_EVP_LIB); + goto err; + } + + switch (EVP_PKEY_id(ret)) { +#ifndef OPENSSL_NO_RSA + case EVP_PKEY_RSA: + if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) == + NULL) { + ASN1error(ERR_R_ASN1_LIB); + goto err; + } + break; +#endif +#ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: + if (!d2i_DSAPublicKey(&(ret->pkey.dsa), pp, length)) { + ASN1error(ERR_R_ASN1_LIB); + goto err; + } + break; +#endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + if (!o2i_ECPublicKey(&(ret->pkey.ec), pp, length)) { + ASN1error(ERR_R_ASN1_LIB); + goto err; + } + break; +#endif + default: + ASN1error(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); + goto err; + /* break; */ + } + if (a != NULL) + (*a) = ret; + return (ret); + + err: + if (a == NULL || *a != ret) + EVP_PKEY_free(ret); + return (NULL); +} + +int +i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) +{ + switch (a->type) { +#ifndef OPENSSL_NO_RSA + case EVP_PKEY_RSA: + return (i2d_RSAPublicKey(a->pkey.rsa, pp)); +#endif +#ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: + return (i2d_DSAPublicKey(a->pkey.dsa, pp)); +#endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + return (i2o_ECPublicKey(a->pkey.ec, pp)); +#endif + default: + ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return (-1); + } +} diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 4e3deccf..848d1bff 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_strex.c,v 1.28 2018/05/19 10:46:28 tb Exp $ */ +/* $OpenBSD: a_strex.c,v 1.31 2021/12/25 12:11:57 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -322,22 +322,6 @@ do_dump(unsigned long lflags, char_io *io_ch, void *arg, const ASN1_STRING *str) return outlen + 1; } -/* Lookup table to convert tags to character widths, - * 0 = UTF8 encoded, -1 is used for non string types - * otherwise it is the number of bytes per character - */ - -static const signed char tag2nbyte[] = { - -1, -1, -1, -1, -1, /* 0-4 */ - -1, -1, -1, -1, -1, /* 5-9 */ - -1, -1, 0, -1, /* 10-13 */ - -1, -1, -1, -1, /* 15-17 */ - -1, 1, 1, /* 18-20 */ - -1, 1, 1, 1, /* 21-24 */ - -1, 1, -1, /* 25-27 */ - 4, -1, 2 /* 28-30 */ -}; - /* This is the main function, print out an * ASN1_STRING taking note of various escape * and display options. Returns number of @@ -371,19 +355,16 @@ do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, /* Decide what to do with type, either dump content or display it */ - /* Dump everything */ - if (lflags & ASN1_STRFLGS_DUMP_ALL) + if (lflags & ASN1_STRFLGS_DUMP_ALL) { + /* Dump everything. */ type = -1; - /* Ignore the string type */ - else if (lflags & ASN1_STRFLGS_IGNORE_TYPE) + } else if (lflags & ASN1_STRFLGS_IGNORE_TYPE) { + /* Ignore the string type. */ type = 1; - else { - /* Else determine width based on type */ - if ((type > 0) && (type < 31)) - type = tag2nbyte[type]; - else - type = -1; - if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) + } else { + /* Else determine width based on type. */ + type = asn1_tag2charwidth(type); + if (type == -1 && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1; } @@ -513,7 +494,7 @@ do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, int indent, else ent = X509_NAME_get_entry(n, i); if (prev != -1) { - if (prev == ent->set) { + if (prev == X509_NAME_ENTRY_set(ent)) { if (!io_ch(arg, sep_mv, sep_mv_len)) return -1; outlen += sep_mv_len; @@ -526,7 +507,7 @@ do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, int indent, outlen += indent; } } - prev = ent->set; + prev = X509_NAME_ENTRY_set(ent); fn = X509_NAME_ENTRY_get_object(ent); val = X509_NAME_ENTRY_get_data(ent); fn_nid = OBJ_obj2nid(fn); @@ -618,32 +599,3 @@ ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags) { return do_print_ex(send_fp_chars, fp, flags, str); } - -/* Utility function: convert any string type to UTF8, returns number of bytes - * in output string or a negative error code - */ - -int -ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in) -{ - ASN1_STRING stmp, *str = &stmp; - int mbflag, type, ret; - - if (!in) - return -1; - type = in->type; - if ((type < 0) || (type > 30)) - return -1; - mbflag = tag2nbyte[type]; - if (mbflag == -1) - return -1; - mbflag |= MBSTRING_FLAG; - stmp.data = NULL; - stmp.length = 0; - ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, - B_ASN1_UTF8STRING); - if (ret < 0) - return ret; - *out = stmp.data; - return stmp.length; -} diff --git a/crypto/asn1/a_string.c b/crypto/asn1/a_string.c new file mode 100644 index 00000000..ef36f50c --- /dev/null +++ b/crypto/asn1/a_string.c @@ -0,0 +1,437 @@ +/* $OpenBSD: a_string.c,v 1.11 2022/05/20 08:04:21 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include + +#include +#include + +#include "asn1_locl.h" + +ASN1_STRING * +ASN1_STRING_new(void) +{ + return ASN1_STRING_type_new(V_ASN1_OCTET_STRING); +} + +ASN1_STRING * +ASN1_STRING_type_new(int type) +{ + ASN1_STRING *astr; + + if ((astr = calloc(1, sizeof(ASN1_STRING))) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return NULL; + } + astr->type = type; + + return astr; +} + +static void +ASN1_STRING_clear(ASN1_STRING *astr) +{ + if (!(astr->flags & ASN1_STRING_FLAG_NDEF)) + freezero(astr->data, astr->length); + + astr->flags &= ~ASN1_STRING_FLAG_NDEF; + astr->data = NULL; + astr->length = 0; +} + +void +ASN1_STRING_free(ASN1_STRING *astr) +{ + if (astr == NULL) + return; + + ASN1_STRING_clear(astr); + + free(astr); +} + +int +ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) +{ + int cmp; + + if (a == NULL || b == NULL) + return -1; + if ((cmp = (a->length - b->length)) != 0) + return cmp; + if ((cmp = memcmp(a->data, b->data, a->length)) != 0) + return cmp; + + return (a->type - b->type); +} + +int +ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *src) +{ + if (src == NULL) + return 0; + + if (!ASN1_STRING_set(dst, src->data, src->length)) + return 0; + + dst->type = src->type; + dst->flags = src->flags & ~ASN1_STRING_FLAG_NDEF; + + return 1; +} + +ASN1_STRING * +ASN1_STRING_dup(const ASN1_STRING *src) +{ + ASN1_STRING *astr; + + if (src == NULL) + return NULL; + + if ((astr = ASN1_STRING_new()) == NULL) + return NULL; + if (!ASN1_STRING_copy(astr, src)) { + ASN1_STRING_free(astr); + return NULL; + } + return astr; +} + +int +ASN1_STRING_set(ASN1_STRING *astr, const void *_data, int len) +{ + const char *data = _data; + + if (len == -1) { + size_t slen; + + if (data == NULL) + return 0; + + if ((slen = strlen(data)) > INT_MAX) + return 0; + + len = (int)slen; + } + + ASN1_STRING_clear(astr); + + if (len < 0 || len >= INT_MAX) + return 0; + + if ((astr->data = calloc(1, len + 1)) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (0); + } + astr->length = len; + + if (data != NULL) { + memcpy(astr->data, data, len); + astr->data[len] = '\0'; + } + + return 1; +} + +void +ASN1_STRING_set0(ASN1_STRING *astr, void *data, int len) +{ + ASN1_STRING_clear(astr); + + astr->data = data; + astr->length = len; +} + +void +asn1_add_error(const unsigned char *address, int offset) +{ + ERR_asprintf_error_data("offset=%d", offset); +} + +int +ASN1_STRING_length(const ASN1_STRING *astr) +{ + return astr->length; +} + +void +ASN1_STRING_length_set(ASN1_STRING *astr, int len) +{ + /* This is dangerous and unfixable. */ + astr->length = len; +} + +int +ASN1_STRING_type(const ASN1_STRING *astr) +{ + return astr->type; +} + +unsigned char * +ASN1_STRING_data(ASN1_STRING *astr) +{ + return astr->data; +} + +const unsigned char * +ASN1_STRING_get0_data(const ASN1_STRING *astr) +{ + return astr->data; +} + +int +ASN1_STRING_print(BIO *bp, const ASN1_STRING *astr) +{ + int i, n; + char buf[80]; + const char *p; + + if (astr == NULL) + return 0; + + n = 0; + p = (const char *)astr->data; + for (i = 0; i < astr->length; i++) { + if ((p[i] > '~') || ((p[i] < ' ') && + (p[i] != '\n') && (p[i] != '\r'))) + buf[n] = '.'; + else + buf[n] = p[i]; + n++; + if (n >= 80) { + if (BIO_write(bp, buf, n) <= 0) + return 0; + n = 0; + } + } + if (n > 0) { + if (BIO_write(bp, buf, n) <= 0) + return 0; + } + + return 1; +} + +/* + * Utility function: convert any string type to UTF8, returns number of bytes + * in output string or a negative error code + */ +int +ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in) +{ + ASN1_STRING *astr = NULL; + int mbflag; + int ret = -1; + + /* + * XXX We can't fail on *out != NULL here since things like haproxy and + * grpc pass in a pointer to an uninitialized pointer on the stack. + */ + if (out == NULL) + goto err; + + if (in == NULL) + goto err; + + if ((mbflag = asn1_tag2charwidth(in->type)) == -1) + goto err; + + mbflag |= MBSTRING_FLAG; + + if ((ret = ASN1_mbstring_copy(&astr, in->data, in->length, mbflag, + B_ASN1_UTF8STRING)) < 0) + goto err; + + *out = astr->data; + ret = astr->length; + + astr->data = NULL; + astr->length = 0; + + err: + ASN1_STRING_free(astr); + + return ret; +} + +int +i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *astr, int type) +{ + int i, n = 0; + static const char h[] = "0123456789ABCDEF"; + char buf[2]; + + if (astr == NULL) + return 0; + + if (astr->length == 0) { + if (BIO_write(bp, "0", 1) != 1) + goto err; + n = 1; + } else { + for (i = 0; i < astr->length; i++) { + if ((i != 0) && (i % 35 == 0)) { + if (BIO_write(bp, "\\\n", 2) != 2) + goto err; + n += 2; + } + buf[0] = h[((unsigned char)astr->data[i] >> 4) & 0x0f]; + buf[1] = h[((unsigned char)astr->data[i]) & 0x0f]; + if (BIO_write(bp, buf, 2) != 2) + goto err; + n += 2; + } + } + return n; + + err: + return -1; +} + +int +a2i_ASN1_STRING(BIO *bp, ASN1_STRING *astr, char *buf, int size) +{ + int ret = 0; + int i, j, k, m, n, again, bufsize; + unsigned char *s = NULL, *sp; + unsigned char *bufp; + int first = 1; + size_t num = 0, slen = 0; + + bufsize = BIO_gets(bp, buf, size); + for (;;) { + if (bufsize < 1) { + if (first) + break; + else + goto err_sl; + } + first = 0; + + i = bufsize; + if (buf[i-1] == '\n') + buf[--i] = '\0'; + if (i == 0) + goto err_sl; + if (buf[i-1] == '\r') + buf[--i] = '\0'; + if (i == 0) + goto err_sl; + if (buf[i - 1] == '\\') { + i--; + again = 1; + } else + again = 0; + buf[i] = '\0'; + if (i < 2) + goto err_sl; + + bufp = (unsigned char *)buf; + + k = 0; + if (i % 2 != 0) { + ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS); + goto err; + } + i /= 2; + if (num + i > slen) { + sp = realloc(s, num + i); + if (sp == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + s = sp; + slen = num + i; + } + for (j = 0; j < i; j++, k += 2) { + for (n = 0; n < 2; n++) { + m = bufp[k + n]; + if ((m >= '0') && (m <= '9')) + m -= '0'; + else if ((m >= 'a') && (m <= 'f')) + m = m - 'a' + 10; + else if ((m >= 'A') && (m <= 'F')) + m = m - 'A' + 10; + else { + ASN1error(ASN1_R_NON_HEX_CHARACTERS); + goto err; + } + s[num + j] <<= 4; + s[num + j] |= m; + } + } + num += i; + if (again) + bufsize = BIO_gets(bp, buf, size); + else + break; + } + astr->length = num; + astr->data = s; + + return 1; + + err_sl: + ASN1error(ASN1_R_SHORT_LINE); + err: + free(s); + + return ret; +} diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 0585f705..034c4d72 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_strnid.c,v 1.21 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: a_strnid.c,v 1.25 2021/12/13 17:55:53 schwarze Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -56,8 +56,9 @@ * */ -#include -#include +#include +#include +#include #include #include @@ -65,12 +66,15 @@ #include static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; + +static ASN1_STRING_TABLE *stable_get(int nid); static void st_free(ASN1_STRING_TABLE *tbl); static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, const ASN1_STRING_TABLE * const *b); -/* This is the global mask for the mbstring functions: this is use to +/* + * This is the global mask for the mbstring functions: this is used to * mask out certain types (such as BMPString and UTF8String) because * certain software (e.g. Netscape) has problems with them. */ @@ -89,7 +93,8 @@ ASN1_STRING_get_default_mask(void) return global_mask; } -/* This function sets the default to various "flavours" of configuration. +/* + * This function sets the default to various "flavours" of configuration * based on an ASCII string. Currently this is: * MASK:XXXX : a numerical mask value. * nobmp : Don't use BMPStrings (just Printable, T61). @@ -103,20 +108,26 @@ ASN1_STRING_set_default_mask_asc(const char *p) { unsigned long mask; char *end; + int save_errno; - if (!strncmp(p, "MASK:", 5)) { - if (!p[5]) + if (strncmp(p, "MASK:", 5) == 0) { + if (p[5] == '\0') return 0; + save_errno = errno; + errno = 0; mask = strtoul(p + 5, &end, 0); - if (*end) + if (errno == ERANGE && mask == ULONG_MAX) + return 0; + errno = save_errno; + if (*end != '\0') return 0; - } else if (!strcmp(p, "nombstr")) + } else if (strcmp(p, "nombstr") == 0) mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)); - else if (!strcmp(p, "pkix")) + else if (strcmp(p, "pkix") == 0) mask = ~((unsigned long)B_ASN1_T61STRING); - else if (!strcmp(p, "utf8only")) + else if (strcmp(p, "utf8only") == 0) mask = B_ASN1_UTF8STRING; - else if (!strcmp(p, "default")) + else if (strcmp(p, "default") == 0) mask = 0xFFFFFFFFL; else return 0; @@ -124,7 +135,8 @@ ASN1_STRING_set_default_mask_asc(const char *p) return 1; } -/* The following function generates an ASN1_STRING based on limits in a table. +/* + * The following function generates an ASN1_STRING based on limits in a table. * Frequently the types and length of an ASN1_STRING are restricted by a * corresponding OID. For example certificates and certificate requests. */ @@ -137,12 +149,13 @@ ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, int inlen, ASN1_STRING *str = NULL; unsigned long mask; int ret; - if (!out) + + if (out == NULL) out = &str; tbl = ASN1_STRING_TABLE_get(nid); - if (tbl) { + if (tbl != NULL) { mask = tbl->mask; - if (!(tbl->flags & STABLE_NO_MASK)) + if ((tbl->flags & STABLE_NO_MASK) == 0) mask &= global_mask; ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, tbl->minsize, tbl->maxsize); @@ -154,7 +167,8 @@ ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, int inlen, return *out; } -/* Now the tables and helper functions for the string table: +/* + * Now the tables and helper functions for the string table: */ /* size limits: this stuff is taken straight from RFC3280 */ @@ -231,20 +245,59 @@ ASN1_STRING_TABLE * ASN1_STRING_TABLE_get(int nid) { int idx; - ASN1_STRING_TABLE *ttmp; ASN1_STRING_TABLE fnd; fnd.nid = nid; - ttmp = OBJ_bsearch_table(&fnd, tbl_standard, + if (stable != NULL) { + idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); + if (idx >= 0) + return sk_ASN1_STRING_TABLE_value(stable, idx); + } + return OBJ_bsearch_table(&fnd, tbl_standard, sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE)); - if (ttmp) - return ttmp; - if (!stable) +} + +/* + * Return a string table pointer which can be modified: either directly + * from table or a copy of an internal value added to the table. + */ + +static ASN1_STRING_TABLE * +stable_get(int nid) +{ + ASN1_STRING_TABLE *tmp, *rv; + + /* Always need a string table so allocate one if NULL */ + if (stable == NULL) { + stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); + if (stable == NULL) + return NULL; + } + tmp = ASN1_STRING_TABLE_get(nid); + if (tmp != NULL && (tmp->flags & STABLE_FLAGS_MALLOC) != 0) + return tmp; + + if ((rv = calloc(1, sizeof(*rv))) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); return NULL; - idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); - if (idx < 0) + } + if (!sk_ASN1_STRING_TABLE_push(stable, rv)) { + free(rv); return NULL; - return sk_ASN1_STRING_TABLE_value(stable, idx); + } + if (tmp != NULL) { + rv->nid = tmp->nid; + rv->minsize = tmp->minsize; + rv->maxsize = tmp->maxsize; + rv->mask = tmp->mask; + rv->flags = tmp->flags | STABLE_FLAGS_MALLOC; + } else { + rv->nid = nid; + rv->minsize = -1; + rv->maxsize = -1; + rv->flags = STABLE_FLAGS_MALLOC; + } + return rv; } int @@ -252,37 +305,20 @@ ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, unsigned long mask, unsigned long flags) { ASN1_STRING_TABLE *tmp; - char new_nid = 0; - flags &= ~STABLE_FLAGS_MALLOC; - if (!stable) - stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); - if (!stable) { + if ((tmp = stable_get(nid)) == NULL) { ASN1error(ERR_R_MALLOC_FAILURE); return 0; } - if (!(tmp = ASN1_STRING_TABLE_get(nid))) { - tmp = malloc(sizeof(ASN1_STRING_TABLE)); - if (!tmp) { - ASN1error(ERR_R_MALLOC_FAILURE); - return 0; - } - tmp->flags = flags | STABLE_FLAGS_MALLOC; - tmp->nid = nid; - new_nid = 1; - } else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags; - if (minsize != -1) + if (minsize >= 0) tmp->minsize = minsize; - if (maxsize != -1) + if (maxsize >= 0) tmp->maxsize = maxsize; - tmp->mask = mask; - if (new_nid) { - if (sk_ASN1_STRING_TABLE_push(stable, tmp) == 0) { - free(tmp); - ASN1error(ERR_R_MALLOC_FAILURE); - return 0; - } - } + if (mask != 0) + tmp->mask = mask; + if (flags != 0) + tmp->flags = flags | STABLE_FLAGS_MALLOC; + return 1; } @@ -292,7 +328,7 @@ ASN1_STRING_TABLE_cleanup(void) STACK_OF(ASN1_STRING_TABLE) *tmp; tmp = stable; - if (!tmp) + if (tmp == NULL) return; stable = NULL; sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 7a3742fd..03311e1b 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_time.c,v 1.27 2015/10/19 16:32:37 beck Exp $ */ +/* $OpenBSD: a_time.c,v 1.34 2022/06/27 13:54:57 beck Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -80,28 +80,54 @@ const ASN1_ITEM ASN1_TIME_it = { .sname = "ASN1_TIME", }; - ASN1_TIME * -d2i_ASN1_TIME(ASN1_TIME **a, const unsigned char **in, long len) +ASN1_TIME_new(void) { - return (ASN1_TIME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &ASN1_TIME_it); + return (ASN1_TIME *)ASN1_item_new(&ASN1_TIME_it); +} + +void +ASN1_TIME_free(ASN1_TIME *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_TIME_it); } int -i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **out) +ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm) { - return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_TIME_it); + time_t now; + + if (s != NULL) + return ASN1_time_parse(s->data, s->length, tm, 0) != -1; + + time(&now); + memset(tm, 0, sizeof(*tm)); + + return gmtime_r(&now, tm) != NULL; +} + +int +ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, const ASN1_TIME *to) +{ + struct tm tm_from, tm_to; + + if (!ASN1_TIME_to_tm(from, &tm_from)) + return 0; + if (!ASN1_TIME_to_tm(to, &tm_to)) + return 0; + + return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to); } ASN1_TIME * -ASN1_TIME_new(void) +d2i_ASN1_TIME(ASN1_TIME **a, const unsigned char **in, long len) { - return (ASN1_TIME *)ASN1_item_new(&ASN1_TIME_it); + return (ASN1_TIME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_TIME_it); } -void -ASN1_TIME_free(ASN1_TIME *a) +int +i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **out) { - ASN1_item_free((ASN1_VALUE *)a, &ASN1_TIME_it); + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_TIME_it); } diff --git a/crypto/asn1/a_time_tm.c b/crypto/asn1/a_time_tm.c index db938250..cb677ae9 100644 --- a/crypto/asn1/a_time_tm.c +++ b/crypto/asn1/a_time_tm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_time_tm.c,v 1.18 2021/08/28 08:22:48 tb Exp $ */ +/* $OpenBSD: a_time_tm.c,v 1.24 2022/07/04 14:39:43 tb Exp $ */ /* * Copyright (c) 2015 Bob Beck * @@ -14,6 +14,7 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + #include #include #include @@ -23,6 +24,7 @@ #include #include +#include "bytestring.h" #include "o_time.h" #define RFC5280 0 @@ -75,59 +77,232 @@ ASN1_time_tm_clamp_notafter(struct tm *tm) return 1; } -/* Format a time as an RFC 5280 format Generalized time */ -char * -gentime_string_from_tm(struct tm *tm) +/* Convert time to GeneralizedTime, X.690, 11.7. */ +ASN1_TIME * +tm_to_gentime(struct tm *tm, ASN1_TIME *atime) { - char *ret = NULL; + char *time_str = NULL; int year; year = tm->tm_year + 1900; - if (year < 0 || year > 9999) - return (NULL); + if (year < 0 || year > 9999) { + ASN1error(ASN1_R_ILLEGAL_TIME_VALUE); + goto err; + } - if (asprintf(&ret, "%04u%02u%02u%02u%02u%02uZ", year, + if (asprintf(&time_str, "%04u%02u%02u%02u%02u%02uZ", year, tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min, - tm->tm_sec) == -1) - ret = NULL; + tm->tm_sec) == -1) { + time_str = NULL; + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + + if (atime == NULL) + atime = ASN1_TIME_new(); + if (atime == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + + free(atime->data); + atime->data = time_str; + atime->length = GENTIME_LENGTH; + atime->type = V_ASN1_GENERALIZEDTIME; - return (ret); + return (atime); + + err: + free(time_str); + + return (NULL); } -/* Format a time as an RFC 5280 format UTC time */ -char * -utctime_string_from_tm(struct tm *tm) +/* Convert time to UTCTime, X.690, 11.8. */ +ASN1_TIME * +tm_to_utctime(struct tm *tm, ASN1_TIME *atime) { - char *ret = NULL; + char *time_str = NULL; - if (tm->tm_year >= 150 || tm->tm_year < 50) - return (NULL); + if (tm->tm_year >= 150 || tm->tm_year < 50) { + ASN1error(ASN1_R_ILLEGAL_TIME_VALUE); + goto err; + } - if (asprintf(&ret, "%02u%02u%02u%02u%02u%02uZ", + if (asprintf(&time_str, "%02u%02u%02u%02u%02u%02uZ", tm->tm_year % 100, tm->tm_mon + 1, tm->tm_mday, - tm->tm_hour, tm->tm_min, tm->tm_sec) == -1) - ret = NULL; + tm->tm_hour, tm->tm_min, tm->tm_sec) == -1) { + time_str = NULL; + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + + if (atime == NULL) + atime = ASN1_TIME_new(); + if (atime == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } - return (ret); + free(atime->data); + atime->data = time_str; + atime->length = UTCTIME_LENGTH; + atime->type = V_ASN1_UTCTIME; + + return (atime); + + err: + free(time_str); + + return (NULL); } -/* Format a time correctly for an X509 object as per RFC 5280 */ -char * -rfc5280_string_from_tm(struct tm *tm) +ASN1_TIME * +tm_to_rfc5280_time(struct tm *tm, ASN1_TIME *atime) { - char *ret = NULL; int year; year = tm->tm_year + 1900; - if (year < 1950 || year > 9999) + if (year < 1950 || year > 9999) { + ASN1error(ASN1_R_ILLEGAL_TIME_VALUE); return (NULL); + } if (year < 2050) - ret = utctime_string_from_tm(tm); - else - ret = gentime_string_from_tm(tm); + return (tm_to_utctime(tm, atime)); - return (ret); + return (tm_to_gentime(tm, atime)); +} + + +static int +cbs_get_two_digit_value(CBS *cbs, int *out) +{ + uint8_t first_digit, second_digit; + + if (!CBS_get_u8(cbs, &first_digit)) + return 0; + if (!isdigit(first_digit)) + return 0; + if (!CBS_get_u8(cbs, &second_digit)) + return 0; + if (!isdigit(second_digit)) + return 0; + + *out = (first_digit - '0') * 10 + (second_digit - '0'); + + return 1; +} + +static int +is_valid_day(int year, int month, int day) +{ + if (day < 1) + return 0; + switch (month) { + case 1: + case 3: + case 5: + case 7: + case 8: + case 10: + case 12: + return day <= 31; + case 4: + case 6: + case 9: + case 11: + return day <= 30; + case 2: + if ((year % 4 == 0 && year % 100 != 0) || year % 400 == 0) + return day <= 29; + else + return day <= 28; + default: + return 0; + } +} + +/* + * asn1_time_parse_cbs returns one if |cbs| is a valid DER-encoded, ASN.1 Time + * body within the limitations imposed by RFC 5280, or zero otherwise. The time + * is expected to parse as a Generalized Time if is_gentime is true, and as a + * UTC Time otherwise. If |out_tm| is non-NULL, |*out_tm| will be zeroed, and + * then set to the corresponding time in UTC. This function does not compute + * |out_tm->tm_wday| or |out_tm->tm_yday|. |cbs| is not consumed. + */ +int +asn1_time_parse_cbs(const CBS *cbs, int is_gentime, struct tm *out_tm) +{ + int year, month, day, hour, min, sec, val; + CBS copy; + uint8_t tz; + + CBS_dup(cbs, ©); + + if (is_gentime) { + if (!cbs_get_two_digit_value(©, &val)) + return 0; + year = val * 100; + if (!cbs_get_two_digit_value(©, &val)) + return 0; + year += val; + } else { + year = 1900; + if (!cbs_get_two_digit_value(©, &val)) + return 0; + year += val; + if (year < 1950) + year += 100; + if (year >= 2050) + return 0; /* A Generalized time must be used. */ + } + + if (!cbs_get_two_digit_value(©, &month)) + return 0; + if (month < 1 || month > 12) + return 0; /* Reject invalid months. */ + + if (!cbs_get_two_digit_value(©, &day)) + return 0; + if (!is_valid_day(year, month, day)) + return 0; /* Reject invalid days. */ + + if (!cbs_get_two_digit_value(©, &hour)) + return 0; + if (hour > 23) + return 0; /* Reject invalid hours. */ + + if (!cbs_get_two_digit_value(©, &min)) + return 0; + if (min > 59) + return 0; /* Reject invalid minutes. */ + + if (!cbs_get_two_digit_value(©, &sec)) + return 0; + if (sec > 59) + return 0; /* Reject invalid seconds. Leap seconds are invalid. */ + + if (!CBS_get_u8(©, &tz)) + return 0; + if (tz != 'Z') + return 0; /* Reject anything but Z on the end. */ + + if (CBS_len(©) != 0) + return 0; /* Reject invalid lengths. */ + + if (out_tm != NULL) { + memset(out_tm, 0, sizeof(*out_tm)); + /* Fill in the tm fields corresponding to what we validated. */ + out_tm->tm_year = year - 1900; + out_tm->tm_mon = month - 1; + out_tm->tm_mday = day; + out_tm->tm_hour = hour; + out_tm->tm_min = min; + out_tm->tm_sec = sec; + } + + return 1; } /* @@ -145,83 +320,29 @@ rfc5280_string_from_tm(struct tm *tm) * * Fills in *tm with the corresponding time if tm is non NULL. */ -#define ATOI2(ar) ((ar) += 2, ((ar)[-2] - '0') * 10 + ((ar)[-1] - '0')) int ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode) { - size_t i; + struct tm tml, *tmp = tm ? tm : &tml; int type = 0; - struct tm ltm; - struct tm *lt; - const char *p; + CBS cbs; if (bytes == NULL) return (-1); - /* Constrain to valid lengths. */ - if (len != UTCTIME_LENGTH && len != GENTIME_LENGTH) - return (-1); - - lt = tm; - if (lt == NULL) - lt = <m; - memset(lt, 0, sizeof(*lt)); - - /* Timezone is required and must be GMT (Zulu). */ - if (bytes[len - 1] != 'Z') - return (-1); - - /* Make sure everything else is digits. */ - for (i = 0; i < len - 1; i++) { - if (isdigit((unsigned char)bytes[i])) - continue; - return (-1); - } + CBS_init(&cbs, bytes, len); - /* - * Validate and convert the time - */ - p = bytes; - switch (len) { - case GENTIME_LENGTH: - if (mode == V_ASN1_UTCTIME) - return (-1); - lt->tm_year = (ATOI2(p) * 100) - 1900; /* cc */ + if (CBS_len(&cbs) == UTCTIME_LENGTH) + type = V_ASN1_UTCTIME; + if (CBS_len(&cbs) == GENTIME_LENGTH) type = V_ASN1_GENERALIZEDTIME; - /* FALLTHROUGH */ - case UTCTIME_LENGTH: - if (type == 0) { - if (mode == V_ASN1_GENERALIZEDTIME) - return (-1); - type = V_ASN1_UTCTIME; - } - lt->tm_year += ATOI2(p); /* yy */ - if (type == V_ASN1_UTCTIME) { - if (lt->tm_year < 50) - lt->tm_year += 100; - } - lt->tm_mon = ATOI2(p) - 1; /* mm */ - if (lt->tm_mon < 0 || lt->tm_mon > 11) - return (-1); - lt->tm_mday = ATOI2(p); /* dd */ - if (lt->tm_mday < 1 || lt->tm_mday > 31) - return (-1); - lt->tm_hour = ATOI2(p); /* HH */ - if (lt->tm_hour < 0 || lt->tm_hour > 23) - return (-1); - lt->tm_min = ATOI2(p); /* MM */ - if (lt->tm_min < 0 || lt->tm_min > 59) - return (-1); - lt->tm_sec = ATOI2(p); /* SS */ - /* Leap second 60 is not accepted. Reconsider later? */ - if (lt->tm_sec < 0 || lt->tm_sec > 59) - return (-1); - break; - default: - return (-1); + if (asn1_time_parse_cbs(&cbs, type == V_ASN1_GENERALIZEDTIME, tmp)) { + if (mode != 0 && mode != type) + return -1; + return type; } - return (type); + return -1; } /* @@ -256,61 +377,26 @@ static ASN1_TIME * ASN1_TIME_adj_internal(ASN1_TIME *s, time_t t, int offset_day, long offset_sec, int mode) { - int allocated = 0; struct tm tm; - size_t len; - char * p; if (gmtime_r(&t, &tm) == NULL) return (NULL); - if (offset_day || offset_sec) { + if (offset_day != 0 || offset_sec != 0) { if (!OPENSSL_gmtime_adj(&tm, offset_day, offset_sec)) return (NULL); } switch (mode) { case V_ASN1_UTCTIME: - p = utctime_string_from_tm(&tm); - break; + return (tm_to_utctime(&tm, s)); case V_ASN1_GENERALIZEDTIME: - p = gentime_string_from_tm(&tm); - break; + return (tm_to_gentime(&tm, s)); case RFC5280: - p = rfc5280_string_from_tm(&tm); - break; - default: - return (NULL); - } - if (p == NULL) { - ASN1error(ASN1_R_ILLEGAL_TIME_VALUE); - return (NULL); - } - - if (s == NULL) { - if ((s = ASN1_TIME_new()) == NULL) - return (NULL); - allocated = 1; - } - - len = strlen(p); - switch (len) { - case GENTIME_LENGTH: - s->type = V_ASN1_GENERALIZEDTIME; - break; - case UTCTIME_LENGTH: - s->type = V_ASN1_UTCTIME; - break; + return (tm_to_rfc5280_time(&tm, s)); default: - if (allocated) - ASN1_TIME_free(s); - free(p); return (NULL); } - free(s->data); - s->data = p; - s->length = len; - return (s); } ASN1_TIME * @@ -346,31 +432,23 @@ ASN1_TIME_check(const ASN1_TIME *t) ASN1_GENERALIZEDTIME * ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) { - ASN1_GENERALIZEDTIME *tmp = NULL; + ASN1_GENERALIZEDTIME *agt = NULL; struct tm tm; - char *str; if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME) return (NULL); if (t->type != ASN1_time_parse(t->data, t->length, &tm, t->type)) return (NULL); - if ((str = gentime_string_from_tm(&tm)) == NULL) - return (NULL); if (out != NULL) - tmp = *out; - if (tmp == NULL && (tmp = ASN1_GENERALIZEDTIME_new()) == NULL) { - free(str); + agt = *out; + if ((agt = tm_to_gentime(&tm, agt)) == NULL) return (NULL); - } if (out != NULL) - *out = tmp; + *out = agt; - free(tmp->data); - tmp->data = str; - tmp->length = strlen(str); - return (tmp); + return (agt); } int @@ -379,6 +457,61 @@ ASN1_TIME_set_string(ASN1_TIME *s, const char *str) return (ASN1_TIME_set_string_internal(s, str, 0)); } +static int +ASN1_TIME_cmp_time_t_internal(const ASN1_TIME *s, time_t t2, int mode) +{ + struct tm tm1, tm2; + + /* + * This function has never handled failure conditions properly + * The OpenSSL version used to simply follow NULL pointers on failure. + * BoringSSL and OpenSSL now make it return -2 on failure. + * + * The danger is that users of this function will not differentiate the + * -2 failure case from s < t2. Callers must be careful. Sadly this is + * one of those pervasive things from OpenSSL we must continue with. + */ + + if (ASN1_time_parse(s->data, s->length, &tm1, mode) == -1) + return -2; + + if (gmtime_r(&t2, &tm2) == NULL) + return -2; + + return ASN1_time_tm_cmp(&tm1, &tm2); +} + +int +ASN1_TIME_compare(const ASN1_TIME *t1, const ASN1_TIME *t2) +{ + struct tm tm1, tm2; + + if (t1->type != V_ASN1_UTCTIME && t1->type != V_ASN1_GENERALIZEDTIME) + return -2; + + if (t2->type != V_ASN1_UTCTIME && t2->type != V_ASN1_GENERALIZEDTIME) + return -2; + + if (ASN1_time_parse(t1->data, t1->length, &tm1, t1->type) == -1) + return -2; + + if (ASN1_time_parse(t1->data, t2->length, &tm2, t2->type) == -1) + return -2; + + return ASN1_time_tm_cmp(&tm1, &tm2); +} + +int +ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t) +{ + if (s->type == V_ASN1_UTCTIME) + return ASN1_TIME_cmp_time_t_internal(s, t, V_ASN1_UTCTIME); + if (s->type == V_ASN1_GENERALIZEDTIME) + return ASN1_TIME_cmp_time_t_internal(s, t, + V_ASN1_GENERALIZEDTIME); + return -2; +} + /* * ASN1_UTCTIME wrappers */ @@ -413,26 +546,11 @@ ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec) } int -ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t2) +ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) { - struct tm tm1, tm2; - - /* - * This function has never handled failure conditions properly - * and should be deprecated. The OpenSSL version used to - * simply follow NULL pointers on failure. BoringSSL and - * OpenSSL now make it return -2 on failure. - * - * The danger is that users of this function will not - * differentiate the -2 failure case from t1 < t2. - */ - if (ASN1_time_parse(s->data, s->length, &tm1, V_ASN1_UTCTIME) == -1) - return (-2); /* XXX */ - - if (gmtime_r(&t2, &tm2) == NULL) - return (-2); /* XXX */ - - return ASN1_time_tm_cmp(&tm1, &tm2); + if (s->type == V_ASN1_UTCTIME) + return ASN1_TIME_cmp_time_t_internal(s, t, V_ASN1_UTCTIME); + return -2; } /* @@ -468,3 +586,19 @@ ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day, return (ASN1_TIME_adj_internal(s, t, offset_day, offset_sec, V_ASN1_GENERALIZEDTIME)); } + +int +ASN1_TIME_normalize(ASN1_TIME *t) +{ + struct tm tm; + + if (!ASN1_TIME_to_tm(t, &tm)) + return 0; + return tm_to_rfc5280_time(&tm, t) != NULL; +} + +int +ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str) +{ + return ASN1_TIME_set_string_internal(s, str, RFC5280); +} diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index a18ffe66..61609c38 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_type.c,v 1.21 2019/10/24 16:36:10 jsing Exp $ */ +/* $OpenBSD: a_type.c,v 1.23 2021/12/25 12:19:16 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,11 +56,51 @@ * [including the GNU Public Licence.] */ -#include +#include #include +#include #include +typedef struct { + ASN1_INTEGER *num; + ASN1_OCTET_STRING *value; +} ASN1_int_octetstring; + +static const ASN1_TEMPLATE ASN1_INT_OCTETSTRING_seq_tt[] = { + { + .offset = offsetof(ASN1_int_octetstring, num), + .field_name = "num", + .item = &ASN1_INTEGER_it, + }, + { + .offset = offsetof(ASN1_int_octetstring, value), + .field_name = "value", + .item = &ASN1_OCTET_STRING_it, + }, +}; + +const ASN1_ITEM ASN1_INT_OCTETSTRING_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = ASN1_INT_OCTETSTRING_seq_tt, + .tcount = sizeof(ASN1_INT_OCTETSTRING_seq_tt) / sizeof(ASN1_TEMPLATE), + .size = sizeof(ASN1_int_octetstring), + .sname = "ASN1_INT_OCTETSTRING", +}; + +ASN1_TYPE * +ASN1_TYPE_new(void) +{ + return (ASN1_TYPE *)ASN1_item_new(&ASN1_ANY_it); +} + +void +ASN1_TYPE_free(ASN1_TYPE *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_ANY_it); +} + int ASN1_TYPE_get(const ASN1_TYPE *a) { @@ -155,6 +195,108 @@ ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) return result; } +int +ASN1_TYPE_set_octetstring(ASN1_TYPE *a, const unsigned char *data, int len) +{ + ASN1_STRING *os; + + if ((os = ASN1_OCTET_STRING_new()) == NULL) + return (0); + if (!ASN1_STRING_set(os, data, len)) { + ASN1_OCTET_STRING_free(os); + return (0); + } + ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os); + return (1); +} + +int +ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len) +{ + int ret, num; + unsigned char *p; + + if ((a->type != V_ASN1_OCTET_STRING) || + (a->value.octet_string == NULL)) { + ASN1error(ASN1_R_DATA_IS_WRONG); + return (-1); + } + p = ASN1_STRING_data(a->value.octet_string); + ret = ASN1_STRING_length(a->value.octet_string); + if (ret < max_len) + num = ret; + else + num = max_len; + memcpy(data, p, num); + return (ret); +} + +int +ASN1_TYPE_set_int_octetstring(ASN1_TYPE *at, long num, const unsigned char *data, + int len) +{ + ASN1_int_octetstring *ios; + ASN1_STRING *sp = NULL; + int ret = 0; + + if ((ios = (ASN1_int_octetstring *)ASN1_item_new( + &ASN1_INT_OCTETSTRING_it)) == NULL) + goto err; + if (!ASN1_INTEGER_set(ios->num, num)) + goto err; + if (!ASN1_OCTET_STRING_set(ios->value, data, len)) + goto err; + + if ((sp = ASN1_item_pack(ios, &ASN1_INT_OCTETSTRING_it, NULL)) == NULL) + goto err; + + ASN1_TYPE_set(at, V_ASN1_SEQUENCE, sp); + sp = NULL; + + ret = 1; + + err: + ASN1_item_free((ASN1_VALUE *)ios, &ASN1_INT_OCTETSTRING_it); + ASN1_STRING_free(sp); + + return ret; +} + +int +ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *at, long *num, unsigned char *data, + int max_len) +{ + ASN1_STRING *sp = at->value.sequence; + ASN1_int_octetstring *ios = NULL; + int ret = -1; + int len; + + if (at->type != V_ASN1_SEQUENCE || sp == NULL) + goto err; + + if ((ios = ASN1_item_unpack(sp, &ASN1_INT_OCTETSTRING_it)) == NULL) + goto err; + + if (num != NULL) + *num = ASN1_INTEGER_get(ios->num); + if (data != NULL) { + len = ASN1_STRING_length(ios->value); + if (len > max_len) + len = max_len; + memcpy(data, ASN1_STRING_data(ios->value), len); + } + + ret = ASN1_STRING_length(ios->value); + + err: + ASN1_item_free((ASN1_VALUE *)ios, &ASN1_INT_OCTETSTRING_it); + + if (ret == -1) + ASN1error(ASN1_R_DATA_IS_WRONG); + + return ret; +} + ASN1_TYPE * ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t) { @@ -185,3 +327,16 @@ ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t) return NULL; return ASN1_item_unpack(t->value.sequence, it); } + +int +i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_ANY_it); +} + +ASN1_TYPE * +d2i_ASN1_TYPE(ASN1_TYPE **a, const unsigned char **in, long len) +{ + return (ASN1_TYPE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_ANY_it); +} diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 8be82060..313440e0 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ameth_lib.c,v 1.21 2019/11/02 16:06:25 inoguchi Exp $ */ +/* $OpenBSD: ameth_lib.c,v 1.26 2022/06/27 12:36:05 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -69,6 +69,7 @@ #endif #include "asn1_locl.h" +#include "evp_locl.h" extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[]; extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth; @@ -340,34 +341,21 @@ EVP_PKEY_asn1_new(int id, int flags, const char *pem_str, const char *info) void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, const EVP_PKEY_ASN1_METHOD *src) { - dst->pub_decode = src->pub_decode; - dst->pub_encode = src->pub_encode; - dst->pub_cmp = src->pub_cmp; - dst->pub_print = src->pub_print; - - dst->priv_decode = src->priv_decode; - dst->priv_encode = src->priv_encode; - dst->priv_print = src->priv_print; - - dst->old_priv_encode = src->old_priv_encode; - dst->old_priv_decode = src->old_priv_decode; - - dst->pkey_size = src->pkey_size; - dst->pkey_bits = src->pkey_bits; - - dst->param_decode = src->param_decode; - dst->param_encode = src->param_encode; - dst->param_missing = src->param_missing; - dst->param_copy = src->param_copy; - dst->param_cmp = src->param_cmp; - dst->param_print = src->param_print; - dst->sig_print = src->sig_print; - - dst->pkey_free = src->pkey_free; - dst->pkey_ctrl = src->pkey_ctrl; - - dst->item_sign = src->item_sign; - dst->item_verify = src->item_verify; + EVP_PKEY_ASN1_METHOD preserve; + + preserve.pkey_id = dst->pkey_id; + preserve.pkey_base_id = dst->pkey_base_id; + preserve.pkey_flags = dst->pkey_flags; + preserve.pem_str = dst->pem_str; + preserve.info = dst->info; + + *dst = *src; + + dst->pkey_id = preserve.pkey_id; + dst->pkey_base_id = preserve.pkey_base_id; + dst->pkey_flags = preserve.pkey_flags; + dst->pem_str = preserve.pem_str; + dst->info = preserve.info; } void @@ -441,3 +429,31 @@ EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, { ameth->pkey_ctrl = pkey_ctrl; } + +void +EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_security_bits)(const EVP_PKEY *pkey)) +{ + ameth->pkey_security_bits = pkey_security_bits; +} + +void +EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_check)(const EVP_PKEY *pk)) +{ + ameth->pkey_check = pkey_check; +} + +void +EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_public_check)(const EVP_PKEY *pk)) +{ + ameth->pkey_public_check = pkey_public_check; +} + +void +EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_param_check)(const EVP_PKEY *pk)) +{ + ameth->pkey_param_check = pkey_param_check; +} diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index e2c56deb..f67fa713 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_err.c,v 1.22 2020/12/08 15:06:42 tb Exp $ */ +/* $OpenBSD: asn1_err.c,v 1.25 2022/08/29 06:48:58 jsing Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0) @@ -118,6 +112,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { {ERR_REASON(ASN1_R_ILLEGAL_HEX) , "illegal hex"}, {ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG) , "illegal implicit tag"}, {ERR_REASON(ASN1_R_ILLEGAL_INTEGER) , "illegal integer"}, + {ERR_REASON(ASN1_R_ILLEGAL_NEGATIVE_VALUE), "illegal negative value"}, {ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING), "illegal nested tagging"}, {ERR_REASON(ASN1_R_ILLEGAL_NULL) , "illegal null"}, {ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE) , "illegal null value"}, @@ -177,8 +172,11 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH) , "tag value too high"}, {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), "the asn1 object identifier is not known for this md"}, {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"}, + {ERR_REASON(ASN1_R_TOO_LARGE) , "too large"}, {ERR_REASON(ASN1_R_TOO_LONG) , "too long"}, + {ERR_REASON(ASN1_R_TOO_SMALL) , "too small"}, {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) , "type not constructed"}, + {ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE) , "type not primitive"}, {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY), "unable to decode rsa key"}, {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY), "unable to decode rsa private key"}, {ERR_REASON(ASN1_R_UNEXPECTED_EOC) , "unexpected eoc"}, @@ -195,12 +193,12 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM), "unsupported encryption algorithm"}, {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE), "unsupported public key type"}, {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE) , "unsupported type"}, + {ERR_REASON(ASN1_R_WRONG_INTEGER_TYPE) , "wrong integer type"}, {ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"}, {ERR_REASON(ASN1_R_WRONG_TAG) , "wrong tag"}, {ERR_REASON(ASN1_R_WRONG_TYPE) , "wrong type"}, {0, NULL} }; - #endif void diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index ad7802cb..a37091ce 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_gen.c,v 1.17 2018/04/25 11:48:21 tb Exp $ */ +/* $OpenBSD: asn1_gen.c,v 1.19 2022/05/24 19:56:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2002. */ @@ -62,6 +62,8 @@ #include #include +#include "asn1_locl.h" + #define ASN1_GEN_FLAG 0x10000 #define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) #define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2) @@ -258,7 +260,7 @@ ASN1_generate_v3(const char *str, X509V3_CTX *cnf) /* Obtain new ASN1_TYPE structure */ ret = d2i_ASN1_TYPE(NULL, &cp, len); -err: + err: free(orig_der); free(new_der); @@ -478,7 +480,7 @@ asn1_multi(int utype, const char *section, X509V3_CTX *cnf) der = NULL; -bad: + bad: free(der); if (sk) sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); @@ -754,10 +756,9 @@ asn1_str2type(const char *str, int format, int utype) } if ((utype == V_ASN1_BIT_STRING) && no_unused) { - atmp->value.asn1_string->flags &= - ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - atmp->value.asn1_string->flags |= - ASN1_STRING_FLAG_BITS_LEFT; + if (!asn1_abs_set_unused_bits(atmp->value.asn1_string, + 0)) + goto bad_str; } break; @@ -771,9 +772,9 @@ asn1_str2type(const char *str, int format, int utype) atmp->type = utype; return atmp; -bad_str: + bad_str: ERR_asprintf_error_data("string=%s", str); -bad_form: + bad_form: ASN1_TYPE_free(atmp); return NULL; } diff --git a/crypto/asn1/asn1_item.c b/crypto/asn1/asn1_item.c new file mode 100644 index 00000000..f133f9b4 --- /dev/null +++ b/crypto/asn1/asn1_item.c @@ -0,0 +1,652 @@ +/* $OpenBSD: asn1_item.c,v 1.5 2022/05/24 20:20:19 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include +#include +#include +#include + +#include "asn1_locl.h" +#include "evp_locl.h" + +/* + * ASN1_ITEM version of dup: this follows the model above except we don't need + * to allocate the buffer. At some point this could be rewritten to directly dup + * the underlying structure instead of doing and encode and decode. + */ + +int +ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, + unsigned char *md, unsigned int *len) +{ + int i; + unsigned char *str = NULL; + + i = ASN1_item_i2d(asn, &str, it); + if (!str) + return (0); + + if (!EVP_Digest(str, i, md, len, type, NULL)) { + free(str); + return (0); + } + + free(str); + return (1); +} + +void * +ASN1_item_dup(const ASN1_ITEM *it, void *x) +{ + unsigned char *b = NULL; + const unsigned char *p; + long i; + void *ret; + + if (x == NULL) + return (NULL); + + i = ASN1_item_i2d(x, &b, it); + if (b == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (NULL); + } + p = b; + ret = ASN1_item_d2i(NULL, &p, i, it); + free(b); + return (ret); +} + +/* Pack an ASN1 object into an ASN1_STRING. */ +ASN1_STRING * +ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) +{ + ASN1_STRING *octmp; + + if (!oct || !*oct) { + if (!(octmp = ASN1_STRING_new ())) { + ASN1error(ERR_R_MALLOC_FAILURE); + return NULL; + } + } else + octmp = *oct; + + free(octmp->data); + octmp->data = NULL; + + if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) { + ASN1error(ASN1_R_ENCODE_ERROR); + goto err; + } + if (!octmp->data) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + if (oct) + *oct = octmp; + return octmp; + err: + if (!oct || octmp != *oct) + ASN1_STRING_free(octmp); + return NULL; +} + +/* Extract an ASN1 object from an ASN1_STRING. */ +void * +ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it) +{ + const unsigned char *p; + void *ret; + + p = oct->data; + if (!(ret = ASN1_item_d2i(NULL, &p, oct->length, it))) + ASN1error(ASN1_R_DECODE_ERROR); + return ret; +} + +int +ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, const EVP_MD *type) +{ + EVP_MD_CTX ctx; + EVP_MD_CTX_init(&ctx); + if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) { + EVP_MD_CTX_cleanup(&ctx); + return 0; + } + return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); +} + +int +ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx) +{ + const EVP_MD *type; + EVP_PKEY *pkey; + unsigned char *buf_in = NULL, *buf_out = NULL; + size_t buf_out_len = 0; + int in_len = 0, out_len = 0; + int signid, paramtype; + int rv = 2; + int ret = 0; + + type = EVP_MD_CTX_md(ctx); + pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); + + if (!type || !pkey) { + ASN1error(ASN1_R_CONTEXT_NOT_INITIALISED); + return 0; + } + + if (pkey->ameth->item_sign) { + rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, + signature); + if (rv == 1) + out_len = signature->length; + /* Return value meanings: + * <=0: error. + * 1: method does everything. + * 2: carry on as normal. + * 3: ASN1 method sets algorithm identifiers: just sign. + */ + if (rv <= 0) + ASN1error(ERR_R_EVP_LIB); + if (rv <= 1) + goto err; + } + + if (rv == 2) { + if (!pkey->ameth || + !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type), + pkey->ameth->pkey_id)) { + ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); + return 0; + } + + if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) + paramtype = V_ASN1_NULL; + else + paramtype = V_ASN1_UNDEF; + + if (algor1) + X509_ALGOR_set0(algor1, + OBJ_nid2obj(signid), paramtype, NULL); + if (algor2) + X509_ALGOR_set0(algor2, + OBJ_nid2obj(signid), paramtype, NULL); + + } + + if ((in_len = ASN1_item_i2d(asn, &buf_in, it)) <= 0) { + in_len = 0; + goto err; + } + + if ((out_len = EVP_PKEY_size(pkey)) <= 0) { + out_len = 0; + goto err; + } + + if ((buf_out = malloc(out_len)) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + + buf_out_len = out_len; + if (!EVP_DigestSignUpdate(ctx, buf_in, in_len) || + !EVP_DigestSignFinal(ctx, buf_out, &buf_out_len)) { + ASN1error(ERR_R_EVP_LIB); + goto err; + } + + if (buf_out_len > INT_MAX) { + ASN1error(ASN1_R_TOO_LONG); + goto err; + } + + ASN1_STRING_set0(signature, buf_out, (int)buf_out_len); + buf_out = NULL; + + if (!asn1_abs_set_unused_bits(signature, 0)) { + ASN1error(ERR_R_ASN1_LIB); + goto err; + } + + ret = (int)buf_out_len; + err: + EVP_MD_CTX_cleanup(ctx); + freezero(buf_in, in_len); + freezero(buf_out, out_len); + + return ret; +} + +int +ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, + ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) +{ + EVP_MD_CTX ctx; + unsigned char *buf_in = NULL; + int ret = -1, inl; + + int mdnid, pknid; + + if (!pkey) { + ASN1error(ERR_R_PASSED_NULL_PARAMETER); + return -1; + } + + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1error(ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + return -1; + } + + EVP_MD_CTX_init(&ctx); + + /* Convert signature OID into digest and public key OIDs */ + if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { + ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); + goto err; + } + if (mdnid == NID_undef) { + if (!pkey->ameth || !pkey->ameth->item_verify) { + ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); + goto err; + } + ret = pkey->ameth->item_verify(&ctx, it, asn, a, + signature, pkey); + /* Return value of 2 means carry on, anything else means we + * exit straight away: either a fatal error of the underlying + * verification routine handles all verification. + */ + if (ret != 2) + goto err; + ret = -1; + } else { + const EVP_MD *type; + type = EVP_get_digestbynid(mdnid); + if (type == NULL) { + ASN1error(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); + goto err; + } + + /* Check public key OID matches public key type */ + if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) { + ASN1error(ASN1_R_WRONG_PUBLIC_KEY_TYPE); + goto err; + } + + if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { + ASN1error(ERR_R_EVP_LIB); + ret = 0; + goto err; + } + + } + + inl = ASN1_item_i2d(asn, &buf_in, it); + + if (buf_in == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!EVP_DigestVerifyUpdate(&ctx, buf_in, inl)) { + ASN1error(ERR_R_EVP_LIB); + ret = 0; + goto err; + } + + freezero(buf_in, (unsigned int)inl); + + if (EVP_DigestVerifyFinal(&ctx, signature->data, + (size_t)signature->length) <= 0) { + ASN1error(ERR_R_EVP_LIB); + ret = 0; + goto err; + } + /* we don't need to zero the 'ctx' because we just checked + * public information */ + /* memset(&ctx,0,sizeof(ctx)); */ + ret = 1; + + err: + EVP_MD_CTX_cleanup(&ctx); + return (ret); +} + +#define HEADER_SIZE 8 +#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024) +int +asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) +{ + BUF_MEM *b; + unsigned char *p; + const unsigned char *q; + long slen; + int i, inf, tag, xclass; + size_t want = HEADER_SIZE; + int eos = 0; + size_t off = 0; + size_t len = 0; + + b = BUF_MEM_new(); + if (b == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return -1; + } + + ERR_clear_error(); + for (;;) { + if (want >= (len - off)) { + want -= (len - off); + + if (len + want < len || + !BUF_MEM_grow_clean(b, len + want)) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + i = BIO_read(in, &(b->data[len]), want); + if ((i < 0) && ((len - off) == 0)) { + ASN1error(ASN1_R_NOT_ENOUGH_DATA); + goto err; + } + if (i > 0) { + if (len + i < len) { + ASN1error(ASN1_R_TOO_LONG); + goto err; + } + len += i; + } + } + /* else data already loaded */ + + p = (unsigned char *) & (b->data[off]); + q = p; + inf = ASN1_get_object(&q, &slen, &tag, &xclass, len - off); + if (inf & 0x80) { + unsigned long e; + + e = ERR_GET_REASON(ERR_peek_error()); + if (e != ASN1_R_TOO_LONG) + goto err; + else + ERR_clear_error(); /* clear error */ + } + i = q - p; /* header length */ + off += i; /* end of data */ + + if (inf & 1) { + /* no data body so go round again */ + eos++; + if (eos < 0) { + ASN1error(ASN1_R_HEADER_TOO_LONG); + goto err; + } + want = HEADER_SIZE; + } else if (eos && slen == 0 && tag == V_ASN1_EOC) { + /* eos value, so go back and read another header */ + eos--; + if (eos <= 0) + break; + else + want = HEADER_SIZE; + } else { + /* suck in slen bytes of data */ + want = slen; + if (want > (len - off)) { + size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE; + + want -= (len - off); + if (want > INT_MAX /* BIO_read takes an int length */ || + len+want < len) { + ASN1error(ASN1_R_TOO_LONG); + goto err; + } + while (want > 0) { + /* + * Read content in chunks of increasing size + * so we can return an error for EOF without + * having to allocate the entire content length + * in one go. + */ + size_t chunk = want > chunk_max ? chunk_max : want; + + if (!BUF_MEM_grow_clean(b, len + chunk)) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + want -= chunk; + while (chunk > 0) { + i = BIO_read(in, &(b->data[len]), chunk); + if (i <= 0) { + ASN1error(ASN1_R_NOT_ENOUGH_DATA); + goto err; + } + /* + * This can't overflow because |len+want| + * didn't overflow. + */ + len += i; + chunk -= i; + } + if (chunk_max < INT_MAX/2) + chunk_max *= 2; + } + } + if (off + slen < off) { + ASN1error(ASN1_R_TOO_LONG); + goto err; + } + off += slen; + if (eos <= 0) { + break; + } else + want = HEADER_SIZE; + } + } + + if (off > INT_MAX) { + ASN1error(ASN1_R_TOO_LONG); + goto err; + } + + *pb = b; + return off; + + err: + if (b != NULL) + BUF_MEM_free(b); + return -1; +} + +void * +ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) +{ + BUF_MEM *b = NULL; + const unsigned char *p; + void *ret = NULL; + int len; + + len = asn1_d2i_read_bio(in, &b); + if (len < 0) + goto err; + + p = (const unsigned char *)b->data; + ret = ASN1_item_d2i(x, &p, len, it); + + err: + if (b != NULL) + BUF_MEM_free(b); + return (ret); +} + +void * +ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) +{ + BIO *b; + char *ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + ASN1error(ERR_R_BUF_LIB); + return (NULL); + } + BIO_set_fp(b, in, BIO_NOCLOSE); + ret = ASN1_item_d2i_bio(it, b, x); + BIO_free(b); + return (ret); +} + +int +ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) +{ + unsigned char *b = NULL; + int i, j = 0, n, ret = 1; + + n = ASN1_item_i2d(x, &b, it); + if (b == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (0); + } + + for (;;) { + i = BIO_write(out, &(b[j]), n); + if (i == n) + break; + if (i <= 0) { + ret = 0; + break; + } + j += i; + n -= i; + } + free(b); + return (ret); +} + +int +ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) +{ + BIO *b; + int ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + ASN1error(ERR_R_BUF_LIB); + return (0); + } + BIO_set_fp(b, out, BIO_NOCLOSE); + ret = ASN1_item_i2d_bio(it, b, x); + BIO_free(b); + return (ret); +} diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index d760cccd..ac8da0e6 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -1,438 +1,204 @@ -/* $OpenBSD: asn1_lib.c,v 1.45 2020/12/08 15:06:42 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* $OpenBSD: asn1_lib.c,v 1.54 2022/05/05 19:18:56 jsing Exp $ */ +/* + * Copyright (c) 2021 Joel Sing * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include -#include -#include - -#include -#include +#include -static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max); -static void asn1_put_length(unsigned char **pp, int length); - -static int -_asn1_check_infinite_end(const unsigned char **p, long len) -{ - /* If there is 0 or 1 byte left, the length check should pick - * things up */ - if (len <= 0) - return (1); - else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) { - (*p) += 2; - return (1); - } - return (0); -} +#include "bytestring.h" int -ASN1_check_infinite_end(unsigned char **p, long len) +asn1_get_identifier_cbs(CBS *cbs, int der_mode, uint8_t *out_class, + int *out_constructed, uint32_t *out_tag_number) { - return _asn1_check_infinite_end((const unsigned char **)p, len); -} + uint8_t tag_class, tag_val; + int tag_constructed; + uint32_t tag_number; -int -ASN1_const_check_infinite_end(const unsigned char **p, long len) -{ - return _asn1_check_infinite_end(p, len); -} + /* + * Decode ASN.1 identifier octets - see ITU-T X.690 section 8.1.2. + */ -int -ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, - int *pclass, long omax) -{ - int i, ret; - long l; - const unsigned char *p = *pp; - int tag, xclass, inf; - long max = omax; - - if (!max) - goto err; - ret = (*p & V_ASN1_CONSTRUCTED); - xclass = (*p & V_ASN1_PRIVATE); - i = *p & V_ASN1_PRIMITIVE_TAG; - if (i == V_ASN1_PRIMITIVE_TAG) { /* high-tag */ - p++; - if (--max == 0) - goto err; - l = 0; - while (*p & 0x80) { - l <<= 7L; - l |= *(p++) & 0x7f; - if (--max == 0) - goto err; - if (l > (INT_MAX >> 7L)) - goto err; - } - l <<= 7L; - l |= *(p++) & 0x7f; - tag = (int)l; - if (--max == 0) - goto err; - } else { - tag = i; - p++; - if (--max == 0) - goto err; - } - *ptag = tag; - *pclass = xclass; - if (!asn1_get_length(&p, &inf, plength, (int)max)) - goto err; - - if (inf && !(ret & V_ASN1_CONSTRUCTED)) - goto err; - - if (*plength > (omax - (p - *pp))) { - ASN1error(ASN1_R_TOO_LONG); - /* Set this so that even if things are not long enough - * the values are set correctly */ - ret |= 0x80; - } - *pp = p; - return (ret | inf); + *out_class = 0; + *out_constructed = 0; + *out_tag_number = 0; -err: - ASN1error(ASN1_R_HEADER_TOO_LONG); - return (0x80); -} + if (!CBS_get_u8(cbs, &tag_val)) + return 0; -static int -asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max) -{ - const unsigned char *p = *pp; - unsigned long ret = 0; - unsigned int i; - - if (max-- < 1) - return (0); - if (*p == 0x80) { - *inf = 1; - ret = 0; - p++; - } else { - *inf = 0; - i = *p & 0x7f; - if (*(p++) & 0x80) { - if (max < (int)i) - return (0); - /* skip leading zeroes */ - while (i && *p == 0) { - p++; - i--; - } - if (i > sizeof(long)) + /* + * ASN.1 tag class, encoding (primitive or constructed) and tag number + * are encoded in one or more identifier octets - the first octet + * contains the 2 bit tag class, the 1 bit encoding type and 5 bits + * of tag number. + * + * For tag numbers larger than 30 (0x1e) the 5 bit tag number in the + * first octet is set to all ones (0x1f) - the tag number is then + * encoded in subsequent octets - each of which have a one bit + * continuation flag and 7 bits of tag number in big-endian form. + * The encoding should not contain leading zeros but can for BER. + */ + tag_class = (tag_val >> 6) & 0x3; + tag_constructed = (tag_val >> 5) & 0x1; + tag_number = tag_val & 0x1f; + + /* Long form. */ + if (tag_number == 0x1f) { + tag_number = 0; + do { + if (!CBS_get_u8(cbs, &tag_val)) + return 0; + if (der_mode && tag_number == 0 && tag_val == 0x80) + return 0; + if (tag_number > (UINT32_MAX >> 7)) return 0; - while (i-- > 0) { - ret <<= 8L; - ret |= *(p++); - } - } else - ret = i; + tag_number = tag_number << 7 | (tag_val & 0x7f); + } while ((tag_val & 0x80) != 0); } - if (ret > LONG_MAX) - return 0; - *pp = p; - *rl = (long)ret; - return (1); -} -/* class 0 is constructed - * constructed == 2 for indefinite length constructed */ -void -ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, - int xclass) -{ - unsigned char *p = *pp; - int i, ttag; - - i = (constructed) ? V_ASN1_CONSTRUCTED : 0; - i |= (xclass & V_ASN1_PRIVATE); - if (tag < 31) - *(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG); - else { - *(p++) = i | V_ASN1_PRIMITIVE_TAG; - for(i = 0, ttag = tag; ttag > 0; i++) - ttag >>= 7; - ttag = i; - while (i-- > 0) { - p[i] = tag & 0x7f; - if (i != (ttag - 1)) - p[i] |= 0x80; - tag >>= 7; - } - p += ttag; - } - if (constructed == 2) - *(p++) = 0x80; - else - asn1_put_length(&p, length); - *pp = p; + *out_class = tag_class; + *out_constructed = tag_constructed; + *out_tag_number = tag_number; + + return 1; } int -ASN1_put_eoc(unsigned char **pp) +asn1_get_length_cbs(CBS *cbs, int der_mode, int *out_indefinite, + size_t *out_length) { - unsigned char *p = *pp; + uint8_t len_bytes; + size_t length; + uint8_t val; - *p++ = 0; - *p++ = 0; - *pp = p; - return 2; -} + /* + * Decode ASN.1 length octets - see ITU-T X.690 section 8.1.3. + */ -static void -asn1_put_length(unsigned char **pp, int length) -{ - unsigned char *p = *pp; - - int i, l; - if (length <= 127) - *(p++) = (unsigned char)length; - else { - l = length; - for (i = 0; l > 0; i++) - l >>= 8; - *(p++) = i | 0x80; - l = i; - while (i-- > 0) { - p[i] = length & 0xff; - length >>= 8; - } - p += l; - } - *pp = p; -} + *out_length = 0; + *out_indefinite = 0; -int -ASN1_object_size(int constructed, int length, int tag) -{ - int ret; - - ret = length; - ret++; - if (tag >= 31) { - while (tag > 0) { - tag >>= 7; - ret++; - } + if (!CBS_get_u8(cbs, &val)) + return 0; + + /* + * Short form - length is encoded in the lower 7 bits of a single byte. + */ + if (val < 0x80) { + *out_length = val; + return 1; } - if (constructed == 2) - return ret + 3; - ret++; - if (length > 127) { - while (length > 0) { - length >>= 8; - ret++; - } + + /* + * Indefinite length - content continues until an End of Content (EOC) + * marker is reached. Must be used with constructed encoding. + */ + if (val == 0x80) { + *out_indefinite = 1; + return 1; } - return (ret); -} -int -ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str) -{ - if (str == NULL) - return 0; - dst->type = str->type; - if (!ASN1_STRING_set(dst, str->data, str->length)) + /* + * Long form - the lower 7 bits of the first byte specifies the number + * of bytes used to encode the length, the following bytes specify the + * length in big-endian form. The encoding should not contain leading + * zeros but can for BER. A length value of 0x7f is invalid. + */ + if ((len_bytes = val & 0x7f) == 0x7f) return 0; - dst->flags = str->flags; - return 1; -} -ASN1_STRING * -ASN1_STRING_dup(const ASN1_STRING *str) -{ - ASN1_STRING *ret; - - if (!str) - return NULL; - ret = ASN1_STRING_new(); - if (!ret) - return NULL; - if (!ASN1_STRING_copy(ret, str)) { - ASN1_STRING_free(ret); - return NULL; - } - return ret; -} - -int -ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) -{ - const char *data = _data; + length = 0; - if (len < 0) { - if (data == NULL) - return (0); - else - len = strlen(data); + while (len_bytes-- > 0) { + if (!CBS_get_u8(cbs, &val)) + return 0; + if (der_mode && length == 0 && val == 0) + return 0; + if (length > (SIZE_MAX >> 8)) + return 0; + length = (length << 8) | val; } - if ((str->length < len) || (str->data == NULL)) { - unsigned char *tmp; - tmp = realloc(str->data, len + 1); - if (tmp == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); - return (0); - } - str->data = tmp; - } - str->length = len; - if (data != NULL) { - memmove(str->data, data, len); - } - str->data[str->length] = '\0'; - return (1); -} -void -ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) -{ - freezero(str->data, str->length); - str->data = data; - str->length = len; -} + *out_length = length; -ASN1_STRING * -ASN1_STRING_new(void) -{ - return (ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); + return 1; } -ASN1_STRING * -ASN1_STRING_type_new(int type) -{ - ASN1_STRING *ret; +int +asn1_get_object_cbs(CBS *cbs, int der_mode, uint8_t *out_tag_class, + int *out_constructed, uint32_t *out_tag_number, int *out_indefinite, + size_t *out_length) +{ + int constructed, indefinite; + uint32_t tag_number; + uint8_t tag_class; + size_t length; + + *out_tag_class = 0; + *out_constructed = 0; + *out_tag_number = 0; + *out_indefinite = 0; + *out_length = 0; + + if (!asn1_get_identifier_cbs(cbs, der_mode, &tag_class, &constructed, + &tag_number)) + return 0; + if (!asn1_get_length_cbs(cbs, der_mode, &indefinite, &length)) + return 0; - ret = malloc(sizeof(ASN1_STRING)); - if (ret == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); - return (NULL); - } - ret->length = 0; - ret->type = type; - ret->data = NULL; - ret->flags = 0; - return (ret); -} + /* Indefinite length can only be used with constructed encoding. */ + if (indefinite && !constructed) + return 0; -void -ASN1_STRING_free(ASN1_STRING *a) -{ - if (a == NULL) - return; - if (a->data != NULL && !(a->flags & ASN1_STRING_FLAG_NDEF)) - freezero(a->data, a->length); - free(a); + *out_tag_class = tag_class; + *out_constructed = constructed; + *out_tag_number = tag_number; + *out_indefinite = indefinite; + *out_length = length; + + return 1; } int -ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) +asn1_get_primitive(CBS *cbs, int der_mode, uint32_t *out_tag_number, + CBS *out_content) { - int i; - - if (a == NULL || b == NULL) - return -1; - i = (a->length - b->length); - if (i == 0) { - i = memcmp(a->data, b->data, a->length); - if (i == 0) - return (a->type - b->type); - else - return (i); - } else - return (i); -} + int constructed, indefinite; + uint32_t tag_number; + uint8_t tag_class; + size_t length; -void -asn1_add_error(const unsigned char *address, int offset) -{ - ERR_asprintf_error_data("offset=%d", offset); -} + *out_tag_number = 0; -int -ASN1_STRING_length(const ASN1_STRING *x) -{ - return (x->length); -} + CBS_init(out_content, NULL, 0); -void -ASN1_STRING_length_set(ASN1_STRING *x, int len) -{ - x->length = len; -} + if (!asn1_get_identifier_cbs(cbs, der_mode, &tag_class, &constructed, + &tag_number)) + return 0; + if (!asn1_get_length_cbs(cbs, der_mode, &indefinite, &length)) + return 0; -int -ASN1_STRING_type(const ASN1_STRING *x) -{ - return (x->type); -} + /* A primitive is not constructed and has a definite length. */ + if (constructed || indefinite) + return 0; -unsigned char * -ASN1_STRING_data(ASN1_STRING *x) -{ - return (x->data); -} + if (!CBS_get_bytes(cbs, out_content, length)) + return 0; -const unsigned char * -ASN1_STRING_get0_data(const ASN1_STRING *x) -{ - return (x->data); + *out_tag_number = tag_number; + + return 1; } diff --git a/crypto/asn1/asn1_locl.h b/crypto/asn1/asn1_locl.h index 39779d93..ca0b7d7d 100644 --- a/crypto/asn1/asn1_locl.h +++ b/crypto/asn1/asn1_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_locl.h,v 1.12 2019/10/24 16:36:10 jsing Exp $ */ +/* $OpenBSD: asn1_locl.h,v 1.39 2022/09/11 17:22:52 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -56,6 +56,8 @@ * */ +#include "bytestring.h" + __BEGIN_HIDDEN_DECLS /* Internal ASN1 structures and functions: not for application use */ @@ -63,6 +65,20 @@ __BEGIN_HIDDEN_DECLS ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t); void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); +/* These are used internally in the ASN1_OBJECT to keep track of + * whether the names and data need to be free()ed */ +#define ASN1_OBJECT_FLAG_DYNAMIC 0x01 /* internal use */ +#define ASN1_OBJECT_FLAG_CRITICAL 0x02 /* critical x509v3 object id */ +#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04 /* internal use */ +#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08 /* internal use */ +struct asn1_object_st { + const char *sn, *ln; + int nid; + int length; + const unsigned char *data; /* data remains const after init */ + int flags; /* Should we free this one */ +} /* ASN1_OBJECT */; + /* ASN1 print context structure */ struct asn1_pctx_st { @@ -96,6 +112,7 @@ struct evp_pkey_asn1_method_st { int (*pkey_size)(const EVP_PKEY *pk); int (*pkey_bits)(const EVP_PKEY *pk); + int (*pkey_security_bits)(const EVP_PKEY *pk); int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder, int derlen); @@ -122,6 +139,9 @@ struct evp_pkey_asn1_method_st { int (*item_sign)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig); + int (*pkey_check)(const EVP_PKEY *pk); + int (*pkey_public_check)(const EVP_PKEY *pk); + int (*pkey_param_check)(const EVP_PKEY *pk); } /* EVP_PKEY_ASN1_METHOD */; /* Method to handle CRL access. @@ -142,6 +162,23 @@ struct x509_crl_method_st { int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk); }; +int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); +int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it); + +ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); + +const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr); + +int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); + +void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); +void asn1_enc_cleanup(ASN1_VALUE **pval, const ASN1_ITEM *it); +int asn1_enc_save(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it); +int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it); + +int i2d_ASN1_BOOLEAN(int a, unsigned char **pp); +int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length); + /* * Unicode codepoint constants */ @@ -155,4 +192,46 @@ struct x509_crl_method_st { int UTF8_getc(const unsigned char *str, int len, unsigned long *val); int UTF8_putc(unsigned char *str, int len, unsigned long value); +int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); + +int asn1_get_identifier_cbs(CBS *cbs, int der_mode, uint8_t *out_class, + int *out_constructed, uint32_t *out_tag_number); +int asn1_get_length_cbs(CBS *cbs, int der_mode, int *out_indefinite, + size_t *out_length); +int asn1_get_object_cbs(CBS *cbs, int der_mode, uint8_t *out_class, + int *out_constructed, uint32_t *out_tag_number, int *out_indefinite, + size_t *out_length); +int asn1_get_primitive(CBS *cbs, int der_mode, uint32_t *out_tag_number, + CBS *out_content); + +int asn1_must_be_constructed(int tag); +int asn1_must_be_primitive(int tag); +int asn1_tag2charwidth(int tag); + +int asn1_abs_set_unused_bits(ASN1_BIT_STRING *abs, uint8_t unused_bits); +int c2i_ASN1_BIT_STRING_cbs(ASN1_BIT_STRING **out_abs, CBS *cbs); + +int c2i_ASN1_ENUMERATED_cbs(ASN1_ENUMERATED **out_aenum, CBS *cbs); + +int asn1_aint_get_uint64(CBS *cbs, uint64_t *out_val); +int asn1_aint_set_uint64(uint64_t val, uint8_t **out_data, int *out_len); +int asn1_aint_get_int64(CBS *cbs, int negative, int64_t *out_val); +int c2i_ASN1_INTEGER_cbs(ASN1_INTEGER **out_aint, CBS *cbs); + +int c2i_ASN1_OBJECT_cbs(ASN1_OBJECT **out_aobj, CBS *content); +int i2t_ASN1_OBJECT_internal(const ASN1_OBJECT *aobj, char *buf, int buf_len, + int no_name); +ASN1_OBJECT *t2i_ASN1_OBJECT_internal(const char *oid); + +int asn1_time_parse_cbs(const CBS *cbs, int is_gentime, struct tm *out_tm); + +ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + long length); +int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp); +ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, + const unsigned char **pp, long length); +int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp); +ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length); + __END_HIDDEN_DECLS diff --git a/crypto/asn1/asn1_old.c b/crypto/asn1/asn1_old.c new file mode 100644 index 00000000..59e9cdb1 --- /dev/null +++ b/crypto/asn1/asn1_old.c @@ -0,0 +1,180 @@ +/* $OpenBSD: asn1_old.c,v 1.2 2021/12/25 13:17:48 jsing Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include + +#include +#include +#include + +#include "asn1_locl.h" + +#ifndef NO_OLD_ASN1 + +void * +ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x) +{ + unsigned char *b, *p; + const unsigned char *p2; + int i; + char *ret; + + if (x == NULL) + return (NULL); + + i = i2d(x, NULL); + b = malloc(i + 10); + if (b == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (NULL); + } + p = b; + i = i2d(x, &p); + p2 = b; + ret = d2i(NULL, &p2, i); + free(b); + return (ret); +} + +void * +ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x) +{ + BIO *b; + void *ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + ASN1error(ERR_R_BUF_LIB); + return (NULL); + } + BIO_set_fp(b, in, BIO_NOCLOSE); + ret = ASN1_d2i_bio(xnew, d2i, b, x); + BIO_free(b); + return (ret); +} + +void * +ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x) +{ + BUF_MEM *b = NULL; + const unsigned char *p; + void *ret = NULL; + int len; + + len = asn1_d2i_read_bio(in, &b); + if (len < 0) + goto err; + + p = (unsigned char *)b->data; + ret = d2i(x, &p, len); + + err: + if (b != NULL) + BUF_MEM_free(b); + return (ret); +} + +int +ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x) +{ + BIO *b; + int ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + ASN1error(ERR_R_BUF_LIB); + return (0); + } + BIO_set_fp(b, out, BIO_NOCLOSE); + ret = ASN1_i2d_bio(i2d, b, x); + BIO_free(b); + return (ret); +} + +int +ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) +{ + char *b; + unsigned char *p; + int i, j = 0, n, ret = 1; + + n = i2d(x, NULL); + b = malloc(n); + if (b == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (0); + } + + p = (unsigned char *)b; + i2d(x, &p); + + for (;;) { + i = BIO_write(out, &(b[j]), n); + if (i == n) + break; + if (i <= 0) { + ret = 0; + break; + } + j += i; + n -= i; + } + free(b); + return (ret); +} + +#endif diff --git a/crypto/asn1/asn1_old_lib.c b/crypto/asn1/asn1_old_lib.c new file mode 100644 index 00000000..a4d3cc71 --- /dev/null +++ b/crypto/asn1/asn1_old_lib.c @@ -0,0 +1,212 @@ +/* $OpenBSD: asn1_old_lib.c,v 1.4 2022/05/05 19:18:56 jsing Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include + +#include +#include + +#include "asn1_locl.h" + +static void asn1_put_length(unsigned char **pp, int length); + +int +ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, + int *pclass, long omax) +{ + int constructed, indefinite; + uint32_t tag_number; + uint8_t tag_class; + size_t length; + CBS cbs; + int ret = 0; + + *pclass = 0; + *ptag = 0; + *plength = 0; + + CBS_init(&cbs, *pp, omax); + + if (!asn1_get_object_cbs(&cbs, 0, &tag_class, &constructed, &tag_number, + &indefinite, &length)) { + ASN1error(ASN1_R_HEADER_TOO_LONG); + return 0x80; + } + + if (tag_number > INT_MAX) { + ASN1error(ASN1_R_HEADER_TOO_LONG); + return 0x80; + } + + /* + * API insanity ahead... in this case we add an error to the stack and + * signal an error by setting the 8th bit in the return value... but we + * still provide all of the decoded data. + */ + if (length > CBS_len(&cbs) || length > LONG_MAX) { + ASN1error(ASN1_R_TOO_LONG); + ret = 0x80; + } + + *pclass = tag_class << 6; + *ptag = tag_number; + *plength = length; + + *pp = CBS_data(&cbs); + + if (constructed) + ret |= 1 << 5; + if (indefinite) + ret |= 1; + + return ret; +} + +/* class 0 is constructed + * constructed == 2 for indefinite length constructed */ +void +ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, + int xclass) +{ + unsigned char *p = *pp; + int i, ttag; + + i = (constructed) ? V_ASN1_CONSTRUCTED : 0; + i |= (xclass & V_ASN1_PRIVATE); + if (tag < 31) + *(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG); + else { + *(p++) = i | V_ASN1_PRIMITIVE_TAG; + for(i = 0, ttag = tag; ttag > 0; i++) + ttag >>= 7; + ttag = i; + while (i-- > 0) { + p[i] = tag & 0x7f; + if (i != (ttag - 1)) + p[i] |= 0x80; + tag >>= 7; + } + p += ttag; + } + if (constructed == 2) + *(p++) = 0x80; + else + asn1_put_length(&p, length); + *pp = p; +} + +int +ASN1_put_eoc(unsigned char **pp) +{ + unsigned char *p = *pp; + + *p++ = 0; + *p++ = 0; + *pp = p; + return 2; +} + +static void +asn1_put_length(unsigned char **pp, int length) +{ + unsigned char *p = *pp; + + int i, l; + if (length <= 127) + *(p++) = (unsigned char)length; + else { + l = length; + for (i = 0; l > 0; i++) + l >>= 8; + *(p++) = i | 0x80; + l = i; + while (i-- > 0) { + p[i] = length & 0xff; + length >>= 8; + } + p += l; + } + *pp = p; +} + +int +ASN1_object_size(int constructed, int length, int tag) +{ + int ret; + + ret = length; + ret++; + if (tag >= 31) { + while (tag > 0) { + tag >>= 7; + ret++; + } + } + if (constructed == 2) + return ret + 3; + ret++; + if (length > 127) { + while (length > 0) { + length >>= 8; + ret++; + } + } + return (ret); +} diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index 1ec9b1ac..6c14f271 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_par.c,v 1.28 2020/01/09 11:27:21 inoguchi Exp $ */ +/* $OpenBSD: asn1_par.c,v 1.34 2022/02/12 03:07:24 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -80,7 +80,8 @@ asn1_print_info(BIO *bp, int tag, int xclass, int constructed, p="prim: "; if (BIO_write(bp, p, 6) < 6) goto err; - BIO_indent(bp, indent, 128); + if (!BIO_indent(bp, indent, 128)) + goto err; p = str; if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) @@ -97,7 +98,7 @@ asn1_print_info(BIO *bp, int tag, int xclass, int constructed, if (BIO_printf(bp, "%-18s", p) <= 0) goto err; return (1); -err: + err: return (0); } @@ -232,16 +233,13 @@ asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, goto end; } } else if (tag == V_ASN1_BOOLEAN) { - int ii; - - opp = op; - ii = d2i_ASN1_BOOLEAN(NULL, &opp, len + hl); - if (ii < 0) { + if (len == 1 && p < tot) { + BIO_printf(bp, ":%u", p[0]); + } else { if (BIO_write(bp, "Bad boolean\n", 12) <= 0) goto end; } - BIO_printf(bp, ":%d", ii); } else if (tag == V_ASN1_BMPSTRING) { /* do the BMP thang */ } else if (tag == V_ASN1_OCTET_STRING) { @@ -375,7 +373,7 @@ asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, } ret = 1; -end: + end: if (o != NULL) ASN1_OBJECT_free(o); ASN1_OCTET_STRING_free(os); @@ -384,25 +382,3 @@ asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, *pp = p; return (ret); } - -const char * -ASN1_tag2str(int tag) -{ - static const char * const tag2str[] = { - "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */ - "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */ - "ENUMERATED", "", "UTF8STRING", "", /* 10-13 */ - "", "", "SEQUENCE", "SET", /* 15-17 */ - "NUMERICSTRING", "PRINTABLESTRING", "T61STRING", /* 18-20 */ - "VIDEOTEXSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME", /* 21-24 */ - "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", /* 25-27 */ - "UNIVERSALSTRING", "", "BMPSTRING" /* 28-30 */ - }; - - if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) - tag &= ~0x100; - - if (tag < 0 || tag > 30) - return "(unknown)"; - return tag2str[tag]; -} diff --git a/crypto/asn1/asn1_types.c b/crypto/asn1/asn1_types.c new file mode 100644 index 00000000..d8b7c1e8 --- /dev/null +++ b/crypto/asn1/asn1_types.c @@ -0,0 +1,303 @@ +/* $OpenBSD: asn1_types.c,v 1.2 2022/09/03 18:52:18 jsing Exp $ */ +/* + * Copyright (c) 2021 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include + +#define ASN1_ENCODING_CONSTRUCTED_ONLY 1 +#define ASN1_ENCODING_PRIMITIVE_ONLY 2 + +struct asn1_type { + const char *name; + uint32_t bit_value; + int char_width; + int encoding; +}; + +/* + * Universal class tag types - ITU X.680. + */ +static const struct asn1_type asn1_types[31] = { + [0] = { + /* Tag 0 (0x00) - Reserved for use by encoding rules */ + .name = "EOC", + .bit_value = 0, + .char_width = -1, + }, + [1] = { + /* Tag 1 (0x01) - Boolean */ + .name = "BOOLEAN", + .bit_value = 0, + .char_width = -1, + .encoding = ASN1_ENCODING_PRIMITIVE_ONLY, + }, + [2] = { + /* Tag 2 (0x02) - Integer */ + .name = "INTEGER", + .bit_value = 0, + .char_width = -1, + .encoding = ASN1_ENCODING_PRIMITIVE_ONLY, + }, + [3] = { + /* Tag 3 (0x03) - BitString */ + .name = "BIT STRING", + .bit_value = B_ASN1_BIT_STRING, + .char_width = -1, + }, + [4] = { + /* Tag 4 (0x04) - OctetString */ + .name = "OCTET STRING", + .bit_value = B_ASN1_OCTET_STRING, + .char_width = -1, + }, + [5] = { + /* Tag 5 (0x05) - Null */ + .name = "NULL", + .bit_value = 0, + .char_width = -1, + .encoding = ASN1_ENCODING_PRIMITIVE_ONLY, + }, + [6] = { + /* Tag 6 (0x06) - Object Identifier */ + .name = "OBJECT", + .bit_value = 0, + .char_width = -1, + .encoding = ASN1_ENCODING_PRIMITIVE_ONLY, + }, + [7] = { + /* Tag 7 (0x07) - Object Descriptor */ + .name = "OBJECT DESCRIPTOR", + .bit_value = B_ASN1_UNKNOWN, + .char_width = -1, + }, + [8] = { + /* Tag 8 (0x08) - External */ + .name = "EXTERNAL", + .bit_value = B_ASN1_UNKNOWN, + .char_width = -1, + }, + [9] = { + /* Tag 9 (0x09) - Real */ + .name = "REAL", + .bit_value = B_ASN1_UNKNOWN, + .char_width = -1, + .encoding = ASN1_ENCODING_PRIMITIVE_ONLY, + }, + [10] = { + /* Tag 10 (0x0a) - Enumerated */ + .name = "ENUMERATED", + .bit_value = B_ASN1_UNKNOWN, + .char_width = -1, + .encoding = ASN1_ENCODING_PRIMITIVE_ONLY, + }, + [11] = { + /* Tag 11 (0x0b) - Embedded PDV */ + .name = "", + .bit_value = B_ASN1_UNKNOWN, + .char_width = -1, + }, + [12] = { + /* Tag 12 (0x0c) - UTF8String */ + .name = "UTF8STRING", + .bit_value = B_ASN1_UTF8STRING, + .char_width = 0, + }, + [13] = { + /* Tag 13 (0x0d) - Relative Object Identifier */ + .name = "", + .bit_value = B_ASN1_UNKNOWN, + .char_width = -1, + .encoding = ASN1_ENCODING_PRIMITIVE_ONLY, + }, + [14] = { + /* Tag 14 (0x0e) - Time */ + .name = "", + .bit_value = B_ASN1_UNKNOWN, + .char_width = -1, + .encoding = ASN1_ENCODING_PRIMITIVE_ONLY, + }, + [15] = { + /* Tag 15 (0x0f) - Reserved */ + .name = "", + .bit_value = B_ASN1_UNKNOWN, + .char_width = -1, + }, + [16] = { + /* Tag 16 (0x10)- Sequence */ + .name = "SEQUENCE", + .bit_value = B_ASN1_SEQUENCE, + .char_width = -1, + .encoding = ASN1_ENCODING_CONSTRUCTED_ONLY, + }, + [17] = { + /* Tag 17 (0x11) - Set */ + .name = "SET", + .bit_value = 0, + .char_width = -1, + .encoding = ASN1_ENCODING_CONSTRUCTED_ONLY, + }, + [18] = { + /* Tag 18 (0x12) - NumericString */ + .name = "NUMERICSTRING", + .bit_value = B_ASN1_NUMERICSTRING, + .char_width = -1, + }, + [19] = { + /* Tag 19 (0x13) - PrintableString */ + .name = "PRINTABLESTRING", + .bit_value = B_ASN1_PRINTABLESTRING, + .char_width = 1, + }, + [20] = { + /* Tag 20 (0x14) - TeletexString (T61String) */ + .name = "T61STRING", + .bit_value = B_ASN1_T61STRING, + .char_width = 1, + }, + [21] = { + /* Tag 21 (0x15) - VideotexString */ + .name = "VIDEOTEXSTRING", + .bit_value = B_ASN1_VIDEOTEXSTRING, + .char_width = -1, + }, + [22] = { + /* Tag 22 (0x16) - IA5String */ + .name = "IA5STRING", + .bit_value = B_ASN1_IA5STRING, + .char_width = 1, + }, + [23] = { + /* Tag 23 (0x17) - UTCTime */ + .name = "UTCTIME", + .bit_value = B_ASN1_UTCTIME, + .char_width = 1, + }, + [24] = { + /* Tag 24 (0x18) - GeneralizedTime */ + .name = "GENERALIZEDTIME", + .bit_value = B_ASN1_GENERALIZEDTIME, + .char_width = 1, + }, + [25] = { + /* Tag 25 (0x19) - GraphicString */ + .name = "GRAPHICSTRING", + .bit_value = B_ASN1_GRAPHICSTRING, + .char_width = -1, + }, + [26] = { + /* Tag 26 (0x1a) - VisibleString (ISO646String) */ + .name = "VISIBLESTRING", + .bit_value = B_ASN1_ISO64STRING, + .char_width = 1, + }, + [27] = { + /* Tag 27 (0x1b) - GeneralString */ + .name = "GENERALSTRING", + .bit_value = B_ASN1_GENERALSTRING, + .char_width = -1, + }, + [28] = { + /* Tag 28 (0x1c) - UniversalString */ + .name = "UNIVERSALSTRING", + .bit_value = B_ASN1_UNIVERSALSTRING, + .char_width = 4, + }, + [29] = { + /* Tag 29 (0x1d) - Unallocated */ + .name = "", + .bit_value = B_ASN1_UNKNOWN, + .char_width = -1, + }, + [30] = { + /* Tag 30 (0x1e) - BMPString */ + .name = "BMPSTRING", + .bit_value = B_ASN1_BMPSTRING, + .char_width = 2, + }, +}; + +static const struct asn1_type * +asn1_type_by_tag(int tag) +{ + if (tag < 0 || tag > 30) + return NULL; + + return &asn1_types[tag]; +} + +int +asn1_must_be_constructed(int tag) +{ + const struct asn1_type *at; + + if (tag == V_ASN1_NEG_INTEGER || tag == V_ASN1_NEG_ENUMERATED) + tag &= ~V_ASN1_NEG; + if ((at = asn1_type_by_tag(tag)) != NULL) + return at->encoding == ASN1_ENCODING_CONSTRUCTED_ONLY; + + return 0; +} + +int +asn1_must_be_primitive(int tag) +{ + const struct asn1_type *at; + + if (tag == V_ASN1_NEG_INTEGER || tag == V_ASN1_NEG_ENUMERATED) + tag &= ~V_ASN1_NEG; + if ((at = asn1_type_by_tag(tag)) != NULL) + return at->encoding == ASN1_ENCODING_PRIMITIVE_ONLY; + + return 0; +} + +int +asn1_tag2charwidth(int tag) +{ + const struct asn1_type *at; + + if ((at = asn1_type_by_tag(tag)) != NULL) + return at->char_width; + + return -1; +} + +unsigned long +ASN1_tag2bit(int tag) +{ + const struct asn1_type *at; + + if ((at = asn1_type_by_tag(tag)) != NULL) + return (unsigned long)at->bit_value; + + return 0; +} + +const char * +ASN1_tag2str(int tag) +{ + const struct asn1_type *at; + + if (tag == V_ASN1_NEG_INTEGER || tag == V_ASN1_NEG_ENUMERATED) + tag &= ~V_ASN1_NEG; + + if ((at = asn1_type_by_tag(tag)) != NULL) + return at->name; + + return "(unknown)"; +} diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index 6bad1117..31502143 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn_mime.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: asn_mime.c,v 1.29 2021/12/25 13:17:48 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -63,6 +63,7 @@ #include #include "asn1_locl.h" +#include "evp_locl.h" /* Generalised MIME like utilities for streaming ASN1. Although many * have a PKCS7/CMS like flavour others are more general purpose. @@ -267,7 +268,7 @@ asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) ret = 1; -err: + err: return ret; } @@ -778,7 +779,7 @@ STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) return headers; -merr: + merr: if (mhdr != NULL) mime_hdr_free(mhdr); sk_MIME_HEADER_pop_free(headers, mime_hdr_free); @@ -866,7 +867,7 @@ mime_hdr_new(char *name, char *value) goto err; } return mhdr; -err: + err: free(tmpname); free(tmpval); return NULL; @@ -901,7 +902,7 @@ mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) goto err; } return 1; -err: + err: free(tmpname); free(tmpval); return 0; diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c index 7bf493e2..c672f0ae 100644 --- a/crypto/asn1/asn_moid.c +++ b/crypto/asn1/asn_moid.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn_moid.c,v 1.13 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: asn_moid.c,v 1.14 2022/01/07 11:13:54 tb Exp $ */ /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -65,6 +65,8 @@ #include #include +#include "asn1_locl.h" + /* Simple ASN1 OID module: add all objects in a given section */ static int do_create(char *value, char *name); diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c index 93bcb338..9017786f 100644 --- a/crypto/asn1/bio_asn1.c +++ b/crypto/asn1/bio_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_asn1.c,v 1.13 2018/05/01 13:29:09 tb Exp $ */ +/* $OpenBSD: bio_asn1.c,v 1.17 2022/01/14 08:40:57 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -67,6 +67,8 @@ #include #include +#include "bio_local.h" + /* Must be large enough for biggest tag+length */ #define DEFAULT_ASN1_BUF_SIZE 20 @@ -116,9 +118,8 @@ static int asn1_bio_gets(BIO *h, char *str, int size); static long asn1_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int asn1_bio_new(BIO *h); static int asn1_bio_free(BIO *data); -static long asn1_bio_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long asn1_bio_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); -static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size); static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, asn1_ps_func *cleanup, asn1_bio_state_t next); static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, @@ -148,35 +149,23 @@ static int asn1_bio_new(BIO *b) { BIO_ASN1_BUF_CTX *ctx; - ctx = malloc(sizeof(BIO_ASN1_BUF_CTX)); - if (!ctx) + + if ((ctx = calloc(1, sizeof(*ctx))) == NULL) return 0; - if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) { + + if ((ctx->buf = malloc(DEFAULT_ASN1_BUF_SIZE)) == NULL) { free(ctx); return 0; } + ctx->bufsize = DEFAULT_ASN1_BUF_SIZE; + ctx->asn1_class = V_ASN1_UNIVERSAL; + ctx->asn1_tag = V_ASN1_OCTET_STRING; + ctx->state = ASN1_STATE_START; + b->init = 1; b->ptr = (char *)ctx; b->flags = 0; - return 1; -} -static int -asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size) -{ - ctx->buf = malloc(size); - if (!ctx->buf) - return 0; - ctx->bufsize = size; - ctx->bufpos = 0; - ctx->buflen = 0; - ctx->copylen = 0; - ctx->asn1_class = V_ASN1_UNIVERSAL; - ctx->asn1_tag = V_ASN1_OCTET_STRING; - ctx->ex_buf = NULL; - ctx->ex_pos = 0; - ctx->ex_len = 0; - ctx->state = ASN1_STATE_START; return 1; } @@ -284,7 +273,7 @@ asn1_bio_write(BIO *b, const char *in , int inl) } -done: + done: BIO_clear_retry_flags(b); BIO_copy_next_retry(b); @@ -357,7 +346,7 @@ asn1_bio_gets(BIO *b, char *str, int size) } static long -asn1_bio_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +asn1_bio_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { if (b->next_bio == NULL) return (0); diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c index 890b1413..88b204e8 100644 --- a/crypto/asn1/bio_ndef.c +++ b/crypto/asn1/bio_ndef.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_ndef.c,v 1.10 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: bio_ndef.c,v 1.11 2021/12/25 13:17:48 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -143,7 +143,7 @@ BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) return sarg.ndef_bio; -err: + err: BIO_free(asn_bio); free(ndef_aux); return NULL; diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c index 8fd416a3..a150b20b 100644 --- a/crypto/asn1/p5_pbe.c +++ b/crypto/asn1/p5_pbe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_pbe.c,v 1.22 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: p5_pbe.c,v 1.23 2021/12/25 13:17:48 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -159,7 +159,7 @@ PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str)) return 1; -err: + err: if (pbe != NULL) PBEPARAM_free(pbe); ASN1_STRING_free(pbe_str); diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c index 0105c595..d88a4dfc 100644 --- a/crypto/asn1/p5_pbev2.c +++ b/crypto/asn1/p5_pbev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_pbev2.c,v 1.25 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: p5_pbev2.c,v 1.27 2021/12/25 13:17:48 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999-2004. */ @@ -64,6 +64,8 @@ #include #include +#include "evp_locl.h" + /* PKCS#5 v2.0 password based encryption structures */ static const ASN1_TEMPLATE PBE2PARAM_seq_tt[] = { @@ -272,10 +274,10 @@ PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt, return ret; -merr: + merr: ASN1error(ERR_R_MALLOC_FAILURE); -err: + err: PBE2PARAM_free(pbe2); /* Note 'scheme' is freed as part of pbe2 */ X509_ALGOR_free(kalg); @@ -364,7 +366,7 @@ PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid, PBKDF2PARAM_free(kdf); return keyfunc; -merr: + merr: ASN1error(ERR_R_MALLOC_FAILURE); PBKDF2PARAM_free(kdf); X509_ALGOR_free(keyfunc); diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c index d2f8e6b0..18659a6f 100644 --- a/crypto/asn1/p8_pkey.c +++ b/crypto/asn1/p8_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p8_pkey.c,v 1.19 2018/08/24 20:17:33 tb Exp $ */ +/* $OpenBSD: p8_pkey.c,v 1.20 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -62,6 +62,8 @@ #include #include +#include "x509_lcl.h" + /* Minor tweak to operation: zero private key data */ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c index 057b8fe3..3ded015d 100644 --- a/crypto/asn1/t_crl.c +++ b/crypto/asn1/t_crl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t_crl.c,v 1.18 2019/05/12 15:56:31 tb Exp $ */ +/* $OpenBSD: t_crl.c,v 1.20 2021/12/25 13:17:48 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -66,6 +66,8 @@ #include #include +#include "x509_lcl.h" + int X509_CRL_print_fp(FILE *fp, X509_CRL *x) { @@ -138,6 +140,6 @@ X509_CRL_print(BIO *out, X509_CRL *x) return 1; -err: + err: return 0; } diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c index b3f7d084..a3073812 100644 --- a/crypto/asn1/t_pkey.c +++ b/crypto/asn1/t_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t_pkey.c,v 1.16 2014/07/11 08:44:47 jsing Exp $ */ +/* $OpenBSD: t_pkey.c,v 1.17 2021/12/04 16:08:32 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,8 @@ #include #include +#include "bn_lcl.h" + int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf, int off) diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c index a9b14fed..81f7dd29 100644 --- a/crypto/asn1/t_req.c +++ b/crypto/asn1/t_req.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t_req.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: t_req.c,v 1.23 2022/08/30 08:45:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -74,6 +74,8 @@ #include #endif +#include "x509_lcl.h" + int X509_REQ_print_fp(FILE *fp, X509_REQ *x) { @@ -100,7 +102,7 @@ X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, X509_REQ_INFO *ri; EVP_PKEY *pkey; STACK_OF(X509_ATTRIBUTE) *sk; - STACK_OF(X509_EXTENSION) *exts; + STACK_OF(X509_EXTENSION) *exts = NULL; char mlch = ' '; int nmindent = 0; @@ -174,7 +176,6 @@ X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, ASN1_TYPE *at; X509_ATTRIBUTE *a; ASN1_BIT_STRING *bs = NULL; - ASN1_TYPE *t; int j, type = 0, count = 1, ii = 0; a = sk_X509_ATTRIBUTE_value(sk, i); @@ -184,20 +185,12 @@ X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, if (BIO_printf(bp, "%12s", "") <= 0) goto err; if ((j = i2a_ASN1_OBJECT(bp, a->object)) > 0) { - if (a->single) { - t = a->value.single; - type = t->type; - bs = t->value.bit_string; - } else { - ii = 0; - count = sk_ASN1_TYPE_num( - a->value.set); -get_next: - at = sk_ASN1_TYPE_value( - a->value.set, ii); - type = at->type; - bs = at->value.asn1_string; - } + ii = 0; + count = sk_ASN1_TYPE_num(a->set); + get_next: + at = sk_ASN1_TYPE_value(a->set, ii); + type = at->type; + bs = at->value.asn1_string; } for (j = 25 - j; j > 0; j--) if (BIO_write(bp, " ", 1) != 1) @@ -245,6 +238,7 @@ X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, goto err; } sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); + exts = NULL; } } @@ -255,7 +249,8 @@ X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, return (1); -err: + err: + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); X509error(ERR_R_BUF_LIB); return (0); } diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c index 7f1ed129..56c0956c 100644 --- a/crypto/asn1/t_spki.c +++ b/crypto/asn1/t_spki.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t_spki.c,v 1.12 2021/08/24 15:23:03 tb Exp $ */ +/* $OpenBSD: t_spki.c,v 1.13 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -71,6 +71,8 @@ #include #endif +#include "x509_lcl.h" + /* Print out an SPKI */ int diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 42b00a72..5f520f5c 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t_x509.c,v 1.34 2021/07/26 16:54:20 tb Exp $ */ +/* $OpenBSD: t_x509.c,v 1.40 2022/08/11 10:36:32 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -78,6 +78,7 @@ #endif #include "asn1_locl.h" +#include "x509_lcl.h" int X509_print_fp(FILE *fp, X509 *x) @@ -117,7 +118,6 @@ X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) X509_CINF *ci; ASN1_INTEGER *bs; EVP_PKEY *pkey = NULL; - const char *neg; if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { mlch = '\n'; @@ -136,9 +136,15 @@ X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) } if (!(cflag & X509_FLAG_NO_VERSION)) { l = X509_get_version(x); - if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n", - "", l + 1, l) <= 0) - goto err; + if (l >= 0 && l <= 2) { + if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", + "", l + 1, l) <= 0) + goto err; + } else { + if (BIO_printf(bp, "%8sVersion: unknown (%ld)\n", + "", l) <= 0) + goto err; + } } if (!(cflag & X509_FLAG_NO_SERIAL)) { if (BIO_write(bp, " Serial Number:", 22) <= 0) @@ -148,18 +154,15 @@ X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) l = -1; if (bs->length <= (int)sizeof(long)) l = ASN1_INTEGER_get(bs); - if (l != -1) { - if (bs->type == V_ASN1_NEG_INTEGER) { - l = -l; - neg = "-"; - } else - neg = ""; - if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", - neg, l, neg, l) <= 0) + if (l >= 0) { + if (BIO_printf(bp, " %ld (0x%lx)\n", l, l) <= 0) goto err; } else { - neg = (bs->type == V_ASN1_NEG_INTEGER) ? - " (Negative)" : ""; + const char *neg = ""; + + if (bs->type == V_ASN1_NEG_INTEGER) + neg = " (Negative)"; + if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0) goto err; for (i = 0; i < bs->length; i++) { @@ -243,7 +246,7 @@ X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) } ret = 1; -err: + err: free(m); return (ret); } @@ -294,7 +297,7 @@ X509_ocspid_print(BIO *bp, X509 *x) return (1); -err: + err: free(der); return (0); } @@ -350,36 +353,6 @@ X509_signature_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig) return 1; } -int -ASN1_STRING_print(BIO *bp, const ASN1_STRING *v) -{ - int i, n; - char buf[80]; - const char *p; - - if (v == NULL) - return (0); - n = 0; - p = (const char *)v->data; - for (i = 0; i < v->length; i++) { - if ((p[i] > '~') || ((p[i] < ' ') && - (p[i] != '\n') && (p[i] != '\r'))) - buf[n] = '.'; - else - buf[n] = p[i]; - n++; - if (n >= 80) { - if (BIO_write(bp, buf, n) <= 0) - return (0); - n = 0; - } - } - if (n > 0) - if (BIO_write(bp, buf, n) <= 0) - return (0); - return (1); -} - int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) { @@ -445,7 +418,7 @@ ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm) else return (1); -err: + err: BIO_write(bp, "Bad time value", 14); return (0); } @@ -488,7 +461,7 @@ ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm) else return (1); -err: + err: BIO_write(bp, "Bad time value", 14); return (0); } @@ -497,9 +470,8 @@ int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase) { char *s, *c, *b; - int ret = 0, l, i; - - l = 80 - 2 - obase; + int i; + int ret = 0; b = X509_NAME_oneline(name, NULL, 0); if (b == NULL) @@ -524,17 +496,15 @@ X509_NAME_print(BIO *bp, const X509_NAME *name, int obase) if (BIO_write(bp, ", ", 2) != 2) goto err; } - l--; } if (*s == '\0') break; s++; - l--; } ret = 1; if (0) { -err: + err: X509error(ERR_R_BUF_LIB); } free(b); diff --git a/crypto/asn1/t_x509a.c b/crypto/asn1/t_x509a.c index b0346fa6..6745318b 100644 --- a/crypto/asn1/t_x509a.c +++ b/crypto/asn1/t_x509a.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t_x509a.c,v 1.9 2021/07/10 17:45:16 schwarze Exp $ */ +/* $OpenBSD: t_x509a.c,v 1.10 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -62,8 +62,9 @@ #include #include -/* X509_CERT_AUX and string set routines - */ +#include "x509_lcl.h" + +/* X509_CERT_AUX and string set routines */ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 4b08e904..5e0692e0 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_dec.c,v 1.38 2020/12/08 15:06:42 tb Exp $ */ +/* $OpenBSD: tasn_dec.c,v 1.83 2022/09/03 19:15:23 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -56,1135 +56,1220 @@ * */ - +#include #include #include + #include #include -#include #include #include +#include -/* Constructed types with a recursive definition (such as can be found in PKCS7) +#include "asn1_locl.h" +#include "bytestring.h" + +/* + * Constructed types with a recursive definition (such as can be found in PKCS7) * could eventually exceed the stack given malicious input with excessive * recursion. Therefore we limit the stack depth. */ #define ASN1_MAX_CONSTRUCTED_NEST 30 -static int asn1_check_eoc(const unsigned char **in, long len); -static int asn1_find_end(const unsigned char **in, long len, char inf); - -static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, - char inf, int tag, int aclass, int depth); - -static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); - -static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, - char *inf, char *cst, const unsigned char **in, long len, int exptag, - int expclass, char opt, ASN1_TLC *ctx); - -static int asn1_template_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, - long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx, int depth); -static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, - long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx, int depth); -static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, - long len, const ASN1_ITEM *it, int tag, int aclass, char opt, - ASN1_TLC *ctx); - -/* Table to convert tags to bit values, used for MSTRING type */ -static const unsigned long tag2bit[32] = { - 0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */ - B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */ - B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */ - B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */ - B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */ - B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING, /* tags 20-22 */ - B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, /* tags 23-24 */ - B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING, /* tags 25-27 */ - B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */ -}; - -unsigned long -ASN1_tag2bit(int tag) +#ifndef ASN1_MAX_STRING_NEST +/* + * This determines how many levels of recursion are permitted in ASN.1 string + * types. If it is not limited stack overflows can occur. If set to zero no + * recursion is allowed at all. + */ +#define ASN1_MAX_STRING_NEST 5 +#endif + +static int asn1_template_d2i(ASN1_VALUE **pval, CBS *cbs, + const ASN1_TEMPLATE *at, int optional, int depth); + +static int +asn1_check_eoc(CBS *cbs) { - if ((tag < 0) || (tag > 30)) + uint16_t eoc; + + if (!CBS_peek_u16(cbs, &eoc)) + return 0; + if (eoc != 0) return 0; - return tag2bit[tag]; -} -/* Macro to initialize and invalidate the cache */ + return CBS_skip(cbs, 2); +} -#define asn1_tlc_clear(c) if (c) (c)->valid = 0 -/* Version to avoid compiler warning about 'c' always non-NULL */ -#define asn1_tlc_clear_nc(c) (c)->valid = 0 +static int +asn1_check_tag(CBS *cbs, size_t *out_len, int *out_tag, uint8_t *out_class, + int *out_indefinite, int *out_constructed, int expected_tag, + int expected_class, int optional) +{ + int constructed, indefinite; + uint32_t tag_number; + uint8_t tag_class; + size_t length; + + if (out_len != NULL) + *out_len = 0; + if (out_tag != NULL) + *out_tag = 0; + if (out_class != NULL) + *out_class = 0; + if (out_indefinite != NULL) + *out_indefinite = 0; + if (out_constructed != NULL) + *out_constructed = 0; + + if (!asn1_get_identifier_cbs(cbs, 0, &tag_class, &constructed, + &tag_number)) { + ASN1error(ASN1_R_BAD_OBJECT_HEADER); + return 0; + } + if (expected_tag >= 0) { + if (expected_tag != tag_number || + expected_class != tag_class << 6) { + /* Indicate missing type if this is OPTIONAL. */ + if (optional) + return -1; -/* Decode an ASN1 item, this currently behaves just - * like a standard 'd2i' function. 'in' points to - * a buffer to read the data from, in future we will - * have more advanced versions that can input data - * a piece at a time and this will simply be a special - * case. - */ + ASN1error(ASN1_R_WRONG_TAG); + return 0; + } + } + if (!asn1_get_length_cbs(cbs, 0, &indefinite, &length)) { + ASN1error(ASN1_R_BAD_OBJECT_HEADER); + return 0; + } -ASN1_VALUE * -ASN1_item_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_ITEM *it) -{ - ASN1_TLC c; - ASN1_VALUE *ptmpval = NULL; + /* Indefinite length can only be used with constructed encoding. */ + if (indefinite && !constructed) { + ASN1error(ASN1_R_BAD_OBJECT_HEADER); + return 0; + } - if (!pval) - pval = &ptmpval; - asn1_tlc_clear_nc(&c); - if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) - return *pval; - return NULL; -} + if (!indefinite && CBS_len(cbs) < length) { + ASN1error(ASN1_R_TOO_LONG); + return 0; + } -int -ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_TEMPLATE *tt) -{ - ASN1_TLC c; + if (tag_number > INT_MAX) { + ASN1error(ASN1_R_TOO_LONG); + return 0; + } - asn1_tlc_clear_nc(&c); - return asn1_template_ex_d2i(pval, in, len, tt, 0, &c, 0); -} + if (indefinite) + length = CBS_len(cbs); + if (out_len != NULL) + *out_len = length; + if (out_tag != NULL) + *out_tag = tag_number; + if (out_class != NULL) + *out_class = tag_class << 6; + if (out_indefinite != NULL) + *out_indefinite = indefinite; + if (out_constructed != NULL) + *out_constructed = constructed; -/* Decode an item, taking care of IMPLICIT tagging, if any. - * If 'opt' set and tag mismatch return -1 to handle OPTIONAL - */ + return 1; +} +/* Collect the contents from a constructed ASN.1 object. */ static int -asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx, - int depth) +asn1_collect(CBB *cbb, CBS *cbs, int indefinite, int expected_tag, + int expected_class, int depth) { - const ASN1_TEMPLATE *tt, *errtt = NULL; - const ASN1_EXTERN_FUNCS *ef; - const ASN1_AUX *aux = it->funcs; - ASN1_aux_cb *asn1_cb = NULL; - const unsigned char *p = NULL, *q; - unsigned char oclass; - char seq_eoc, seq_nolen, cst, isopt; - long tmplen; - int i; - int otag; - int ret = 0; - ASN1_VALUE **pchptr; - int combine; - - combine = aclass & ASN1_TFLG_COMBINE; - aclass &= ~ASN1_TFLG_COMBINE; + int constructed; + size_t length; + CBS content; + int need_eoc; - if (!pval) + if (depth > ASN1_MAX_STRING_NEST) { + ASN1error(ASN1_R_NESTED_ASN1_STRING); return 0; - - if (aux && aux->asn1_cb) - asn1_cb = aux->asn1_cb; - - if (++depth > ASN1_MAX_CONSTRUCTED_NEST) { - ASN1error(ASN1_R_NESTED_TOO_DEEP); - goto err; } - switch (it->itype) { - case ASN1_ITYPE_PRIMITIVE: - if (it->templates) { - /* tagging or OPTIONAL is currently illegal on an item - * template because the flags can't get passed down. - * In practice this isn't a problem: we include the - * relevant flags from the item template in the - * template itself. - */ - if ((tag != -1) || opt) { - ASN1error(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); - goto err; + need_eoc = indefinite; + + while (CBS_len(cbs) > 0) { + if (asn1_check_eoc(cbs)) { + if (!need_eoc) { + ASN1error(ASN1_R_UNEXPECTED_EOC); + return 0; } - return asn1_template_ex_d2i(pval, in, len, - it->templates, opt, ctx, depth); + return 1; + } + if (!asn1_check_tag(cbs, &length, NULL, NULL, &indefinite, + &constructed, expected_tag, expected_class, 0)) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); + return 0; } - return asn1_d2i_ex_primitive(pval, in, len, it, - tag, aclass, opt, ctx); - break; - case ASN1_ITYPE_MSTRING: - /* - * It never makes sense for multi-strings to have implicit - * tagging, so if tag != -1, then this looks like an error in - * the template. - */ - if (tag != -1) { - ASN1error(ASN1_R_BAD_TEMPLATE); - goto err; + if (constructed) { + if (!asn1_collect(cbb, cbs, indefinite, expected_tag, + expected_class, depth + 1)) + return 0; + continue; } - p = *in; - /* Just read in tag and class */ - ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, - &p, len, -1, 0, 1, ctx); - if (!ret) { + if (!CBS_get_bytes(cbs, &content, length)) { ASN1error(ERR_R_NESTED_ASN1_ERROR); - goto err; + return 0; } + if (!CBB_add_bytes(cbb, CBS_data(&content), CBS_len(&content))) + return 0; + } - /* Must be UNIVERSAL class */ - if (oclass != V_ASN1_UNIVERSAL) { - /* If OPTIONAL, assume this is OK */ - if (opt) - return -1; - ASN1error(ASN1_R_MSTRING_NOT_UNIVERSAL); - goto err; - } - /* Check tag matches bit map */ - if (!(ASN1_tag2bit(otag) & it->utype)) { - /* If OPTIONAL, assume this is OK */ - if (opt) - return -1; - ASN1error(ASN1_R_MSTRING_WRONG_TAG); - goto err; - } - return asn1_d2i_ex_primitive(pval, in, len, - it, otag, 0, 0, ctx); + if (need_eoc) { + ASN1error(ASN1_R_MISSING_EOC); + return 0; + } - case ASN1_ITYPE_EXTERN: - /* Use new style d2i */ - ef = it->funcs; - return ef->asn1_ex_d2i(pval, in, len, - it, tag, aclass, opt, ctx); + return 1; +} - case ASN1_ITYPE_CHOICE: - /* - * It never makes sense for CHOICE types to have implicit - * tagging, so if tag != -1, then this looks like an error in - * the template. - */ - if (tag != -1) { - ASN1error(ASN1_R_BAD_TEMPLATE); - goto err; - } +/* Find the end of an ASN.1 object. */ +static int +asn1_find_end(CBS *cbs, size_t length, int indefinite) +{ + size_t eoc_count; - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) - goto auxerr; - - if (*pval) { - /* Free up and zero CHOICE value if initialised */ - i = asn1_get_choice_selector(pval, it); - if ((i >= 0) && (i < it->tcount)) { - tt = it->templates + i; - pchptr = asn1_get_field_ptr(pval, tt); - ASN1_template_free(pchptr, tt); - asn1_set_choice_selector(pval, -1, it); - } - } else if (!ASN1_item_ex_new(pval, it)) { + if (!indefinite) { + if (!CBS_skip(cbs, length)) { ASN1error(ERR_R_NESTED_ASN1_ERROR); - goto err; + return 0; } - /* CHOICE type, try each possibility in turn */ - p = *in; - for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { - pchptr = asn1_get_field_ptr(pval, tt); - /* We mark field as OPTIONAL so its absence - * can be recognised. - */ - ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, - depth); - /* If field not present, try the next one */ - if (ret == -1) - continue; - /* If positive return, read OK, break loop */ - if (ret > 0) + return 1; + } + + eoc_count = 1; + + while (CBS_len(cbs) > 0) { + if (asn1_check_eoc(cbs)) { + if (--eoc_count == 0) break; - /* Otherwise must be an ASN1 parsing error */ - errtt = tt; + continue; + } + if (!asn1_check_tag(cbs, &length, NULL, NULL, + &indefinite, NULL, -1, 0, 0)) { ASN1error(ERR_R_NESTED_ASN1_ERROR); - goto err; + return 0; } - - /* Did we fall off the end without reading anything? */ - if (i == it->tcount) { - /* If OPTIONAL, this is OK */ - if (opt) { - /* Free and zero it */ - ASN1_item_ex_free(pval, it); - return -1; - } - ASN1error(ASN1_R_NO_MATCHING_CHOICE_TYPE); - goto err; + if (indefinite) { + eoc_count++; + continue; } + if (!CBS_skip(cbs, length)) + return 0; + } - asn1_set_choice_selector(pval, i, it); - *in = p; - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) - goto auxerr; - return 1; + if (eoc_count > 0) { + ASN1error(ASN1_R_MISSING_EOC); + return 0; + } - case ASN1_ITYPE_NDEF_SEQUENCE: - case ASN1_ITYPE_SEQUENCE: - p = *in; - tmplen = len; + return 1; +} - /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ - if (tag == -1) { - tag = V_ASN1_SEQUENCE; - aclass = V_ASN1_UNIVERSAL; - } - /* Get SEQUENCE length and update len, p */ - ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, - &p, len, tag, aclass, opt, ctx); - if (!ret) { - ASN1error(ERR_R_NESTED_ASN1_ERROR); +static int +asn1_c2i_primitive(ASN1_VALUE **pval, CBS *content, int utype, const ASN1_ITEM *it) +{ + ASN1_BOOLEAN *abool; + ASN1_STRING *astr; + uint8_t val; + int ret = 0; + + if (it->funcs != NULL) + goto err; + + if (CBS_len(content) > INT_MAX) + goto err; + + switch (utype) { + case V_ASN1_OBJECT: + if (!c2i_ASN1_OBJECT_cbs((ASN1_OBJECT **)pval, content)) goto err; - } else if (ret == -1) - return -1; - if (aux && (aux->flags & ASN1_AFLG_BROKEN)) { - len = tmplen - (p - *in); - seq_nolen = 1; - } - /* If indefinite we don't do a length check */ - else - seq_nolen = seq_eoc; - if (!cst) { - ASN1error(ASN1_R_SEQUENCE_NOT_CONSTRUCTED); + break; + + case V_ASN1_NULL: + if (CBS_len(content) != 0) { + ASN1error(ASN1_R_NULL_IS_WRONG_LENGTH); goto err; } + *pval = (ASN1_VALUE *)1; + break; - if (!*pval && !ASN1_item_ex_new(pval, it)) { - ASN1error(ERR_R_NESTED_ASN1_ERROR); + case V_ASN1_BOOLEAN: + abool = (ASN1_BOOLEAN *)pval; + if (CBS_len(content) != 1) { + ASN1error(ASN1_R_BOOLEAN_IS_WRONG_LENGTH); goto err; } + if (!CBS_get_u8(content, &val)) + goto err; + *abool = val; + break; - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) - goto auxerr; - - /* Free up and zero any ADB found */ - for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { - if (tt->flags & ASN1_TFLG_ADB_MASK) { - const ASN1_TEMPLATE *seqtt; - ASN1_VALUE **pseqval; - seqtt = asn1_do_adb(pval, tt, 1); - if (!seqtt) - goto err; - pseqval = asn1_get_field_ptr(pval, seqtt); - ASN1_template_free(pseqval, seqtt); - } - } + case V_ASN1_BIT_STRING: + if (!c2i_ASN1_BIT_STRING_cbs((ASN1_BIT_STRING **)pval, content)) + goto err; + break; - /* Get each field entry */ - for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { - const ASN1_TEMPLATE *seqtt; - ASN1_VALUE **pseqval; - seqtt = asn1_do_adb(pval, tt, 1); - if (!seqtt) - goto err; - pseqval = asn1_get_field_ptr(pval, seqtt); - /* Have we ran out of data? */ - if (!len) - break; - q = p; - if (asn1_check_eoc(&p, len)) { - if (!seq_eoc) { - ASN1error(ASN1_R_UNEXPECTED_EOC); - goto err; - } - len -= p - q; - seq_eoc = 0; - q = p; - break; - } - /* This determines the OPTIONAL flag value. The field - * cannot be omitted if it is the last of a SEQUENCE - * and there is still data to be read. This isn't - * strictly necessary but it increases efficiency in - * some cases. - */ - if (i == (it->tcount - 1)) - isopt = 0; - else - isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL); - /* attempt to read in field, allowing each to be - * OPTIONAL */ - - ret = asn1_template_ex_d2i(pseqval, &p, len, - seqtt, isopt, ctx, depth); - if (!ret) { - errtt = seqtt; - goto err; - } else if (ret == -1) { - /* OPTIONAL component absent. - * Free and zero the field. - */ - ASN1_template_free(pseqval, seqtt); - continue; - } - /* Update length */ - len -= p - q; - } + case V_ASN1_ENUMERATED: + if (!c2i_ASN1_ENUMERATED_cbs((ASN1_ENUMERATED **)pval, content)) + goto err; + break; - /* Check for EOC if expecting one */ - if (seq_eoc && !asn1_check_eoc(&p, len)) { - ASN1error(ASN1_R_MISSING_EOC); + case V_ASN1_INTEGER: + if (!c2i_ASN1_INTEGER_cbs((ASN1_INTEGER **)pval, content)) + goto err; + break; + + case V_ASN1_OCTET_STRING: + case V_ASN1_NUMERICSTRING: + case V_ASN1_PRINTABLESTRING: + case V_ASN1_T61STRING: + case V_ASN1_VIDEOTEXSTRING: + case V_ASN1_IA5STRING: + case V_ASN1_UTCTIME: + case V_ASN1_GENERALIZEDTIME: + case V_ASN1_GRAPHICSTRING: + case V_ASN1_VISIBLESTRING: + case V_ASN1_GENERALSTRING: + case V_ASN1_UNIVERSALSTRING: + case V_ASN1_BMPSTRING: + case V_ASN1_UTF8STRING: + case V_ASN1_OTHER: + case V_ASN1_SET: + case V_ASN1_SEQUENCE: + default: + if (utype == V_ASN1_BMPSTRING && (CBS_len(content) & 1)) { + ASN1error(ASN1_R_BMPSTRING_IS_WRONG_LENGTH); goto err; } - /* Check all data read */ - if (!seq_nolen && len) { - ASN1error(ASN1_R_SEQUENCE_LENGTH_MISMATCH); + if (utype == V_ASN1_UNIVERSALSTRING && (CBS_len(content) & 3)) { + ASN1error(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); goto err; } - - /* If we get here we've got no more data in the SEQUENCE, - * however we may not have read all fields so check all - * remaining are OPTIONAL and clear any that are. - */ - for (; i < it->tcount; tt++, i++) { - const ASN1_TEMPLATE *seqtt; - seqtt = asn1_do_adb(pval, tt, 1); - if (!seqtt) - goto err; - if (seqtt->flags & ASN1_TFLG_OPTIONAL) { - ASN1_VALUE **pseqval; - pseqval = asn1_get_field_ptr(pval, seqtt); - ASN1_template_free(pseqval, seqtt); - } else { - errtt = seqtt; - ASN1error(ASN1_R_FIELD_MISSING); + if (utype == V_ASN1_UTCTIME || utype == V_ASN1_GENERALIZEDTIME) { + if (!asn1_time_parse_cbs(content, + utype == V_ASN1_GENERALIZEDTIME, NULL)) { + ASN1error(ASN1_R_INVALID_TIME_FORMAT); goto err; } } - /* Save encoding */ - if (!asn1_enc_save(pval, *in, p - *in, it)) { + /* All based on ASN1_STRING and handled the same way. */ + if (*pval != NULL) { + ASN1_STRING_free((ASN1_STRING *)*pval); + *pval = NULL; + } + if ((astr = ASN1_STRING_type_new(utype)) == NULL) { ASN1error(ERR_R_MALLOC_FAILURE); - goto auxerr; + goto err; } - *in = p; - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) - goto auxerr; - return 1; - - default: - return 0; + if (!ASN1_STRING_set(astr, CBS_data(content), CBS_len(content))) { + ASN1_STRING_free(astr); + goto err; + } + *pval = (ASN1_VALUE *)astr; + break; } -auxerr: - ASN1error(ASN1_R_AUX_ERROR); -err: - if (combine == 0) - ASN1_item_ex_free(pval, it); - if (errtt) - ERR_asprintf_error_data("Field=%s, Type=%s", errtt->field_name, - it->sname); - else - ERR_asprintf_error_data("Type=%s", it->sname); - return 0; -} + ret = 1; -int -ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx) -{ - return asn1_item_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0); + err: + return ret; } -/* Templates are handled with two separate functions. - * One handles any EXPLICIT tag and the other handles the rest. - */ - static int -asn1_template_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long inlen, - const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx, int depth) +asn1_c2i_any(ASN1_VALUE **pval, CBS *content, int utype, const ASN1_ITEM *it) { - int flags, aclass; - int ret; - long len; - const unsigned char *p, *q; - char exp_eoc; + ASN1_TYPE *atype; + + if (it->utype != V_ASN1_ANY || it->funcs != NULL) + return 0; + + if (*pval != NULL) { + ASN1_TYPE_free((ASN1_TYPE *)*pval); + *pval = NULL; + } - if (!val) + if ((atype = ASN1_TYPE_new()) == NULL) return 0; - flags = tt->flags; - aclass = flags & ASN1_TFLG_TAG_CLASS; - p = *in; + if (!asn1_c2i_primitive(&atype->value.asn1_value, content, utype, it)) { + ASN1_TYPE_free(atype); + return 0; + } + atype->type = utype; - /* Check if EXPLICIT tag expected */ - if (flags & ASN1_TFLG_EXPTAG) { - char cst; - /* Need to work out amount of data available to the inner - * content and where it starts: so read in EXPLICIT header to - * get the info. - */ - ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, - &p, inlen, tt->tag, aclass, opt, ctx); - q = p; - if (!ret) { - ASN1error(ERR_R_NESTED_ASN1_ERROR); - return 0; - } else if (ret == -1) - return -1; - if (!cst) { - ASN1error(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED); - return 0; - } - /* We've found the field so it can't be OPTIONAL now */ - ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth); - if (!ret) { - ASN1error(ERR_R_NESTED_ASN1_ERROR); - return 0; - } - /* We read the field in OK so update length */ - len -= p - q; - if (exp_eoc) { - /* If NDEF we must have an EOC here */ - if (!asn1_check_eoc(&p, len)) { - ASN1error(ASN1_R_MISSING_EOC); - goto err; - } - } else { - /* Otherwise we must hit the EXPLICIT tag end or its - * an error */ - if (len) { - ASN1error(ASN1_R_EXPLICIT_LENGTH_MISMATCH); - goto err; - } - } - } else - return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, - depth); + /* Fix up value for ASN.1 NULL. */ + if (atype->type == V_ASN1_NULL) + atype->value.ptr = NULL; - *in = p; - return 1; + *pval = (ASN1_VALUE *)atype; -err: - ASN1_template_free(val, tt); - return 0; + return 1; } static int -asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, - const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx, int depth) +asn1_c2i(ASN1_VALUE **pval, CBS *content, int utype, const ASN1_ITEM *it) { - int flags, aclass; - int ret; - const unsigned char *p, *q; - - if (!val) + if (CBS_len(content) > INT_MAX) return 0; - flags = tt->flags; - aclass = flags & ASN1_TFLG_TAG_CLASS; - - p = *in; - q = p; - - if (flags & ASN1_TFLG_SK_MASK) { - /* SET OF, SEQUENCE OF */ - int sktag, skaclass; - char sk_eoc; - /* First work out expected inner tag value */ - if (flags & ASN1_TFLG_IMPTAG) { - sktag = tt->tag; - skaclass = aclass; - } else { - skaclass = V_ASN1_UNIVERSAL; - if (flags & ASN1_TFLG_SET_OF) - sktag = V_ASN1_SET; - else - sktag = V_ASN1_SEQUENCE; - } - /* Get the tag */ - ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, - &p, len, sktag, skaclass, opt, ctx); - if (!ret) { - ASN1error(ERR_R_NESTED_ASN1_ERROR); - return 0; - } else if (ret == -1) - return -1; - if (!*val) - *val = (ASN1_VALUE *)sk_new_null(); - else { - /* We've got a valid STACK: free up any items present */ - STACK_OF(ASN1_VALUE) *sktmp = - (STACK_OF(ASN1_VALUE) *)*val; - ASN1_VALUE *vtmp; - while (sk_ASN1_VALUE_num(sktmp) > 0) { - vtmp = sk_ASN1_VALUE_pop(sktmp); - ASN1_item_ex_free(&vtmp, - tt->item); - } - } - if (!*val) { - ASN1error(ERR_R_MALLOC_FAILURE); - goto err; - } + if (it->funcs != NULL) { + const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; + char free_content = 0; - /* Read as many items as we can */ - while (len > 0) { - ASN1_VALUE *skfield; - q = p; - /* See if EOC found */ - if (asn1_check_eoc(&p, len)) { - if (!sk_eoc) { - ASN1error(ASN1_R_UNEXPECTED_EOC); - goto err; - } - len -= p - q; - sk_eoc = 0; - break; - } - skfield = NULL; - if (!asn1_item_ex_d2i(&skfield, &p, len, - tt->item, -1, 0, 0, ctx, depth)) { - ASN1error(ERR_R_NESTED_ASN1_ERROR); - goto err; - } - len -= p - q; - if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, - skfield)) { - ASN1error(ERR_R_MALLOC_FAILURE); - goto err; - } - } - if (sk_eoc) { - ASN1error(ASN1_R_MISSING_EOC); - goto err; - } - } else if (flags & ASN1_TFLG_IMPTAG) { - /* IMPLICIT tagging */ - ret = asn1_item_ex_d2i(val, &p, len, - tt->item, tt->tag, aclass, opt, ctx, depth); - if (!ret) { - ASN1error(ERR_R_NESTED_ASN1_ERROR); - goto err; - } else if (ret == -1) - return -1; - } else { - /* Nothing special */ - ret = asn1_item_ex_d2i(val, &p, len, tt->item, - -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx, depth); - if (!ret) { - ASN1error(ERR_R_NESTED_ASN1_ERROR); - goto err; - } else if (ret == -1) - return -1; + if (pf->prim_c2i == NULL) + return 0; + + return pf->prim_c2i(pval, CBS_data(content), CBS_len(content), + utype, &free_content, it); } - *in = p; - return 1; + if (it->utype == V_ASN1_ANY) + return asn1_c2i_any(pval, content, utype, it); -err: - ASN1_template_free(val, tt); - return 0; + return asn1_c2i_primitive(pval, content, utype, it); } +/* + * Decode ASN.1 content into a primitive type. There are three possible forms - + * a SEQUENCE/SET/OTHER that is stored verbatim (including the ASN.1 tag and + * length octets), constructed objects and non-constructed objects. In the + * first two cases indefinite length is permitted, which we may need to handle. + * When this function is called the *cbs should reference the start of the + * ASN.1 object (i.e. the tag/length header), while *cbs_object should + * reference the start of the object contents (i.e. after the tag/length + * header. Additionally, the *cbs_object offset should be relative to the + * ASN.1 object being parsed. On success the *cbs will point at the octet + * after the object. + */ static int -asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long inlen, - const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx) +asn1_d2i_primitive_content(ASN1_VALUE **pval, CBS *cbs, CBS *cbs_object, + int utype, int constructed, int indefinite, size_t length, + const ASN1_ITEM *it) { - int ret = 0, utype; - long plen; - char cst, inf, free_cont = 0; - const unsigned char *p; - BUF_MEM buf; - const unsigned char *cont = NULL; - long len; - - buf.length = 0; - buf.max = 0; - buf.data = NULL; - - if (!pval) { - ASN1error(ASN1_R_ILLEGAL_NULL); - return 0; /* Should never happen */ - } - - if (it->itype == ASN1_ITYPE_MSTRING) { - utype = tag; - tag = -1; - } else - utype = it->utype; - - if (utype == V_ASN1_ANY) { - /* If type is ANY need to figure out type from tag */ - unsigned char oclass; - if (tag >= 0) { - ASN1error(ASN1_R_ILLEGAL_TAGGED_ANY); - return 0; - } - if (opt) { - ASN1error(ASN1_R_ILLEGAL_OPTIONAL_ANY); - return 0; - } - p = *in; - ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, - &p, inlen, -1, 0, 0, ctx); - if (!ret) { - ASN1error(ERR_R_NESTED_ASN1_ERROR); - return 0; - } - if (oclass != V_ASN1_UNIVERSAL) - utype = V_ASN1_OTHER; - } - if (tag == -1) { - tag = utype; - aclass = V_ASN1_UNIVERSAL; - } - p = *in; - /* Check header */ - ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, - &p, inlen, tag, aclass, opt, ctx); - if (!ret) { - ASN1error(ERR_R_NESTED_ASN1_ERROR); - return 0; - } else if (ret == -1) - return -1; - ret = 0; - /* SEQUENCE, SET and "OTHER" are left in encoded form */ - if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || - (utype == V_ASN1_OTHER)) { - /* Clear context cache for type OTHER because the auto clear - * when we have a exact match wont work - */ - if (utype == V_ASN1_OTHER) { - asn1_tlc_clear(ctx); - } - /* SEQUENCE and SET must be constructed */ - else if (!cst) { - ASN1error(ASN1_R_TYPE_NOT_CONSTRUCTED); - return 0; - } + CBS cbs_content, cbs_initial; + uint8_t *data = NULL; + size_t data_len = 0; + CBB cbb; + int ret = 0; - cont = *in; - /* If indefinite length constructed find the real end */ - if (inf) { - if (!asn1_find_end(&p, plen, inf)) - goto err; - len = p - cont; - } else { - len = p - cont + plen; - p += plen; - buf.data = NULL; - } - } else if (cst) { - /* Should really check the internal tags are correct but + memset(&cbb, 0, sizeof(cbb)); + + CBS_dup(cbs, &cbs_initial); + CBS_init(&cbs_content, NULL, 0); + + if (asn1_must_be_constructed(utype) && !constructed) { + ASN1error(ASN1_R_TYPE_NOT_CONSTRUCTED); + goto err; + } + if (asn1_must_be_primitive(utype) && constructed) { + ASN1error(ASN1_R_TYPE_NOT_PRIMITIVE); + goto err; + } + + /* SEQUENCE, SET and "OTHER" are left in encoded form. */ + if (utype == V_ASN1_SEQUENCE || utype == V_ASN1_SET || + utype == V_ASN1_OTHER) { + if (!asn1_find_end(cbs_object, length, indefinite)) + goto err; + if (!CBS_get_bytes(&cbs_initial, &cbs_content, + CBS_offset(cbs_object))) + goto err; + } else if (constructed) { + /* + * Should really check the internal tags are correct but * some things may get this wrong. The relevant specs * say that constructed string types should be OCTET STRINGs * internally irrespective of the type. So instead just check * for UNIVERSAL class and ignore the tag. */ - if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) { - free_cont = 1; + if (!CBB_init(&cbb, 0)) goto err; - } - len = buf.length; - /* Append a final null to string */ - if (!BUF_MEM_grow_clean(&buf, len + 1)) { - ASN1error(ERR_R_MALLOC_FAILURE); - return 0; - } - buf.data[len] = 0; - cont = (const unsigned char *)buf.data; - free_cont = 1; + if (!asn1_collect(&cbb, cbs_object, indefinite, -1, + V_ASN1_UNIVERSAL, 0)) + goto err; + if (!CBB_finish(&cbb, &data, &data_len)) + goto err; + + CBS_init(&cbs_content, data, data_len); } else { - cont = p; - len = plen; - p += plen; + if (!CBS_get_bytes(cbs_object, &cbs_content, length)) + goto err; } - /* We now have content length and type: translate into a structure */ - if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) + if (!asn1_c2i(pval, &cbs_content, utype, it)) + goto err; + + if (!CBS_skip(cbs, CBS_offset(cbs_object))) goto err; - *in = p; ret = 1; -err: - if (free_cont && buf.data) - free(buf.data); + err: + CBB_cleanup(&cbb); + freezero(data, data_len); + return ret; } -/* Translate ASN1 content octets into a structure */ +static int +asn1_d2i_any(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it, + int tag_number, int tag_class, int optional) +{ + int constructed, indefinite; + uint8_t object_class; + int object_type; + CBS cbs_object; + size_t length; -int -asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, - char *free_cont, const ASN1_ITEM *it) + CBS_init(&cbs_object, CBS_data(cbs), CBS_len(cbs)); + + if (it->utype != V_ASN1_ANY) + return 0; + + if (tag_number >= 0) { + ASN1error(ASN1_R_ILLEGAL_TAGGED_ANY); + return 0; + } + if (optional) { + ASN1error(ASN1_R_ILLEGAL_OPTIONAL_ANY); + return 0; + } + + /* Determine type from ASN.1 tag. */ + if (asn1_check_tag(&cbs_object, &length, &object_type, &object_class, + &indefinite, &constructed, -1, 0, 0) != 1) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); + return 0; + } + if (object_class != V_ASN1_UNIVERSAL) + object_type = V_ASN1_OTHER; + + return asn1_d2i_primitive_content(pval, cbs, &cbs_object, object_type, + constructed, indefinite, length, it); +} + +static int +asn1_d2i_mstring(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it, + int tag_number, int tag_class, int optional) { - ASN1_VALUE **opval = NULL; - ASN1_STRING *stmp; - ASN1_TYPE *typ = NULL; - ASN1_INTEGER **tint; - int ret = 0; + int constructed, indefinite; + uint8_t object_class; + int object_tag; + CBS cbs_object; + size_t length; - if (it->funcs != NULL) { - const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; + CBS_init(&cbs_object, CBS_data(cbs), CBS_len(cbs)); - if (pf->prim_c2i == NULL) - return 0; - return pf->prim_c2i(pval, cont, len, utype, free_cont, it); + /* + * It never makes sense for multi-strings to have implicit tagging, so + * if tag_number != -1, then this looks like an error in the template. + */ + if (tag_number != -1) { + ASN1error(ASN1_R_BAD_TEMPLATE); + return 0; } - /* If ANY type clear type and set pointer to internal value */ - if (it->utype == V_ASN1_ANY) { - if (!*pval) { - typ = ASN1_TYPE_new(); - if (typ == NULL) - goto err; - *pval = (ASN1_VALUE *)typ; - } else - typ = (ASN1_TYPE *)*pval; + if (asn1_check_tag(&cbs_object, &length, &object_tag, &object_class, + &indefinite, &constructed, -1, 0, 1) != 1) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); + return 0; + } - if (utype != typ->type) - ASN1_TYPE_set(typ, utype, NULL); - opval = pval; - pval = &typ->value.asn1_value; + /* Class must be UNIVERSAL. */ + if (object_class != V_ASN1_UNIVERSAL) { + if (optional) + return -1; + ASN1error(ASN1_R_MSTRING_NOT_UNIVERSAL); + return 0; + } + /* Check tag matches bit map. */ + if ((ASN1_tag2bit(object_tag) & it->utype) == 0) { + if (optional) + return -1; + ASN1error(ASN1_R_MSTRING_WRONG_TAG); + return 0; } - switch (utype) { - case V_ASN1_OBJECT: - if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) - goto err; - break; - case V_ASN1_NULL: - if (len) { - ASN1error(ASN1_R_NULL_IS_WRONG_LENGTH); + return asn1_d2i_primitive_content(pval, cbs, &cbs_object, + object_tag, constructed, indefinite, length, it); +} + +static int +asn1_d2i_primitive(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it, + int tag_number, int tag_class, int optional) +{ + CBS cbs_object; + int constructed, indefinite; + int utype = it->utype; + size_t length; + int ret; + + CBS_init(&cbs_object, CBS_data(cbs), CBS_len(cbs)); + + if (it->itype == ASN1_ITYPE_MSTRING) + return 0; + + if (it->utype == V_ASN1_ANY) + return asn1_d2i_any(pval, cbs, it, tag_number, tag_class, optional); + + if (tag_number == -1) { + tag_number = it->utype; + tag_class = V_ASN1_UNIVERSAL; + } + + ret = asn1_check_tag(&cbs_object, &length, NULL, NULL, &indefinite, + &constructed, tag_number, tag_class, optional); + if (ret == -1) + return -1; + if (ret != 1) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); + return 0; + } + + return asn1_d2i_primitive_content(pval, cbs, &cbs_object, utype, + constructed, indefinite, length, it); +} + +static int +asn1_item_d2i_choice(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it, + int tag_number, int tag_class, int optional, int depth) +{ + const ASN1_TEMPLATE *at, *errat = NULL; + const ASN1_AUX *aux; + ASN1_aux_cb *asn1_cb = NULL; + ASN1_VALUE *achoice = NULL; + ASN1_VALUE **pchptr; + int i, ret; + + if ((aux = it->funcs) != NULL) + asn1_cb = aux->asn1_cb; + + if (it->itype != ASN1_ITYPE_CHOICE) + goto err; + + /* + * It never makes sense for CHOICE types to have implicit tagging, so + * if tag_number != -1, then this looks like an error in the template. + */ + if (tag_number != -1) { + ASN1error(ASN1_R_BAD_TEMPLATE); + goto err; + } + + if (*pval != NULL) { + ASN1_item_ex_free(pval, it); + *pval = NULL; + } + + if (!ASN1_item_ex_new(&achoice, it)) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); + goto err; + } + + if (asn1_cb != NULL && !asn1_cb(ASN1_OP_D2I_PRE, &achoice, it, NULL)) { + ASN1error(ASN1_R_AUX_ERROR); + goto err; + } + + /* Try each possible CHOICE in turn. */ + for (i = 0; i < it->tcount; i++) { + at = &it->templates[i]; + + pchptr = asn1_get_field_ptr(&achoice, at); + + /* Mark field as OPTIONAL so its absence can be identified. */ + ret = asn1_template_d2i(pchptr, cbs, at, 1, depth); + if (ret == -1) + continue; + if (ret != 1) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); + errat = at; goto err; } - *pval = (ASN1_VALUE *)1; + + /* We've successfully decoded an ASN.1 object. */ + asn1_set_choice_selector(&achoice, i, it); break; + } - case V_ASN1_BOOLEAN: - if (len != 1) { - ASN1error(ASN1_R_BOOLEAN_IS_WRONG_LENGTH); - goto err; - } else { - ASN1_BOOLEAN *tbool; - tbool = (ASN1_BOOLEAN *)pval; - *tbool = *cont; + /* Did we fall off the end without reading anything? */ + if (i == it->tcount) { + if (optional) { + ASN1_item_ex_free(&achoice, it); + return -1; } - break; + ASN1error(ASN1_R_NO_MATCHING_CHOICE_TYPE); + goto err; + } - case V_ASN1_BIT_STRING: - if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) - goto err; - break; + if (asn1_cb != NULL && !asn1_cb(ASN1_OP_D2I_POST, &achoice, it, NULL)) { + ASN1error(ASN1_R_AUX_ERROR); + goto err; + } - case V_ASN1_INTEGER: - case V_ASN1_ENUMERATED: - tint = (ASN1_INTEGER **)pval; - if (!c2i_ASN1_INTEGER(tint, &cont, len)) - goto err; - /* Fixup type to match the expected form */ - (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG); - break; + *pval = achoice; + achoice = NULL; - case V_ASN1_OCTET_STRING: - case V_ASN1_NUMERICSTRING: - case V_ASN1_PRINTABLESTRING: - case V_ASN1_T61STRING: - case V_ASN1_VIDEOTEXSTRING: - case V_ASN1_IA5STRING: - case V_ASN1_UTCTIME: - case V_ASN1_GENERALIZEDTIME: - case V_ASN1_GRAPHICSTRING: - case V_ASN1_VISIBLESTRING: - case V_ASN1_GENERALSTRING: - case V_ASN1_UNIVERSALSTRING: - case V_ASN1_BMPSTRING: - case V_ASN1_UTF8STRING: - case V_ASN1_OTHER: - case V_ASN1_SET: - case V_ASN1_SEQUENCE: - default: - if (utype == V_ASN1_BMPSTRING && (len & 1)) { - ASN1error(ASN1_R_BMPSTRING_IS_WRONG_LENGTH); + return 1; + + err: + ASN1_item_ex_free(&achoice, it); + + if (errat != NULL) + ERR_asprintf_error_data("Field=%s, Type=%s", errat->field_name, + it->sname); + else + ERR_asprintf_error_data("Type=%s", it->sname); + + return 0; +} + +static int +asn1_item_d2i_sequence(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it, + int tag_number, int tag_class, int optional, int depth) +{ + CBS cbs_seq, cbs_seq_content, cbs_object; + int constructed, indefinite, optional_field; + const ASN1_TEMPLATE *errat = NULL; + const ASN1_TEMPLATE *seqat, *at; + ASN1_aux_cb *asn1_cb = NULL; + const ASN1_AUX *aux; + ASN1_VALUE *aseq = NULL; + ASN1_VALUE **pseqval; + int eoc_needed, i; + size_t length; + int ret = 0; + + CBS_init(&cbs_seq, CBS_data(cbs), CBS_len(cbs)); + + if ((aux = it->funcs) != NULL) + asn1_cb = aux->asn1_cb; + + if (it->itype != ASN1_ITYPE_NDEF_SEQUENCE && + it->itype != ASN1_ITYPE_SEQUENCE) + goto err; + + if (*pval != NULL) { + ASN1_item_ex_free(pval, it); + *pval = NULL; + } + + /* If no IMPLICIT tagging use UNIVERSAL/SEQUENCE. */ + if (tag_number == -1) { + tag_class = V_ASN1_UNIVERSAL; + tag_number = V_ASN1_SEQUENCE; + } + + /* Read ASN.1 SEQUENCE header. */ + ret = asn1_check_tag(&cbs_seq, &length, NULL, NULL, &indefinite, + &constructed, tag_number, tag_class, optional); + if (ret == -1) + return -1; + if (ret != 1) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); + goto err; + } + + if (!constructed) { + ASN1error(ASN1_R_SEQUENCE_NOT_CONSTRUCTED); + goto err; + } + + if (indefinite) { + eoc_needed = 1; + CBS_init(&cbs_seq_content, CBS_data(&cbs_seq), CBS_len(&cbs_seq)); + } else { + eoc_needed = 0; + if (!CBS_get_bytes(&cbs_seq, &cbs_seq_content, length)) goto err; + } + + if (!ASN1_item_ex_new(&aseq, it)) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); + goto err; + } + + if (asn1_cb != NULL && !asn1_cb(ASN1_OP_D2I_PRE, &aseq, it, NULL)) { + ASN1error(ASN1_R_AUX_ERROR); + goto err; + } + + for (i = 0; i < it->tcount; i++) { + at = &it->templates[i]; + + if (asn1_check_eoc(&cbs_seq_content)) { + if (!indefinite) { + ASN1error(ASN1_R_UNEXPECTED_EOC); + goto err; + } + eoc_needed = 0; + break; } - if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) { - ASN1error(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); + if (CBS_len(&cbs_seq_content) == 0) + break; + + if ((seqat = asn1_do_adb(&aseq, at, 1)) == NULL) goto err; + + pseqval = asn1_get_field_ptr(&aseq, seqat); + + /* + * This was originally implemented to "increase efficiency", + * however it currently needs to remain since it papers over + * the use of ASN.1 ANY with OPTIONAL in SEQUENCEs (which + * asn1_d2i_primitive() currently rejects). + */ + optional_field = (seqat->flags & ASN1_TFLG_OPTIONAL) != 0; + if (i == it->tcount - 1) + optional_field = 0; + + ret = asn1_template_d2i(pseqval, &cbs_seq_content, + seqat, optional_field, depth); + if (ret == -1) { + /* Absent OPTIONAL component. */ + ASN1_template_free(pseqval, seqat); + continue; } - /* All based on ASN1_STRING and handled the same */ - if (!*pval) { - stmp = ASN1_STRING_type_new(utype); - if (!stmp) { - ASN1error(ERR_R_MALLOC_FAILURE); - goto err; - } - *pval = (ASN1_VALUE *)stmp; - } else { - stmp = (ASN1_STRING *)*pval; - stmp->type = utype; + if (ret != 1) { + errat = seqat; + goto err; } - /* If we've already allocated a buffer use it */ - if (*free_cont) { - free(stmp->data); - stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */ - stmp->length = len; - *free_cont = 0; - } else { - if (!ASN1_STRING_set(stmp, cont, len)) { - ASN1error(ERR_R_MALLOC_FAILURE); - ASN1_STRING_free(stmp); - *pval = NULL; - goto err; - } + } + + if (eoc_needed && !asn1_check_eoc(&cbs_seq_content)) { + ASN1error(ASN1_R_MISSING_EOC); + goto err; + } + + if (indefinite) { + if (!CBS_skip(&cbs_seq, CBS_offset(&cbs_seq_content))) + goto err; + } else if (CBS_len(&cbs_seq_content) != 0) { + ASN1error(ASN1_R_SEQUENCE_LENGTH_MISMATCH); + goto err; + } + + /* + * There is no more data in the ASN.1 SEQUENCE, however we may not have + * populated all fields - check that any remaining are OPTIONAL. + */ + for (; i < it->tcount; i++) { + at = &it->templates[i]; + + if ((seqat = asn1_do_adb(&aseq, at, 1)) == NULL) + goto err; + + if ((seqat->flags & ASN1_TFLG_OPTIONAL) == 0) { + ASN1error(ASN1_R_FIELD_MISSING); + errat = seqat; + goto err; } - break; + + /* XXX - this is probably unnecessary with earlier free. */ + pseqval = asn1_get_field_ptr(&aseq, seqat); + ASN1_template_free(pseqval, seqat); } - /* If ASN1_ANY and NULL type fix up value */ - if (typ && (utype == V_ASN1_NULL)) - typ->value.ptr = NULL; - ret = 1; + if (!CBS_get_bytes(cbs, &cbs_object, CBS_offset(&cbs_seq))) + goto err; + + if (!asn1_enc_save(&aseq, &cbs_object, it)) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } -err: - if (!ret) { - ASN1_TYPE_free(typ); - if (opval) - *opval = NULL; + if (asn1_cb != NULL && !asn1_cb(ASN1_OP_D2I_POST, &aseq, it, NULL)) { + ASN1error(ASN1_R_AUX_ERROR); + goto err; } - return ret; + + *pval = aseq; + aseq = NULL; + + return 1; + + err: + ASN1_item_ex_free(&aseq, it); + + if (errat != NULL) + ERR_asprintf_error_data("Field=%s, Type=%s", errat->field_name, + it->sname); + else + ERR_asprintf_error_data("Type=%s", it->sname); + + return 0; } +static int +asn1_item_d2i_extern(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it, + int tag_number, int tag_class, int optional) +{ + const ASN1_EXTERN_FUNCS *ef = it->funcs; + const unsigned char *p = NULL; + ASN1_TLC ctx = { 0 }; + int ret = 0; + + if (CBS_len(cbs) > LONG_MAX) + return 0; -/* This function finds the end of an ASN1 structure when passed its maximum - * length, whether it is indefinite length and a pointer to the content. - * This is more efficient than calling asn1_collect because it does not - * recurse on each indefinite length header. - */ + p = CBS_data(cbs); + + if ((ret = ef->asn1_ex_d2i(pval, &p, (long)CBS_len(cbs), it, + tag_number, tag_class, optional, &ctx)) == 1) { + if (!CBS_skip(cbs, p - CBS_data(cbs))) + goto err; + } + return ret; + + err: + ASN1_item_ex_free(pval, it); + + ERR_asprintf_error_data("Type=%s", it->sname); + + return 0; +} static int -asn1_find_end(const unsigned char **in, long len, char inf) +asn1_item_d2i(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it, + int tag_number, int tag_class, int optional, int depth) { - int expected_eoc; - long plen; - const unsigned char *p = *in, *q; + if (pval == NULL) + return 0; - /* If not indefinite length constructed just add length */ - if (inf == 0) { - *in += len; - return 1; + if (++depth > ASN1_MAX_CONSTRUCTED_NEST) { + ASN1error(ASN1_R_NESTED_TOO_DEEP); + goto err; } - expected_eoc = 1; - /* Indefinite length constructed form. Find the end when enough EOCs - * are found. If more indefinite length constructed headers - * are encountered increment the expected eoc count otherwise just - * skip to the end of the data. - */ - while (len > 0) { - if (asn1_check_eoc(&p, len)) { - expected_eoc--; - if (expected_eoc == 0) - break; - len -= 2; - continue; - } - q = p; - /* Just read in a header: only care about the length */ - if (!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len, - -1, 0, 0, NULL)) { - ASN1error(ERR_R_NESTED_ASN1_ERROR); - return 0; + + switch (it->itype) { + case ASN1_ITYPE_PRIMITIVE: + if (it->templates != NULL) { + /* + * Tagging or OPTIONAL is currently illegal on an item + * template because the flags can't get passed down. + * In practice this isn't a problem: we include the + * relevant flags from the item template in the + * template itself. + */ + if (tag_number != -1 || optional) { + ASN1error(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); + goto err; + } + return asn1_template_d2i(pval, cbs, it->templates, + optional, depth); } - if (inf) - expected_eoc++; - else - p += plen; - len -= p - q; - } - if (expected_eoc) { - ASN1error(ASN1_R_MISSING_EOC); + return asn1_d2i_primitive(pval, cbs, it, tag_number, tag_class, + optional); + + case ASN1_ITYPE_MSTRING: + return asn1_d2i_mstring(pval, cbs, it, tag_number, tag_class, + optional); + + case ASN1_ITYPE_EXTERN: + return asn1_item_d2i_extern(pval, cbs, it, tag_number, + tag_class, optional); + + case ASN1_ITYPE_CHOICE: + return asn1_item_d2i_choice(pval, cbs, it, tag_number, + tag_class, optional, depth); + + case ASN1_ITYPE_NDEF_SEQUENCE: + case ASN1_ITYPE_SEQUENCE: + return asn1_item_d2i_sequence(pval, cbs, it, tag_number, + tag_class, optional, depth); + + default: return 0; } - *in = p; - return 1; + + err: + ASN1_item_ex_free(pval, it); + + ERR_asprintf_error_data("Type=%s", it->sname); + + return 0; } -/* This function collects the asn1 data from a constructred string - * type into a buffer. The values of 'in' and 'len' should refer - * to the contents of the constructed type and 'inf' should be set - * if it is indefinite length. - */ -#ifndef ASN1_MAX_STRING_NEST -/* This determines how many levels of recursion are permitted in ASN1 - * string types. If it is not limited stack overflows can occur. If set - * to zero no recursion is allowed at all. Although zero should be adequate - * examples exist that require a value of 1. So 5 should be more than enough. - */ -#define ASN1_MAX_STRING_NEST 5 -#endif +static void +asn1_template_stack_of_free(STACK_OF(ASN1_VALUE) *avals, + const ASN1_TEMPLATE *at) +{ + ASN1_VALUE *aval; + + if (avals == NULL) + return; + + while (sk_ASN1_VALUE_num(avals) > 0) { + aval = sk_ASN1_VALUE_pop(avals); + ASN1_item_ex_free(&aval, at->item); + } + sk_ASN1_VALUE_free(avals); +} static int -asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, char inf, - int tag, int aclass, int depth) +asn1_template_stack_of_d2i(ASN1_VALUE **pval, CBS *cbs, const ASN1_TEMPLATE *at, + int optional, int depth) { - const unsigned char *p, *q; - long plen; - char cst, ininf; - - p = *in; - inf &= 1; - /* If no buffer and not indefinite length constructed just pass over - * the encoded data */ - if (!buf && !inf) { - *in += len; - return 1; + CBS cbs_object, cbs_object_content; + STACK_OF(ASN1_VALUE) *avals = NULL; + ASN1_VALUE *aval = NULL; + int tag_number, tag_class; + int eoc_needed; + int indefinite; + size_t length; + int ret; + + CBS_init(&cbs_object, CBS_data(cbs), CBS_len(cbs)); + + if (pval == NULL) + return 0; + + asn1_template_stack_of_free((STACK_OF(ASN1_VALUE) *)*pval, at); + *pval = NULL; + + tag_number = at->tag; + tag_class = at->flags & ASN1_TFLG_TAG_CLASS; + + /* Determine the inner tag value for SET OF or SEQUENCE OF. */ + if ((at->flags & ASN1_TFLG_IMPTAG) == 0) { + tag_number = V_ASN1_SEQUENCE; + tag_class = V_ASN1_UNIVERSAL; + if ((at->flags & ASN1_TFLG_SET_OF) != 0) + tag_number = V_ASN1_SET; + } + + ret = asn1_check_tag(&cbs_object, &length, NULL, NULL, &indefinite, + NULL, tag_number, tag_class, optional); + if (ret == -1) + return -1; + if (ret != 1) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); + return 0; + } + + if (indefinite) { + eoc_needed = 1; + CBS_init(&cbs_object_content, CBS_data(&cbs_object), + CBS_len(&cbs_object)); + } else { + eoc_needed = 0; + if (!CBS_get_bytes(&cbs_object, &cbs_object_content, + length)) + goto err; } - while (len > 0) { - q = p; - /* Check for EOC */ - if (asn1_check_eoc(&p, len)) { - /* EOC is illegal outside indefinite length - * constructed form */ - if (!inf) { + + if ((avals = sk_ASN1_VALUE_new_null()) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + + /* Read as many items as possible. */ + while (CBS_len(&cbs_object_content) > 0) { + if (asn1_check_eoc(&cbs_object_content)) { + if (!eoc_needed) { ASN1error(ASN1_R_UNEXPECTED_EOC); - return 0; + goto err; } - inf = 0; + eoc_needed = 0; break; } - - if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, - len, tag, aclass, 0, NULL)) { + if (!asn1_item_d2i(&aval, &cbs_object_content, at->item, -1, 0, + 0, depth)) { ASN1error(ERR_R_NESTED_ASN1_ERROR); - return 0; + goto err; } - - /* If indefinite length constructed update max length */ - if (cst) { - if (depth >= ASN1_MAX_STRING_NEST) { - ASN1error(ASN1_R_NESTED_ASN1_STRING); - return 0; - } - if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, - depth + 1)) - return 0; - } else if (plen && !collect_data(buf, &p, plen)) - return 0; - len -= p - q; + if (!sk_ASN1_VALUE_push(avals, aval)) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + aval = NULL; } - if (inf) { + if (eoc_needed) { ASN1error(ASN1_R_MISSING_EOC); - return 0; + goto err; } - *in = p; + + if (indefinite) { + if (!CBS_skip(&cbs_object, CBS_offset(&cbs_object_content))) + goto err; + } + + if (!CBS_skip(cbs, CBS_offset(&cbs_object))) + goto err; + + *pval = (ASN1_VALUE *)avals; + avals = NULL; + return 1; + + err: + asn1_template_stack_of_free(avals, at); + ASN1_item_ex_free(&aval, at->item); + + return 0; } static int -collect_data(BUF_MEM *buf, const unsigned char **p, long plen) +asn1_template_noexp_d2i(ASN1_VALUE **pval, CBS *cbs, const ASN1_TEMPLATE *at, + int optional, int depth) { - int len; - if (buf) { - len = buf->length; - if (!BUF_MEM_grow_clean(buf, len + plen)) { - ASN1error(ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(buf->data + len, *p, plen); + int tag_number, tag_class; + int ret; + + if (pval == NULL) + return 0; + + if ((at->flags & ASN1_TFLG_SK_MASK) != 0) + return asn1_template_stack_of_d2i(pval, cbs, at, optional, depth); + + tag_number = -1; + tag_class = V_ASN1_UNIVERSAL; + + /* See if we need to use IMPLICIT tagging. */ + if ((at->flags & ASN1_TFLG_IMPTAG) != 0) { + tag_number = at->tag; + tag_class = at->flags & ASN1_TFLG_TAG_CLASS; + } + + ret = asn1_item_d2i(pval, cbs, at->item, tag_number, tag_class, + optional, depth); + if (ret == -1) + return -1; + if (ret != 1) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); + goto err; } - *p += plen; + return 1; -} -/* Check for ASN1 EOC and swallow it if found */ + err: + /* XXX - The called function should have freed already. */ + ASN1_template_free(pval, at); + return 0; +} static int -asn1_check_eoc(const unsigned char **in, long len) +asn1_template_d2i(ASN1_VALUE **pval, CBS *cbs, const ASN1_TEMPLATE *at, + int optional, int depth) { - const unsigned char *p; + CBS cbs_exp, cbs_exp_content; + int constructed, indefinite; + size_t length; + int ret; - if (len < 2) + if (pval == NULL) + return 0; + + /* Check if EXPLICIT tag is expected. */ + if ((at->flags & ASN1_TFLG_EXPTAG) == 0) + return asn1_template_noexp_d2i(pval, cbs, at, optional, depth); + + CBS_init(&cbs_exp, CBS_data(cbs), CBS_len(cbs)); + + /* Read ASN.1 header for EXPLICIT tagged object. */ + ret = asn1_check_tag(&cbs_exp, &length, NULL, NULL, &indefinite, + &constructed, at->tag, at->flags & ASN1_TFLG_TAG_CLASS, optional); + if (ret == -1) + return -1; + if (ret != 1) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); return 0; - p = *in; - if (!p[0] && !p[1]) { - *in += 2; - return 1; } - return 0; -} -/* Check an ASN1 tag and length: a bit like ASN1_get_object - * but it sets the length for indefinite length constructed - * form, we don't know the exact length but we can set an - * upper bound to the amount of data available minus the - * header length just read. - */ + if (!constructed) { + ASN1error(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED); + return 0; + } -static int -asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, - char *cst, const unsigned char **in, long len, int exptag, int expclass, - char opt, ASN1_TLC *ctx) -{ - int i; - int ptag, pclass; - long plen; - const unsigned char *p, *q; - - p = *in; - q = p; - - if (ctx && ctx->valid) { - i = ctx->ret; - plen = ctx->plen; - pclass = ctx->pclass; - ptag = ctx->ptag; - p += ctx->hdrlen; + if (indefinite) { + CBS_init(&cbs_exp_content, CBS_data(&cbs_exp), CBS_len(&cbs_exp)); } else { - i = ASN1_get_object(&p, &plen, &ptag, &pclass, len); - if (ctx) { - ctx->ret = i; - ctx->plen = plen; - ctx->pclass = pclass; - ctx->ptag = ptag; - ctx->hdrlen = p - q; - ctx->valid = 1; - /* If definite length, and no error, length + - * header can't exceed total amount of data available. - */ - if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) { - ASN1error(ASN1_R_TOO_LONG); - asn1_tlc_clear(ctx); - return 0; - } - } + if (!CBS_get_bytes(&cbs_exp, &cbs_exp_content, length)) + goto err; } - if (i & 0x80) { - ASN1error(ASN1_R_BAD_OBJECT_HEADER); - asn1_tlc_clear(ctx); + if ((ret = asn1_template_noexp_d2i(pval, &cbs_exp_content, at, 0, + depth)) != 1) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); return 0; } - if (exptag >= 0) { - if ((exptag != ptag) || (expclass != pclass)) { - /* If type is OPTIONAL, not an error: - * indicate missing type. - */ - if (opt) - return -1; - asn1_tlc_clear(ctx); - ASN1error(ASN1_R_WRONG_TAG); - return 0; + + if (indefinite) { + if (!asn1_check_eoc(&cbs_exp_content)) { + ASN1error(ASN1_R_MISSING_EOC); + goto err; } - /* We have a tag and class match: - * assume we are going to do something with it */ - asn1_tlc_clear(ctx); - } - - if (i & 1) - plen = len - (p - q); - if (inf) - *inf = i & 1; - if (cst) - *cst = i & V_ASN1_CONSTRUCTED; - if (olen) - *olen = plen; - if (oclass) - *oclass = pclass; - if (otag) - *otag = ptag; - - *in = p; + if (!CBS_skip(&cbs_exp, CBS_offset(&cbs_exp_content))) + goto err; + } else if (CBS_len(&cbs_exp_content) != 0) { + ASN1error(ASN1_R_SEQUENCE_LENGTH_MISMATCH); + goto err; + } + + if (!CBS_skip(cbs, CBS_offset(&cbs_exp))) + goto err; + return 1; + + err: + ASN1_template_free(pval, at); + return 0; +} + +ASN1_VALUE * +ASN1_item_d2i(ASN1_VALUE **pval, const unsigned char **in, long inlen, + const ASN1_ITEM *it) +{ + ASN1_VALUE *ptmpval = NULL; + + if (pval == NULL) + pval = &ptmpval; + if (ASN1_item_ex_d2i(pval, in, inlen, it, -1, 0, 0, NULL) <= 0) + return NULL; + + return *pval; +} + +int +ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long inlen, + const ASN1_ITEM *it, int tag_number, int tag_class, char optional, + ASN1_TLC *ctx) +{ + CBS cbs; + int ret; + + if (inlen < 0) + return 0; + + CBS_init(&cbs, *in, inlen); + if ((ret = asn1_item_d2i(pval, &cbs, it, tag_number, tag_class, + (int)optional, 0)) == 1) + *in = CBS_data(&cbs); + + return ret; +} + +int +ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_TEMPLATE *at) +{ + CBS cbs; + int ret; + + if (len < 0) + return 0; + + CBS_init(&cbs, *in, len); + if ((ret = asn1_template_d2i(pval, &cbs, at, 0, 0)) == 1) + *in = CBS_data(&cbs); + + return ret; } diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index 5d95f035..8e17d666 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_enc.c,v 1.23 2020/12/08 15:06:42 tb Exp $ */ +/* $OpenBSD: tasn_enc.c,v 1.25.2.1 2022/10/20 09:47:01 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -64,6 +64,8 @@ #include #include +#include "asn1_locl.h" + static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, @@ -492,7 +494,7 @@ static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass) { - int len; + int olen, len; int utype; int usetag; int ndef = 0; @@ -503,7 +505,7 @@ asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, * out the underlying type. */ - len = asn1_ex_i2c(pval, NULL, &utype, it); + olen = len = asn1_ex_i2c(pval, NULL, &utype, it); /* If SEQUENCE, SET or OTHER then header is * included in pseudo content octets so don't @@ -527,6 +529,10 @@ asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, len = 0; } + /* Treat any other negative value as an error. */ + if (len < 0) + return -1; + /* If not implicitly tagged get tag from underlying type */ if (tag == -1) tag = utype; @@ -535,7 +541,8 @@ asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, if (out) { if (usetag) ASN1_put_object(out, ndef, len, tag, aclass); - asn1_ex_i2c(pval, *out, &utype, it); + if (asn1_ex_i2c(pval, *out, &utype, it) != olen) + return -1; if (ndef) ASN1_put_eoc(out); else diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c index b621af3b..cc7b838c 100644 --- a/crypto/asn1/tasn_fre.c +++ b/crypto/asn1/tasn_fre.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_fre.c,v 1.17 2019/04/01 15:48:04 jsing Exp $ */ +/* $OpenBSD: tasn_fre.c,v 1.20 2022/05/12 19:55:58 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -62,25 +62,26 @@ #include #include -static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, - int combine); +#include "asn1_locl.h" + +static void asn1_item_free(ASN1_VALUE **pval, const ASN1_ITEM *it); /* Free up an ASN1 structure */ void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it) { - asn1_item_combine_free(&val, it, 0); + asn1_item_free(&val, it); } void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - asn1_item_combine_free(pval, it, 0); + asn1_item_free(pval, it); } static void -asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) +asn1_item_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { const ASN1_TEMPLATE *tt = NULL, *seqtt; const ASN1_EXTERN_FUNCS *ef; @@ -124,10 +125,8 @@ asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) } if (asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL); - if (!combine) { - free(*pval); - *pval = NULL; - } + free(*pval); + *pval = NULL; break; case ASN1_ITYPE_EXTERN: @@ -145,7 +144,7 @@ asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) if (i == 2) return; } - asn1_enc_free(pval, it); + asn1_enc_cleanup(pval, it); /* If we free up as normal we will invalidate any * ANY DEFINED BY field and we wont be able to * determine the type of the field it defines. So @@ -162,10 +161,8 @@ asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) } if (asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL); - if (!combine) { - free(*pval); - *pval = NULL; - } + free(*pval); + *pval = NULL; break; } } @@ -179,14 +176,12 @@ ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) { ASN1_VALUE *vtmp; vtmp = sk_ASN1_VALUE_value(sk, i); - asn1_item_combine_free(&vtmp, tt->item, - 0); + asn1_item_free(&vtmp, tt->item); } sk_ASN1_VALUE_free(sk); *pval = NULL; } else - asn1_item_combine_free(pval, tt->item, - tt->flags & ASN1_TFLG_COMBINE); + asn1_item_free(pval, tt->item); } void diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index 7c9bb989..83b0fce5 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_new.c,v 1.18 2019/04/01 15:48:04 jsing Exp $ */ +/* $OpenBSD: tasn_new.c,v 1.22 2022/05/10 05:19:22 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -64,8 +64,9 @@ #include #include -static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, - int combine); +#include "asn1_locl.h" + +static int asn1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it); static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); @@ -84,11 +85,11 @@ ASN1_item_new(const ASN1_ITEM *it) int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - return asn1_item_ex_combine_new(pval, it, 0); + return asn1_item_ex_new(pval, it); } static int -asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) +asn1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { const ASN1_TEMPLATE *tt = NULL; const ASN1_EXTERN_FUNCS *ef; @@ -100,13 +101,7 @@ asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) if (aux != NULL && aux->asn1_cb != NULL) asn1_cb = aux->asn1_cb; - if (!combine) - *pval = NULL; - -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_push_info(it->sname); -#endif + *pval = NULL; switch (it->itype) { case ASN1_ITYPE_EXTERN: @@ -136,18 +131,12 @@ asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) if (!i) goto auxerr; if (i == 2) { -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_pop_info(); -#endif return 1; } } - if (!combine) { - *pval = calloc(1, it->size); - if (!*pval) - goto memerr; - } + *pval = calloc(1, it->size); + if (!*pval) + goto memerr; asn1_set_choice_selector(pval, -1, it); if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) goto auxerr; @@ -160,20 +149,14 @@ asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) if (!i) goto auxerr; if (i == 2) { -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_pop_info(); -#endif return 1; } } - if (!combine) { - *pval = calloc(1, it->size); - if (!*pval) - goto memerr; - asn1_do_lock(pval, 0, it); - asn1_enc_init(pval, it); - } + *pval = calloc(1, it->size); + if (!*pval) + goto memerr; + asn1_do_lock(pval, 0, it); + asn1_enc_init(pval, it); for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { pseqval = asn1_get_field_ptr(pval, tt); if (!ASN1_template_new(pseqval, tt)) @@ -183,27 +166,15 @@ asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) goto auxerr; break; } -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_pop_info(); -#endif return 1; -memerr: + memerr: ASN1error(ERR_R_MALLOC_FAILURE); -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_pop_info(); -#endif return 0; -auxerr: + auxerr: ASN1error(ASN1_R_AUX_ERROR); ASN1_item_ex_free(pval, it); -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_pop_info(); -#endif return 0; } @@ -257,10 +228,6 @@ ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) *pval = NULL; return 1; } -#ifdef CRYPTO_MDEBUG - if (tt->field_name) - CRYPTO_push_info(tt->field_name); -#endif /* If SET OF or SEQUENCE OF, its a STACK */ if (tt->flags & ASN1_TFLG_SK_MASK) { STACK_OF(ASN1_VALUE) *skval; @@ -275,12 +242,8 @@ ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) goto done; } /* Otherwise pass it back to the item routine */ - ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE); -done: -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_pop_info(); -#endif + ret = asn1_item_ex_new(pval, it); + done: return ret; } diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index 4c676d8c..54ec56ec 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_prn.c,v 1.21 2020/03/24 10:46:38 inoguchi Exp $ */ +/* $OpenBSD: tasn_prn.c,v 1.22 2021/12/03 17:10:49 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -84,18 +84,14 @@ ASN1_PCTX default_pctx = { ASN1_PCTX * ASN1_PCTX_new(void) { - ASN1_PCTX *ret; - ret = malloc(sizeof(ASN1_PCTX)); - if (ret == NULL) { + ASN1_PCTX *p; + + if ((p = calloc(1, sizeof(ASN1_PCTX))) == NULL) { ASN1error(ERR_R_MALLOC_FAILURE); return NULL; } - ret->flags = 0; - ret->nm_flags = 0; - ret->cert_flags = 0; - ret->oid_flags = 0; - ret->str_flags = 0; - return ret; + + return p; } void diff --git a/crypto/asn1/tasn_typ.c b/crypto/asn1/tasn_typ.c index 542713aa..c373f349 100644 --- a/crypto/asn1/tasn_typ.c +++ b/crypto/asn1/tasn_typ.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_typ.c,v 1.13 2015/07/24 15:09:52 jsing Exp $ */ +/* $OpenBSD: tasn_typ.c,v 1.17 2021/12/26 15:20:21 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -61,134 +61,6 @@ /* Declarations for string types */ -const ASN1_ITEM ASN1_INTEGER_it = { - .itype = ASN1_ITYPE_PRIMITIVE, - .utype = V_ASN1_INTEGER, - .sname = "ASN1_INTEGER", -}; - -ASN1_INTEGER * -d2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **in, long len) -{ - return (ASN1_INTEGER *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &ASN1_INTEGER_it); -} - -int -i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_INTEGER_it); -} - -ASN1_INTEGER * -ASN1_INTEGER_new(void) -{ - return (ASN1_INTEGER *)ASN1_item_new(&ASN1_INTEGER_it); -} - -void -ASN1_INTEGER_free(ASN1_INTEGER *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &ASN1_INTEGER_it); -} - - -const ASN1_ITEM ASN1_ENUMERATED_it = { - .itype = ASN1_ITYPE_PRIMITIVE, - .utype = V_ASN1_ENUMERATED, - .sname = "ASN1_ENUMERATED", -}; - -ASN1_ENUMERATED * -d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, const unsigned char **in, long len) -{ - return (ASN1_ENUMERATED *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &ASN1_ENUMERATED_it); -} - -int -i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_ENUMERATED_it); -} - -ASN1_ENUMERATED * -ASN1_ENUMERATED_new(void) -{ - return (ASN1_ENUMERATED *)ASN1_item_new(&ASN1_ENUMERATED_it); -} - -void -ASN1_ENUMERATED_free(ASN1_ENUMERATED *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &ASN1_ENUMERATED_it); -} - - -const ASN1_ITEM ASN1_BIT_STRING_it = { - .itype = ASN1_ITYPE_PRIMITIVE, - .utype = V_ASN1_BIT_STRING, - .sname = "ASN1_BIT_STRING", -}; - -ASN1_BIT_STRING * -d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char **in, long len) -{ - return (ASN1_BIT_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &ASN1_BIT_STRING_it); -} - -int -i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_BIT_STRING_it); -} - -ASN1_BIT_STRING * -ASN1_BIT_STRING_new(void) -{ - return (ASN1_BIT_STRING *)ASN1_item_new(&ASN1_BIT_STRING_it); -} - -void -ASN1_BIT_STRING_free(ASN1_BIT_STRING *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &ASN1_BIT_STRING_it); -} - - -const ASN1_ITEM ASN1_OCTET_STRING_it = { - .itype = ASN1_ITYPE_PRIMITIVE, - .utype = V_ASN1_OCTET_STRING, - .sname = "ASN1_OCTET_STRING", -}; - -ASN1_OCTET_STRING * -d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a, const unsigned char **in, long len) -{ - return (ASN1_OCTET_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &ASN1_OCTET_STRING_it); -} - -int -i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_OCTET_STRING_it); -} - -ASN1_OCTET_STRING * -ASN1_OCTET_STRING_new(void) -{ - return (ASN1_OCTET_STRING *)ASN1_item_new(&ASN1_OCTET_STRING_it); -} - -void -ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &ASN1_OCTET_STRING_it); -} - - const ASN1_ITEM ASN1_NULL_it = { .itype = ASN1_ITYPE_PRIMITIVE, .utype = V_ASN1_NULL, @@ -221,13 +93,6 @@ ASN1_NULL_free(ASN1_NULL *a) } -const ASN1_ITEM ASN1_OBJECT_it = { - .itype = ASN1_ITYPE_PRIMITIVE, - .utype = V_ASN1_OBJECT, - .sname = "ASN1_OBJECT", -}; - - const ASN1_ITEM ASN1_UTF8STRING_it = { .itype = ASN1_ITYPE_PRIMITIVE, .utype = V_ASN1_UTF8STRING, @@ -552,13 +417,13 @@ ASN1_BMPSTRING_free(ASN1_BMPSTRING *a) ASN1_item_free((ASN1_VALUE *)a, &ASN1_BMPSTRING_it); } - const ASN1_ITEM ASN1_ANY_it = { .itype = ASN1_ITYPE_PRIMITIVE, .utype = V_ASN1_ANY, .sname = "ASN1_ANY", }; + /* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */ const ASN1_ITEM ASN1_SEQUENCE_it = { @@ -568,31 +433,6 @@ const ASN1_ITEM ASN1_SEQUENCE_it = { }; -ASN1_TYPE * -d2i_ASN1_TYPE(ASN1_TYPE **a, const unsigned char **in, long len) -{ - return (ASN1_TYPE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &ASN1_ANY_it); -} - -int -i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_ANY_it); -} - -ASN1_TYPE * -ASN1_TYPE_new(void) -{ - return (ASN1_TYPE *)ASN1_item_new(&ASN1_ANY_it); -} - -void -ASN1_TYPE_free(ASN1_TYPE *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &ASN1_ANY_it); -} - /* Multistring types */ @@ -712,6 +552,28 @@ const ASN1_ITEM ASN1_BOOLEAN_it = { .sname = "ASN1_BOOLEAN", }; +int +i2d_ASN1_BOOLEAN(int a, unsigned char **out) +{ + return ASN1_item_ex_i2d((ASN1_VALUE **)&a, out, + &ASN1_BOOLEAN_it, -1, 0); +} + +int +d2i_ASN1_BOOLEAN(int *a, const unsigned char **in, long len) +{ + ASN1_BOOLEAN abool; + + if (ASN1_item_ex_d2i((ASN1_VALUE **)&abool, in, len, &ASN1_BOOLEAN_it, + -1, 0, 0, NULL) <= 0) + return -1; + + if (a != NULL) + *a = abool; + + return abool; +} + const ASN1_ITEM ASN1_TBOOLEAN_it = { .itype = ASN1_ITYPE_PRIMITIVE, .utype = V_ASN1_BOOLEAN, diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c index 391ef01a..86cd42ee 100644 --- a/crypto/asn1/tasn_utl.c +++ b/crypto/asn1/tasn_utl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_utl.c,v 1.12 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: tasn_utl.c,v 1.17 2022/05/12 19:55:58 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -56,13 +56,17 @@ * */ +#include #include #include + #include #include #include #include +#include "bytestring.h" + /* Utility functions for manipulating fields and offsets */ /* Add 'offset' to 'addr' */ @@ -123,79 +127,96 @@ asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) static ASN1_ENCODING * asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it) { - const ASN1_AUX *aux; + const ASN1_AUX *aux = it->funcs; - if (!pval || !*pval) + if (pval == NULL || *pval == NULL) return NULL; - aux = it->funcs; - if (!aux || !(aux->flags & ASN1_AFLG_ENCODING)) + + if (aux == NULL || (aux->flags & ASN1_AFLG_ENCODING) == 0) return NULL; + return offset2ptr(*pval, aux->enc_offset); } void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it) { - ASN1_ENCODING *enc; + ASN1_ENCODING *aenc; - enc = asn1_get_enc_ptr(pval, it); - if (enc) { - enc->enc = NULL; - enc->len = 0; - enc->modified = 1; - } + if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL) + return; + + aenc->enc = NULL; + aenc->len = 0; + aenc->modified = 1; +} + +static void +asn1_enc_clear(ASN1_ENCODING *aenc) +{ + freezero(aenc->enc, aenc->len); + aenc->enc = NULL; + aenc->len = 0; + aenc->modified = 1; } void -asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +asn1_enc_cleanup(ASN1_VALUE **pval, const ASN1_ITEM *it) { - ASN1_ENCODING *enc; - - enc = asn1_get_enc_ptr(pval, it); - if (enc) { - free(enc->enc); - enc->enc = NULL; - enc->len = 0; - enc->modified = 1; - } + ASN1_ENCODING *aenc; + + if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL) + return; + + asn1_enc_clear(aenc); } int -asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, - const ASN1_ITEM *it) +asn1_enc_save(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it) { - ASN1_ENCODING *enc; + ASN1_ENCODING *aenc; + uint8_t *data = NULL; + size_t data_len = 0; - enc = asn1_get_enc_ptr(pval, it); - if (!enc) + if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL) return 1; - free(enc->enc); - enc->enc = malloc(inlen); - if (!enc->enc) + asn1_enc_clear(aenc); + + if (!CBS_stow(cbs, &data, &data_len)) + return 0; + if (data_len > LONG_MAX) { + freezero(data, data_len); return 0; - memcpy(enc->enc, in, inlen); - enc->len = inlen; - enc->modified = 0; + } + + aenc->enc = data; + aenc->len = (long)data_len; + aenc->modified = 0; return 1; } int -asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, +asn1_enc_restore(int *out_len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it) { - ASN1_ENCODING *enc; + ASN1_ENCODING *aenc; + + if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL) + return 0; - enc = asn1_get_enc_ptr(pval, it); - if (!enc || enc->modified) + if (aenc->modified) return 0; - if (out) { - memcpy(*out, enc->enc, enc->len); - *out += enc->len; + + if (out != NULL) { + memcpy(*out, aenc->enc, aenc->len); + *out += aenc->len; } - if (len) - *len = enc->len; + + if (out_len != NULL) + *out_len = aenc->len; + return 1; } @@ -205,8 +226,6 @@ asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) { ASN1_VALUE **pvaltmp; - if (tt->flags & ASN1_TFLG_COMBINE) - return pval; pvaltmp = offset2ptr(*pval, tt->offset); /* NOTE for BOOLEAN types the field is just a plain * int so we can't return int **, so settle for @@ -272,7 +291,7 @@ asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr) goto err; return adb->default_tt; -err: + err: /* FIXME: should log the value or OID of unsupported type */ if (nullerr) ASN1error(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index 2013de79..efb0c342 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_algor.c,v 1.22 2018/05/01 19:01:27 tb Exp $ */ +/* $OpenBSD: x_algor.c,v 1.23 2021/12/12 14:27:20 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -197,12 +197,10 @@ X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval, void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md) { - int param_type; + int param_type = V_ASN1_NULL; - if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT) + if ((EVP_MD_flags(md) & EVP_MD_FLAG_DIGALGID_ABSENT) != 0) param_type = V_ASN1_UNDEF; - else - param_type = V_ASN1_NULL; X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); } diff --git a/crypto/asn1/x_attrib.c b/crypto/asn1/x_attrib.c index 04816eab..e8822a33 100644 --- a/crypto/asn1/x_attrib.c +++ b/crypto/asn1/x_attrib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_attrib.c,v 1.14 2020/06/04 21:21:03 schwarze Exp $ */ +/* $OpenBSD: x_attrib.c,v 1.17 2022/05/09 19:19:33 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,48 +62,16 @@ #include #include -/* X509_ATTRIBUTE: this has the following form: - * - * typedef struct x509_attributes_st - * { - * ASN1_OBJECT *object; - * int single; - * union { - * char *ptr; - * STACK_OF(ASN1_TYPE) *set; - * ASN1_TYPE *single; - * } value; - * } X509_ATTRIBUTE; - * - * this needs some extra thought because the CHOICE type is - * merged with the main structure and because the value can - * be anything at all we *must* try the SET OF first because - * the ASN1_ANY type will swallow anything including the whole - * SET OF structure. - */ - -static const ASN1_TEMPLATE X509_ATTRIBUTE_SET_ch_tt[] = { - { - .flags = ASN1_TFLG_SET_OF, - .tag = 0, - .offset = offsetof(X509_ATTRIBUTE, value.set), - .field_name = "value.set", - .item = &ASN1_ANY_it, - }, - { - .flags = 0, - .tag = 0, - .offset = offsetof(X509_ATTRIBUTE, value.single), - .field_name = "value.single", - .item = &ASN1_ANY_it, - }, -}; +#include "x509_lcl.h" +/* + * XXX - remove X509_ATTRIBUTE_SET_it with next major bump. + */ const ASN1_ITEM X509_ATTRIBUTE_SET_it = { .itype = ASN1_ITYPE_CHOICE, - .utype = offsetof(X509_ATTRIBUTE, single), - .templates = X509_ATTRIBUTE_SET_ch_tt, - .tcount = sizeof(X509_ATTRIBUTE_SET_ch_tt) / sizeof(ASN1_TEMPLATE), + .utype = 0, + .templates = NULL, + .tcount = 0, .funcs = NULL, .size = sizeof(X509_ATTRIBUTE), .sname = "X509_ATTRIBUTE", @@ -117,13 +85,12 @@ static const ASN1_TEMPLATE X509_ATTRIBUTE_seq_tt[] = { .field_name = "object", .item = &ASN1_OBJECT_it, }, - /* CHOICE type merged with parent */ { - .flags = 0 | ASN1_TFLG_COMBINE, + .flags = ASN1_TFLG_SET_OF, .tag = 0, - .offset = 0, - .field_name = NULL, - .item = &X509_ATTRIBUTE_SET_it, + .offset = offsetof(X509_ATTRIBUTE, set), + .field_name = "set", + .item = &ASN1_ANY_it, }, }; @@ -181,18 +148,15 @@ X509_ATTRIBUTE_create(int nid, int atrtype, void *value) if ((ret = X509_ATTRIBUTE_new()) == NULL) return (NULL); ret->object = oid; - ret->single = 0; - if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL) - goto err; if ((val = ASN1_TYPE_new()) == NULL) goto err; - if (!sk_ASN1_TYPE_push(ret->value.set, val)) + if (!sk_ASN1_TYPE_push(ret->set, val)) goto err; ASN1_TYPE_set(val, atrtype, value); return (ret); -err: + err: if (ret != NULL) X509_ATTRIBUTE_free(ret); if (val != NULL) diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c index fab8fc21..d1f735b4 100644 --- a/crypto/asn1/x_bignum.c +++ b/crypto/asn1/x_bignum.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_bignum.c,v 1.10 2019/04/01 15:49:22 jsing Exp $ */ +/* $OpenBSD: x_bignum.c,v 1.12 2022/07/30 13:42:25 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -61,15 +61,16 @@ #include #include +#include "asn1_locl.h" +#include "bytestring.h" + /* - * Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a - * BIGNUM directly. Currently it ignores the sign which isn't a problem since - * all BIGNUMs used are non negative and anything that looks negative is - * normally due to an encoding error. + * Custom primitive type for that reads an ASN.1 INTEGER into a BIGNUM. */ static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it); static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it); +static void bn_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); @@ -83,7 +84,7 @@ static ASN1_PRIMITIVE_FUNCS bignum_pf = { .flags = 0, .prim_new = bn_new, .prim_free = bn_free, - .prim_clear = NULL, /* XXX */ + .prim_clear = bn_clear, .prim_c2i = bn_c2i, .prim_i2c = bn_i2c, .prim_print = bn_print, @@ -112,11 +113,17 @@ const ASN1_ITEM CBIGNUM_it = { static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *pval = (ASN1_VALUE *)BN_new(); - if (*pval) - return 1; - else + if ((*pval = (ASN1_VALUE *)BN_new()) == NULL) return 0; + + return 1; +} + +static void +bn_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) +{ + BN_free((BIGNUM *)*pval); + *pval = NULL; } static void @@ -124,56 +131,70 @@ bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { if (*pval == NULL) return; - BN_clear_free((BIGNUM *)*pval); - *pval = NULL; + + bn_clear(pval, it); } static int -bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) +bn_i2c(ASN1_VALUE **pval, unsigned char *content, int *putype, const ASN1_ITEM *it) { - BIGNUM *bn; - int pad, len; + ASN1_INTEGER *aint = NULL; + unsigned char **pp = NULL; + const BIGNUM *bn; + int ret; if (*pval == NULL) return -1; - bn = (BIGNUM *)*pval; - /* If MSB set in an octet we need a padding byte */ - if (BN_num_bits(bn) & 0x7) - pad = 0; - else - pad = 1; - if (cont) { - if (pad) - *cont++ = 0; - len = BN_bn2bin(bn, cont); - } else - len = BN_num_bytes(bn); - return pad + len; + + bn = (const BIGNUM *)*pval; + + if ((aint = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) + return -1; + + if (content != NULL) + pp = &content; + + ret = i2c_ASN1_INTEGER(aint, pp); + + ASN1_INTEGER_free(aint); + + return ret; } static int -bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, - char *free_cont, const ASN1_ITEM *it) +bn_c2i(ASN1_VALUE **pval, const unsigned char *content, int len, int utype, + char *free_content, const ASN1_ITEM *it) { + ASN1_INTEGER *aint = NULL; BIGNUM *bn; + CBS cbs; + int ret = 0; - if (*pval == NULL) { - if (bn_new(pval, it) == 0) - return 0; - } - bn = (BIGNUM *)*pval; - if (!BN_bin2bn(cont, len, bn)) { - bn_free(pval, it); - return 0; - } - return 1; + bn_clear(pval, it); + + if (len < 0) + goto err; + CBS_init(&cbs, content, len); + if (!c2i_ASN1_INTEGER_cbs(&aint, &cbs)) + goto err; + + if ((bn = ASN1_INTEGER_to_BN(aint, NULL)) == NULL) + goto err; + *pval = (ASN1_VALUE *)bn; + + ret = 1; + + err: + ASN1_INTEGER_free(aint); + + return ret; } static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx) { - BIGNUM *bn = (BIGNUM *)*pval; + const BIGNUM *bn = (BIGNUM *)*pval; if (!BN_print(out, bn)) return 0; diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index bc1783db..35d9007f 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_crl.c,v 1.34 2019/03/13 20:34:00 tb Exp $ */ +/* $OpenBSD: x_crl.c,v 1.37 2022/02/24 22:05:06 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -66,6 +66,7 @@ #include #include "asn1_locl.h" +#include "x509_lcl.h" static int X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b); @@ -287,9 +288,7 @@ crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) break; case ASN1_OP_D2I_POST: -#ifndef OPENSSL_NO_SHA - X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL); -#endif + X509_CRL_digest(crl, X509_CRL_HASH_EVP, crl->hash, NULL); crl->idp = X509_CRL_get_ext_d2i(crl, NID_issuing_distribution_point, NULL, NULL); if (crl->idp) @@ -659,14 +658,15 @@ X509_CRL_METHOD_new(int (*crl_init)(X509_CRL *crl), { X509_CRL_METHOD *m; - m = malloc(sizeof(X509_CRL_METHOD)); - if (!m) + if ((m = calloc(1, sizeof(X509_CRL_METHOD))) == NULL) return NULL; + m->crl_init = crl_init; m->crl_free = crl_free; m->crl_lookup = crl_lookup; m->crl_verify = crl_verify; m->flags = X509_CRL_METHOD_DYNAMIC; + return m; } diff --git a/crypto/asn1/x_exten.c b/crypto/asn1/x_exten.c index bb3dffc8..aba89736 100644 --- a/crypto/asn1/x_exten.c +++ b/crypto/asn1/x_exten.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_exten.c,v 1.16 2015/07/24 15:09:52 jsing Exp $ */ +/* $OpenBSD: x_exten.c,v 1.17 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -61,6 +61,8 @@ #include #include +#include "x509_lcl.h" + static const ASN1_TEMPLATE X509_EXTENSION_seq_tt[] = { { .offset = offsetof(X509_EXTENSION, object), diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index ff72338c..543c56a5 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_long.c,v 1.16 2019/04/20 11:13:15 jsing Exp $ */ +/* $OpenBSD: x_long.c,v 1.18 2022/07/02 18:14:35 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -56,13 +56,15 @@ * */ -#include +#include #include #include #include #include +#include "asn1_locl.h" + /* * Custom primitive type for long handling. This converts between an * ASN1_INTEGER and a long directly. @@ -70,11 +72,12 @@ static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it); static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it); +static void long_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); -static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, +static int long_i2c(ASN1_VALUE **pval, unsigned char *content, int *putype, const ASN1_ITEM *it); -static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it); +static int long_c2i(ASN1_VALUE **pval, const unsigned char *content, int len, + int utype, char *free_content, const ASN1_ITEM *it); static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx); @@ -83,7 +86,7 @@ static ASN1_PRIMITIVE_FUNCS long_pf = { .flags = 0, .prim_new = long_new, .prim_free = long_free, - .prim_clear = long_free, /* Clear should set to initial value */ + .prim_clear = long_clear, .prim_c2i = long_c2i, .prim_i2c = long_i2c, .prim_print = long_print, @@ -109,108 +112,127 @@ const ASN1_ITEM ZLONG_it = { .sname = "ZLONG", }; +static void +long_get(ASN1_VALUE **pval, long *out_val) +{ + memcpy(out_val, pval, sizeof(long)); +} + +static void +long_set(ASN1_VALUE **pval, long val) +{ + memcpy(pval, &val, sizeof(long)); +} + static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *(long *)pval = it->size; + long_clear(pval, it); + return 1; } static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *(long *)pval = it->size; + long_clear(pval, it); +} + +static void +long_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) +{ + /* Zero value. */ + long_set(pval, it->size); } static int -long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, +long_i2c(ASN1_VALUE **pval, unsigned char *content, int *putype, const ASN1_ITEM *it) { - long ltmp; - unsigned long utmp; - int clen, pad, i; - /* this exists to bypass broken gcc optimization */ - char *cp = (char *)pval; + ASN1_INTEGER *aint; + uint8_t **pp = NULL; + long val; + int ret = 0; - /* use memcpy, because we may not be long aligned */ - memcpy(<mp, cp, sizeof(long)); + long_get(pval, &val); - if (ltmp == it->size) - return -1; - /* Convert the long to positive: we subtract one if negative so - * we can cleanly handle the padding if only the MSB of the leading - * octet is set. + /* + * The zero value for this type (stored in the overloaded it->size + * field) is considered to be invalid. */ - if (ltmp < 0) - utmp = -(ltmp + 1); - else - utmp = ltmp; - clen = BN_num_bits_word(utmp); - /* If MSB of leading octet set we need to pad */ - if (!(clen & 0x7)) - pad = 1; - else - pad = 0; - - /* Convert number of bits to number of octets */ - clen = (clen + 7) >> 3; - - if (cont) { - if (pad) - *cont++ = (ltmp < 0) ? 0xff : 0; - for (i = clen - 1; i >= 0; i--) { - cont[i] = (unsigned char)(utmp & 0xff); - if (ltmp < 0) - cont[i] ^= 0xff; - utmp >>= 8; - } - } - return clen + pad; + if (val == it->size) + return -1; + + if ((aint = ASN1_INTEGER_new()) == NULL) + goto err; + if (!ASN1_INTEGER_set_int64(aint, (int64_t)val)) + goto err; + if (content != NULL) + pp = &content; + ret = i2c_ASN1_INTEGER(aint, pp); + + err: + ASN1_INTEGER_free(aint); + + return ret; } static int -long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, - char *free_cont, const ASN1_ITEM *it) +long_c2i(ASN1_VALUE **pval, const unsigned char *content, int len, int utype, + char *free_content, const ASN1_ITEM *it) { - int neg, i; - long ltmp; - unsigned long utmp = 0; - char *cp = (char *)pval; - if (len > (int)sizeof(long)) { - ASN1error(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); - return 0; - } - /* Is it negative? */ - if (len && (cont[0] & 0x80)) - neg = 1; - else - neg = 0; - utmp = 0; - for (i = 0; i < len; i++) { - utmp <<= 8; - if (neg) - utmp |= cont[i] ^ 0xff; - else - utmp |= cont[i]; + ASN1_INTEGER *aint = NULL; + const uint8_t **pp = NULL; + int64_t val = 0; + int ret = 0; + + /* + * The original long_i2c() mishandled 0 values and encoded them as + * content with zero length, rather than a single zero byte. Permit + * zero length content here for backwards compatibility. + */ + if (len != 0) { + if (content != NULL) + pp = &content; + if (!c2i_ASN1_INTEGER(&aint, pp, len)) + goto err; + if (!ASN1_INTEGER_get_int64(&val, aint)) + goto err; } - ltmp = (long)utmp; - if (neg) { - ltmp = -ltmp; - ltmp--; + + if (val < LONG_MIN || val > LONG_MAX) { + ASN1error(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + goto err; } - if (ltmp == it->size) { + + /* + * The zero value for this type (stored in the overloaded it->size + * field) is considered to be invalid. + */ + if (val == (int64_t)it->size) { ASN1error(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); - return 0; + goto err; } - memcpy(cp, <mp, sizeof(long)); - return 1; + + long_set(pval, (long)val); + + ret = 1; + + err: + ASN1_INTEGER_free(aint); + + return ret; } static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx) { - if (BIO_printf(out, "%ld\n", *(long *)pval) <= 0) + long val; + + long_get(pval, &val); + + if (BIO_printf(out, "%ld\n", val) <= 0) return 0; return 1; diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c index 0961ee33..4c698ac2 100644 --- a/crypto/asn1/x_name.c +++ b/crypto/asn1/x_name.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_name.c,v 1.35 2021/07/04 11:38:37 schwarze Exp $ */ +/* $OpenBSD: x_name.c,v 1.37 2021/12/25 13:17:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,6 +65,7 @@ #include #include "asn1_locl.h" +#include "x509_lcl.h" typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY; DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY) @@ -256,7 +257,7 @@ x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) *val = (ASN1_VALUE *)ret; return 1; -memerr: + memerr: ASN1error(ERR_R_MALLOC_FAILURE); if (ret) { if (ret->entries) @@ -336,7 +337,7 @@ x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, *in = p; return ret; -err: + err: if (nm.x != NULL) X509_NAME_free(nm.x); ASN1error(ERR_R_NESTED_ASN1_ERROR); @@ -421,7 +422,7 @@ x509_name_encode(X509_NAME *a) a->modified = 0; return len; -memerr: + memerr: sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, local_sk_X509_NAME_ENTRY_free); ASN1error(ERR_R_MALLOC_FAILURE); @@ -511,7 +512,7 @@ x509_name_canon(X509_NAME *a) i2d_name_canon(intname, &p); ret = 1; -err: + err: if (tmpentry) X509_NAME_ENTRY_free(tmpentry); if (intname) diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c index c946281f..fdf0e002 100644 --- a/crypto/asn1/x_pkey.c +++ b/crypto/asn1/x_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_pkey.c,v 1.20 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: x_pkey.c,v 1.21 2021/12/25 13:17:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -91,7 +91,7 @@ X509_PKEY_new(void) ret->references = 1; return (ret); -err: + err: if (ret) { X509_ALGOR_free(ret->enc_algor); free(ret); diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index ea67419c..a2c3d88e 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_pubkey.c,v 1.27 2018/03/17 14:55:39 jsing Exp $ */ +/* $OpenBSD: x_pubkey.c,v 1.32 2022/05/24 19:59:14 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -72,6 +72,8 @@ #endif #include "asn1_locl.h" +#include "evp_locl.h" +#include "x509_lcl.h" /* Minor tweak to operation: free up EVP_PKEY */ static int @@ -110,7 +112,6 @@ const ASN1_ITEM X509_PUBKEY_it = { .sname = "X509_PUBKEY", }; - X509_PUBKEY * d2i_X509_PUBKEY(X509_PUBKEY **a, const unsigned char **in, long len) { @@ -168,7 +169,7 @@ X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) return 1; -error: + error: if (pk != NULL) X509_PUBKEY_free(pk); return 0; @@ -221,7 +222,7 @@ X509_PUBKEY_get0(X509_PUBKEY *key) return ret; -error: + error: EVP_PKEY_free(ret); return (NULL); } @@ -239,168 +240,473 @@ X509_PUBKEY_get(X509_PUBKEY *key) return pkey; } -/* Now two pseudo ASN1 routines that take an EVP_PKEY structure - * and encode or decode as X509_PUBKEY +/* + * Decode an X509_PUBKEY into the specified key type. */ +static int +pubkey_ex_d2i(int pkey_type, ASN1_VALUE **pval, const unsigned char **in, + long len, const ASN1_ITEM *it) +{ + const ASN1_EXTERN_FUNCS *ef = it->funcs; + const unsigned char *p = *in; + X509_PUBKEY *xpk = NULL; + ASN1_VALUE *key = NULL; + EVP_PKEY *pkey = NULL; + int ret = 0; + + if ((xpk = d2i_X509_PUBKEY(NULL, &p, len)) == NULL) + goto err; + if ((pkey = X509_PUBKEY_get(xpk)) == NULL) + goto err; + + switch (pkey_type) { + case EVP_PKEY_NONE: + key = (ASN1_VALUE *)pkey; + pkey = NULL; + break; + + case EVP_PKEY_DSA: + key = (ASN1_VALUE *)EVP_PKEY_get1_DSA(pkey); + break; + + case EVP_PKEY_RSA: + key = (ASN1_VALUE *)EVP_PKEY_get1_RSA(pkey); + break; + + case EVP_PKEY_EC: + key = (ASN1_VALUE *)EVP_PKEY_get1_EC_KEY(pkey); + break; + + default: + goto err; + } -EVP_PKEY * -d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length) -{ - X509_PUBKEY *xpk; - EVP_PKEY *pktmp; - xpk = d2i_X509_PUBKEY(NULL, pp, length); - if (!xpk) - return NULL; - pktmp = X509_PUBKEY_get(xpk); + if (key == NULL) + goto err; + + ef->asn1_ex_free(pval, it); + + *pval = key; + *in = p; + ret = 1; + + err: + EVP_PKEY_free(pkey); X509_PUBKEY_free(xpk); - if (!pktmp) - return NULL; - if (a) { - EVP_PKEY_free(*a); - *a = pktmp; - } - return pktmp; + + return ret; } -int -i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) +/* + * Encode the specified key type into an X509_PUBKEY. + */ +static int +pubkey_ex_i2d(int pkey_type, ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it) { X509_PUBKEY *xpk = NULL; - int ret; - if (!a) - return 0; - if (!X509_PUBKEY_set(&xpk, a)) - return 0; - ret = i2d_X509_PUBKEY(xpk, pp); + EVP_PKEY *pkey, *pktmp; + int ret = -1; + + if ((pkey = pktmp = EVP_PKEY_new()) == NULL) + goto err; + + switch (pkey_type) { + case EVP_PKEY_NONE: + pkey = (EVP_PKEY *)*pval; + break; + + case EVP_PKEY_DSA: + if (!EVP_PKEY_set1_DSA(pkey, (DSA *)*pval)) + goto err; + break; + + case EVP_PKEY_RSA: + if (!EVP_PKEY_set1_RSA(pkey, (RSA *)*pval)) + goto err; + break; + + case EVP_PKEY_EC: + if (!EVP_PKEY_set1_EC_KEY(pkey, (EC_KEY*)*pval)) + goto err; + break; + + default: + goto err; + } + + if (!X509_PUBKEY_set(&xpk, pkey)) + goto err; + + ret = i2d_X509_PUBKEY(xpk, out); + + err: + EVP_PKEY_free(pktmp); X509_PUBKEY_free(xpk); + return ret; } -/* The following are equivalents but which return RSA and DSA - * keys +static int +pkey_pubkey_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) +{ + if ((*pval = (ASN1_VALUE *)EVP_PKEY_new()) == NULL) + return 0; + + return 1; +} + +static void +pkey_pubkey_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +{ + EVP_PKEY_free((EVP_PKEY *)*pval); + *pval = NULL; +} + +static int +pkey_pubkey_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx) +{ + return pubkey_ex_d2i(EVP_PKEY_NONE, pval, in, len, it); +} + +static int +pkey_pubkey_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, + int tag, int aclass) +{ + return pubkey_ex_i2d(EVP_PKEY_NONE, pval, out, it); +} + +const ASN1_EXTERN_FUNCS pkey_pubkey_asn1_ff = { + .app_data = NULL, + .asn1_ex_new = pkey_pubkey_ex_new, + .asn1_ex_free = pkey_pubkey_ex_free, + .asn1_ex_clear = NULL, + .asn1_ex_d2i = pkey_pubkey_ex_d2i, + .asn1_ex_i2d = pkey_pubkey_ex_i2d, + .asn1_ex_print = NULL, +}; + +const ASN1_ITEM EVP_PKEY_PUBKEY_it = { + .itype = ASN1_ITYPE_EXTERN, + .utype = 0, + .templates = NULL, + .tcount = 0, + .funcs = &pkey_pubkey_asn1_ff, + .size = 0, + .sname = NULL, +}; + +EVP_PKEY * +d2i_PUBKEY(EVP_PKEY **pkey, const unsigned char **in, long len) +{ + return (EVP_PKEY *)ASN1_item_d2i((ASN1_VALUE **)pkey, in, len, + &EVP_PKEY_PUBKEY_it); +} + +int +i2d_PUBKEY(EVP_PKEY *pkey, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)pkey, out, &EVP_PKEY_PUBKEY_it); +} + +EVP_PKEY * +d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **pkey) +{ + return (EVP_PKEY *)ASN1_item_d2i_bio(&EVP_PKEY_PUBKEY_it, bp, + (ASN1_VALUE **)pkey); +} + +int +i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey) +{ + return ASN1_item_i2d_bio(&EVP_PKEY_PUBKEY_it, bp, (ASN1_VALUE *)pkey); +} + +EVP_PKEY * +d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **pkey) +{ + return (EVP_PKEY *)ASN1_item_d2i_fp(&EVP_PKEY_PUBKEY_it, fp, + (ASN1_VALUE **)pkey); +} + +int +i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey) +{ + return ASN1_item_i2d_fp(&EVP_PKEY_PUBKEY_it, fp, (ASN1_VALUE *)pkey); +} + +/* + * The following are equivalents but which return RSA and DSA keys. */ #ifndef OPENSSL_NO_RSA + +static int +rsa_pubkey_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) +{ + if ((*pval = (ASN1_VALUE *)RSA_new()) == NULL) + return 0; + + return 1; +} + +static void +rsa_pubkey_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +{ + RSA_free((RSA *)*pval); + *pval = NULL; +} + +static int +rsa_pubkey_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx) +{ + return pubkey_ex_d2i(EVP_PKEY_RSA, pval, in, len, it); +} + +static int +rsa_pubkey_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, + int tag, int aclass) +{ + return pubkey_ex_i2d(EVP_PKEY_RSA, pval, out, it); +} + +const ASN1_EXTERN_FUNCS rsa_pubkey_asn1_ff = { + .app_data = NULL, + .asn1_ex_new = rsa_pubkey_ex_new, + .asn1_ex_free = rsa_pubkey_ex_free, + .asn1_ex_clear = NULL, + .asn1_ex_d2i = rsa_pubkey_ex_d2i, + .asn1_ex_i2d = rsa_pubkey_ex_i2d, + .asn1_ex_print = NULL, +}; + +const ASN1_ITEM RSA_PUBKEY_it = { + .itype = ASN1_ITYPE_EXTERN, + .utype = 0, + .templates = NULL, + .tcount = 0, + .funcs = &rsa_pubkey_asn1_ff, + .size = 0, + .sname = NULL, +}; + RSA * -d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length) +d2i_RSA_PUBKEY(RSA **rsa, const unsigned char **in, long len) { - EVP_PKEY *pkey; - RSA *key; - const unsigned char *q; - q = *pp; - pkey = d2i_PUBKEY(NULL, &q, length); - if (!pkey) - return NULL; - key = EVP_PKEY_get1_RSA(pkey); - EVP_PKEY_free(pkey); - if (!key) - return NULL; - *pp = q; - if (a) { - RSA_free(*a); - *a = key; - } - return key; + return (RSA *)ASN1_item_d2i((ASN1_VALUE **)rsa, in, len, + &RSA_PUBKEY_it); } int -i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) +i2d_RSA_PUBKEY(RSA *rsa, unsigned char **out) { - EVP_PKEY *pktmp; - int ret; - if (!a) - return 0; - pktmp = EVP_PKEY_new(); - if (!pktmp) { - ASN1error(ERR_R_MALLOC_FAILURE); - return 0; - } - EVP_PKEY_set1_RSA(pktmp, a); - ret = i2d_PUBKEY(pktmp, pp); - EVP_PKEY_free(pktmp); - return ret; + return ASN1_item_i2d((ASN1_VALUE *)rsa, out, &RSA_PUBKEY_it); +} + +RSA * +d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) +{ + return (RSA *)ASN1_item_d2i_bio(&RSA_PUBKEY_it, bp, (ASN1_VALUE **)rsa); +} + +int +i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) +{ + return ASN1_item_i2d_bio(&RSA_PUBKEY_it, bp, (ASN1_VALUE *)rsa); +} + +RSA * +d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) +{ + return (RSA *)ASN1_item_d2i_fp(&RSA_PUBKEY_it, fp, (ASN1_VALUE **)rsa); +} + +int +i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) +{ + return ASN1_item_i2d_fp(&RSA_PUBKEY_it, fp, (ASN1_VALUE *)rsa); } #endif #ifndef OPENSSL_NO_DSA + +static int +dsa_pubkey_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) +{ + if ((*pval = (ASN1_VALUE *)DSA_new()) == NULL) + return 0; + + return 1; +} + +static void +dsa_pubkey_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +{ + DSA_free((DSA *)*pval); + *pval = NULL; +} + +static int +dsa_pubkey_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx) +{ + return pubkey_ex_d2i(EVP_PKEY_DSA, pval, in, len, it); +} + +static int +dsa_pubkey_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, + int tag, int aclass) +{ + return pubkey_ex_i2d(EVP_PKEY_DSA, pval, out, it); +} + +const ASN1_EXTERN_FUNCS dsa_pubkey_asn1_ff = { + .app_data = NULL, + .asn1_ex_new = dsa_pubkey_ex_new, + .asn1_ex_free = dsa_pubkey_ex_free, + .asn1_ex_clear = NULL, + .asn1_ex_d2i = dsa_pubkey_ex_d2i, + .asn1_ex_i2d = dsa_pubkey_ex_i2d, + .asn1_ex_print = NULL, +}; + +const ASN1_ITEM DSA_PUBKEY_it = { + .itype = ASN1_ITYPE_EXTERN, + .utype = 0, + .templates = NULL, + .tcount = 0, + .funcs = &dsa_pubkey_asn1_ff, + .size = 0, + .sname = NULL, +}; + DSA * -d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) +d2i_DSA_PUBKEY(DSA **dsa, const unsigned char **in, long len) { - EVP_PKEY *pkey; - DSA *key; - const unsigned char *q; - q = *pp; - pkey = d2i_PUBKEY(NULL, &q, length); - if (!pkey) - return NULL; - key = EVP_PKEY_get1_DSA(pkey); - EVP_PKEY_free(pkey); - if (!key) - return NULL; - *pp = q; - if (a) { - DSA_free(*a); - *a = key; - } - return key; + return (DSA *)ASN1_item_d2i((ASN1_VALUE **)dsa, in, len, + &DSA_PUBKEY_it); } int -i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) +i2d_DSA_PUBKEY(DSA *dsa, unsigned char **out) { - EVP_PKEY *pktmp; - int ret; - if (!a) - return 0; - pktmp = EVP_PKEY_new(); - if (!pktmp) { - ASN1error(ERR_R_MALLOC_FAILURE); - return 0; - } - EVP_PKEY_set1_DSA(pktmp, a); - ret = i2d_PUBKEY(pktmp, pp); - EVP_PKEY_free(pktmp); - return ret; + return ASN1_item_i2d((ASN1_VALUE *)dsa, out, &DSA_PUBKEY_it); +} + +DSA * +d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) +{ + return (DSA *)ASN1_item_d2i_bio(&DSA_PUBKEY_it, bp, (ASN1_VALUE **)dsa); +} + +int +i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) +{ + return ASN1_item_i2d_bio(&DSA_PUBKEY_it, bp, (ASN1_VALUE *)dsa); +} + +DSA * +d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) +{ + return (DSA *)ASN1_item_d2i_fp(&DSA_PUBKEY_it, fp, (ASN1_VALUE **)dsa); +} + +int +i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa) +{ + return ASN1_item_i2d_fp(&DSA_PUBKEY_it, fp, (ASN1_VALUE *)dsa); } + #endif #ifndef OPENSSL_NO_EC + +static int +ec_pubkey_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) +{ + if ((*pval = (ASN1_VALUE *)EC_KEY_new()) == NULL) + return 0; + + return 1; +} + +static void +ec_pubkey_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +{ + EC_KEY_free((EC_KEY *)*pval); + *pval = NULL; +} + +static int +ec_pubkey_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx) +{ + return pubkey_ex_d2i(EVP_PKEY_EC, pval, in, len, it); +} + +static int +ec_pubkey_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, + int tag, int aclass) +{ + return pubkey_ex_i2d(EVP_PKEY_EC, pval, out, it); +} + +const ASN1_EXTERN_FUNCS ec_pubkey_asn1_ff = { + .app_data = NULL, + .asn1_ex_new = ec_pubkey_ex_new, + .asn1_ex_free = ec_pubkey_ex_free, + .asn1_ex_clear = NULL, + .asn1_ex_d2i = ec_pubkey_ex_d2i, + .asn1_ex_i2d = ec_pubkey_ex_i2d, + .asn1_ex_print = NULL, +}; + +const ASN1_ITEM EC_PUBKEY_it = { + .itype = ASN1_ITYPE_EXTERN, + .utype = 0, + .templates = NULL, + .tcount = 0, + .funcs = &ec_pubkey_asn1_ff, + .size = 0, + .sname = NULL, +}; + EC_KEY * -d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) +d2i_EC_PUBKEY(EC_KEY **ec, const unsigned char **in, long len) { - EVP_PKEY *pkey; - EC_KEY *key; - const unsigned char *q; - q = *pp; - pkey = d2i_PUBKEY(NULL, &q, length); - if (!pkey) - return (NULL); - key = EVP_PKEY_get1_EC_KEY(pkey); - EVP_PKEY_free(pkey); - if (!key) - return (NULL); - *pp = q; - if (a) { - EC_KEY_free(*a); - *a = key; - } - return (key); + return (EC_KEY *)ASN1_item_d2i((ASN1_VALUE **)ec, in, len, + &EC_PUBKEY_it); } int -i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp) +i2d_EC_PUBKEY(EC_KEY *ec, unsigned char **out) { - EVP_PKEY *pktmp; - int ret; - if (!a) - return (0); - if ((pktmp = EVP_PKEY_new()) == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); - return (0); - } - EVP_PKEY_set1_EC_KEY(pktmp, a); - ret = i2d_PUBKEY(pktmp, pp); - EVP_PKEY_free(pktmp); - return (ret); + return ASN1_item_i2d((ASN1_VALUE *)ec, out, &EC_PUBKEY_it); +} + +EC_KEY * +d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **ec) +{ + return (EC_KEY *)ASN1_item_d2i_bio(&EC_PUBKEY_it, bp, (ASN1_VALUE **)ec); +} + +int +i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ec) +{ + return ASN1_item_i2d_bio(&EC_PUBKEY_it, bp, (ASN1_VALUE *)ec); +} + +EC_KEY * +d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **ec) +{ + return (EC_KEY *)ASN1_item_d2i_fp(&EC_PUBKEY_it, fp, (ASN1_VALUE **)ec); +} + +int +i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *ec) +{ + return ASN1_item_i2d_fp(&EC_PUBKEY_it, fp, (ASN1_VALUE *)ec); } #endif @@ -410,15 +716,13 @@ X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype, { if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval)) return 0; - if (penc) { - free(pub->public_key->data); - pub->public_key->data = penc; - pub->public_key->length = penclen; - /* Set number of unused bits to zero */ - pub->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); - pub->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; - } - return 1; + + if (penc == NULL) + return 1; + + ASN1_STRING_set0(pub->public_key, penc, penclen); + + return asn1_abs_set_unused_bits(pub->public_key, 0); } int diff --git a/crypto/asn1/x_req.c b/crypto/asn1/x_req.c index eb5210ae..38e3790b 100644 --- a/crypto/asn1/x_req.c +++ b/crypto/asn1/x_req.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_req.c,v 1.17 2018/02/22 16:50:30 jsing Exp $ */ +/* $OpenBSD: x_req.c,v 1.18 2021/11/01 20:53:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,6 +61,8 @@ #include #include +#include "x509_lcl.h" + /* X509_REQ_INFO is handled in an unusual way to get round * invalid encodings. Some broken certificate requests don't * encode the attributes field if it is empty. This is in diff --git a/crypto/asn1/x_sig.c b/crypto/asn1/x_sig.c index 702bc40e..6a842da5 100644 --- a/crypto/asn1/x_sig.c +++ b/crypto/asn1/x_sig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_sig.c,v 1.11 2015/02/11 04:00:39 jsing Exp $ */ +/* $OpenBSD: x_sig.c,v 1.13 2021/11/01 20:53:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,6 +61,8 @@ #include #include +#include "x509_lcl.h" + static const ASN1_TEMPLATE X509_SIG_seq_tt[] = { { .offset = offsetof(X509_SIG, algor), @@ -108,3 +110,22 @@ X509_SIG_free(X509_SIG *a) { ASN1_item_free((ASN1_VALUE *)a, &X509_SIG_it); } + +void +X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, + const ASN1_OCTET_STRING **pdigest) +{ + if (palg != NULL) + *palg = sig->algor; + if (pdigest != NULL) + *pdigest = sig->digest; +} + +void +X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest) +{ + if (palg != NULL) + *palg = sig->algor; + if (pdigest != NULL) + *pdigest = sig->digest; +} diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index 422f6256..7147069e 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_x509.c,v 1.27 2021/09/02 12:41:44 job Exp $ */ +/* $OpenBSD: x_x509.c,v 1.30 2021/12/25 13:17:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,6 +65,8 @@ #include #include +#include "x509_lcl.h" + static const ASN1_AUX X509_CINF_aux = { .flags = ASN1_AFLG_ENCODING, .enc_offset = offsetof(X509_CINF, enc), @@ -337,7 +339,7 @@ d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) } return ret; -err: + err: X509_free(ret); return NULL; } @@ -353,6 +355,13 @@ i2d_X509_AUX(X509 *a, unsigned char **pp) return length; } +int +i2d_re_X509_tbs(X509 *x, unsigned char **pp) +{ + x->cert_info->enc.modified = 1; + return i2d_X509_CINF(x->cert_info, pp); +} + void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x) diff --git a/crypto/asn1/x_x509a.c b/crypto/asn1/x_x509a.c index b0d7150b..87dc045a 100644 --- a/crypto/asn1/x_x509a.c +++ b/crypto/asn1/x_x509a.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_x509a.c,v 1.15 2018/05/01 19:01:27 tb Exp $ */ +/* $OpenBSD: x_x509a.c,v 1.18 2021/12/25 13:17:48 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -62,6 +62,8 @@ #include #include +#include "x509_lcl.h" + /* X509_CERT_AUX routines. These are used to encode additional * user modifiable data about a certificate. This data is * appended to the X509 encoding when the *_X509_AUX routines @@ -226,7 +228,7 @@ X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj) if (rc != 0) return rc; -err: + err: ASN1_OBJECT_free(objtmp); return 0; } @@ -248,7 +250,7 @@ X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj) if (rc != 0) return rc; -err: + err: ASN1_OBJECT_free(objtmp); return 0; } @@ -270,56 +272,3 @@ X509_reject_clear(X509 *x) x->aux->reject = NULL; } } - -static const ASN1_TEMPLATE X509_CERT_PAIR_seq_tt[] = { - { - .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, - .tag = 0, - .offset = offsetof(X509_CERT_PAIR, forward), - .field_name = "forward", - .item = &X509_it, - }, - { - .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, - .tag = 1, - .offset = offsetof(X509_CERT_PAIR, reverse), - .field_name = "reverse", - .item = &X509_it, - }, -}; - -const ASN1_ITEM X509_CERT_PAIR_it = { - .itype = ASN1_ITYPE_SEQUENCE, - .utype = V_ASN1_SEQUENCE, - .templates = X509_CERT_PAIR_seq_tt, - .tcount = sizeof(X509_CERT_PAIR_seq_tt) / sizeof(ASN1_TEMPLATE), - .funcs = NULL, - .size = sizeof(X509_CERT_PAIR), - .sname = "X509_CERT_PAIR", -}; - - -X509_CERT_PAIR * -d2i_X509_CERT_PAIR(X509_CERT_PAIR **a, const unsigned char **in, long len) -{ - return (X509_CERT_PAIR *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &X509_CERT_PAIR_it); -} - -int -i2d_X509_CERT_PAIR(X509_CERT_PAIR *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CERT_PAIR_it); -} - -X509_CERT_PAIR * -X509_CERT_PAIR_new(void) -{ - return (X509_CERT_PAIR *)ASN1_item_new(&X509_CERT_PAIR_it); -} - -void -X509_CERT_PAIR_free(X509_CERT_PAIR *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &X509_CERT_PAIR_it); -} diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c index 5b9ee35d..aa079c5f 100644 --- a/crypto/bio/bf_buff.c +++ b/crypto/bio/bf_buff.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bf_buff.c,v 1.25 2018/05/01 13:29:09 tb Exp $ */ +/* $OpenBSD: bf_buff.c,v 1.27 2022/01/14 08:40:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,6 +63,8 @@ #include #include +#include "bio_local.h" + static int buffer_write(BIO *h, const char *buf, int num); static int buffer_read(BIO *h, char *buf, int size); static int buffer_puts(BIO *h, const char *str); @@ -70,7 +72,7 @@ static int buffer_gets(BIO *h, char *str, int size); static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int buffer_new(BIO *h); static int buffer_free(BIO *data); -static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long buffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); #define DEFAULT_BUFFER_SIZE 4096 static const BIO_METHOD methods_buffer = { @@ -450,7 +452,7 @@ buffer_ctrl(BIO *b, int cmd, long num, void *ptr) } static long -buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +buffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c index 05fa9161..086479ec 100644 --- a/crypto/bio/bf_nbio.c +++ b/crypto/bio/bf_nbio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bf_nbio.c,v 1.20 2018/05/01 13:29:09 tb Exp $ */ +/* $OpenBSD: bf_nbio.c,v 1.22 2022/01/14 08:40:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,8 @@ #include +#include "bio_local.h" + /* BIO_put and BIO_get both add to the digest, * BIO_gets returns the digest */ @@ -72,7 +74,7 @@ static int nbiof_gets(BIO *h, char *str, int size); static long nbiof_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int nbiof_new(BIO *h); static int nbiof_free(BIO *data); -static long nbiof_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long nbiof_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); typedef struct nbio_test_st { /* only set if we sent a 'should retry' error */ @@ -221,7 +223,7 @@ nbiof_ctrl(BIO *b, int cmd, long num, void *ptr) } static long -nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +nbiof_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; diff --git a/crypto/bio/bf_null.c b/crypto/bio/bf_null.c index 25abb8a5..129def8c 100644 --- a/crypto/bio/bf_null.c +++ b/crypto/bio/bf_null.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bf_null.c,v 1.12 2018/05/01 13:29:09 tb Exp $ */ +/* $OpenBSD: bf_null.c,v 1.14 2022/01/14 08:40:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,6 +61,8 @@ #include +#include "bio_local.h" + /* BIO_put and BIO_get both add to the digest, * BIO_gets returns the digest */ @@ -71,7 +73,7 @@ static int nullf_gets(BIO *h, char *str, int size); static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int nullf_new(BIO *h); static int nullf_free(BIO *data); -static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long nullf_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); static const BIO_METHOD methods_nullf = { .type = BIO_TYPE_NULL_FILTER, @@ -165,7 +167,7 @@ nullf_ctrl(BIO *b, int cmd, long num, void *ptr) } static long -nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +nullf_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c index 52cdd241..2ca411cd 100644 --- a/crypto/bio/bio_cb.c +++ b/crypto/bio/bio_cb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_cb.c,v 1.17 2021/03/25 09:26:17 tb Exp $ */ +/* $OpenBSD: bio_cb.c,v 1.18 2022/01/07 09:02:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,6 +63,8 @@ #include #include +#include "bio_local.h" + long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret) diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c index 2920e321..fa5d16af 100644 --- a/crypto/bio/bio_err.c +++ b/crypto/bio/bio_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_err.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: bio_err.c,v 1.19 2022/07/12 14:42:48 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0) @@ -92,6 +86,7 @@ static ERR_STRING_DATA BIO_str_reasons[] = { {ERR_REASON(BIO_R_INVALID_PORT_NUMBER) , "invalid port number"}, {ERR_REASON(BIO_R_IN_USE) , "in use"}, {ERR_REASON(BIO_R_KEEPALIVE) , "keepalive"}, + {ERR_REASON(BIO_R_LENGTH_TOO_LONG) , "too long"}, {ERR_REASON(BIO_R_NBIO_CONNECT_ERROR) , "nbio connect error"}, {ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED), "no accept port specified"}, {ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED) , "no hostname specified"}, diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 7ef1784e..2ac0abd8 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_lib.c,v 1.29 2019/04/14 17:39:03 jsing Exp $ */ +/* $OpenBSD: bio_lib.c,v 1.36 2022/08/15 10:48:45 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,6 +57,7 @@ */ #include +#include #include #include @@ -64,6 +65,57 @@ #include #include +#include "bio_local.h" + +/* + * Helper function to work out whether to call the new style callback or the old + * one, and translate between the two. + * + * This has a long return type for consistency with the old callback. Similarly + * for the "long" used for "inret" + */ +static long +bio_call_callback(BIO *b, int oper, const char *argp, size_t len, int argi, + long argl, long inret, size_t *processed) +{ + long ret; + int bareoper; + + if (b->callback_ex != NULL) + return b->callback_ex(b, oper, argp, len, argi, argl, inret, + processed); + + /* + * We have an old style callback, so we will have to do nasty casts and + * check for overflows. + */ + + bareoper = oper & ~BIO_CB_RETURN; + + if (bareoper == BIO_CB_READ || bareoper == BIO_CB_WRITE || + bareoper == BIO_CB_GETS) { + /* In this case len is set and should be used instead of argi. */ + if (len > INT_MAX) + return -1; + argi = (int)len; + } + + if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { + if (*processed > INT_MAX) + return -1; + inret = *processed; + } + + ret = b->callback(b, oper, argp, argi, argl, inret); + + if (ret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { + *processed = (size_t)ret; + ret = 1; + } + + return ret; +} + int BIO_get_new_index(void) { @@ -83,6 +135,7 @@ BIO_new(const BIO_METHOD *method) { BIO *ret = NULL; + /* XXX calloc */ ret = malloc(sizeof(BIO)); if (ret == NULL) { BIOerror(ERR_R_MALLOC_FAILURE); @@ -100,6 +153,7 @@ BIO_set(BIO *bio, const BIO_METHOD *method) { bio->method = method; bio->callback = NULL; + bio->callback_ex = NULL; bio->cb_arg = NULL; bio->init = 0; bio->shutdown = 1; @@ -113,29 +167,32 @@ BIO_set(BIO *bio, const BIO_METHOD *method) bio->num_read = 0L; bio->num_write = 0L; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); - if (method->create != NULL) + if (method->create != NULL) { if (!method->create(bio)) { CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); return (0); } + } return (1); } int BIO_free(BIO *a) { - int i; + int ret; if (a == NULL) return (0); - i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_BIO); - if (i > 0) + if (CRYPTO_add(&a->references, -1, CRYPTO_LOCK_BIO) > 0) return (1); - if ((a->callback != NULL) && - ((i = (int)a->callback(a, BIO_CB_FREE, NULL, 0, 0L, 1L)) <= 0)) - return (i); + + if (a->callback != NULL || a->callback_ex != NULL) { + if ((ret = (int)bio_call_callback(a, BIO_CB_FREE, NULL, 0, 0, + 0L, 1L, NULL)) <= 0) + return (ret); + } CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); @@ -170,6 +227,12 @@ BIO_set_data(BIO *a, void *ptr) a->ptr = ptr; } +int +BIO_get_init(BIO *a) +{ + return a->init; +} + void BIO_set_init(BIO *a, int init) { @@ -206,20 +269,30 @@ BIO_set_flags(BIO *b, int flags) b->flags |= flags; } -long -(*BIO_get_callback(const BIO *b))(struct bio_st *, int, const char *, int, - long, long) +BIO_callback_fn +BIO_get_callback(const BIO *b) { return b->callback; } void -BIO_set_callback(BIO *b, long (*cb)(struct bio_st *, int, const char *, int, - long, long)) +BIO_set_callback(BIO *b, BIO_callback_fn cb) { b->callback = cb; } +BIO_callback_fn_ex +BIO_get_callback_ex(const BIO *b) +{ + return b->callback_ex; +} + +void +BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex cb) +{ + b->callback_ex = cb; +} + void BIO_set_callback_arg(BIO *b, char *arg) { @@ -247,8 +320,8 @@ BIO_method_type(const BIO *b) int BIO_read(BIO *b, void *out, int outl) { - int i; - long (*cb)(BIO *, int, const char *, int, long, long); + size_t readbytes = 0; + int ret; if (b == NULL) return (0); @@ -261,33 +334,44 @@ BIO_read(BIO *b, void *out, int outl) return (-2); } - cb = b->callback; - if ((cb != NULL) && - ((i = (int)cb(b, BIO_CB_READ, out, outl, 0L, 1L)) <= 0)) - return (i); + if (b->callback != NULL || b->callback_ex != NULL) { + if ((ret = (int)bio_call_callback(b, BIO_CB_READ, out, outl, 0, + 0L, 1L, NULL)) <= 0) + return (ret); + } if (!b->init) { BIOerror(BIO_R_UNINITIALIZED); return (-2); } - i = b->method->bread(b, out, outl); + if ((ret = b->method->bread(b, out, outl)) > 0) + readbytes = (size_t)ret; + + b->num_read += readbytes; - if (i > 0) - b->num_read += (unsigned long)i; + if (b->callback != NULL || b->callback_ex != NULL) { + ret = (int)bio_call_callback(b, BIO_CB_READ | BIO_CB_RETURN, + out, outl, 0, 0L, (ret > 0) ? 1 : ret, &readbytes); + } - if (cb != NULL) - i = (int)cb(b, BIO_CB_READ|BIO_CB_RETURN, out, outl, - 0L, (long)i); + if (ret > 0) { + if (readbytes > INT_MAX) { + BIOerror(BIO_R_LENGTH_TOO_LONG); + ret = -1; + } else { + ret = (int)readbytes; + } + } - return (i); + return (ret); } int BIO_write(BIO *b, const void *in, int inl) { - int i; - long (*cb)(BIO *, int, const char *, int, long, long); + size_t writebytes = 0; + int ret; if (b == NULL) return (0); @@ -300,95 +384,132 @@ BIO_write(BIO *b, const void *in, int inl) return (-2); } - cb = b->callback; - if ((cb != NULL) && - ((i = (int)cb(b, BIO_CB_WRITE, in, inl, 0L, 1L)) <= 0)) - return (i); + if (b->callback != NULL || b->callback_ex != NULL) { + if ((ret = (int)bio_call_callback(b, BIO_CB_WRITE, in, inl, 0, + 0L, 1L, NULL)) <= 0) + return (ret); + } if (!b->init) { BIOerror(BIO_R_UNINITIALIZED); return (-2); } - i = b->method->bwrite(b, in, inl); + if ((ret = b->method->bwrite(b, in, inl)) > 0) + writebytes = ret; - if (i > 0) - b->num_write += (unsigned long)i; + b->num_write += writebytes; + + if (b->callback != NULL || b->callback_ex != NULL) { + ret = (int)bio_call_callback(b, BIO_CB_WRITE | BIO_CB_RETURN, + in, inl, 0, 0L, (ret > 0) ? 1 : ret, &writebytes); + } - if (cb != NULL) - i = (int)cb(b, BIO_CB_WRITE|BIO_CB_RETURN, in, inl, - 0L, (long)i); - return (i); + if (ret > 0) { + if (writebytes > INT_MAX) { + BIOerror(BIO_R_LENGTH_TOO_LONG); + ret = -1; + } else { + ret = (int)writebytes; + } + } + + return (ret); } int BIO_puts(BIO *b, const char *in) { - int i; - long (*cb)(BIO *, int, const char *, int, long, long); + size_t writebytes = 0; + int ret; - if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) { + if (b == NULL || b->method == NULL || b->method->bputs == NULL) { BIOerror(BIO_R_UNSUPPORTED_METHOD); return (-2); } - cb = b->callback; - - if ((cb != NULL) && - ((i = (int)cb(b, BIO_CB_PUTS, in, 0, 0L, 1L)) <= 0)) - return (i); + if (b->callback != NULL || b->callback_ex != NULL) { + if ((ret = (int)bio_call_callback(b, BIO_CB_PUTS, in, 0, 0, 0L, + 1L, NULL)) <= 0) + return (ret); + } if (!b->init) { BIOerror(BIO_R_UNINITIALIZED); return (-2); } - i = b->method->bputs(b, in); + if ((ret = b->method->bputs(b, in)) > 0) + writebytes = ret; + + b->num_write += writebytes; - if (i > 0) - b->num_write += (unsigned long)i; + if (b->callback != NULL || b->callback_ex != NULL) { + ret = (int)bio_call_callback(b, BIO_CB_PUTS | BIO_CB_RETURN, + in, 0, 0, 0L, (ret > 0) ? 1 : ret, &writebytes); + } - if (cb != NULL) - i = (int)cb(b, BIO_CB_PUTS|BIO_CB_RETURN, in, 0, 0L, (long)i); - return (i); + if (ret > 0) { + if (writebytes > INT_MAX) { + BIOerror(BIO_R_LENGTH_TOO_LONG); + ret = -1; + } else { + ret = (int)writebytes; + } + } + + return (ret); } int BIO_gets(BIO *b, char *in, int inl) { - int i; - long (*cb)(BIO *, int, const char *, int, long, long); + size_t readbytes = 0; + int ret; - if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) { + if (b == NULL || b->method == NULL || b->method->bgets == NULL) { BIOerror(BIO_R_UNSUPPORTED_METHOD); return (-2); } - cb = b->callback; - - if ((cb != NULL) && - ((i = (int)cb(b, BIO_CB_GETS, in, inl, 0L, 1L)) <= 0)) - return (i); + if (b->callback != NULL || b->callback_ex != NULL) { + if ((ret = (int)bio_call_callback(b, BIO_CB_GETS, in, inl, 0, 0L, + 1, NULL)) <= 0) + return (ret); + } if (!b->init) { BIOerror(BIO_R_UNINITIALIZED); return (-2); } - i = b->method->bgets(b, in, inl); + if ((ret = b->method->bgets(b, in, inl)) > 0) + readbytes = ret; - if (cb != NULL) - i = (int)cb(b, BIO_CB_GETS|BIO_CB_RETURN, in, inl, 0L, (long)i); - return (i); + if (b->callback != NULL || b->callback_ex != NULL) { + ret = (int)bio_call_callback(b, BIO_CB_GETS | BIO_CB_RETURN, in, + inl, 0, 0L, (ret > 0) ? 1 : ret, &readbytes); + } + + if (ret > 0) { + if (readbytes > INT_MAX) { + BIOerror(BIO_R_LENGTH_TOO_LONG); + ret = -1; + } else { + ret = (int)readbytes; + } + } + + return (ret); } int BIO_indent(BIO *b, int indent, int max) { - if (indent < 0) - indent = 0; if (indent > max) indent = max; + if (indent < 0) + indent = 0; while (indent--) if (BIO_puts(b, " ") != 1) return 0; @@ -419,54 +540,58 @@ long BIO_ctrl(BIO *b, int cmd, long larg, void *parg) { long ret; - long (*cb)(BIO *, int, const char *, int, long, long); if (b == NULL) return (0); - if ((b->method == NULL) || (b->method->ctrl == NULL)) { + if (b->method == NULL || b->method->ctrl == NULL) { BIOerror(BIO_R_UNSUPPORTED_METHOD); return (-2); } - cb = b->callback; - - if ((cb != NULL) && - ((ret = cb(b, BIO_CB_CTRL, parg, cmd, larg, 1L)) <= 0)) - return (ret); + if (b->callback != NULL || b->callback_ex != NULL) { + if ((ret = bio_call_callback(b, BIO_CB_CTRL, parg, 0, cmd, larg, + 1L, NULL)) <= 0) + return (ret); + } ret = b->method->ctrl(b, cmd, larg, parg); - if (cb != NULL) - ret = cb(b, BIO_CB_CTRL|BIO_CB_RETURN, parg, cmd, larg, ret); + if (b->callback != NULL || b->callback_ex != NULL) { + ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, + cmd, larg, ret, NULL); + } + return (ret); } long -BIO_callback_ctrl(BIO *b, int cmd, - void (*fp)(struct bio_st *, int, const char *, int, long, long)) +BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret; - long (*cb)(BIO *, int, const char *, int, long, long); if (b == NULL) return (0); - if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) { + if (b->method == NULL || b->method->callback_ctrl == NULL || + cmd != BIO_CTRL_SET_CALLBACK) { BIOerror(BIO_R_UNSUPPORTED_METHOD); return (-2); } - cb = b->callback; - - if ((cb != NULL) && - ((ret = cb(b, BIO_CB_CTRL, (void *)&fp, cmd, 0, 1L)) <= 0)) - return (ret); + if (b->callback != NULL || b->callback_ex != NULL) { + if ((ret = bio_call_callback(b, BIO_CB_CTRL, (void *)&fp, 0, + cmd, 0, 1L, NULL)) <= 0) + return (ret); + } ret = b->method->callback_ctrl(b, cmd, fp); - if (cb != NULL) - ret = cb(b, BIO_CB_CTRL|BIO_CB_RETURN, (void *)&fp, cmd, 0, ret); + if (b->callback != NULL || b->callback_ex != NULL) { + ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, + (void *)&fp, 0, cmd, 0, ret, NULL); + } + return (ret); } @@ -552,6 +677,12 @@ BIO_get_retry_reason(BIO *bio) return (bio->retry_reason); } +void +BIO_set_retry_reason(BIO *bio, int reason) +{ + bio->retry_reason = reason; +} + BIO * BIO_find_type(BIO *bio, int type) { @@ -582,6 +713,12 @@ BIO_next(BIO *b) return b->next_bio; } +void +BIO_set_next(BIO *b, BIO *next) +{ + b->next_bio = next; +} + void BIO_free_all(BIO *bio) { @@ -608,6 +745,7 @@ BIO_dup_chain(BIO *in) if ((new_bio = BIO_new(bio->method)) == NULL) goto err; new_bio->callback = bio->callback; + new_bio->callback_ex = bio->callback_ex; new_bio->cb_arg = bio->cb_arg; new_bio->init = bio->init; new_bio->shutdown = bio->shutdown; diff --git a/crypto/bio/bio_local.h b/crypto/bio/bio_local.h new file mode 100644 index 00000000..7e1885f3 --- /dev/null +++ b/crypto/bio/bio_local.h @@ -0,0 +1,123 @@ +/* $OpenBSD: bio_local.h,v 1.3 2022/01/14 08:40:57 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_BIO_LOCAL_H +#define HEADER_BIO_LOCAL_H + +__BEGIN_HIDDEN_DECLS + +struct bio_method_st { + int type; + const char *name; + int (*bwrite)(BIO *, const char *, int); + int (*bread)(BIO *, char *, int); + int (*bputs)(BIO *, const char *); + int (*bgets)(BIO *, char *, int); + long (*ctrl)(BIO *, int, long, void *); + int (*create)(BIO *); + int (*destroy)(BIO *); + long (*callback_ctrl)(BIO *, int, BIO_info_cb *); +} /* BIO_METHOD */; + +struct bio_st { + const BIO_METHOD *method; + BIO_callback_fn callback; + BIO_callback_fn_ex callback_ex; + char *cb_arg; /* first argument for the callback */ + + int init; + int shutdown; + int flags; /* extra storage */ + int retry_reason; + int num; + void *ptr; + struct bio_st *next_bio; /* used by filter BIOs */ + struct bio_st *prev_bio; /* used by filter BIOs */ + int references; + unsigned long num_read; + unsigned long num_write; + + CRYPTO_EX_DATA ex_data; +} /* BIO */; + +typedef struct bio_f_buffer_ctx_struct { + /* Buffers are setup like this: + * + * <---------------------- size -----------------------> + * +---------------------------------------------------+ + * | consumed | remaining | free space | + * +---------------------------------------------------+ + * <-- off --><------- len -------> + */ + + /* BIO *bio; */ /* this is now in the BIO struct */ + int ibuf_size; /* how big is the input buffer */ + int obuf_size; /* how big is the output buffer */ + + char *ibuf; /* the char array */ + int ibuf_len; /* how many bytes are in it */ + int ibuf_off; /* write/read offset */ + + char *obuf; /* the char array */ + int obuf_len; /* how many bytes are in it */ + int obuf_off; /* write/read offset */ +} BIO_F_BUFFER_CTX; + +__END_HIDDEN_DECLS + +#endif /* !HEADER_BIO_LOCAL_H */ diff --git a/crypto/bio/bio_meth.c b/crypto/bio/bio_meth.c index 4327c010..d7d100df 100644 --- a/crypto/bio/bio_meth.c +++ b/crypto/bio/bio_meth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_meth.c,v 1.6 2018/06/02 04:41:12 tb Exp $ */ +/* $OpenBSD: bio_meth.c,v 1.8 2022/01/14 08:40:57 tb Exp $ */ /* * Copyright (c) 2018 Theo Buehler * @@ -19,6 +19,8 @@ #include +#include "bio_local.h" + BIO_METHOD * BIO_meth_new(int type, const char *name) { @@ -133,15 +135,13 @@ BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *)) long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *) { - return - (long (*)(BIO *, int, BIO_info_cb *))biom->callback_ctrl; /* XXX */ + return biom->callback_ctrl; } int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl)(BIO *, int, BIO_info_cb *)) { - biom->callback_ctrl = - (long (*)(BIO *, int, bio_info_cb *))callback_ctrl; /* XXX */ + biom->callback_ctrl = callback_ctrl; return 1; } diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index c95ddde7..a619bd7c 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_acpt.c,v 1.29 2018/05/12 18:51:59 tb Exp $ */ +/* $OpenBSD: bss_acpt.c,v 1.30 2022/01/07 09:02:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -67,6 +67,8 @@ #include #include +#include "bio_local.h" + #define SOCKET_PROTOCOL IPPROTO_TCP typedef struct bio_accept_st { diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index 74f86a51..c92d35d1 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_bio.c,v 1.24 2018/05/01 13:29:09 tb Exp $ */ +/* $OpenBSD: bss_bio.c,v 1.25 2022/01/07 09:02:17 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * @@ -84,6 +84,8 @@ #include #include +#include "bio_local.h" + static int bio_new(BIO *bio); static int bio_free(BIO *bio); static int bio_read(BIO *bio, char *buf, int size); diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index 46a37b06..8e30bccd 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_conn.c,v 1.35 2018/05/12 18:51:59 tb Exp $ */ +/* $OpenBSD: bss_conn.c,v 1.37 2022/01/14 08:40:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -70,6 +70,8 @@ #include #include +#include "bio_local.h" + #define SOCKET_PROTOCOL IPPROTO_TCP typedef struct bio_connect_st { @@ -90,7 +92,7 @@ typedef struct bio_connect_st { /* called when the connection is initially made * callback(BIO,state,ret); The callback should return * 'ret'. state is for compatibility with the ssl info_callback */ - int (*info_callback)(const BIO *bio, int state, int ret); + BIO_info_cb *info_callback; } BIO_CONNECT; static int conn_write(BIO *h, const char *buf, int num); @@ -99,7 +101,7 @@ static int conn_puts(BIO *h, const char *str); static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int conn_new(BIO *h); static int conn_free(BIO *data); -static long conn_callback_ctrl(BIO *h, int cmd, bio_info_cb *); +static long conn_callback_ctrl(BIO *h, int cmd, BIO_info_cb *); static int conn_state(BIO *b, BIO_CONNECT *c); static void conn_close_socket(BIO *data); @@ -124,7 +126,7 @@ conn_state(BIO *b, BIO_CONNECT *c) int ret = -1, i; unsigned long l; char *p, *q; - int (*cb)(const BIO *, int, int) = NULL; + BIO_info_cb *cb = NULL; if (c->info_callback != NULL) cb = c->info_callback; @@ -521,9 +523,7 @@ conn_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_set_conn_hostname(dbio, data->param_hostname); BIO_set_nbio(dbio, data->nbio); - /* FIXME: the cast of the function seems unlikely to be a good idea */ - (void)BIO_set_info_callback(dbio, - (bio_info_cb *)data->info_callback); + (void)BIO_set_info_callback(dbio, data->info_callback); } break; case BIO_CTRL_SET_CALLBACK: @@ -538,9 +538,8 @@ conn_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_CTRL_GET_CALLBACK: { - int (**fptr)(const BIO *bio, int state, int xret); + BIO_info_cb **fptr = ptr; - fptr = (int (**)(const BIO *bio, int state, int xret))ptr; *fptr = data->info_callback; } break; @@ -552,7 +551,7 @@ conn_ctrl(BIO *b, int cmd, long num, void *ptr) } static long -conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +conn_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; BIO_CONNECT *data; @@ -561,9 +560,7 @@ conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) switch (cmd) { case BIO_CTRL_SET_CALLBACK: - { - data->info_callback = (int (*)(const struct bio_st *, int, int))fp; - } + data->info_callback = (BIO_info_cb *)fp; break; default: ret = 0; diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 794b6d1b..fa6e2db9 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_dgram.c,v 1.42 2018/05/12 17:47:53 tb Exp $ */ +/* $OpenBSD: bss_dgram.c,v 1.43 2022/01/07 09:02:17 tb Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -72,6 +72,8 @@ #include +#include "bio_local.h" + #ifndef OPENSSL_NO_DGRAM diff --git a/crypto/bio/bss_fd.c b/crypto/bio/bss_fd.c index bbe08efc..7d7c4279 100644 --- a/crypto/bio/bss_fd.c +++ b/crypto/bio/bss_fd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_fd.c,v 1.19 2018/05/01 13:29:09 tb Exp $ */ +/* $OpenBSD: bss_fd.c,v 1.20 2022/01/07 09:02:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,6 +65,8 @@ #include +#include "bio_local.h" + static int fd_write(BIO *h, const char *buf, int num); static int fd_read(BIO *h, char *buf, int size); static int fd_puts(BIO *h, const char *str); diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index fe937388..0c9b7550 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_file.c,v 1.33 2018/05/30 00:23:04 tb Exp $ */ +/* $OpenBSD: bss_file.c,v 1.34 2022/01/07 09:02:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -90,6 +90,8 @@ #include #include +#include "bio_local.h" + static int file_write(BIO *h, const char *buf, int num); static int file_read(BIO *h, char *buf, int size); static int file_puts(BIO *h, const char *str); diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index 7ef1312d..296c87ff 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_log.c,v 1.22 2018/05/01 13:29:10 tb Exp $ */ +/* $OpenBSD: bss_log.c,v 1.23 2022/01/07 09:02:17 tb Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -70,6 +70,8 @@ #include #include +#include "bio_local.h" + #ifndef NO_SYSLOG static int slg_write(BIO *h, const char *buf, int num); diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index e76e1ad2..2d030832 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_mem.c,v 1.17 2018/05/12 18:51:59 tb Exp $ */ +/* $OpenBSD: bss_mem.c,v 1.21 2022/02/19 15:59:12 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,6 +57,7 @@ */ #include +#include #include #include @@ -64,13 +65,35 @@ #include #include -static int mem_write(BIO *h, const char *buf, int num); -static int mem_read(BIO *h, char *buf, int size); -static int mem_puts(BIO *h, const char *str); -static int mem_gets(BIO *h, char *str, int size); -static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int mem_new(BIO *h); -static int mem_free(BIO *data); +#include "bio_local.h" + +struct bio_mem { + BUF_MEM *buf; + size_t read_offset; +}; + +static size_t +bio_mem_pending(struct bio_mem *bm) +{ + if (bm->read_offset > bm->buf->length) + return 0; + + return bm->buf->length - bm->read_offset; +} + +static uint8_t * +bio_mem_read_ptr(struct bio_mem *bm) +{ + return &bm->buf->data[bm->read_offset]; +} + +static int mem_new(BIO *bio); +static int mem_free(BIO *bio); +static int mem_write(BIO *bio, const char *in, int in_len); +static int mem_read(BIO *bio, char *out, int out_len); +static int mem_puts(BIO *bio, const char *in); +static int mem_gets(BIO *bio, char *out, int out_len); +static long mem_ctrl(BIO *bio, int cmd, long arg1, void *arg2); static const BIO_METHOD mem_method = { .type = BIO_TYPE_MEM, @@ -84,181 +107,207 @@ static const BIO_METHOD mem_method = { .destroy = mem_free }; -/* bio->num is used to hold the value to return on 'empty', if it is - * 0, should_retry is not set */ +/* + * bio->num is used to hold the value to return on 'empty', if it is + * 0, should_retry is not set. + */ const BIO_METHOD * BIO_s_mem(void) { - return (&mem_method); + return &mem_method; } BIO * -BIO_new_mem_buf(const void *buf, int len) +BIO_new_mem_buf(const void *buf, int buf_len) { - BIO *ret; - BUF_MEM *b; - size_t sz; + struct bio_mem *bm; + BIO *bio; - if (!buf) { + if (buf == NULL) { BIOerror(BIO_R_NULL_PARAMETER); return NULL; } - sz = (len < 0) ? strlen(buf) : (size_t)len; - if (!(ret = BIO_new(BIO_s_mem()))) + if (buf_len == -1) + buf_len = strlen(buf); + if (buf_len < 0) { + BIOerror(BIO_R_INVALID_ARGUMENT); return NULL; - b = (BUF_MEM *)ret->ptr; - b->data = (void *)buf; /* Trust in the BIO_FLAGS_MEM_RDONLY flag. */ - b->length = sz; - b->max = sz; - ret->flags |= BIO_FLAGS_MEM_RDONLY; - /* Since this is static data retrying wont help */ - ret->num = 0; - return ret; + } + + if ((bio = BIO_new(BIO_s_mem())) == NULL) + return NULL; + + bm = bio->ptr; + bm->buf->data = (void *)buf; /* Trust in the BIO_FLAGS_MEM_RDONLY flag. */ + bm->buf->length = buf_len; + bm->buf->max = buf_len; + bio->flags |= BIO_FLAGS_MEM_RDONLY; + /* Since this is static data retrying will not help. */ + bio->num = 0; + + return bio; } static int -mem_new(BIO *bi) +mem_new(BIO *bio) { - BUF_MEM *b; - - if ((b = BUF_MEM_new()) == NULL) - return (0); - bi->shutdown = 1; - bi->init = 1; - bi->num = -1; - bi->ptr = (char *)b; - return (1); + struct bio_mem *bm; + + if ((bm = calloc(1, sizeof(*bm))) == NULL) + return 0; + if ((bm->buf = BUF_MEM_new()) == NULL) { + free(bm); + return 0; + } + + bio->shutdown = 1; + bio->init = 1; + bio->num = -1; + bio->ptr = bm; + + return 1; } static int -mem_free(BIO *a) +mem_free(BIO *bio) { - if (a == NULL) - return (0); - if (a->shutdown) { - if ((a->init) && (a->ptr != NULL)) { - BUF_MEM *b; - b = (BUF_MEM *)a->ptr; - if (a->flags & BIO_FLAGS_MEM_RDONLY) - b->data = NULL; - BUF_MEM_free(b); - a->ptr = NULL; - } + struct bio_mem *bm; + + if (bio == NULL) + return 0; + if (!bio->init || bio->ptr == NULL) + return 1; + + bm = bio->ptr; + if (bio->shutdown) { + if (bio->flags & BIO_FLAGS_MEM_RDONLY) + bm->buf->data = NULL; + BUF_MEM_free(bm->buf); } - return (1); + free(bm); + bio->ptr = NULL; + + return 1; } static int -mem_read(BIO *b, char *out, int outl) +mem_read(BIO *bio, char *out, int out_len) { - int ret = -1; - BUF_MEM *bm; - - bm = (BUF_MEM *)b->ptr; - BIO_clear_retry_flags(b); - ret = (outl >=0 && (size_t)outl > bm->length) ? (int)bm->length : outl; - if ((out != NULL) && (ret > 0)) { - memcpy(out, bm->data, ret); - bm->length -= ret; - if (b->flags & BIO_FLAGS_MEM_RDONLY) - bm->data += ret; - else { - memmove(&(bm->data[0]), &(bm->data[ret]), bm->length); - } - } else if (bm->length == 0) { - ret = b->num; - if (ret != 0) - BIO_set_retry_read(b); + struct bio_mem *bm = bio->ptr; + + BIO_clear_retry_flags(bio); + + if (out == NULL || out_len <= 0) + return 0; + + if ((size_t)out_len > bio_mem_pending(bm)) + out_len = bio_mem_pending(bm); + + if (out_len == 0) { + if (bio->num != 0) + BIO_set_retry_read(bio); + return bio->num; } - return (ret); + + memcpy(out, bio_mem_read_ptr(bm), out_len); + bm->read_offset += out_len; + + return out_len; } static int -mem_write(BIO *b, const char *in, int inl) +mem_write(BIO *bio, const char *in, int in_len) { - int ret = -1; - int blen; - BUF_MEM *bm; + struct bio_mem *bm = bio->ptr; + size_t buf_len; - bm = (BUF_MEM *)b->ptr; - if (in == NULL) { - BIOerror(BIO_R_NULL_PARAMETER); - goto end; - } + BIO_clear_retry_flags(bio); - if (b->flags & BIO_FLAGS_MEM_RDONLY) { + if (in == NULL || in_len <= 0) + return 0; + + if (bio->flags & BIO_FLAGS_MEM_RDONLY) { BIOerror(BIO_R_WRITE_TO_READ_ONLY_BIO); - goto end; + return -1; + } + + if (bm->read_offset > 4096) { + memmove(bm->buf->data, bio_mem_read_ptr(bm), + bio_mem_pending(bm)); + bm->buf->length = bio_mem_pending(bm); + bm->read_offset = 0; } - BIO_clear_retry_flags(b); - blen = bm->length; - if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl)) - goto end; - memcpy(&(bm->data[blen]), in, inl); - ret = inl; -end: - return (ret); + /* + * Check for overflow and ensure we do not exceed an int, otherwise we + * cannot tell if BUF_MEM_grow_clean() succeeded. + */ + buf_len = bm->buf->length + in_len; + if (buf_len < bm->buf->length || buf_len > INT_MAX) + return -1; + + if (BUF_MEM_grow_clean(bm->buf, buf_len) != buf_len) + return -1; + + memcpy(&bm->buf->data[buf_len - in_len], in, in_len); + + return in_len; } static long -mem_ctrl(BIO *b, int cmd, long num, void *ptr) +mem_ctrl(BIO *bio, int cmd, long num, void *ptr) { + struct bio_mem *bm = bio->ptr; + void **pptr; long ret = 1; - char **pptr; - - BUF_MEM *bm = (BUF_MEM *)b->ptr; switch (cmd) { case BIO_CTRL_RESET: - if (bm->data != NULL) { - /* For read only case reset to the start again */ - if (b->flags & BIO_FLAGS_MEM_RDONLY) { - bm->data -= bm->max - bm->length; - bm->length = bm->max; - } else { - memset(bm->data, 0, bm->max); - bm->length = 0; + if (bm->buf->data != NULL) { + if (!(bio->flags & BIO_FLAGS_MEM_RDONLY)) { + memset(bm->buf->data, 0, bm->buf->max); + bm->buf->length = 0; } + bm->read_offset = 0; } break; case BIO_CTRL_EOF: - ret = (long)(bm->length == 0); + ret = (long)(bio_mem_pending(bm) == 0); break; case BIO_C_SET_BUF_MEM_EOF_RETURN: - b->num = (int)num; + bio->num = (int)num; break; case BIO_CTRL_INFO: - ret = (long)bm->length; if (ptr != NULL) { - pptr = (char **)ptr; - *pptr = (char *)&(bm->data[0]); + pptr = (void **)ptr; + *pptr = bio_mem_read_ptr(bm); } + ret = (long)bio_mem_pending(bm); break; case BIO_C_SET_BUF_MEM: - mem_free(b); - b->shutdown = (int)num; - b->ptr = ptr; + BUF_MEM_free(bm->buf); + bio->shutdown = (int)num; + bm->buf = ptr; + bm->read_offset = 0; break; case BIO_C_GET_BUF_MEM_PTR: if (ptr != NULL) { - pptr = (char **)ptr; - *pptr = (char *)bm; + pptr = (void **)ptr; + *pptr = bm->buf; } break; case BIO_CTRL_GET_CLOSE: - ret = (long)b->shutdown; + ret = (long)bio->shutdown; break; case BIO_CTRL_SET_CLOSE: - b->shutdown = (int)num; + bio->shutdown = (int)num; break; - case BIO_CTRL_WPENDING: ret = 0L; break; case BIO_CTRL_PENDING: - ret = (long)bm->length; + ret = (long)bio_mem_pending(bm); break; case BIO_CTRL_DUP: case BIO_CTRL_FLUSH: @@ -270,27 +319,29 @@ mem_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0; break; } - return (ret); + return ret; } static int -mem_gets(BIO *bp, char *buf, int size) +mem_gets(BIO *bio, char *out, int out_len) { - int i, j; - int ret = -1; + struct bio_mem *bm = bio->ptr; + int i, out_max; char *p; - BUF_MEM *bm = (BUF_MEM *)bp->ptr; - - BIO_clear_retry_flags(bp); - j = bm->length; - if ((size - 1) < j) - j = size - 1; - if (j <= 0) { - *buf = '\0'; + int ret = -1; + + BIO_clear_retry_flags(bio); + + out_max = bio_mem_pending(bm); + if (out_len - 1 < out_max) + out_max = out_len - 1; + if (out_max <= 0) { + *out = '\0'; return 0; } - p = bm->data; - for (i = 0; i < j; i++) { + + p = bio_mem_read_ptr(bm); + for (i = 0; i < out_max; i++) { if (p[i] == '\n') { i++; break; @@ -298,24 +349,17 @@ mem_gets(BIO *bp, char *buf, int size) } /* - * i is now the max num of bytes to copy, either j or up to - * and including the first newline + * i is now the max num of bytes to copy, either out_max or up to and + * including the first newline */ + if ((ret = mem_read(bio, out, i)) > 0) + out[ret] = '\0'; - i = mem_read(bp, buf, i); - if (i > 0) - buf[i] = '\0'; - ret = i; - return (ret); + return ret; } static int -mem_puts(BIO *bp, const char *str) +mem_puts(BIO *bio, const char *in) { - int n, ret; - - n = strlen(str); - ret = mem_write(bp, str, n); - /* memory semantics is that it will always work */ - return (ret); + return mem_write(bio, in, strlen(in)); } diff --git a/crypto/bio/bss_null.c b/crypto/bio/bss_null.c index c6de844d..8a15b36b 100644 --- a/crypto/bio/bss_null.c +++ b/crypto/bio/bss_null.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_null.c,v 1.11 2018/05/01 13:29:10 tb Exp $ */ +/* $OpenBSD: bss_null.c,v 1.12 2022/01/07 09:02:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,8 @@ #include +#include "bio_local.h" + static int null_write(BIO *h, const char *buf, int num); static int null_read(BIO *h, char *buf, int size); static int null_puts(BIO *h, const char *str); diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index 9c650a80..3b9a87fd 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_sock.c,v 1.24 2018/05/01 13:29:10 tb Exp $ */ +/* $OpenBSD: bss_sock.c,v 1.25 2022/01/07 09:02:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,6 +65,8 @@ #include +#include "bio_local.h" + static int sock_write(BIO *h, const char *buf, int num); static int sock_read(BIO *h, char *buf, int size); static int sock_puts(BIO *h, const char *str); diff --git a/crypto/bn/bn_bpsw.c b/crypto/bn/bn_bpsw.c new file mode 100644 index 00000000..2f8cbba3 --- /dev/null +++ b/crypto/bn/bn_bpsw.c @@ -0,0 +1,445 @@ +/* $OpenBSD: bn_bpsw.c,v 1.7 2022/08/31 21:34:14 tb Exp $ */ +/* + * Copyright (c) 2022 Martin Grenouilloux + * Copyright (c) 2022 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include "bn_lcl.h" +#include "bn_prime.h" + +/* + * For an odd n compute a / 2 (mod n). If a is even, we can do a plain + * division, otherwise calculate (a + n) / 2. Then reduce (mod n). + */ + +static int +bn_div_by_two_mod_odd_n(BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) +{ + if (!BN_is_odd(n)) + return 0; + + if (BN_is_odd(a)) { + if (!BN_add(a, a, n)) + return 0; + } + if (!BN_rshift1(a, a)) + return 0; + if (!BN_mod_ct(a, a, n, ctx)) + return 0; + + return 1; +} + +/* + * Given the next binary digit of k and the current Lucas terms U and V, this + * helper computes the next terms in the Lucas sequence defined as follows: + * + * U' = U * V (mod n) + * V' = (V^2 + D * U^2) / 2 (mod n) + * + * If digit == 0, bn_lucas_step() returns U' and V'. If digit == 1, it returns + * + * U'' = (U' + V') / 2 (mod n) + * V'' = (V' + D * U') / 2 (mod n) + * + * Compare with FIPS 186-4, Appendix C.3.3, step 6. + */ + +static int +bn_lucas_step(BIGNUM *U, BIGNUM *V, int digit, const BIGNUM *D, + const BIGNUM *n, BN_CTX *ctx) +{ + BIGNUM *tmp; + int ret = 0; + + BN_CTX_start(ctx); + + if ((tmp = BN_CTX_get(ctx)) == NULL) + goto err; + + /* Calculate D * U^2 before computing U'. */ + if (!BN_sqr(tmp, U, ctx)) + goto err; + if (!BN_mul(tmp, D, tmp, ctx)) + goto err; + + /* U' = U * V (mod n). */ + if (!BN_mod_mul(U, U, V, n, ctx)) + goto err; + + /* V' = (V^2 + D * U^2) / 2 (mod n). */ + if (!BN_sqr(V, V, ctx)) + goto err; + if (!BN_add(V, V, tmp)) + goto err; + if (!bn_div_by_two_mod_odd_n(V, n, ctx)) + goto err; + + if (digit == 1) { + /* Calculate D * U' before computing U''. */ + if (!BN_mul(tmp, D, U, ctx)) + goto err; + + /* U'' = (U' + V') / 2 (mod n). */ + if (!BN_add(U, U, V)) + goto err; + if (!bn_div_by_two_mod_odd_n(U, n, ctx)) + goto err; + + /* V'' = (V' + D * U') / 2 (mod n). */ + if (!BN_add(V, V, tmp)) + goto err; + if (!bn_div_by_two_mod_odd_n(V, n, ctx)) + goto err; + } + + ret = 1; + + err: + BN_CTX_end(ctx); + + return ret; +} + +/* + * Compute the Lucas terms U_k, V_k, see FIPS 186-4, Appendix C.3.3, steps 4-6. + */ + +static int +bn_lucas(BIGNUM *U, BIGNUM *V, const BIGNUM *k, const BIGNUM *D, + const BIGNUM *n, BN_CTX *ctx) +{ + int digit, i; + int ret = 0; + + if (!BN_one(U)) + goto err; + if (!BN_one(V)) + goto err; + + /* + * Iterate over the digits of k from MSB to LSB. Start at digit 2 + * since the first digit is dealt with by setting U = 1 and V = 1. + */ + + for (i = BN_num_bits(k) - 2; i >= 0; i--) { + digit = BN_is_bit_set(k, i); + + if (!bn_lucas_step(U, V, digit, D, n, ctx)) + goto err; + } + + ret = 1; + + err: + return ret; +} + +/* + * This is a stronger variant of the Lucas test in FIPS 186-4, Appendix C.3.3. + * Every strong Lucas pseudoprime n is also a Lucas pseudoprime since + * U_{n+1} == 0 follows from U_k == 0 or V_{k * 2^r} == 0 for 0 <= r < s. + */ + +static int +bn_strong_lucas_test(int *is_prime, const BIGNUM *n, const BIGNUM *D, + BN_CTX *ctx) +{ + BIGNUM *k, *U, *V; + int r, s; + int ret = 0; + + BN_CTX_start(ctx); + + if ((k = BN_CTX_get(ctx)) == NULL) + goto err; + if ((U = BN_CTX_get(ctx)) == NULL) + goto err; + if ((V = BN_CTX_get(ctx)) == NULL) + goto err; + + /* + * Factorize n + 1 = k * 2^s with odd k: shift away the s trailing ones + * of n and set the lowest bit of the resulting number k. + */ + + s = 0; + while (BN_is_bit_set(n, s)) + s++; + if (!BN_rshift(k, n, s)) + goto err; + if (!BN_set_bit(k, 0)) + goto err; + + /* + * Calculate the Lucas terms U_k and V_k. If either of them is zero, + * then n is a strong Lucas pseudoprime. + */ + + if (!bn_lucas(U, V, k, D, n, ctx)) + goto err; + + if (BN_is_zero(U) || BN_is_zero(V)) { + *is_prime = 1; + goto done; + } + + /* + * Calculate the Lucas terms U_{k * 2^r}, V_{k * 2^r} for 1 <= r < s. + * If any V_{k * 2^r} is zero then n is a strong Lucas pseudoprime. + */ + + for (r = 1; r < s; r++) { + if (!bn_lucas_step(U, V, 0, D, n, ctx)) + goto err; + + if (BN_is_zero(V)) { + *is_prime = 1; + goto done; + } + } + + /* + * If we got here, n is definitely composite. + */ + + *is_prime = 0; + + done: + ret = 1; + + err: + BN_CTX_end(ctx); + + return ret; +} + +/* + * Test n for primality using the strong Lucas test with Selfridge's Method A. + * Returns 1 if n is prime or a strong Lucas-Selfridge pseudoprime. + * If it returns 0 then n is definitely composite. + */ + +static int +bn_strong_lucas_selfridge(int *is_prime, const BIGNUM *n, BN_CTX *ctx) +{ + BIGNUM *D, *two; + int is_perfect_square, jacobi_symbol, sign; + int ret = 0; + + BN_CTX_start(ctx); + + /* If n is a perfect square, it is composite. */ + if (!bn_is_perfect_square(&is_perfect_square, n, ctx)) + goto err; + if (is_perfect_square) { + *is_prime = 0; + goto done; + } + + /* + * Find the first D in the Selfridge sequence 5, -7, 9, -11, 13, ... + * such that the Jacobi symbol (D/n) is -1. + */ + + if ((D = BN_CTX_get(ctx)) == NULL) + goto err; + if ((two = BN_CTX_get(ctx)) == NULL) + goto err; + + sign = 1; + if (!BN_set_word(D, 5)) + goto err; + if (!BN_set_word(two, 2)) + goto err; + + while (1) { + /* For odd n the Kronecker symbol computes the Jacobi symbol. */ + if ((jacobi_symbol = BN_kronecker(D, n, ctx)) == -2) + goto err; + + /* We found the value for D. */ + if (jacobi_symbol == -1) + break; + + /* n and D have prime factors in common. */ + if (jacobi_symbol == 0) { + *is_prime = 0; + goto done; + } + + sign = -sign; + if (!BN_uadd(D, D, two)) + goto err; + BN_set_negative(D, sign == -1); + } + + if (!bn_strong_lucas_test(is_prime, n, D, ctx)) + goto err; + + done: + ret = 1; + + err: + BN_CTX_end(ctx); + + return ret; +} + +/* + * Miller-Rabin primality test for base 2. + */ + +static int +bn_miller_rabin_base_2(int *is_prime, const BIGNUM *n, BN_CTX *ctx) +{ + BIGNUM *n_minus_one, *k, *x; + int i, s; + int ret = 0; + + BN_CTX_start(ctx); + + if ((n_minus_one = BN_CTX_get(ctx)) == NULL) + goto err; + if ((k = BN_CTX_get(ctx)) == NULL) + goto err; + if ((x = BN_CTX_get(ctx)) == NULL) + goto err; + + if (BN_is_word(n, 2) || BN_is_word(n, 3)) { + *is_prime = 1; + goto done; + } + + if (BN_cmp(n, BN_value_one()) <= 0 || !BN_is_odd(n)) { + *is_prime = 0; + goto done; + } + + if (!BN_sub(n_minus_one, n, BN_value_one())) + goto err; + + /* + * Factorize n - 1 = k * 2^s. + */ + + s = 0; + while (!BN_is_bit_set(n_minus_one, s)) + s++; + if (!BN_rshift(k, n_minus_one, s)) + goto err; + + /* + * If 2^k is 1 or -1 (mod n) then n is a 2-pseudoprime. + */ + + if (!BN_set_word(x, 2)) + goto err; + if (!BN_mod_exp_ct(x, x, k, n, ctx)) + goto err; + + if (BN_is_one(x) || BN_cmp(x, n_minus_one) == 0) { + *is_prime = 1; + goto done; + } + + /* + * If 2^{2^i k} == -1 (mod n) for some 1 <= i < s, then n is a + * 2-pseudoprime. + */ + + for (i = 1; i < s; i++) { + if (!BN_mod_sqr(x, x, n, ctx)) + goto err; + if (BN_cmp(x, n_minus_one) == 0) { + *is_prime = 1; + goto done; + } + } + + /* + * If we got here, n is definitely composite. + */ + + *is_prime = 0; + + done: + ret = 1; + + err: + BN_CTX_end(ctx); + + return ret; +} + +/* + * The Baillie-Pomerance-Selfridge-Wagstaff algorithm combines a Miller-Rabin + * test for base 2 with a Strong Lucas pseudoprime test. + */ + +int +bn_is_prime_bpsw(int *is_prime, const BIGNUM *n, BN_CTX *in_ctx) +{ + BN_CTX *ctx = NULL; + BN_ULONG mod; + int i; + int ret = 0; + + if (BN_is_word(n, 2)) { + *is_prime = 1; + goto done; + } + + if (BN_cmp(n, BN_value_one()) <= 0 || !BN_is_odd(n)) { + *is_prime = 0; + goto done; + } + + /* Trial divisions with the first 2048 primes. */ + for (i = 0; i < NUMPRIMES; i++) { + if ((mod = BN_mod_word(n, primes[i])) == (BN_ULONG)-1) + goto err; + if (mod == 0) { + *is_prime = BN_is_word(n, primes[i]); + goto done; + } + } + + if ((ctx = in_ctx) == NULL) + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + + if (!bn_miller_rabin_base_2(is_prime, n, ctx)) + goto err; + if (!*is_prime) + goto done; + + /* XXX - Miller-Rabin for random bases? See FIPS 186-4, Table C.1. */ + + if (!bn_strong_lucas_selfridge(is_prime, n, ctx)) + goto err; + + done: + ret = 1; + + err: + if (ctx != in_ctx) + BN_CTX_free(ctx); + + return ret; +} diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index a693a8cb..592c5094 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_err.c,v 1.14 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: bn_err.c,v 1.15 2022/07/12 14:42:48 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index b778d5d6..3525b503 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_exp.c,v 1.31 2017/05/02 03:59:44 deraadt Exp $ */ +/* $OpenBSD: bn_exp.c,v 1.32 2022/04/20 13:32:34 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -278,13 +278,14 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, return ret; } + BN_RECP_CTX_init(&recp); + BN_CTX_start(ctx); if ((aa = BN_CTX_get(ctx)) == NULL) goto err; if ((val[0] = BN_CTX_get(ctx)) == NULL) goto err; - BN_RECP_CTX_init(&recp); if (m->neg) { /* ignore sign of 'm' */ if (!BN_copy(aa, m)) diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c index 372e1ee4..c63503f9 100644 --- a/crypto/bn/bn_exp2.c +++ b/crypto/bn/bn_exp2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_exp2.c,v 1.12 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: bn_exp2.c,v 1.13 2022/02/07 19:49:56 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -136,7 +136,7 @@ BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, bn_check_top(p2); bn_check_top(m); - if (!(m->d[0] & 1)) { + if (!BN_is_odd(m)) { BNerror(BN_R_CALLED_WITH_EVEN_MODULUS); return (0); } diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index 469ae752..d756398c 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_gcd.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: bn_gcd.c,v 1.16 2021/12/26 15:16:50 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -576,6 +576,9 @@ BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, bn_check_top(a); bn_check_top(n); + BN_init(&local_A); + BN_init(&local_B); + BN_CTX_start(ctx); if ((A = BN_CTX_get(ctx)) == NULL) goto err; @@ -608,10 +611,12 @@ BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, A->neg = 0; if (B->neg || (BN_ucmp(B, A) >= 0)) { - /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ pB = &local_B; + /* BN_init() done at the top of the function. */ BN_with_flags(pB, B, BN_FLG_CONSTTIME); if (!BN_nnmod(B, pB, A, ctx)) goto err; @@ -633,10 +638,12 @@ BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, * sign*Y*a == A (mod |n|) */ - /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ pA = &local_A; + /* BN_init() done at the top of the function. */ BN_with_flags(pA, A, BN_FLG_CONSTTIME); /* (D, M) := (A/B, A%B) ... */ @@ -740,6 +747,9 @@ BN_gcd_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, goto err; R = in; + BN_init(&local_A); + BN_init(&local_B); + bn_check_top(a); bn_check_top(n); @@ -768,10 +778,12 @@ BN_gcd_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, A->neg = 0; if (B->neg || (BN_ucmp(B, A) >= 0)) { - /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ pB = &local_B; + /* BN_init() done at the top of the function. */ BN_with_flags(pB, B, BN_FLG_CONSTTIME); if (!BN_nnmod(B, pB, A, ctx)) goto err; @@ -793,10 +805,12 @@ BN_gcd_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, * sign*Y*a == A (mod |n|) */ - /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ pA = &local_A; + /* BN_init() done at the top of the function. */ BN_with_flags(pA, A, BN_FLG_CONSTTIME); /* (D, M) := (A/B, A%B) ... */ diff --git a/crypto/bn/bn_isqrt.c b/crypto/bn/bn_isqrt.c new file mode 100644 index 00000000..19e31eab --- /dev/null +++ b/crypto/bn/bn_isqrt.c @@ -0,0 +1,237 @@ +/* $OpenBSD: bn_isqrt.c,v 1.2 2022/07/13 11:20:00 tb Exp $ */ +/* + * Copyright (c) 2022 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include +#include + +#include "bn_lcl.h" + +#define CTASSERT(x) extern char _ctassert[(x) ? 1 : -1 ] \ + __attribute__((__unused__)) + +/* + * Calculate integer square root of |n| using a variant of Newton's method. + * + * Returns the integer square root of |n| in the caller-provided |out_sqrt|; + * |*out_perfect| is set to 1 if and only if |n| is a perfect square. + * One of |out_sqrt| and |out_perfect| can be NULL; |in_ctx| can be NULL. + * + * Returns 0 on error, 1 on success. + * + * Adapted from pure Python describing cpython's math.isqrt(), without bothering + * with any of the optimizations in the C code. A correctness proof is here: + * https://github.com/mdickinson/snippets/blob/master/proofs/isqrt/src/isqrt.lean + * The comments in the Python code also give a rather detailed proof. + */ + +int +bn_isqrt(BIGNUM *out_sqrt, int *out_perfect, const BIGNUM *n, BN_CTX *in_ctx) +{ + BN_CTX *ctx = NULL; + BIGNUM *a, *b; + int c, d, e, s; + int cmp, perfect; + int ret = 0; + + if (out_perfect == NULL && out_sqrt == NULL) { + BNerror(ERR_R_PASSED_NULL_PARAMETER); + goto err; + } + + if (BN_is_negative(n)) { + BNerror(BN_R_INVALID_RANGE); + goto err; + } + + if ((ctx = in_ctx) == NULL) + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + + BN_CTX_start(ctx); + + if ((a = BN_CTX_get(ctx)) == NULL) + goto err; + if ((b = BN_CTX_get(ctx)) == NULL) + goto err; + + if (BN_is_zero(n)) { + perfect = 1; + if (!BN_zero(a)) + goto err; + goto done; + } + + if (!BN_one(a)) + goto err; + + c = (BN_num_bits(n) - 1) / 2; + d = 0; + + /* Calculate s = floor(log(c)). */ + if (!BN_set_word(b, c)) + goto err; + s = BN_num_bits(b) - 1; + + /* + * By definition, the loop below is run <= floor(log(log(n))) times. + * Comments in the cpython code establish the loop invariant that + * + * (a - 1)^2 < n / 4^(c - d) < (a + 1)^2 + * + * holds true in every iteration. Once this is proved via induction, + * correctness of the algorithm is easy. + * + * Roughly speaking, A = (a << (d - e)) is used for one Newton step + * "a = (A >> 1) + (m >> 1) / A" approximating m = (n >> 2 * (c - d)). + */ + + for (; s >= 0; s--) { + e = d; + d = c >> s; + + if (!BN_rshift(b, n, 2 * c - d - e + 1)) + goto err; + + if (!BN_div_ct(b, NULL, b, a, ctx)) + goto err; + + if (!BN_lshift(a, a, d - e - 1)) + goto err; + + if (!BN_add(a, a, b)) + goto err; + } + + /* + * The loop invariant implies that either a or a - 1 is isqrt(n). + * Figure out which one it is. The invariant also implies that for + * a perfect square n, a must be the square root. + */ + + if (!BN_sqr(b, a, ctx)) + goto err; + + /* If a^2 > n, we must have isqrt(n) == a - 1. */ + if ((cmp = BN_cmp(b, n)) > 0) { + if (!BN_sub_word(a, 1)) + goto err; + } + + perfect = cmp == 0; + + done: + if (out_perfect != NULL) + *out_perfect = perfect; + + if (out_sqrt != NULL) { + if (!BN_copy(out_sqrt, a)) + goto err; + } + + ret = 1; + + err: + BN_CTX_end(ctx); + + if (ctx != in_ctx) + BN_CTX_free(ctx); + + return ret; +} + +/* + * is_square_mod_N[r % N] indicates whether r % N has a square root modulo N. + * The tables are generated in regress/lib/libcrypto/bn/bn_isqrt.c. + */ + +const uint8_t is_square_mod_11[] = { + 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, +}; +CTASSERT(sizeof(is_square_mod_11) == 11); + +const uint8_t is_square_mod_63[] = { + 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, + 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 0, + 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, + 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, +}; +CTASSERT(sizeof(is_square_mod_63) == 63); + +const uint8_t is_square_mod_64[] = { + 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, + 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, + 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, + 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, +}; +CTASSERT(sizeof(is_square_mod_64) == 64); + +const uint8_t is_square_mod_65[] = { + 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, + 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, + 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, + 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, + 1, +}; +CTASSERT(sizeof(is_square_mod_65) == 65); + +/* + * Determine whether n is a perfect square or not. + * + * Returns 1 on success and 0 on error. In case of success, |*out_perfect| is + * set to 1 if and only if |n| is a perfect square. + */ + +int +bn_is_perfect_square(int *out_perfect, const BIGNUM *n, BN_CTX *ctx) +{ + BN_ULONG r; + + *out_perfect = 0; + + if (BN_is_negative(n)) + return 1; + + /* + * Before performing an expensive bn_isqrt() operation, weed out many + * obvious non-squares. See H. Cohen, "A course in computational + * algebraic number theory", Algorithm 1.7.3. + * + * The idea is that a square remains a square when reduced modulo any + * number. The moduli are chosen in such a way that a non-square has + * probability < 1% of passing the four table lookups. + */ + + /* n % 64 */ + r = BN_lsw(n) & 0x3f; + + if (!is_square_mod_64[r % 64]) + return 1; + + if ((r = BN_mod_word(n, 11 * 63 * 65)) == (BN_ULONG)-1) + return 0; + + if (!is_square_mod_63[r % 63] || + !is_square_mod_65[r % 65] || + !is_square_mod_11[r % 11]) + return 1; + + return bn_isqrt(NULL, out_perfect, n, ctx); +} diff --git a/crypto/bn/bn_kron.c b/crypto/bn/bn_kron.c index 274da5d1..998adedc 100644 --- a/crypto/bn/bn_kron.c +++ b/crypto/bn/bn_kron.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_kron.c,v 1.6 2015/02/09 15:49:22 jsing Exp $ */ +/* $OpenBSD: bn_kron.c,v 1.10 2022/07/12 16:08:19 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. * @@ -55,131 +55,143 @@ #include "bn_lcl.h" -/* least significant word */ -#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0]) +/* + * Kronecker symbol, implemented according to Henri Cohen, "A Course in + * Computational Algebraic Number Theory", Algorithm 1.4.10. + * + * Returns -1, 0, or 1 on success and -2 on error. + */ -/* Returns -2 for errors because both -1 and 0 are valid results. */ int -BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +BN_kronecker(const BIGNUM *A, const BIGNUM *B, BN_CTX *ctx) { - int i; - int ret = -2; /* avoid 'uninitialized' warning */ - int err = 0; - BIGNUM *A, *B, *tmp; - - /* In 'tab', only odd-indexed entries are relevant: - * For any odd BIGNUM n, - * tab[BN_lsw(n) & 7] - * is $(-1)^{(n^2-1)/8}$ (using TeX notation). - * Note that the sign of n does not matter. - */ + /* tab[BN_lsw(n) & 7] = (-1)^((n^2 - 1)) / 8) for odd values of n. */ static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1}; + BIGNUM *a, *b, *tmp; + int k, v; + int ret = -2; - bn_check_top(a); - bn_check_top(b); + bn_check_top(A); + bn_check_top(B); BN_CTX_start(ctx); - if ((A = BN_CTX_get(ctx)) == NULL) + + if ((a = BN_CTX_get(ctx)) == NULL) goto end; - if ((B = BN_CTX_get(ctx)) == NULL) + if ((b = BN_CTX_get(ctx)) == NULL) goto end; - err = !BN_copy(A, a); - if (err) + if (BN_copy(a, A) == NULL) goto end; - err = !BN_copy(B, b); - if (err) + if (BN_copy(b, B) == NULL) goto end; /* - * Kronecker symbol, imlemented according to Henri Cohen, - * "A Course in Computational Algebraic Number Theory" - * (algorithm 1.4.10). + * Cohen's step 1: */ - /* Cohen's step 1: */ - - if (BN_is_zero(B)) { - ret = BN_abs_is_word(A, 1); + /* If b is zero, output 1 if |a| is 1, otherwise output 0. */ + if (BN_is_zero(b)) { + ret = BN_abs_is_word(a, 1); goto end; } - /* Cohen's step 2: */ + /* + * Cohen's step 2: + */ - if (!BN_is_odd(A) && !BN_is_odd(B)) { + /* If both are even, they have a factor in common, so output 0. */ + if (!BN_is_odd(a) && !BN_is_odd(b)) { ret = 0; goto end; } - /* now B is non-zero */ - i = 0; - while (!BN_is_bit_set(B, i)) - i++; - err = !BN_rshift(B, B, i); - if (err) + /* Factorize b = 2^v * u with odd u and replace b with u. */ + v = 0; + while (!BN_is_bit_set(b, v)) + v++; + if (!BN_rshift(b, b, v)) goto end; - if (i & 1) { - /* i is odd */ - /* (thus B was even, thus A must be odd!) */ - - /* set 'ret' to $(-1)^{(A^2-1)/8}$ */ - ret = tab[BN_lsw(A) & 7]; - } else { - /* i is even */ - ret = 1; - } - if (B->neg) { - B->neg = 0; - if (A->neg) - ret = -ret; + /* If v is even set k = 1, otherwise set it to (-1)^((a^2 - 1) / 8). */ + k = 1; + if (v % 2 != 0) + k = tab[BN_lsw(a) & 7]; + + /* + * If b is negative, replace it with -b and if a is also negative + * replace k with -k. + */ + if (BN_is_negative(b)) { + BN_set_negative(b, 0); + + if (BN_is_negative(a)) + k = -k; } - /* now B is positive and odd, so what remains to be done is - * to compute the Jacobi symbol (A/B) and multiply it by 'ret' */ + /* + * Now b is positive and odd, so compute the Jacobi symbol (a/b) + * and multiply it by k. + */ while (1) { - /* Cohen's step 3: */ + /* + * Cohen's step 3: + */ - /* B is positive and odd */ + /* b is positive and odd. */ - if (BN_is_zero(A)) { - ret = BN_is_one(B) ? ret : 0; + /* If a is zero output k if b is one, otherwise output 0. */ + if (BN_is_zero(a)) { + ret = BN_is_one(b) ? k : 0; goto end; } - /* now A is non-zero */ - i = 0; - while (!BN_is_bit_set(A, i)) - i++; - err = !BN_rshift(A, A, i); - if (err) + /* Factorize a = 2^v * u with odd u and replace a with u. */ + v = 0; + while (!BN_is_bit_set(a, v)) + v++; + if (!BN_rshift(a, a, v)) goto end; - if (i & 1) { - /* i is odd */ - /* multiply 'ret' by $(-1)^{(B^2-1)/8}$ */ - ret = ret * tab[BN_lsw(B) & 7]; - } - /* Cohen's step 4: */ - /* multiply 'ret' by $(-1)^{(A-1)(B-1)/4}$ */ - if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2) - ret = -ret; - - /* (A, B) := (B mod |A|, |A|) */ - err = !BN_nnmod(B, B, A, ctx); - if (err) + /* If v is odd, multiply k with (-1)^((b^2 - 1) / 8). */ + if (v % 2 != 0) + k *= tab[BN_lsw(b) & 7]; + + /* + * Cohen's step 4: + */ + + /* + * Apply the reciprocity law: multiply k by (-1)^((a-1)(b-1)/4). + * + * This expression is -1 if and only if a and b are 3 (mod 4). + * In turn, this is the case if and only if their two's + * complement representations have the second bit set. + * a could be negative in the first iteration, b is positive. + */ + if ((BN_is_negative(a) ? ~BN_lsw(a) : BN_lsw(a)) & BN_lsw(b) & 2) + k = -k; + + /* + * (a, b) := (b mod |a|, |a|) + * + * Once this is done, we know that 0 < a < b at the start of the + * loop. Since b is strictly decreasing, the loop terminates. + */ + + if (!BN_nnmod(b, b, a, ctx)) goto end; - tmp = A; - A = B; - B = tmp; - tmp->neg = 0; + + tmp = a; + a = b; + b = tmp; + + BN_set_negative(b, 0); } -end: + end: BN_CTX_end(ctx); - if (err) - return -2; - else - return ret; + + return ret; } diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index a165d028..9ddfbbbe 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_lcl.h,v 1.30 2018/11/05 23:52:47 tb Exp $ */ +/* $OpenBSD: bn_lcl.h,v 1.35 2022/07/15 06:10:00 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -118,6 +118,50 @@ __BEGIN_HIDDEN_DECLS +struct bignum_st { + BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ + int top; /* Index of last used d +1. */ + /* The next are internal book keeping for bn_expand. */ + int dmax; /* Size of the d array. */ + int neg; /* one if the number is negative */ + int flags; +}; + +/* Used for montgomery multiplication */ +struct bn_mont_ctx_st { + int ri; /* number of bits in R */ + BIGNUM RR; /* used to convert to montgomery form */ + BIGNUM N; /* The modulus */ + BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 + * (Ni is only stored for bignum algorithm) */ + BN_ULONG n0[2];/* least significant word(s) of Ni; + (type changed with 0.9.9, was "BN_ULONG n0;" before) */ + int flags; +}; + +/* Used for reciprocal division/mod functions + * It cannot be shared between threads + */ +struct bn_recp_ctx_st { + BIGNUM N; /* the divisor */ + BIGNUM Nr; /* the reciprocal */ + int num_bits; + int shift; + int flags; +}; + +/* Used for slow "generation" functions. */ +struct bn_gencb_st { + unsigned int ver; /* To handle binary (in)compatibility */ + void *arg; /* callback-specific data */ + union { + /* if(ver==1) - handles old style callbacks */ + void (*cb_1)(int, int, void *); + /* if(ver==2) - new callback style */ + int (*cb_2)(int, int, BN_GENCB *); + } cb; +}; + /* * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions * @@ -449,6 +493,9 @@ __BEGIN_HIDDEN_DECLS } #endif /* !BN_LLONG */ +/* The least significant word of a BIGNUM. */ +#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0]) + void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb); void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); @@ -609,5 +656,10 @@ int BN_gcd_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); int BN_swap_ct(BN_ULONG swap, BIGNUM *a, BIGNUM *b, size_t nwords); +int bn_isqrt(BIGNUM *out_sqrt, int *out_perfect, const BIGNUM *n, BN_CTX *ctx); +int bn_is_perfect_square(int *out_perfect, const BIGNUM *n, BN_CTX *ctx); + +int bn_is_prime_bpsw(int *is_prime, const BIGNUM *n, BN_CTX *in_ctx); + __END_HIDDEN_DECLS #endif diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index af837eed..599a7448 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_lib.c,v 1.48 2021/09/08 12:19:17 tb Exp $ */ +/* $OpenBSD: bn_lib.c,v 1.54 2022/06/27 12:25:49 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -92,6 +92,63 @@ static int bn_limit_num_high = 8; /* (1<flags = BN_FLG_MALLOCED; + ret->top = 0; + ret->neg = 0; + ret->dmax = 0; + ret->d = NULL; + bn_check_top(ret); + return (ret); +} + +void +BN_init(BIGNUM *a) +{ + memset(a, 0, sizeof(BIGNUM)); + bn_check_top(a); +} + +void +BN_clear(BIGNUM *a) +{ + bn_check_top(a); + if (a->d != NULL) + explicit_bzero(a->d, a->dmax * sizeof(a->d[0])); + a->top = 0; + a->neg = 0; +} + +void +BN_clear_free(BIGNUM *a) +{ + int i; + + if (a == NULL) + return; + bn_check_top(a); + if (a->d != NULL && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) + freezero(a->d, a->dmax * sizeof(a->d[0])); + i = BN_get_flags(a, BN_FLG_MALLOCED); + explicit_bzero(a, sizeof(BIGNUM)); + if (i) + free(a); +} + +void +BN_free(BIGNUM *a) +{ + BN_clear_free(a); +} + void BN_set_params(int mult, int high, int low, int mont) { @@ -137,6 +194,30 @@ BN_get_params(int which) } #endif +void +BN_set_flags(BIGNUM *b, int n) +{ + b->flags |= n; +} + +int +BN_get_flags(const BIGNUM *b, int n) +{ + return b->flags & n; +} + +void +BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags) +{ + int dest_flags; + + dest_flags = (dest->flags & BN_FLG_MALLOCED) | + (b->flags & ~BN_FLG_MALLOCED) | BN_FLG_STATIC_DATA | flags; + + *dest = *b; + dest->flags = dest_flags; +} + const BIGNUM * BN_value_one(void) { @@ -182,53 +263,6 @@ BN_num_bits(const BIGNUM *a) return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); } -void -BN_clear_free(BIGNUM *a) -{ - int i; - - if (a == NULL) - return; - bn_check_top(a); - if (a->d != NULL && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) - freezero(a->d, a->dmax * sizeof(a->d[0])); - i = BN_get_flags(a, BN_FLG_MALLOCED); - explicit_bzero(a, sizeof(BIGNUM)); - if (i) - free(a); -} - -void -BN_free(BIGNUM *a) -{ - BN_clear_free(a); -} - -void -BN_init(BIGNUM *a) -{ - memset(a, 0, sizeof(BIGNUM)); - bn_check_top(a); -} - -BIGNUM * -BN_new(void) -{ - BIGNUM *ret; - - if ((ret = malloc(sizeof(BIGNUM))) == NULL) { - BNerror(ERR_R_MALLOC_FAILURE); - return (NULL); - } - ret->flags = BN_FLG_MALLOCED; - ret->top = 0; - ret->neg = 0; - ret->dmax = 0; - ret->d = NULL; - bn_check_top(ret); - return (ret); -} - /* This is used both by bn_expand2() and bn_dup_expand() */ /* The caller MUST check that words > b->dmax before calling this */ static BN_ULONG * @@ -494,16 +528,6 @@ BN_swap(BIGNUM *a, BIGNUM *b) bn_check_top(b); } -void -BN_clear(BIGNUM *a) -{ - bn_check_top(a); - if (a->d != NULL) - explicit_bzero(a->d, a->dmax * sizeof(a->d[0])); - a->top = 0; - a->neg = 0; -} - BN_ULONG BN_get_word(const BIGNUM *a) { @@ -1037,6 +1061,81 @@ BN_swap_ct(BN_ULONG condition, BIGNUM *a, BIGNUM *b, size_t nwords) return 1; } +void +BN_zero_ex(BIGNUM *a) +{ + a->neg = 0; + a->top = 0; + /* XXX: a->flags &= ~BN_FIXED_TOP */ +} + +int +BN_abs_is_word(const BIGNUM *a, const BN_ULONG w) +{ + return (a->top == 1 && a->d[0] == w) || (w == 0 && a->top == 0); +} + +int +BN_is_zero(const BIGNUM *a) +{ + return a->top == 0; +} + +int +BN_is_one(const BIGNUM *a) +{ + return BN_abs_is_word(a, 1) && !a->neg; +} + +int +BN_is_word(const BIGNUM *a, const BN_ULONG w) +{ + return BN_abs_is_word(a, w) && (w == 0 || !a->neg); +} + +int +BN_is_odd(const BIGNUM *a) +{ + return a->top > 0 && (a->d[0] & 1); +} + +int +BN_is_negative(const BIGNUM *a) +{ + return a->neg != 0; +} + +/* + * Bits of security, see SP800-57, section 5.6.11, table 2. + */ +int +BN_security_bits(int L, int N) +{ + int secbits, bits; + + if (L >= 15360) + secbits = 256; + else if (L >= 7680) + secbits = 192; + else if (L >= 3072) + secbits = 128; + else if (L >= 2048) + secbits = 112; + else if (L >= 1024) + secbits = 80; + else + return 0; + + if (N == -1) + return secbits; + + bits = N / 2; + if (bits < 80) + return 0; + + return bits >= secbits ? secbits : bits; +} + BN_GENCB * BN_GENCB_new(void) { @@ -1056,6 +1155,24 @@ BN_GENCB_free(BN_GENCB *cb) free(cb); } +/* Populate a BN_GENCB structure with an "old"-style callback */ +void +BN_GENCB_set_old(BN_GENCB *gencb, void (*cb)(int, int, void *), void *cb_arg) +{ + gencb->ver = 1; + gencb->cb.cb_1 = cb; + gencb->arg = cb_arg; +} + +/* Populate a BN_GENCB structure with a "new"-style callback */ +void +BN_GENCB_set(BN_GENCB *gencb, int (*cb)(int, int, BN_GENCB *), void *cb_arg) +{ + gencb->ver = 2; + gencb->cb.cb_2 = cb; + gencb->arg = cb_arg; +} + void * BN_GENCB_get_arg(BN_GENCB *cb) { diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index eeac0468..e01af702 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_mont.c,v 1.26 2017/01/21 11:00:46 beck Exp $ */ +/* $OpenBSD: bn_mont.c,v 1.28 2022/02/07 19:44:23 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -175,6 +175,12 @@ BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, return (ret); } +int +BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx) +{ + return BN_mod_mul_montgomery(r, a, &mont->RR, mont, ctx); +} + #ifdef MONT_WORD static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) @@ -363,6 +369,9 @@ BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) int ret = 0; BIGNUM *Ri, *R; + if (BN_is_zero(mod)) + return 0; + BN_CTX_start(ctx); if ((Ri = BN_CTX_get(ctx)) == NULL) goto err; diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index b16584d6..6b51bb10 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_nist.c,v 1.18 2016/07/18 01:04:52 bcook Exp $ */ +/* $OpenBSD: bn_nist.c,v 1.22 2022/07/31 14:38:38 jsing Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -56,13 +56,15 @@ * */ -#include - +#include #include #include #include "bn_lcl.h" +#define CTASSERT(x) extern char _ctassert[(x) ? 1 : -1 ] \ + __attribute__((__unused__)) + #define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 #define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 #define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2 @@ -285,45 +287,84 @@ static const BN_ULONG _nist_p_521_sqr[] = { #endif static const BIGNUM _bignum_nist_p_192 = { - (BN_ULONG *)_nist_p_192[0], - BN_NIST_192_TOP, - BN_NIST_192_TOP, - 0, - BN_FLG_STATIC_DATA + .d = (BN_ULONG *)_nist_p_192[0], + .top = BN_NIST_192_TOP, + .dmax = BN_NIST_192_TOP, + .neg = 0, + .flags = BN_FLG_STATIC_DATA, +}; + +static const BIGNUM _bignum_nist_p_192_sqr = { + .d = (BN_ULONG *)_nist_p_192_sqr, + .top = sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), + .dmax = sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), + .neg = 0, + .flags = BN_FLG_STATIC_DATA, }; static const BIGNUM _bignum_nist_p_224 = { - (BN_ULONG *)_nist_p_224[0], - BN_NIST_224_TOP, - BN_NIST_224_TOP, - 0, - BN_FLG_STATIC_DATA + .d = (BN_ULONG *)_nist_p_224[0], + .top = BN_NIST_224_TOP, + .dmax = BN_NIST_224_TOP, + .neg = 0, + .flags = BN_FLG_STATIC_DATA, +}; + +static const BIGNUM _bignum_nist_p_224_sqr = { + .d = (BN_ULONG *)_nist_p_224_sqr, + .top = sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), + .dmax = sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), + .neg = 0, + .flags = BN_FLG_STATIC_DATA, }; static const BIGNUM _bignum_nist_p_256 = { - (BN_ULONG *)_nist_p_256[0], - BN_NIST_256_TOP, - BN_NIST_256_TOP, - 0, - BN_FLG_STATIC_DATA + .d = (BN_ULONG *)_nist_p_256[0], + .top = BN_NIST_256_TOP, + .dmax = BN_NIST_256_TOP, + .neg = 0, + .flags = BN_FLG_STATIC_DATA, +}; + +static const BIGNUM _bignum_nist_p_256_sqr = { + .d = (BN_ULONG *)_nist_p_256_sqr, + .top = sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), + .dmax = sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), + .neg = 0, + .flags = BN_FLG_STATIC_DATA, }; static const BIGNUM _bignum_nist_p_384 = { - (BN_ULONG *)_nist_p_384[0], - BN_NIST_384_TOP, - BN_NIST_384_TOP, - 0, - BN_FLG_STATIC_DATA + .d = (BN_ULONG *)_nist_p_384[0], + .top = BN_NIST_384_TOP, + .dmax = BN_NIST_384_TOP, + .neg = 0, + .flags = BN_FLG_STATIC_DATA, +}; + +static const BIGNUM _bignum_nist_p_384_sqr = { + .d = (BN_ULONG *)_nist_p_384_sqr, + .top = sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), + .dmax = sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), + .neg = 0, + .flags = BN_FLG_STATIC_DATA, }; static const BIGNUM _bignum_nist_p_521 = { - (BN_ULONG *)_nist_p_521, - BN_NIST_521_TOP, - BN_NIST_521_TOP, - 0, - BN_FLG_STATIC_DATA + .d = (BN_ULONG *)_nist_p_521, + .top = BN_NIST_521_TOP, + .dmax = BN_NIST_521_TOP, + .neg = 0, + .flags = BN_FLG_STATIC_DATA, }; +static const BIGNUM _bignum_nist_p_521_sqr = { + .d = (BN_ULONG *)_nist_p_521_sqr, + .top = sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), + .dmax = sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), + .neg = 0, + .flags = BN_FLG_STATIC_DATA, +}; const BIGNUM * BN_get0_nist_prime_192(void) @@ -423,23 +464,13 @@ static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top) int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { - int top = a->top, i; - int carry; - BN_ULONG *r_d, *a_d = a->d; - union { - BN_ULONG bn[BN_NIST_192_TOP]; - unsigned int ui[BN_NIST_192_TOP * - sizeof(BN_ULONG) / sizeof(unsigned int)]; - } buf; - BN_ULONG c_d[BN_NIST_192_TOP], *res; + BN_ULONG bnbuf[BN_NIST_192_TOP] = { 0 }; + BN_ULONG c_d[BN_NIST_192_TOP] = { 0 }; + BN_ULONG *a_d = a->d; + BN_ULONG *r_d, *res; uintptr_t mask; - static const BIGNUM _bignum_nist_p_192_sqr = { - (BN_ULONG *)_nist_p_192_sqr, - sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), - sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), - 0, - BN_FLG_STATIC_DATA - }; + int top = a->top; + int carry, i; field = &_bignum_nist_p_192; /* just to make sure */ @@ -461,14 +492,31 @@ BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) } else r_d = a_d; - nist_cp_bn_0(buf.bn, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, + nist_cp_bn_0(bnbuf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP); #if defined(NIST_INT64) { NIST_INT64 acc; /* accumulator */ - unsigned int *rp = (unsigned int *)r_d; - const unsigned int *bp = (const unsigned int *)buf.ui; + unsigned int bbuf[BN_NIST_192_TOP * + sizeof(BN_ULONG) / sizeof(unsigned int)]; + unsigned int rbuf[BN_NIST_192_TOP * + sizeof(BN_ULONG) / sizeof(unsigned int)]; + const unsigned int *bp = bbuf; + unsigned int *rp = rbuf; + + CTASSERT(sizeof(bbuf) == sizeof(bnbuf)); + CTASSERT(sizeof(rbuf) == sizeof(bnbuf)); + + /* + * Avoid strict aliasing violations by copying from an unsigned + * long array to an unsigned int array, then copying back the + * result. Any sensible compiler will omit the copies, while + * avoiding undefined behaviour that would result from unsafe + * type punning via pointer type casting. + */ + memcpy(bbuf, bnbuf, sizeof(bbuf)); + memcpy(rbuf, r_d, sizeof(rbuf)); acc = rp[0]; acc += bp[3 * 2 - 6]; @@ -507,17 +555,19 @@ BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) acc += bp[5 * 2 - 5]; rp[5] = (unsigned int)acc; + memcpy(r_d, rbuf, sizeof(rbuf)); + carry = (int)(acc >> 32); } #else { BN_ULONG t_d[BN_NIST_192_TOP] = {0}; - nist_set_192(t_d, buf.bn, 0, 3, 3); + nist_set_192(t_d, bnbuf, 0, 3, 3); carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); - nist_set_192(t_d, buf.bn, 4, 4, 0); + nist_set_192(t_d, bnbuf, 4, 4, 0); carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); - nist_set_192(t_d, buf.bn, 5, 5, 5) + nist_set_192(t_d, bnbuf, 5, 5, 5) carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); } #endif @@ -562,27 +612,14 @@ typedef BN_ULONG (*bn_addsub_f)(BN_ULONG *, const BN_ULONG *, int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { - int top = a->top, i; - int carry; - BN_ULONG *r_d, *a_d = a->d; - union { - BN_ULONG bn[BN_NIST_224_TOP]; - unsigned int ui[BN_NIST_224_TOP * - sizeof(BN_ULONG) / sizeof(unsigned int)]; - } buf; - BN_ULONG c_d[BN_NIST_224_TOP], *res; + BN_ULONG bnbuf[BN_NIST_224_TOP] = { 0 }; + BN_ULONG c_d[BN_NIST_224_TOP] = { 0 }; + BN_ULONG *a_d = a->d; + BN_ULONG *r_d, *res; + bn_addsub_f addsubf; uintptr_t mask; - union { - bn_addsub_f f; - uintptr_t p; - } u; - static const BIGNUM _bignum_nist_p_224_sqr = { - (BN_ULONG *)_nist_p_224_sqr, - sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), - sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), - 0, - BN_FLG_STATIC_DATA - }; + int top = a->top; + int carry, i; field = &_bignum_nist_p_224; /* just to make sure */ @@ -604,26 +641,43 @@ BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) } else r_d = a_d; - memset(&buf, 0, sizeof(buf)); + memset(&bnbuf, 0, sizeof(bnbuf)); #if BN_BITS2==64 /* copy upper 256 bits of 448 bit number ... */ nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP - 1), top - (BN_NIST_224_TOP - 1), BN_NIST_224_TOP); /* ... and right shift by 32 to obtain upper 224 bits */ - nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8); + nist_set_224(bnbuf, c_d, 14, 13, 12, 11, 10, 9, 8); /* truncate lower part to 224 bits too */ r_d[BN_NIST_224_TOP - 1] &= BN_MASK2l; #else - nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, + nist_cp_bn_0(bnbuf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP); #endif #if defined(NIST_INT64) && BN_BITS2!=64 { NIST_INT64 acc; /* accumulator */ - unsigned int *rp = (unsigned int *)r_d; - const unsigned int *bp = (const unsigned int *)buf.ui; + unsigned int bbuf[BN_NIST_224_TOP * + sizeof(BN_ULONG) / sizeof(unsigned int)]; + unsigned int rbuf[BN_NIST_224_TOP * + sizeof(BN_ULONG) / sizeof(unsigned int)]; + const unsigned int *bp = bbuf; + unsigned int *rp = rbuf; + + CTASSERT(sizeof(bbuf) == sizeof(bnbuf)); + CTASSERT(sizeof(rbuf) == sizeof(bnbuf)); + + /* + * Avoid strict aliasing violations by copying from an unsigned + * long array to an unsigned int array, then copying back the + * result. Any sensible compiler will omit the copies, while + * avoiding undefined behaviour that would result from unsafe + * type punning via pointer type casting. + */ + memcpy(bbuf, bnbuf, sizeof(bbuf)); + memcpy(rbuf, r_d, sizeof(rbuf)); acc = rp[0]; acc -= bp[7 - 7]; @@ -669,6 +723,8 @@ BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) acc -= bp[13 - 7]; rp[6] = (unsigned int)acc; + memcpy(r_d, rbuf, sizeof(rbuf)); + carry = (int)(acc >> 32); # if BN_BITS2==64 rp[7] = carry; @@ -678,13 +734,13 @@ BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { BN_ULONG t_d[BN_NIST_224_TOP] = {0}; - nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0); + nist_set_224(t_d, bnbuf, 10, 9, 8, 7, 0, 0, 0); carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); - nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0); + nist_set_224(t_d, bnbuf, 0, 13, 12, 11, 0, 0, 0); carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); - nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7); + nist_set_224(t_d, bnbuf, 13, 12, 11, 10, 9, 8, 7); carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); - nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11); + nist_set_224(t_d, bnbuf, 0, 0, 0, 0, 13, 12, 11); carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); #if BN_BITS2==64 @@ -692,7 +748,7 @@ BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) #endif } #endif - u.f = bn_sub_words; + addsubf = bn_sub_words; if (carry > 0) { carry = (int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1], BN_NIST_224_TOP); @@ -708,14 +764,13 @@ BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) * adjusted by *subtracting* the latter. */ carry = (int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1], BN_NIST_224_TOP); - mask = 0 - (uintptr_t)carry; - u.p = ((uintptr_t)bn_sub_words & mask) | - ((uintptr_t)bn_add_words & ~mask); + if (carry == 0) + addsubf = bn_add_words; } else carry = 1; /* otherwise it's effectively same as in BN_nist_mod_192... */ - mask = 0 - (uintptr_t)(*u.f)(c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP); + mask = 0 - (uintptr_t)(*addsubf)(c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP); mask &= 0 - (uintptr_t)carry; res = c_d; res = (BN_ULONG *)(((uintptr_t)res & ~mask) | ((uintptr_t)r_d & mask)); @@ -741,27 +796,14 @@ BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { - int i, top = a->top; - int carry = 0; - BN_ULONG *a_d = a->d, *r_d; - union { - BN_ULONG bn[BN_NIST_256_TOP]; - unsigned int ui[BN_NIST_256_TOP * - sizeof(BN_ULONG) / sizeof(unsigned int)]; - } buf; - BN_ULONG c_d[BN_NIST_256_TOP] = {0}, *res; + BN_ULONG bnbuf[BN_NIST_256_TOP] = { 0 }; + BN_ULONG c_d[BN_NIST_256_TOP] = { 0 }; + BN_ULONG *a_d = a->d; + BN_ULONG *r_d, *res; + bn_addsub_f addsubf; uintptr_t mask; - union { - bn_addsub_f f; - uintptr_t p; - } u; - static const BIGNUM _bignum_nist_p_256_sqr = { - (BN_ULONG *)_nist_p_256_sqr, - sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), - sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), - 0, - BN_FLG_STATIC_DATA - }; + int top = a->top; + int carry, i; field = &_bignum_nist_p_256; /* just to make sure */ @@ -783,14 +825,31 @@ BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) } else r_d = a_d; - nist_cp_bn_0(buf.bn, a_d + BN_NIST_256_TOP, + nist_cp_bn_0(bnbuf, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, BN_NIST_256_TOP); #if defined(NIST_INT64) { NIST_INT64 acc; /* accumulator */ - unsigned int *rp = (unsigned int *)r_d; - const unsigned int *bp = (const unsigned int *)buf.ui; + unsigned int bbuf[BN_NIST_256_TOP * + sizeof(BN_ULONG) / sizeof(unsigned int)]; + unsigned int rbuf[BN_NIST_256_TOP * + sizeof(BN_ULONG) / sizeof(unsigned int)]; + const unsigned int *bp = bbuf; + unsigned int *rp = rbuf; + + CTASSERT(sizeof(bbuf) == sizeof(bnbuf)); + CTASSERT(sizeof(rbuf) == sizeof(bnbuf)); + + /* + * Avoid strict aliasing violations by copying from an unsigned + * long array to an unsigned int array, then copying back the + * result. Any sensible compiler will omit the copies, while + * avoiding undefined behaviour that would result from unsafe + * type punning via pointer type casting. + */ + memcpy(bbuf, bnbuf, sizeof(bbuf)); + memcpy(rbuf, r_d, sizeof(rbuf)); acc = rp[0]; acc += bp[8 - 8]; @@ -878,6 +937,8 @@ BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) acc -= bp[13 - 8]; rp[7] = (unsigned int)acc; + memcpy(r_d, rbuf, sizeof(rbuf)); + carry = (int)(acc >> 32); } #else @@ -885,9 +946,9 @@ BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) BN_ULONG t_d[BN_NIST_256_TOP] = {0}; /*S1*/ - nist_set_256(t_d, buf.bn, 15, 14, 13, 12, 11, 0, 0, 0); + nist_set_256(t_d, bnbuf, 15, 14, 13, 12, 11, 0, 0, 0); /*S2*/ - nist_set_256(c_d, buf.bn, 0, 15, 14, 13, 12, 0, 0, 0); + nist_set_256(c_d, bnbuf, 0, 15, 14, 13, 12, 0, 0, 0); carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP); /* left shift */ { @@ -904,41 +965,40 @@ BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) } carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*S3*/ - nist_set_256(t_d, buf.bn, 15, 14, 0, 0, 0, 10, 9, 8); + nist_set_256(t_d, bnbuf, 15, 14, 0, 0, 0, 10, 9, 8); carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*S4*/ - nist_set_256(t_d, buf.bn, 8, 13, 15, 14, 13, 11, 10, 9); + nist_set_256(t_d, bnbuf, 8, 13, 15, 14, 13, 11, 10, 9); carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*D1*/ - nist_set_256(t_d, buf.bn, 10, 8, 0, 0, 0, 13, 12, 11); + nist_set_256(t_d, bnbuf, 10, 8, 0, 0, 0, 13, 12, 11); carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*D2*/ - nist_set_256(t_d, buf.bn, 11, 9, 0, 0, 15, 14, 13, 12); + nist_set_256(t_d, bnbuf, 11, 9, 0, 0, 15, 14, 13, 12); carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*D3*/ - nist_set_256(t_d, buf.bn, 12, 0, 10, 9, 8, 15, 14, 13); + nist_set_256(t_d, bnbuf, 12, 0, 10, 9, 8, 15, 14, 13); carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*D4*/ - nist_set_256(t_d, buf.bn, 13, 0, 11, 10, 9, 0, 15, 14); + nist_set_256(t_d, bnbuf, 13, 0, 11, 10, 9, 0, 15, 14); carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); } #endif /* see BN_nist_mod_224 for explanation */ - u.f = bn_sub_words; + addsubf = bn_sub_words; if (carry > 0) carry = (int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1], BN_NIST_256_TOP); else if (carry < 0) { carry = (int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1], BN_NIST_256_TOP); - mask = 0 - (uintptr_t)carry; - u.p = ((uintptr_t)bn_sub_words & mask) | - ((uintptr_t)bn_add_words & ~mask); + if (carry == 0) + addsubf = bn_add_words; } else carry = 1; - mask = 0 - (uintptr_t)(*u.f)(c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP); + mask = 0 - (uintptr_t)(*addsubf)(c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP); mask &= 0 - (uintptr_t)carry; res = c_d; res = (BN_ULONG *)(((uintptr_t)res & ~mask) | ((uintptr_t)r_d & mask)); @@ -968,27 +1028,14 @@ BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { - int i, top = a->top; - int carry = 0; - BN_ULONG *r_d, *a_d = a->d; - union { - BN_ULONG bn[BN_NIST_384_TOP]; - unsigned int ui[BN_NIST_384_TOP * - sizeof(BN_ULONG) / sizeof(unsigned int)]; - } buf; - BN_ULONG c_d[BN_NIST_384_TOP], *res; + BN_ULONG bnbuf[BN_NIST_384_TOP] = { 0 }; + BN_ULONG c_d[BN_NIST_384_TOP] = { 0 }; + BN_ULONG *a_d = a->d; + BN_ULONG *r_d, *res; + bn_addsub_f addsubf; uintptr_t mask; - union { - bn_addsub_f f; - uintptr_t p; - } u; - static const BIGNUM _bignum_nist_p_384_sqr = { - (BN_ULONG *)_nist_p_384_sqr, - sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), - sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), - 0, - BN_FLG_STATIC_DATA - }; + int top = a->top; + int carry, i; field = &_bignum_nist_p_384; /* just to make sure */ @@ -1010,14 +1057,31 @@ BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) } else r_d = a_d; - nist_cp_bn_0(buf.bn, a_d + BN_NIST_384_TOP, + nist_cp_bn_0(bnbuf, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, BN_NIST_384_TOP); #if defined(NIST_INT64) { NIST_INT64 acc; /* accumulator */ - unsigned int *rp = (unsigned int *)r_d; - const unsigned int *bp = (const unsigned int *)buf.ui; + unsigned int bbuf[BN_NIST_384_TOP * + sizeof(BN_ULONG) / sizeof(unsigned int)]; + unsigned int rbuf[BN_NIST_384_TOP * + sizeof(BN_ULONG) / sizeof(unsigned int)]; + const unsigned int *bp = bbuf; + unsigned int *rp = rbuf; + + CTASSERT(sizeof(bbuf) == sizeof(bnbuf)); + CTASSERT(sizeof(rbuf) == sizeof(bnbuf)); + + /* + * Avoid strict aliasing violations by copying from an unsigned + * long array to an unsigned int array, then copying back the + * result. Any sensible compiler will omit the copies, while + * avoiding undefined behaviour that would result from unsafe + * type punning via pointer type casting. + */ + memcpy(bbuf, bnbuf, sizeof(bbuf)); + memcpy(rbuf, r_d, sizeof(rbuf)); acc = rp[0]; acc += bp[12 - 12]; @@ -1132,6 +1196,8 @@ BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) acc -= bp[22 - 12]; rp[11] = (unsigned int)acc; + memcpy(r_d, rbuf, sizeof(rbuf)); + carry = (int)(acc >> 32); } #else @@ -1139,7 +1205,7 @@ BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) BN_ULONG t_d[BN_NIST_384_TOP] = {0}; /*S1*/ - nist_set_256(t_d, buf.bn, 0, 0, 0, 0, 0, 23 - 4, 22 - 4, + nist_set_256(t_d, bnbuf, 0, 0, 0, 0, 0, 23 - 4, 22 - 4, 21 - 4); /* left shift */ { @@ -1156,49 +1222,48 @@ BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) carry = (int)bn_add_words(r_d + (128 / BN_BITS2), r_d + (128 / BN_BITS2), t_d, BN_NIST_256_TOP); /*S2 */ - carry += (int)bn_add_words(r_d, r_d, buf.bn, BN_NIST_384_TOP); + carry += (int)bn_add_words(r_d, r_d, bnbuf, BN_NIST_384_TOP); /*S3*/ - nist_set_384(t_d, buf.bn, 20, 19, 18, 17, 16, 15, 14, 13, 12, + nist_set_384(t_d, bnbuf, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23, 22, 21); carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*S4*/ - nist_set_384(t_d, buf.bn, 19, 18, 17, 16, 15, 14, 13, 12, 20, + nist_set_384(t_d, bnbuf, 19, 18, 17, 16, 15, 14, 13, 12, 20, 0, 23, 0); carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*S5*/ - nist_set_384(t_d, buf.bn, 0,0, 0,0, 23, 22, 21, 20, 0,0, 0, 0); + nist_set_384(t_d, bnbuf, 0,0, 0,0, 23, 22, 21, 20, 0,0, 0, 0); carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*S6*/ - nist_set_384(t_d, buf.bn, 0,0, 0,0, 0,0, 23, 22, 21, 0,0, 20); + nist_set_384(t_d, bnbuf, 0,0, 0,0, 0,0, 23, 22, 21, 0,0, 20); carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*D1*/ - nist_set_384(t_d, buf.bn, 22, 21, 20, 19, 18, 17, 16, 15, 14, + nist_set_384(t_d, bnbuf, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23); carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*D2*/ - nist_set_384(t_d, buf.bn, 0,0, 0,0, 0,0, 0,23, 22, 21, 20, 0); + nist_set_384(t_d, bnbuf, 0,0, 0,0, 0,0, 0,23, 22, 21, 20, 0); carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*D3*/ - nist_set_384(t_d, buf.bn, 0,0, 0,0, 0,0, 0,23, 23, 0,0, 0); + nist_set_384(t_d, bnbuf, 0,0, 0,0, 0,0, 0,23, 23, 0,0, 0); carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); } #endif /* see BN_nist_mod_224 for explanation */ - u.f = bn_sub_words; + addsubf = bn_sub_words; if (carry > 0) carry = (int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1], BN_NIST_384_TOP); else if (carry < 0) { carry = (int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1], BN_NIST_384_TOP); - mask = 0 - (uintptr_t)carry; - u.p = ((uintptr_t)bn_sub_words & mask) | - ((uintptr_t)bn_add_words & ~mask); + if (carry == 0) + addsubf = bn_add_words; } else carry = 1; - mask = 0 - (uintptr_t)(*u.f)(c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP); + mask = 0 - (uintptr_t)(*addsubf)(c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP); mask &= 0 - (uintptr_t)carry; res = c_d; res = (BN_ULONG *)(((uintptr_t)res & ~mask) | ((uintptr_t)r_d & mask)); @@ -1216,16 +1281,13 @@ BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { - int top = a->top, i; - BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res; + BN_ULONG t_d[BN_NIST_521_TOP] = { 0 }; + BN_ULONG *a_d = a->d; + BN_ULONG *r_d, *res; + BN_ULONG tmp, val; uintptr_t mask; - static const BIGNUM _bignum_nist_p_521_sqr = { - (BN_ULONG *)_nist_p_521_sqr, - sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), - sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), - 0, - BN_FLG_STATIC_DATA - }; + int top = a->top; + int i; field = &_bignum_nist_p_521; /* just to make sure */ diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index e78c5686..e9a73358 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_prime.c,v 1.18 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: bn_prime.c,v 1.22 2022/07/19 16:19:19 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -116,6 +116,8 @@ #include "bn_lcl.h" +#define LIBRESSL_HAS_BPSW + /* NB: these functions have been "upgraded", the deprecated versions (which are * compatibility wrappers using these functions) are in bn_depr.c. * - Geoff @@ -166,7 +168,7 @@ BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, int found = 0; int i, j, c1 = 0; BN_CTX *ctx; - int checks; + int checks = 1; if (bits < 2 || (bits == 2 && safe)) { /* @@ -184,7 +186,9 @@ BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, if ((t = BN_CTX_get(ctx)) == NULL) goto err; +#ifndef LIBRESSL_HAS_BPSW checks = BN_prime_checks_for_size(bits); +#endif loop: /* make a random number and set the top and bottom bits */ @@ -259,12 +263,22 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, int do_trial_division, BN_GENCB *cb) { - int i, j, ret = -1; - int k; BN_CTX *ctx = NULL; BIGNUM *A1, *A1_odd, *check; /* taken from ctx */ BN_MONT_CTX *mont = NULL; const BIGNUM *A = NULL; + int i, j, k; + int ret = -1; + +#ifdef LIBRESSL_HAS_BPSW + int is_prime; + + /* XXX - tickle BN_GENCB in bn_is_prime_bpsw(). */ + if (!bn_is_prime_bpsw(&is_prime, a, ctx_passed)) + return -1; + + return is_prime; +#endif if (BN_cmp(a, BN_value_one()) <= 0) return 0; @@ -282,7 +296,7 @@ BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, if (mod == (BN_ULONG)-1) goto err; if (mod == 0) - return 0; + return BN_is_word(a, primes[i]); } if (!BN_GENCB_call(cb, 1, -1)) goto err; diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index d849b860..9b5c7533 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_print.c,v 1.32 2021/08/31 11:19:19 tb Exp $ */ +/* $OpenBSD: bn_print.c,v 1.33 2022/01/20 10:53:33 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -310,8 +310,10 @@ BN_dec2bn(BIGNUM **bn, const char *a) l += *a - '0'; a++; if (++j == BN_DEC_NUM) { - BN_mul_word(ret, BN_DEC_CONV); - BN_add_word(ret, l); + if (!BN_mul_word(ret, BN_DEC_CONV)) + goto err; + if (!BN_add_word(ret, l)) + goto err; l = 0; j = 0; } diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index 0e8211e3..e89e1574 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_shift.c,v 1.13 2014/10/28 07:35:58 jsg Exp $ */ +/* $OpenBSD: bn_shift.c,v 1.14 2022/06/22 09:03:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,6 +59,8 @@ #include #include +#include + #include "bn_lcl.h" int @@ -138,6 +140,11 @@ BN_lshift(BIGNUM *r, const BIGNUM *a, int n) BN_ULONG *t, *f; BN_ULONG l; + if (n < 0) { + BNerror(BN_R_INVALID_LENGTH); + return 0; + } + bn_check_top(r); bn_check_top(a); @@ -175,6 +182,11 @@ BN_rshift(BIGNUM *r, const BIGNUM *a, int n) BN_ULONG *t, *f; BN_ULONG l, tmp; + if (n < 0) { + BNerror(BN_R_INVALID_LENGTH); + return 0; + } + bn_check_top(r); bn_check_top(a); diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index 620e605a..644797d6 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_sqrt.c,v 1.9 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: bn_sqrt.c,v 1.11 2022/06/20 15:02:21 tb Exp $ */ /* Written by Lenka Fibikova * and Bodo Moeller for the OpenSSL project. */ /* ==================================================================== @@ -217,8 +217,9 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) /* e > 2, so we really have to use the Tonelli/Shanks algorithm. * First, find some y that is not a square. */ - if (!BN_copy(q, p)) goto end; /* use 'q' as temp */ - q->neg = 0; + if (!BN_copy(q, p)) /* use 'q' as temp */ + goto end; + q->neg = 0; i = 2; do { /* For efficiency, try small numbers first; @@ -253,10 +254,9 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) BNerror(BN_R_P_IS_NOT_PRIME); goto end; } - } - while (r == 1 && ++i < 82); + } while (r == 1 && ++i < 82); - if (r != -1) { + if (r != -1) { /* Many rounds and still no non-square -- this is more likely * a bug than just bad luck. * Even if p is not prime, we should have found some y @@ -302,8 +302,7 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto end; /* x := a^((q-1)/2) */ - if (BN_is_zero(t)) /* special case: p = 2^e + 1 */ - { + if (BN_is_zero(t)) { /* special case: p = 2^e + 1 */ if (!BN_nnmod(t, A, p, ctx)) goto end; if (BN_is_zero(t)) { diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c index 55ca21c0..7fc3b5c2 100644 --- a/crypto/bn/bn_x931p.c +++ b/crypto/bn/bn_x931p.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_x931p.c,v 1.11 2019/01/20 01:56:59 tb Exp $ */ +/* $OpenBSD: bn_x931p.c,v 1.13 2022/01/20 10:56:22 inoguchi Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ @@ -139,13 +139,13 @@ BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, const BIGNUM *Xp, /* First set p to value of Rp */ - if (!BN_mod_inverse_ct(p, p2, p1, ctx)) + if (BN_mod_inverse_ct(p, p2, p1, ctx) == NULL) goto err; if (!BN_mul(p, p, p2, ctx)) goto err; - if (!BN_mod_inverse_ct(t, p1, p2, ctx)) + if (BN_mod_inverse_ct(t, p1, p2, ctx) == NULL) goto err; if (!BN_mul(t, t, p1, ctx)) @@ -154,7 +154,7 @@ BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, const BIGNUM *Xp, if (!BN_sub(p, p, t)) goto err; - if (p->neg && !BN_add(p, p, p1p2)) + if (BN_is_negative(p) && !BN_add(p, p, p1p2)) goto err; /* p now equals Rp */ @@ -237,7 +237,8 @@ BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) if (!BN_rand(Xq, nbits, 1, 0)) goto err; /* Check that |Xp - Xq| > 2^(nbits - 100) */ - BN_sub(t, Xp, Xq); + if (!BN_sub(t, Xp, Xq)) + goto err; if (BN_num_bits(t) > (nbits - 100)) break; } diff --git a/crypto/buffer/buf_err.c b/crypto/buffer/buf_err.c index dd5cc5e1..4dc1dca7 100644 --- a/crypto/buffer/buf_err.c +++ b/crypto/buffer/buf_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: buf_err.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: buf_err.c,v 1.12 2022/07/12 14:42:48 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0) diff --git a/crypto/bytestring/bs_ber.c b/crypto/bytestring/bs_ber.c new file mode 100644 index 00000000..c9779c89 --- /dev/null +++ b/crypto/bytestring/bs_ber.c @@ -0,0 +1,269 @@ +/* $OpenBSD: bs_ber.c,v 1.2 2021/12/15 18:02:39 jsing Exp $ */ +/* + * Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include "bytestring.h" + +/* + * kMaxDepth is a just a sanity limit. The code should be such that the length + * of the input being processes always decreases. None the less, a very large + * input could otherwise cause the stack to overflow. + */ +static const unsigned int kMaxDepth = 2048; + +/* Non-strict version that allows a relaxed DER with indefinite form. */ +static int +cbs_nonstrict_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag, + size_t *out_header_len) +{ + return cbs_get_any_asn1_element_internal(cbs, out, + out_tag, out_header_len, 0); +} + +/* + * cbs_find_indefinite walks an ASN.1 structure in |orig_in| and sets + * |*indefinite_found| depending on whether an indefinite length element was + * found. The value of |orig_in| is not modified. + * + * Returns one on success (i.e. |*indefinite_found| was set) and zero on error. + */ +static int +cbs_find_indefinite(const CBS *orig_in, char *indefinite_found, + unsigned int depth) +{ + CBS in; + + if (depth > kMaxDepth) + return 0; + + CBS_init(&in, CBS_data(orig_in), CBS_len(orig_in)); + + while (CBS_len(&in) > 0) { + CBS contents; + unsigned int tag; + size_t header_len; + + if (!cbs_nonstrict_get_any_asn1_element(&in, &contents, &tag, + &header_len)) + return 0; + + /* Indefinite form not allowed by DER. */ + if (CBS_len(&contents) == header_len && header_len > 0 && + CBS_data(&contents)[header_len - 1] == 0x80) { + *indefinite_found = 1; + return 1; + } + if (tag & CBS_ASN1_CONSTRUCTED) { + if (!CBS_skip(&contents, header_len) || + !cbs_find_indefinite(&contents, indefinite_found, + depth + 1)) + return 0; + } + } + + *indefinite_found = 0; + return 1; +} + +/* + * is_primitive_type returns true if |tag| likely a primitive type. Normally + * one can just test the "constructed" bit in the tag but, in BER, even + * primitive tags can have the constructed bit if they have indefinite + * length. + */ +static char +is_primitive_type(unsigned int tag) +{ + return (tag & 0xc0) == 0 && + (tag & 0x1f) != (CBS_ASN1_SEQUENCE & 0x1f) && + (tag & 0x1f) != (CBS_ASN1_SET & 0x1f); +} + +/* + * is_eoc returns true if |header_len| and |contents|, as returned by + * |cbs_nonstrict_get_any_asn1_element|, indicate an "end of contents" (EOC) + * value. + */ +static char +is_eoc(size_t header_len, CBS *contents) +{ + const unsigned char eoc[] = {0x0, 0x0}; + + return header_len == 2 && CBS_mem_equal(contents, eoc, 2); +} + +/* + * cbs_convert_indefinite reads data with DER encoding (but relaxed to allow + * indefinite form) from |in| and writes definite form DER data to |out|. If + * |squash_header| is set then the top-level of elements from |in| will not + * have their headers written. This is used when concatenating the fragments of + * an indefinite length, primitive value. If |looking_for_eoc| is set then any + * EOC elements found will cause the function to return after consuming it. + * It returns one on success and zero on error. + */ +static int +cbs_convert_indefinite(CBS *in, CBB *out, char squash_header, + char looking_for_eoc, unsigned int depth) +{ + if (depth > kMaxDepth) + return 0; + + while (CBS_len(in) > 0) { + CBS contents; + unsigned int tag; + size_t header_len; + CBB *out_contents, out_contents_storage; + + if (!cbs_nonstrict_get_any_asn1_element(in, &contents, &tag, + &header_len)) + return 0; + + out_contents = out; + + if (CBS_len(&contents) == header_len) { + if (is_eoc(header_len, &contents)) + return looking_for_eoc; + + if (header_len > 0 && + CBS_data(&contents)[header_len - 1] == 0x80) { + /* + * This is an indefinite length element. If + * it's a SEQUENCE or SET then we just need to + * write the out the contents as normal, but + * with a concrete length prefix. + * + * If it's a something else then the contents + * will be a series of DER elements of the same + * type which need to be concatenated. + */ + const char context_specific = (tag & 0xc0) + == 0x80; + char squash_child_headers = + is_primitive_type(tag); + + /* + * This is a hack, but it sufficies to handle + * NSS's output. If we find an indefinite + * length, context-specific tag with a definite, + * primtive tag inside it, then we assume that + * the context-specific tag is implicit and the + * tags within are fragments of a primitive type + * that need to be concatenated. + */ + if (context_specific && + (tag & CBS_ASN1_CONSTRUCTED)) { + CBS in_copy, inner_contents; + unsigned int inner_tag; + size_t inner_header_len; + + CBS_init(&in_copy, CBS_data(in), + CBS_len(in)); + if (!cbs_nonstrict_get_any_asn1_element( + &in_copy, &inner_contents, + &inner_tag, &inner_header_len)) + return 0; + + if (CBS_len(&inner_contents) > + inner_header_len && + is_primitive_type(inner_tag)) + squash_child_headers = 1; + } + + if (!squash_header) { + unsigned int out_tag = tag; + + if (squash_child_headers) + out_tag &= + ~CBS_ASN1_CONSTRUCTED; + + if (!CBB_add_asn1(out, + &out_contents_storage, out_tag)) + return 0; + + out_contents = &out_contents_storage; + } + + if (!cbs_convert_indefinite(in, out_contents, + squash_child_headers, + 1 /* looking for eoc */, depth + 1)) + return 0; + + if (out_contents != out && !CBB_flush(out)) + return 0; + + continue; + } + } + + if (!squash_header) { + if (!CBB_add_asn1(out, &out_contents_storage, tag)) + return 0; + + out_contents = &out_contents_storage; + } + + if (!CBS_skip(&contents, header_len)) + return 0; + + if (tag & CBS_ASN1_CONSTRUCTED) { + if (!cbs_convert_indefinite(&contents, out_contents, + 0 /* don't squash header */, + 0 /* not looking for eoc */, depth + 1)) + return 0; + } else { + if (!CBB_add_bytes(out_contents, CBS_data(&contents), + CBS_len(&contents))) + return 0; + } + + if (out_contents != out && !CBB_flush(out)) + return 0; + } + + return looking_for_eoc == 0; +} + +int +CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len) +{ + CBB cbb; + + /* + * First, do a quick walk to find any indefinite-length elements. Most + * of the time we hope that there aren't any and thus we can quickly + * return. + */ + char conversion_needed; + if (!cbs_find_indefinite(in, &conversion_needed, 0)) + return 0; + + if (!conversion_needed) { + *out = NULL; + *out_len = 0; + return 1; + } + + if (!CBB_init(&cbb, CBS_len(in))) + return 0; + if (!cbs_convert_indefinite(in, &cbb, 0, 0, 0)) { + CBB_cleanup(&cbb); + return 0; + } + + return CBB_finish(&cbb, out, out_len); +} diff --git a/crypto/bytestring/bs_cbb.c b/crypto/bytestring/bs_cbb.c new file mode 100644 index 00000000..c8b6f482 --- /dev/null +++ b/crypto/bytestring/bs_cbb.c @@ -0,0 +1,483 @@ +/* $OpenBSD: bs_cbb.c,v 1.4 2022/07/07 17:16:05 tb Exp $ */ +/* + * Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include "bytestring.h" + +#define CBB_INITIAL_SIZE 64 + +static int +cbb_init(CBB *cbb, uint8_t *buf, size_t cap) +{ + struct cbb_buffer_st *base; + + if ((base = calloc(1, sizeof(struct cbb_buffer_st))) == NULL) + return 0; + + base->buf = buf; + base->len = 0; + base->cap = cap; + base->can_resize = 1; + + cbb->base = base; + cbb->is_top_level = 1; + + return 1; +} + +int +CBB_init(CBB *cbb, size_t initial_capacity) +{ + uint8_t *buf = NULL; + + memset(cbb, 0, sizeof(*cbb)); + + if (initial_capacity == 0) + initial_capacity = CBB_INITIAL_SIZE; + + if ((buf = calloc(1, initial_capacity)) == NULL) + return 0; + + if (!cbb_init(cbb, buf, initial_capacity)) { + free(buf); + return 0; + } + + return 1; +} + +int +CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len) +{ + memset(cbb, 0, sizeof(*cbb)); + + if (!cbb_init(cbb, buf, len)) + return 0; + + cbb->base->can_resize = 0; + + return 1; +} + +void +CBB_cleanup(CBB *cbb) +{ + if (cbb->base) { + if (cbb->base->can_resize) + freezero(cbb->base->buf, cbb->base->cap); + free(cbb->base); + } + cbb->base = NULL; + cbb->child = NULL; +} + +static int +cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out, size_t len) +{ + size_t newlen; + + if (base == NULL) + return 0; + + newlen = base->len + len; + if (newlen < base->len) + /* Overflow */ + return 0; + + if (newlen > base->cap) { + size_t newcap = base->cap * 2; + uint8_t *newbuf; + + if (!base->can_resize) + return 0; + + if (newcap < base->cap || newcap < newlen) + newcap = newlen; + + newbuf = recallocarray(base->buf, base->cap, newcap, 1); + if (newbuf == NULL) + return 0; + + base->buf = newbuf; + base->cap = newcap; + } + + if (out) + *out = base->buf + base->len; + + base->len = newlen; + return 1; +} + +static int +cbb_add_u(CBB *cbb, uint32_t v, size_t len_len) +{ + uint8_t *buf; + size_t i; + + if (len_len == 0) + return 1; + + if (len_len > 4) + return 0; + + if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, &buf, len_len)) + return 0; + + for (i = len_len - 1; i < len_len; i--) { + buf[i] = v; + v >>= 8; + } + return 1; +} + +int +CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len) +{ + if (!cbb->is_top_level) + return 0; + + if (!CBB_flush(cbb)) + return 0; + + if (cbb->base->can_resize && (out_data == NULL || out_len == NULL)) + /* + * |out_data| and |out_len| can only be NULL if the CBB is + * fixed. + */ + return 0; + + if (out_data != NULL && *out_data != NULL) + return 0; + + if (out_data != NULL) + *out_data = cbb->base->buf; + + if (out_len != NULL) + *out_len = cbb->base->len; + + cbb->base->buf = NULL; + CBB_cleanup(cbb); + return 1; +} + +/* + * CBB_flush recurses and then writes out any pending length prefix. The current + * length of the underlying base is taken to be the length of the + * length-prefixed data. + */ +int +CBB_flush(CBB *cbb) +{ + size_t child_start, i, len; + + if (cbb->base == NULL) + return 0; + + if (cbb->child == NULL || cbb->pending_len_len == 0) + return 1; + + child_start = cbb->offset + cbb->pending_len_len; + + if (!CBB_flush(cbb->child) || child_start < cbb->offset || + cbb->base->len < child_start) + return 0; + + len = cbb->base->len - child_start; + + if (cbb->pending_is_asn1) { + /* + * For ASN.1, we assumed that we were using short form which + * only requires a single byte for the length octet. + * + * If it turns out that we need long form, we have to move + * the contents along in order to make space for more length + * octets. + */ + size_t len_len = 1; /* total number of length octets */ + uint8_t initial_length_byte; + + /* We already wrote 1 byte for the length. */ + if (cbb->pending_len_len != 1) + return 0; + + /* Check for long form */ + if (len > 0xfffffffe) + return 0; /* 0xffffffff is reserved */ + else if (len > 0xffffff) + len_len = 5; + else if (len > 0xffff) + len_len = 4; + else if (len > 0xff) + len_len = 3; + else if (len > 0x7f) + len_len = 2; + + if (len_len == 1) { + /* For short form, the initial byte is the length. */ + initial_length_byte = len; + len = 0; + + } else { + /* + * For long form, the initial byte is the number of + * subsequent length octets (plus bit 8 set). + */ + initial_length_byte = 0x80 | (len_len - 1); + + /* + * We need to move the contents along in order to make + * space for the long form length octets. + */ + size_t extra_bytes = len_len - 1; + if (!cbb_buffer_add(cbb->base, NULL, extra_bytes)) + return 0; + + memmove(cbb->base->buf + child_start + extra_bytes, + cbb->base->buf + child_start, len); + } + cbb->base->buf[cbb->offset++] = initial_length_byte; + cbb->pending_len_len = len_len - 1; + } + + for (i = cbb->pending_len_len - 1; i < cbb->pending_len_len; i--) { + cbb->base->buf[cbb->offset + i] = len; + len >>= 8; + } + if (len != 0) + return 0; + + cbb->child->base = NULL; + cbb->child = NULL; + cbb->pending_len_len = 0; + cbb->pending_is_asn1 = 0; + cbb->offset = 0; + + return 1; +} + +void +CBB_discard_child(CBB *cbb) +{ + if (cbb->child == NULL) + return; + + cbb->base->len = cbb->offset; + + cbb->child->base = NULL; + cbb->child = NULL; + cbb->pending_len_len = 0; + cbb->pending_is_asn1 = 0; + cbb->offset = 0; +} + +static int +cbb_add_length_prefixed(CBB *cbb, CBB *out_contents, size_t len_len) +{ + uint8_t *prefix_bytes; + + if (!CBB_flush(cbb)) + return 0; + + cbb->offset = cbb->base->len; + if (!cbb_buffer_add(cbb->base, &prefix_bytes, len_len)) + return 0; + + memset(prefix_bytes, 0, len_len); + memset(out_contents, 0, sizeof(CBB)); + out_contents->base = cbb->base; + cbb->child = out_contents; + cbb->pending_len_len = len_len; + cbb->pending_is_asn1 = 0; + + return 1; +} + +int +CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents) +{ + return cbb_add_length_prefixed(cbb, out_contents, 1); +} + +int +CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents) +{ + return cbb_add_length_prefixed(cbb, out_contents, 2); +} + +int +CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents) +{ + return cbb_add_length_prefixed(cbb, out_contents, 3); +} + +int +CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag) +{ + if (tag > UINT8_MAX) + return 0; + + /* Long form identifier octets are not supported. */ + if ((tag & 0x1f) == 0x1f) + return 0; + + /* Short-form identifier octet only needs a single byte */ + if (!CBB_flush(cbb) || !CBB_add_u8(cbb, tag)) + return 0; + + /* + * Add 1 byte to cover the short-form length octet case. If it turns + * out we need long-form, it will be extended later. + */ + cbb->offset = cbb->base->len; + if (!CBB_add_u8(cbb, 0)) + return 0; + + memset(out_contents, 0, sizeof(CBB)); + out_contents->base = cbb->base; + cbb->child = out_contents; + cbb->pending_len_len = 1; + cbb->pending_is_asn1 = 1; + + return 1; +} + +int +CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len) +{ + uint8_t *dest; + + if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, &dest, len)) + return 0; + + memcpy(dest, data, len); + return 1; +} + +int +CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len) +{ + if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, out_data, len)) + return 0; + + memset(*out_data, 0, len); + return 1; +} + +int +CBB_add_u8(CBB *cbb, size_t value) +{ + if (value > UINT8_MAX) + return 0; + + return cbb_add_u(cbb, (uint32_t)value, 1); +} + +int +CBB_add_u16(CBB *cbb, size_t value) +{ + if (value > UINT16_MAX) + return 0; + + return cbb_add_u(cbb, (uint32_t)value, 2); +} + +int +CBB_add_u24(CBB *cbb, size_t value) +{ + if (value > 0xffffffUL) + return 0; + + return cbb_add_u(cbb, (uint32_t)value, 3); +} + +int +CBB_add_u32(CBB *cbb, size_t value) +{ + if (value > 0xffffffffUL) + return 0; + + return cbb_add_u(cbb, (uint32_t)value, 4); +} + +int +CBB_add_u64(CBB *cbb, uint64_t value) +{ + uint32_t a, b; + + a = value >> 32; + b = value & 0xffffffff; + + if (!CBB_add_u32(cbb, a)) + return 0; + return CBB_add_u32(cbb, b); +} + +int +CBB_add_asn1_uint64(CBB *cbb, uint64_t value) +{ + CBB child; + size_t i; + int started = 0; + + if (!CBB_add_asn1(cbb, &child, CBS_ASN1_INTEGER)) + return 0; + + for (i = 0; i < 8; i++) { + uint8_t byte = (value >> 8 * (7 - i)) & 0xff; + + /* + * ASN.1 restriction: first 9 bits cannot be all zeroes or + * all ones. Since this function only encodes unsigned + * integers, the only concerns are not encoding leading + * zeros and adding a padding byte if necessary. + * + * In practice, this means: + * 1) Skip leading octets of all zero bits in the value + * 2) After skipping the leading zero octets, if the next 9 + * bits are all ones, add an all zero prefix octet (and + * set the high bit of the prefix octet if negative). + * + * Additionally, for an unsigned value, add an all zero + * prefix if the high bit of the first octet would be one. + */ + if (!started) { + if (byte == 0) + /* Don't encode leading zeros. */ + continue; + + /* + * If the high bit is set, add a padding byte to make it + * unsigned. + */ + if ((byte & 0x80) && !CBB_add_u8(&child, 0)) + return 0; + + started = 1; + } + if (!CBB_add_u8(&child, byte)) + return 0; + } + + /* 0 is encoded as a single 0, not the empty string. */ + if (!started && !CBB_add_u8(&child, 0)) + return 0; + + return CBB_flush(cbb); +} diff --git a/crypto/bytestring/bs_cbs.c b/crypto/bytestring/bs_cbs.c new file mode 100644 index 00000000..e2bb54e4 --- /dev/null +++ b/crypto/bytestring/bs_cbs.c @@ -0,0 +1,615 @@ +/* $OpenBSD: bs_cbs.c,v 1.2 2021/12/15 18:02:39 jsing Exp $ */ +/* + * Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include "bytestring.h" + +void +CBS_init(CBS *cbs, const uint8_t *data, size_t len) +{ + cbs->data = data; + cbs->initial_len = len; + cbs->len = len; +} + +void +CBS_dup(const CBS *cbs, CBS *out) +{ + CBS_init(out, CBS_data(cbs), CBS_len(cbs)); + out->initial_len = cbs->initial_len; +} + +static int +cbs_get(CBS *cbs, const uint8_t **p, size_t n) +{ + if (cbs->len < n) + return 0; + + *p = cbs->data; + cbs->data += n; + cbs->len -= n; + return 1; +} + +static int +cbs_peek(CBS *cbs, const uint8_t **p, size_t n) +{ + if (cbs->len < n) + return 0; + + *p = cbs->data; + return 1; +} + +size_t +CBS_offset(const CBS *cbs) +{ + return cbs->initial_len - cbs->len; +} + +int +CBS_skip(CBS *cbs, size_t len) +{ + const uint8_t *dummy; + return cbs_get(cbs, &dummy, len); +} + +const uint8_t * +CBS_data(const CBS *cbs) +{ + return cbs->data; +} + +size_t +CBS_len(const CBS *cbs) +{ + return cbs->len; +} + +int +CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len) +{ + free(*out_ptr); + *out_ptr = NULL; + *out_len = 0; + + if (cbs->len == 0) + return 1; + + if ((*out_ptr = malloc(cbs->len)) == NULL) + return 0; + + memcpy(*out_ptr, cbs->data, cbs->len); + + *out_len = cbs->len; + return 1; +} + +int +CBS_strdup(const CBS *cbs, char **out_ptr) +{ + free(*out_ptr); + *out_ptr = NULL; + + if (CBS_contains_zero_byte(cbs)) + return 0; + + *out_ptr = strndup((const char *)cbs->data, cbs->len); + return (*out_ptr != NULL); +} + +int +CBS_write_bytes(const CBS *cbs, uint8_t *dst, size_t dst_len, size_t *copied) +{ + if (dst_len < cbs->len) + return 0; + + memmove(dst, cbs->data, cbs->len); + + if (copied != NULL) + *copied = cbs->len; + + return 1; +} + +int +CBS_contains_zero_byte(const CBS *cbs) +{ + return memchr(cbs->data, 0, cbs->len) != NULL; +} + +int +CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len) +{ + if (len != cbs->len) + return 0; + + return timingsafe_memcmp(cbs->data, data, len) == 0; +} + +static int +cbs_get_u(CBS *cbs, uint32_t *out, size_t len) +{ + uint32_t result = 0; + size_t i; + const uint8_t *data; + + if (len < 1 || len > 4) + return 0; + + if (!cbs_get(cbs, &data, len)) + return 0; + + for (i = 0; i < len; i++) { + result <<= 8; + result |= data[i]; + } + *out = result; + return 1; +} + +int +CBS_get_u8(CBS *cbs, uint8_t *out) +{ + const uint8_t *v; + + if (!cbs_get(cbs, &v, 1)) + return 0; + + *out = *v; + return 1; +} + +int +CBS_get_u16(CBS *cbs, uint16_t *out) +{ + uint32_t v; + + if (!cbs_get_u(cbs, &v, 2)) + return 0; + + *out = v; + return 1; +} + +int +CBS_get_u24(CBS *cbs, uint32_t *out) +{ + return cbs_get_u(cbs, out, 3); +} + +int +CBS_get_u32(CBS *cbs, uint32_t *out) +{ + return cbs_get_u(cbs, out, 4); +} + +int +CBS_get_u64(CBS *cbs, uint64_t *out) +{ + uint32_t a, b; + + if (cbs->len < 8) + return 0; + + if (!CBS_get_u32(cbs, &a)) + return 0; + if (!CBS_get_u32(cbs, &b)) + return 0; + + *out = (uint64_t)a << 32 | b; + return 1; +} + +int +CBS_get_last_u8(CBS *cbs, uint8_t *out) +{ + if (cbs->len == 0) + return 0; + + *out = cbs->data[cbs->len - 1]; + cbs->len--; + return 1; +} + +int +CBS_get_bytes(CBS *cbs, CBS *out, size_t len) +{ + const uint8_t *v; + + if (!cbs_get(cbs, &v, len)) + return 0; + + CBS_init(out, v, len); + return 1; +} + +static int +cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len) +{ + uint32_t len; + + if (!cbs_get_u(cbs, &len, len_len)) + return 0; + + return CBS_get_bytes(cbs, out, len); +} + +int +CBS_get_u8_length_prefixed(CBS *cbs, CBS *out) +{ + return cbs_get_length_prefixed(cbs, out, 1); +} + +int +CBS_get_u16_length_prefixed(CBS *cbs, CBS *out) +{ + return cbs_get_length_prefixed(cbs, out, 2); +} + +int +CBS_get_u24_length_prefixed(CBS *cbs, CBS *out) +{ + return cbs_get_length_prefixed(cbs, out, 3); +} + +static int +cbs_peek_u(CBS *cbs, uint32_t *out, size_t len) +{ + uint32_t result = 0; + size_t i; + const uint8_t *data; + + if (len < 1 || len > 4) + return 0; + + if (!cbs_peek(cbs, &data, len)) + return 0; + + for (i = 0; i < len; i++) { + result <<= 8; + result |= data[i]; + } + *out = result; + return 1; +} + +int +CBS_peek_u8(CBS *cbs, uint8_t *out) +{ + const uint8_t *v; + + if (!cbs_peek(cbs, &v, 1)) + return 0; + + *out = *v; + return 1; +} + +int +CBS_peek_u16(CBS *cbs, uint16_t *out) +{ + uint32_t v; + + if (!cbs_peek_u(cbs, &v, 2)) + return 0; + + *out = v; + return 1; +} + +int +CBS_peek_u24(CBS *cbs, uint32_t *out) +{ + return cbs_peek_u(cbs, out, 3); +} + +int +CBS_peek_u32(CBS *cbs, uint32_t *out) +{ + return cbs_peek_u(cbs, out, 4); +} + +int +CBS_peek_last_u8(CBS *cbs, uint8_t *out) +{ + if (cbs->len == 0) + return 0; + + *out = cbs->data[cbs->len - 1]; + return 1; +} + +int +CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag, + size_t *out_header_len) +{ + return cbs_get_any_asn1_element_internal(cbs, out, out_tag, + out_header_len, 1); +} + +/* + * Review X.690 for details on ASN.1 DER encoding. + * + * If non-strict mode is enabled, then DER rules are relaxed + * for indefinite constructs (violates DER but a little closer to BER). + * Non-strict mode should only be used by bs_ber.c + * + * Sections 8, 10 and 11 for DER encoding + */ +int +cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned int *out_tag, + size_t *out_header_len, int strict) +{ + uint8_t tag, length_byte; + CBS header = *cbs; + CBS throwaway; + size_t len; + + if (out == NULL) + out = &throwaway; + + /* + * Get identifier octet and length octet. Only 1 octet for each + * is a CBS limitation. + */ + if (!CBS_get_u8(&header, &tag) || !CBS_get_u8(&header, &length_byte)) + return 0; + + /* CBS limitation: long form tags are not supported. */ + if ((tag & 0x1f) == 0x1f) + return 0; + + if (out_tag != NULL) + *out_tag = tag; + + if ((length_byte & 0x80) == 0) { + /* Short form length. */ + len = ((size_t) length_byte) + 2; + if (out_header_len != NULL) + *out_header_len = 2; + + } else { + /* Long form length. */ + const size_t num_bytes = length_byte & 0x7f; + uint32_t len32; + + /* ASN.1 reserved value for future extensions */ + if (num_bytes == 0x7f) + return 0; + + /* Handle indefinite form length */ + if (num_bytes == 0) { + /* DER encoding doesn't allow for indefinite form. */ + if (strict) + return 0; + + /* Primitive cannot use indefinite in BER or DER. */ + if ((tag & CBS_ASN1_CONSTRUCTED) == 0) + return 0; + + /* Constructed, indefinite length allowed in BER. */ + if (out_header_len != NULL) + *out_header_len = 2; + return CBS_get_bytes(cbs, out, 2); + } + + /* CBS limitation. */ + if (num_bytes > 4) + return 0; + + if (!cbs_get_u(&header, &len32, num_bytes)) + return 0; + + /* DER has a minimum length octet requirement. */ + if (len32 < 128) + /* Should have used short form instead */ + return 0; + + if ((len32 >> ((num_bytes - 1) * 8)) == 0) + /* Length should have been at least one byte shorter. */ + return 0; + + len = len32; + if (len + 2 + num_bytes < len) + /* Overflow. */ + return 0; + + len += 2 + num_bytes; + if (out_header_len != NULL) + *out_header_len = 2 + num_bytes; + } + + return CBS_get_bytes(cbs, out, len); +} + +static int +cbs_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value, int skip_header) +{ + size_t header_len; + unsigned int tag; + CBS throwaway; + + if (out == NULL) + out = &throwaway; + + if (!CBS_get_any_asn1_element(cbs, out, &tag, &header_len) || + tag != tag_value) + return 0; + + if (skip_header && !CBS_skip(out, header_len)) + return 0; + + return 1; +} + +int +CBS_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value) +{ + return cbs_get_asn1(cbs, out, tag_value, 1 /* skip header */); +} + +int +CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned int tag_value) +{ + return cbs_get_asn1(cbs, out, tag_value, 0 /* include header */); +} + +int +CBS_peek_asn1_tag(const CBS *cbs, unsigned int tag_value) +{ + if (CBS_len(cbs) < 1) + return 0; + + /* + * Tag number 31 indicates the start of a long form number. + * This is valid in ASN.1, but CBS only supports short form. + */ + if ((tag_value & 0x1f) == 0x1f) + return 0; + + return CBS_data(cbs)[0] == tag_value; +} + +/* Encoding details are in ASN.1: X.690 section 8.3 */ +int +CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) +{ + CBS bytes; + const uint8_t *data; + size_t i, len; + + if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER)) + return 0; + + *out = 0; + data = CBS_data(&bytes); + len = CBS_len(&bytes); + + if (len == 0) + /* An INTEGER is encoded with at least one content octet. */ + return 0; + + if ((data[0] & 0x80) != 0) + /* Negative number. */ + return 0; + + if (data[0] == 0 && len > 1 && (data[1] & 0x80) == 0) + /* Violates smallest encoding rule: excessive leading zeros. */ + return 0; + + for (i = 0; i < len; i++) { + if ((*out >> 56) != 0) + /* Too large to represent as a uint64_t. */ + return 0; + + *out <<= 8; + *out |= data[i]; + } + + return 1; +} + +int +CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, unsigned int tag) +{ + if (CBS_peek_asn1_tag(cbs, tag)) { + if (!CBS_get_asn1(cbs, out, tag)) + return 0; + + *out_present = 1; + } else { + *out_present = 0; + } + return 1; +} + +int +CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present, + unsigned int tag) +{ + CBS child; + int present; + + if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) + return 0; + + if (present) { + if (!CBS_get_asn1(&child, out, CBS_ASN1_OCTETSTRING) || + CBS_len(&child) != 0) + return 0; + } else { + CBS_init(out, NULL, 0); + } + if (out_present) + *out_present = present; + + return 1; +} + +int +CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned int tag, + uint64_t default_value) +{ + CBS child; + int present; + + if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) + return 0; + + if (present) { + if (!CBS_get_asn1_uint64(&child, out) || + CBS_len(&child) != 0) + return 0; + } else { + *out = default_value; + } + return 1; +} + +int +CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned int tag, + int default_value) +{ + CBS child, child2; + int present; + + if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) + return 0; + + if (present) { + uint8_t boolean; + + if (!CBS_get_asn1(&child, &child2, CBS_ASN1_BOOLEAN) || + CBS_len(&child2) != 1 || CBS_len(&child) != 0) + return 0; + + boolean = CBS_data(&child2)[0]; + if (boolean == 0) + *out = 0; + else if (boolean == 0xff) + *out = 1; + else + return 0; + + } else { + *out = default_value; + } + return 1; +} diff --git a/crypto/bytestring/bytestring.h b/crypto/bytestring/bytestring.h new file mode 100644 index 00000000..d8ef8ffd --- /dev/null +++ b/crypto/bytestring/bytestring.h @@ -0,0 +1,566 @@ +/* $OpenBSD: bytestring.h,v 1.3 2022/01/06 14:32:55 jsing Exp $ */ +/* + * Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef OPENSSL_HEADER_BYTESTRING_H +#define OPENSSL_HEADER_BYTESTRING_H + +#include +#include + +__BEGIN_HIDDEN_DECLS + +/* + * Bytestrings are used for parsing and building TLS and ASN.1 messages. + * + * A "CBS" (CRYPTO ByteString) represents a string of bytes in memory and + * provides utility functions for safely parsing length-prefixed structures + * like TLS and ASN.1 from it. + * + * A "CBB" (CRYPTO ByteBuilder) is a memory buffer that grows as needed and + * provides utility functions for building length-prefixed messages. + */ + +/* CRYPTO ByteString */ +typedef struct cbs_st { + const uint8_t *data; + size_t initial_len; + size_t len; +} CBS; + +/* + * CBS_init sets |cbs| to point to |data|. It does not take ownership of + * |data|. + */ +void CBS_init(CBS *cbs, const uint8_t *data, size_t len); + +/* + * CBS_skip advances |cbs| by |len| bytes. It returns one on success and zero + * otherwise. + */ +int CBS_skip(CBS *cbs, size_t len); + +/* + * CBS_data returns a pointer to the contents of |cbs|. + */ +const uint8_t *CBS_data(const CBS *cbs); + +/* + * CBS_len returns the number of bytes remaining in |cbs|. + */ +size_t CBS_len(const CBS *cbs); + +/* + * CBS_offset returns the current offset into the original data of |cbs|. + */ +size_t CBS_offset(const CBS *cbs); + +/* + * CBS_stow copies the current contents of |cbs| into |*out_ptr| and + * |*out_len|. If |*out_ptr| is not NULL, the contents are freed with + * free. It returns one on success and zero on allocation failure. On + * success, |*out_ptr| should be freed with free. If |cbs| is empty, + * |*out_ptr| will be NULL. + */ +int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len); + +/* + * CBS_strdup copies the current contents of |cbs| into |*out_ptr| as a + * NUL-terminated C string. If |*out_ptr| is not NULL, the contents are freed + * with free. It returns one on success and zero on allocation + * failure. On success, |*out_ptr| should be freed with free. + * + * NOTE: If |cbs| contains NUL bytes, the string will be truncated. Call + * |CBS_contains_zero_byte(cbs)| to check for NUL bytes. + */ +int CBS_strdup(const CBS *cbs, char **out_ptr); + +/* + * CBS_write_bytes writes all of the remaining data from |cbs| into |dst| + * if it is at most |dst_len| bytes. If |copied| is not NULL, it will be set + * to the amount copied. It returns one on success and zero otherwise. + */ +int CBS_write_bytes(const CBS *cbs, uint8_t *dst, size_t dst_len, + size_t *copied); + +/* + * CBS_contains_zero_byte returns one if the current contents of |cbs| contains + * a NUL byte and zero otherwise. + */ +int CBS_contains_zero_byte(const CBS *cbs); + +/* + * CBS_mem_equal compares the current contents of |cbs| with the |len| bytes + * starting at |data|. If they're equal, it returns one, otherwise zero. If the + * lengths match, it uses a constant-time comparison. + */ +int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len); + +/* + * CBS_get_u8 sets |*out| to the next uint8_t from |cbs| and advances |cbs|. It + * returns one on success and zero on error. + */ +int CBS_get_u8(CBS *cbs, uint8_t *out); + +/* + * CBS_get_u16 sets |*out| to the next, big-endian uint16_t from |cbs| and + * advances |cbs|. It returns one on success and zero on error. + */ +int CBS_get_u16(CBS *cbs, uint16_t *out); + +/* + * CBS_get_u24 sets |*out| to the next, big-endian 24-bit value from |cbs| and + * advances |cbs|. It returns one on success and zero on error. + */ +int CBS_get_u24(CBS *cbs, uint32_t *out); + +/* + * CBS_get_u32 sets |*out| to the next, big-endian uint32_t value from |cbs| + * and advances |cbs|. It returns one on success and zero on error. + */ +int CBS_get_u32(CBS *cbs, uint32_t *out); + +/* + * CBS_get_u64 sets |*out| to the next, big-endian uint64_t value from |cbs| + * and advances |cbs|. It returns one on success and zero on error. + */ +int CBS_get_u64(CBS *cbs, uint64_t *out); + +/* + * CBS_get_last_u8 sets |*out| to the last uint8_t from |cbs| and shortens + * |cbs|. It returns one on success and zero on error. + */ +int CBS_get_last_u8(CBS *cbs, uint8_t *out); + +/* + * CBS_get_bytes sets |*out| to the next |len| bytes from |cbs| and advances + * |cbs|. It returns one on success and zero on error. + */ +int CBS_get_bytes(CBS *cbs, CBS *out, size_t len); + +/* + * CBS_get_u8_length_prefixed sets |*out| to the contents of an 8-bit, + * length-prefixed value from |cbs| and advances |cbs| over it. It returns one + * on success and zero on error. + */ +int CBS_get_u8_length_prefixed(CBS *cbs, CBS *out); + +/* + * CBS_get_u16_length_prefixed sets |*out| to the contents of a 16-bit, + * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It + * returns one on success and zero on error. + */ +int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out); + +/* + * CBS_get_u24_length_prefixed sets |*out| to the contents of a 24-bit, + * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It + * returns one on success and zero on error. + */ +int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out); + +/* + * CBS_peek_u8 sets |*out| to the next uint8_t from |cbs|, but does not advance + * |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_u8(CBS *cbs, uint8_t *out); + +/* + * CBS_peek_u16 sets |*out| to the next, big-endian uint16_t from |cbs|, but + * does not advance |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_u16(CBS *cbs, uint16_t *out); + +/* + * CBS_peek_u24 sets |*out| to the next, big-endian 24-bit value from |cbs|, but + * does not advance |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_u24(CBS *cbs, uint32_t *out); + +/* + * CBS_peek_u32 sets |*out| to the next, big-endian uint32_t value from |cbs|, + * but does not advance |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_u32(CBS *cbs, uint32_t *out); + +/* + * CBS_peek_last_u8 sets |*out| to the last uint8_t from |cbs|, but does not + * shorten |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_last_u8(CBS *cbs, uint8_t *out); + + +/* Parsing ASN.1 */ + +/* + * While an identifier can be multiple octets, this library only handles the + * single octet variety currently. This limits support up to tag number 30 + * since tag number 31 is a reserved value to indicate multiple octets. + */ + +/* Bits 8 and 7: class tag type: See X.690 section 8.1.2.2. */ +#define CBS_ASN1_UNIVERSAL 0x00 +#define CBS_ASN1_APPLICATION 0x40 +#define CBS_ASN1_CONTEXT_SPECIFIC 0x80 +#define CBS_ASN1_PRIVATE 0xc0 + +/* Bit 6: Primitive or constructed: See X.690 section 8.1.2.3. */ +#define CBS_ASN1_PRIMITIVE 0x00 +#define CBS_ASN1_CONSTRUCTED 0x20 + +/* + * Bits 5 to 1 are the tag number. See X.680 section 8.6 for tag numbers of + * the universal class. + */ + +/* + * Common universal identifier octets. + * See X.690 section 8.1 and X.680 section 8.6 for universal tag numbers. + * + * Note: These definitions are the cause of some of the strange behavior in + * CBS's bs_ber.c. + * + * In BER, it is the sender's option to use primitive or constructed for + * bitstring (X.690 section 8.6.1) and octetstring (X.690 section 8.7.1). + * + * In DER, bitstring and octetstring are required to be primitive + * (X.690 section 10.2). + */ +#define CBS_ASN1_BOOLEAN (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x1) +#define CBS_ASN1_INTEGER (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x2) +#define CBS_ASN1_BITSTRING (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x3) +#define CBS_ASN1_OCTETSTRING (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x4) +#define CBS_ASN1_OBJECT (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x6) +#define CBS_ASN1_ENUMERATED (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0xa) +#define CBS_ASN1_SEQUENCE (CBS_ASN1_UNIVERSAL | CBS_ASN1_CONSTRUCTED | 0x10) +#define CBS_ASN1_SET (CBS_ASN1_UNIVERSAL | CBS_ASN1_CONSTRUCTED | 0x11) + +/* + * CBS_get_asn1 sets |*out| to the contents of DER-encoded, ASN.1 element (not + * including tag and length bytes) and advances |cbs| over it. The ASN.1 + * element must match |tag_value|. It returns one on success and zero + * on error. + * + * Tag numbers greater than 30 are not supported (i.e. short form only). + */ +int CBS_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value); + +/* + * CBS_get_asn1_element acts like |CBS_get_asn1| but |out| will include the + * ASN.1 header bytes too. + */ +int CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned int tag_value); + +/* + * CBS_peek_asn1_tag looks ahead at the next ASN.1 tag and returns one + * if the next ASN.1 element on |cbs| would have tag |tag_value|. If + * |cbs| is empty or the tag does not match, it returns zero. Note: if + * it returns one, CBS_get_asn1 may still fail if the rest of the + * element is malformed. + */ +int CBS_peek_asn1_tag(const CBS *cbs, unsigned int tag_value); + +/* + * CBS_get_any_asn1_element sets |*out| to contain the next ASN.1 element from + * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to + * the tag number and |*out_header_len| to the length of the ASN.1 header. + * Each of |out|, |out_tag|, and |out_header_len| may be NULL to ignore + * the value. + * + * Tag numbers greater than 30 are not supported (i.e. short form only). + */ +int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag, + size_t *out_header_len); + +/* + * CBS_get_asn1_uint64 gets an ASN.1 INTEGER from |cbs| using |CBS_get_asn1| + * and sets |*out| to its value. It returns one on success and zero on error, + * where error includes the integer being negative, or too large to represent + * in 64 bits. + */ +int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out); + +/* + * CBS_get_optional_asn1 gets an optional explicitly-tagged element + * from |cbs| tagged with |tag| and sets |*out| to its contents. If + * present, it sets |*out_present| to one, otherwise zero. It returns + * one on success, whether or not the element was present, and zero on + * decode failure. + */ +int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, + unsigned int tag); + +/* + * CBS_get_optional_asn1_octet_string gets an optional + * explicitly-tagged OCTET STRING from |cbs|. If present, it sets + * |*out| to the string and |*out_present| to one. Otherwise, it sets + * |*out| to empty and |*out_present| to zero. |out_present| may be + * NULL. It returns one on success, whether or not the element was + * present, and zero on decode failure. + */ +int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present, + unsigned int tag); + +/* + * CBS_get_optional_asn1_uint64 gets an optional explicitly-tagged + * INTEGER from |cbs|. If present, it sets |*out| to the + * value. Otherwise, it sets |*out| to |default_value|. It returns one + * on success, whether or not the element was present, and zero on + * decode failure. + */ +int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned int tag, + uint64_t default_value); + +/* + * CBS_get_optional_asn1_bool gets an optional, explicitly-tagged BOOLEAN from + * |cbs|. If present, it sets |*out| to either zero or one, based on the + * boolean. Otherwise, it sets |*out| to |default_value|. It returns one on + * success, whether or not the element was present, and zero on decode + * failure. + */ +int CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned int tag, + int default_value); + + +/* + * CRYPTO ByteBuilder. + * + * |CBB| objects allow one to build length-prefixed serialisations. A |CBB| + * object is associated with a buffer and new buffers are created with + * |CBB_init|. Several |CBB| objects can point at the same buffer when a + * length-prefix is pending, however only a single |CBB| can be 'current' at + * any one time. For example, if one calls |CBB_add_u8_length_prefixed| then + * the new |CBB| points at the same buffer as the original. But if the original + * |CBB| is used then the length prefix is written out and the new |CBB| must + * not be used again. + * + * If one needs to force a length prefix to be written out because a |CBB| is + * going out of scope, use |CBB_flush|. + */ + +struct cbb_buffer_st { + uint8_t *buf; + + /* The number of valid bytes. */ + size_t len; + + /* The size of buf. */ + size_t cap; + + /* + * One iff |buf| is owned by this object. If not then |buf| cannot be + * resized. + */ + char can_resize; +}; + +typedef struct cbb_st { + struct cbb_buffer_st *base; + + /* + * offset is the offset from the start of |base->buf| to the position of any + * pending length-prefix. + */ + size_t offset; + + /* child points to a child CBB if a length-prefix is pending. */ + struct cbb_st *child; + + /* + * pending_len_len contains the number of bytes in a pending length-prefix, + * or zero if no length-prefix is pending. + */ + uint8_t pending_len_len; + + char pending_is_asn1; + + /* + * is_top_level is true iff this is a top-level |CBB| (as opposed to a child + * |CBB|). Top-level objects are valid arguments for |CBB_finish|. + */ + char is_top_level; +} CBB; + +/* + * CBB_init initialises |cbb| with |initial_capacity|. Since a |CBB| grows as + * needed, the |initial_capacity| is just a hint. It returns one on success or + * zero on error. + */ +int CBB_init(CBB *cbb, size_t initial_capacity); + +/* + * CBB_init_fixed initialises |cbb| to write to |len| bytes at |buf|. Since + * |buf| cannot grow, trying to write more than |len| bytes will cause CBB + * functions to fail. It returns one on success or zero on error. + */ +int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len); + +/* + * CBB_cleanup frees all resources owned by |cbb| and other |CBB| objects + * writing to the same buffer. This should be used in an error case where a + * serialisation is abandoned. + */ +void CBB_cleanup(CBB *cbb); + +/* + * CBB_finish completes any pending length prefix and sets |*out_data| to a + * malloced buffer and |*out_len| to the length of that buffer. The caller + * takes ownership of the buffer and, unless the buffer was fixed with + * |CBB_init_fixed|, must call |free| when done. + * + * It can only be called on a "top level" |CBB|, i.e. one initialised with + * |CBB_init| or |CBB_init_fixed|. It returns one on success and zero on + * error. + */ +int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len); + +/* + * CBB_flush causes any pending length prefixes to be written out and any child + * |CBB| objects of |cbb| to be invalidated. It returns one on success or zero + * on error. + */ +int CBB_flush(CBB *cbb); + +/* + * CBB_discard_child discards the current unflushed child of |cbb|. Neither the + * child's contents nor the length prefix will be included in the output. + */ +void CBB_discard_child(CBB *cbb); + +/* + * CBB_add_u8_length_prefixed sets |*out_contents| to a new child of |cbb|. The + * data written to |*out_contents| will be prefixed in |cbb| with an 8-bit + * length. It returns one on success or zero on error. + */ +int CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents); + +/* + * CBB_add_u16_length_prefixed sets |*out_contents| to a new child of |cbb|. + * The data written to |*out_contents| will be prefixed in |cbb| with a 16-bit, + * big-endian length. It returns one on success or zero on error. + */ +int CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents); + +/* + * CBB_add_u24_length_prefixed sets |*out_contents| to a new child of |cbb|. + * The data written to |*out_contents| will be prefixed in |cbb| with a 24-bit, + * big-endian length. It returns one on success or zero on error. + */ +int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents); + +/* + * CBB_add_asn sets |*out_contents| to a |CBB| into which the contents of an + * ASN.1 object can be written. The |tag| argument will be used as the tag for + * the object. Passing in |tag| number 31 will return in an error since only + * single octet identifiers are supported. It returns one on success or zero + * on error. + */ +int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag); + +/* + * CBB_add_bytes appends |len| bytes from |data| to |cbb|. It returns one on + * success and zero otherwise. + */ +int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len); + +/* + * CBB_add_space appends |len| bytes to |cbb| and sets |*out_data| to point to + * the beginning of that space. The caller must then write |len| bytes of + * actual contents to |*out_data|. It returns one on success and zero + * otherwise. + */ +int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len); + +/* + * CBB_add_u8 appends an 8-bit number from |value| to |cbb|. It returns one on + * success and zero otherwise. + */ +int CBB_add_u8(CBB *cbb, size_t value); + +/* + * CBB_add_u8 appends a 16-bit, big-endian number from |value| to |cbb|. It + * returns one on success and zero otherwise. + */ +int CBB_add_u16(CBB *cbb, size_t value); + +/* + * CBB_add_u24 appends a 24-bit, big-endian number from |value| to |cbb|. It + * returns one on success and zero otherwise. + */ +int CBB_add_u24(CBB *cbb, size_t value); + +/* + * CBB_add_u32 appends a 32-bit, big-endian number from |value| to |cbb|. It + * returns one on success and zero otherwise. + */ +int CBB_add_u32(CBB *cbb, size_t value); + +/* + * CBB_add_u64 appends a 64-bit, big-endian number from |value| to |cbb|. It + * returns one on success and zero otherwise. + */ +int CBB_add_u64(CBB *cbb, uint64_t value); + +/* + * CBB_add_asn1_uint64 writes an ASN.1 INTEGER into |cbb| using |CBB_add_asn1| + * and writes |value| in its contents. It returns one on success and zero on + * error. + */ +int CBB_add_asn1_uint64(CBB *cbb, uint64_t value); + +#ifdef LIBRESSL_INTERNAL +/* + * CBS_dup sets |out| to point to cbs's |data| and |len|. It results in two + * CBS that point to the same buffer. + */ +void CBS_dup(const CBS *cbs, CBS *out); + +/* + * cbs_get_any_asn1_element sets |*out| to contain the next ASN.1 element from + * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to + * the tag number and |*out_header_len| to the length of the ASN.1 header. If + * strict mode is disabled and the element has indefinite length then |*out| + * will only contain the header. Each of |out|, |out_tag|, and + * |out_header_len| may be NULL to ignore the value. + * + * Tag numbers greater than 30 are not supported (i.e. short form only). + */ +int cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned int *out_tag, + size_t *out_header_len, int strict); + +/* + * CBS_asn1_indefinite_to_definite reads an ASN.1 structure from |in|. If it + * finds indefinite-length elements that otherwise appear to be valid DER, it + * attempts to convert the DER-like data to DER and sets |*out| and + * |*out_length| to describe a malloced buffer containing the DER data. + * Additionally, |*in| will be advanced over the ASN.1 data. + * + * If it doesn't find any indefinite-length elements then it sets |*out| to + * NULL and |*in| is unmodified. + * + * This is NOT a conversion from BER to DER. There are many restrictions when + * dealing with DER data. This is only concerned with one: indefinite vs. + * definite form. However, this suffices to handle the PKCS#7 and PKCS#12 output + * from NSS. + * + * It returns one on success and zero otherwise. + */ +int CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len); +#endif /* LIBRESSL_INTERNAL */ + +__END_HIDDEN_DECLS + +#endif /* OPENSSL_HEADER_BYTESTRING_H */ diff --git a/crypto/chacha/chacha-merged.c b/crypto/chacha/chacha-merged.c index 67508f20..d24912da 100644 --- a/crypto/chacha/chacha-merged.c +++ b/crypto/chacha/chacha-merged.c @@ -1,41 +1,38 @@ -/* $OpenBSD: chacha-merged.c,v 1.9 2019/01/22 00:59:21 dlg Exp $ */ +/* $OpenBSD: chacha-merged.c,v 1.10 2021/10/22 17:43:00 tb Exp $ */ /* chacha-merged.c version 20080118 D. J. Bernstein Public domain. */ -#include - #include -#define CHACHA_MINKEYLEN 16 +#define CHACHA_MINKEYLEN 16 #define CHACHA_NONCELEN 8 #define CHACHA_CTRLEN 8 #define CHACHA_STATELEN (CHACHA_NONCELEN+CHACHA_CTRLEN) #define CHACHA_BLOCKLEN 64 +typedef uint8_t u8; +typedef uint32_t u32; + struct chacha_ctx { - u_int input[16]; - uint8_t ks[CHACHA_BLOCKLEN]; - uint8_t unused; + u32 input[16]; + u8 ks[CHACHA_BLOCKLEN]; + u8 unused; }; -static inline void chacha_keysetup(struct chacha_ctx *x, const u_char *k, - u_int kbits) +static inline void chacha_keysetup(struct chacha_ctx *x, const u8 *k, u32 kbits) __attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN))); -static inline void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv, - const u_char *ctr) +static inline void chacha_ivsetup(struct chacha_ctx *x, const u8 *iv, + const u8 *ctr) __attribute__((__bounded__(__minbytes__, 2, CHACHA_NONCELEN))) __attribute__((__bounded__(__minbytes__, 3, CHACHA_CTRLEN))); -static inline void chacha_encrypt_bytes(struct chacha_ctx *x, const u_char *m, - u_char *c, u_int bytes) +static inline void chacha_encrypt_bytes(struct chacha_ctx *x, const u8 *m, + u8 *c, u32 bytes) __attribute__((__bounded__(__buffer__, 2, 4))) __attribute__((__bounded__(__buffer__, 3, 4))); -typedef unsigned char u8; -typedef unsigned int u32; - typedef struct chacha_ctx chacha_ctx; #define U8C(v) (v##U) @@ -127,7 +124,7 @@ chacha_encrypt_bytes(chacha_ctx *x, const u8 *m, u8 *c, u32 bytes) u32 j8, j9, j10, j11, j12, j13, j14, j15; u8 *ctarget = NULL; u8 tmp[64]; - u_int i; + u32 i; if (!bytes) return; diff --git a/crypto/chacha/chacha.c b/crypto/chacha/chacha.c index 6a2dddf0..0ce45451 100644 --- a/crypto/chacha/chacha.c +++ b/crypto/chacha/chacha.c @@ -1,4 +1,4 @@ -/* $OpenBSD: chacha.c,v 1.8 2019/01/22 00:59:21 dlg Exp $ */ +/* $OpenBSD: chacha.c,v 1.9 2022/08/20 18:44:58 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -40,6 +40,7 @@ void ChaCha(ChaCha_ctx *ctx, unsigned char *out, const unsigned char *in, size_t len) { unsigned char *k; + uint64_t n; int i, l; /* Consume remaining keystream, if any exists. */ @@ -52,7 +53,16 @@ ChaCha(ChaCha_ctx *ctx, unsigned char *out, const unsigned char *in, size_t len) len -= l; } - chacha_encrypt_bytes((chacha_ctx *)ctx, in, out, (uint32_t)len); + while (len > 0) { + if ((n = len) > UINT32_MAX) + n = UINT32_MAX; + + chacha_encrypt_bytes((chacha_ctx *)ctx, in, out, (uint32_t)n); + + in += n; + out += n; + len -= n; + } } void @@ -60,6 +70,7 @@ CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t len, const unsigned char key[32], const unsigned char iv[8], uint64_t counter) { struct chacha_ctx ctx; + uint64_t n; /* * chacha_ivsetup expects the counter to be in u8. Rather than @@ -73,7 +84,16 @@ CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t len, ctx.input[13] = (uint32_t)(counter >> 32); } - chacha_encrypt_bytes(&ctx, in, out, (uint32_t)len); + while (len > 0) { + if ((n = len) > UINT32_MAX) + n = UINT32_MAX; + + chacha_encrypt_bytes(&ctx, in, out, (uint32_t)n); + + in += n; + out += n; + len -= n; + } } void diff --git a/crypto/cmac/cm_ameth.c b/crypto/cmac/cm_ameth.c index e7e7fe0f..26956465 100644 --- a/crypto/cmac/cm_ameth.c +++ b/crypto/cmac/cm_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cm_ameth.c,v 1.7 2014/07/12 16:03:37 miod Exp $ */ +/* $OpenBSD: cm_ameth.c,v 1.8 2021/12/12 21:30:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2010. */ @@ -57,6 +57,7 @@ #include #include "asn1_locl.h" +#include "evp_locl.h" /* CMAC "ASN1" method. This is just here to indicate the * maximum CMAC output length and to free up a CMAC diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index d01ae0f3..cd286f88 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cmac.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */ +/* $OpenBSD: cmac.c,v 1.11 2021/12/12 21:30:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -57,6 +57,8 @@ #include +#include "evp_locl.h" + struct CMAC_CTX_st { /* Cipher context to use */ EVP_CIPHER_CTX cctx; diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index ac53fec1..cc00aef0 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_asn1.c,v 1.18 2019/08/11 10:43:57 jsing Exp $ */ +/* $OpenBSD: cms_asn1.c,v 1.19 2022/01/14 08:16:13 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -1323,7 +1323,6 @@ static const ASN1_ADB_TABLE CMS_ContentInfo_adbtbl[] = { static const ASN1_ADB CMS_ContentInfo_adb = { .flags = 0, .offset = offsetof(CMS_ContentInfo, contentType), - .app_items = 0, .tbl = CMS_ContentInfo_adbtbl, .tblcount = sizeof(CMS_ContentInfo_adbtbl) / sizeof(ASN1_ADB_TABLE), .default_tt = &cms_default_tt, diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index fd2df99c..ccbb6a5d 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_enc.c,v 1.20 2019/08/11 11:04:18 jsing Exp $ */ +/* $OpenBSD: cms_enc.c,v 1.21 2022/01/20 10:58:35 inoguchi Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -151,7 +151,7 @@ cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) if (ec->keylen != tkeylen) { /* If necessary set key length */ - if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) { + if (!EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen)) { /* * Only reveal failure if debugging so we don't leak information * which may be useful in MMA. diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c index 2fd550ca..07869ff9 100644 --- a/crypto/cms/cms_err.c +++ b/crypto/cms/cms_err.c @@ -1,6 +1,5 @@ -/* $OpenBSD: cms_err.c,v 1.12 2020/06/05 16:51:12 jsing Exp $ */ +/* $OpenBSD: cms_err.c,v 1.13 2022/07/12 14:42:48 kn Exp $ */ /* - * Generated by util/mkerr.pl DO NOT EDIT * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index b6580dd6..21adef7a 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_lib.c,v 1.14 2019/08/12 18:13:13 jsing Exp $ */ +/* $OpenBSD: cms_lib.c,v 1.15 2021/11/01 20:53:08 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -59,8 +59,9 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_lcl.h" +#include "x509_lcl.h" CMS_ContentInfo * d2i_CMS_ContentInfo(CMS_ContentInfo **a, const unsigned char **in, long len) diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index cf28dfc8..eb241a60 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_pwri.c,v 1.26 2019/08/12 18:04:57 jsing Exp $ */ +/* $OpenBSD: cms_pwri.c,v 1.27 2022/01/19 13:47:44 inoguchi Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -126,7 +126,9 @@ CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter, int wrap_nid, if (encalg == NULL) { goto merr; } - ctx = EVP_CIPHER_CTX_new(); + + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) + goto merr; if (EVP_EncryptInit_ex(ctx, kekciph, NULL, NULL, NULL) <= 0) { CMSerror(ERR_R_EVP_LIB); diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 95343d08..29dbfb2d 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_sd.c,v 1.23 2019/08/11 14:35:57 jsing Exp $ */ +/* $OpenBSD: cms_sd.c,v 1.24 2022/08/28 18:27:47 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -955,9 +955,12 @@ CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, int algnid, int keysize) ASN1_INTEGER *key = NULL; if (keysize > 0) { - key = ASN1_INTEGER_new(); - if (key == NULL || !ASN1_INTEGER_set(key, keysize)) + if ((key = ASN1_INTEGER_new()) == NULL) return 0; + if (!ASN1_INTEGER_set(key, keysize)) { + ASN1_INTEGER_free(key); + return 0; + } } alg = X509_ALGOR_new(); if (alg == NULL) { diff --git a/crypto/comp/c_rle.c b/crypto/comp/c_rle.c index 7004c350..93b2f3c7 100644 --- a/crypto/comp/c_rle.c +++ b/crypto/comp/c_rle.c @@ -1,10 +1,12 @@ -/* $OpenBSD: c_rle.c,v 1.8 2014/11/03 16:58:28 tedu Exp $ */ +/* $OpenBSD: c_rle.c,v 1.9 2022/01/09 23:50:10 tb Exp $ */ #include #include #include #include #include +#include "comp_local.h" + static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, unsigned int olen, unsigned char *in, unsigned int ilen); static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index 0cdbb205..bdcd7e0f 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: c_zlib.c,v 1.20 2018/03/17 16:20:01 beck Exp $ */ +/* $OpenBSD: c_zlib.c,v 1.22 2022/01/14 08:40:57 tb Exp $ */ #include #include #include @@ -6,6 +6,8 @@ #include #include +#include "comp_local.h" + COMP_METHOD *COMP_zlib(void ); static COMP_METHOD zlib_method_nozlib = { @@ -232,7 +234,7 @@ static int bio_zlib_free(BIO *bi); static int bio_zlib_read(BIO *b, char *out, int outl); static int bio_zlib_write(BIO *b, const char *in, int inl); static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr); -static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp); +static long bio_zlib_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); static BIO_METHOD bio_meth_zlib = { .type = BIO_TYPE_COMP, @@ -553,7 +555,7 @@ bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) static long -bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +bio_zlib_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { if (!b->next_bio) return 0; diff --git a/crypto/comp/comp_err.c b/crypto/comp/comp_err.c index be8a8fc7..eb5fc0ad 100644 --- a/crypto/comp/comp_err.c +++ b/crypto/comp/comp_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: comp_err.c,v 1.10 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: comp_err.c,v 1.12 2022/07/12 14:42:48 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * @@ -60,7 +60,8 @@ #include #include -/* BEGIN ERROR CODES */ +#include "comp_local.h" + #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0) diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c index dde238ef..3f914a75 100644 --- a/crypto/comp/comp_lib.c +++ b/crypto/comp/comp_lib.c @@ -1,10 +1,12 @@ -/* $OpenBSD: comp_lib.c,v 1.8 2014/11/03 16:58:28 tedu Exp $ */ +/* $OpenBSD: comp_lib.c,v 1.9 2022/01/09 23:50:10 tb Exp $ */ #include #include #include #include #include +#include "comp_local.h" + COMP_CTX * COMP_CTX_new(COMP_METHOD *meth) { diff --git a/crypto/comp/comp_local.h b/crypto/comp/comp_local.h new file mode 100644 index 00000000..fc188871 --- /dev/null +++ b/crypto/comp/comp_local.h @@ -0,0 +1,36 @@ +/* $OpenBSD: comp_local.h,v 1.2 2022/01/14 08:21:12 tb Exp $ */ + +#ifndef HEADER_COMP_LOCAL_H +#define HEADER_COMP_LOCAL_H + +__BEGIN_HIDDEN_DECLS + +struct CMP_CTX; + +struct comp_method_st { + int type; /* NID for compression library */ + const char *name; /* A text string to identify the library */ + int (*init)(COMP_CTX *ctx); + void (*finish)(COMP_CTX *ctx); + int (*compress)(COMP_CTX *ctx, unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); + int (*expand)(COMP_CTX *ctx, unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); + /* The following two do NOTHING, but are kept for backward compatibility */ + long (*ctrl)(void); + long (*callback_ctrl)(void); +} /* COMP_METHOD */; + +struct comp_ctx_st { + COMP_METHOD *meth; + unsigned long compress_in; + unsigned long compress_out; + unsigned long expand_in; + unsigned long expand_out; + + CRYPTO_EX_DATA ex_data; +} /* COMP_CTX */; + +__END_HIDDEN_DECLS + +#endif /* !HEADER_COMP_LOCAL_H */ diff --git a/crypto/compat/arc4random.c b/crypto/compat/arc4random.c index 2bb4dbfd..1ec8e1ee 100644 --- a/crypto/compat/arc4random.c +++ b/crypto/compat/arc4random.c @@ -1,4 +1,4 @@ -/* $OpenBSD: arc4random.c,v 1.55 2019/03/24 17:56:54 deraadt Exp $ */ +/* $OpenBSD: arc4random.c,v 1.58 2022/07/31 13:41:45 tb Exp $ */ /* * Copyright (c) 1996, David Mazieres @@ -49,6 +49,8 @@ #define BLOCKSZ 64 #define RSBUFSZ (16*BLOCKSZ) +#define REKEY_BASE (1024*1024) /* NB. should be a power of 2 */ + /* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */ static struct _rs { size_t rs_have; /* valid bytes at end of rs_buf */ @@ -78,7 +80,7 @@ _rs_init(u_char *buf, size_t n) _exit(1); } - chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0); + chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8); chacha_ivsetup(&rsx->rs_chacha, buf + KEYSZ); } @@ -86,6 +88,7 @@ static void _rs_stir(void) { u_char rnd[KEYSZ + IVSZ]; + uint32_t rekey_fuzz = 0; if (getentropy(rnd, sizeof rnd) == -1) _getentropy_fail(); @@ -100,7 +103,10 @@ _rs_stir(void) rs->rs_have = 0; memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); - rs->rs_count = 1600000; + /* rekey interval should not be predictable */ + chacha_encrypt_bytes(&rsx->rs_chacha, (uint8_t *)&rekey_fuzz, + (uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz)); + rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE); } static inline void diff --git a/crypto/compat/chacha_private.h b/crypto/compat/chacha_private.h index 7c3680fa..b0427b6b 100644 --- a/crypto/compat/chacha_private.h +++ b/crypto/compat/chacha_private.h @@ -4,7 +4,7 @@ D. J. Bernstein Public domain. */ -/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */ +/* $OpenBSD: chacha_private.h,v 1.3 2022/02/28 21:56:29 dtucker Exp $ */ typedef unsigned char u8; typedef unsigned int u32; @@ -52,7 +52,7 @@ static const char sigma[16] = "expand 32-byte k"; static const char tau[16] = "expand 16-byte k"; static void -chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits) +chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits) { const char *constants; diff --git a/crypto/compat/getentropy_aix.c b/crypto/compat/getentropy_aix.c index 422e685d..7fb857e6 100644 --- a/crypto/compat/getentropy_aix.c +++ b/crypto/compat/getentropy_aix.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_aix.c,v 1.7 2020/05/17 14:44:20 deraadt Exp $ */ +/* $OpenBSD: getentropy_aix.c,v 1.8 2021/10/24 21:24:20 deraadt Exp $ */ /* * Copyright (c) 2015 Michael Felt @@ -134,7 +134,7 @@ getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck) #ifdef O_CLOEXEC flags |= O_CLOEXEC; #endif - fd = open(path, flags, 0); + fd = open(path, flags); if (fd == -1) { if (errno == EINTR) goto start; diff --git a/crypto/compat/getentropy_hpux.c b/crypto/compat/getentropy_hpux.c index c981880a..7188ae5e 100644 --- a/crypto/compat/getentropy_hpux.c +++ b/crypto/compat/getentropy_hpux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_hpux.c,v 1.7 2020/05/17 14:44:20 deraadt Exp $ */ +/* $OpenBSD: getentropy_hpux.c,v 1.8 2021/10/24 21:24:20 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt @@ -138,7 +138,7 @@ getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck) #ifdef O_CLOEXEC flags |= O_CLOEXEC; #endif - fd = open(path, flags, 0); + fd = open(path, flags); if (fd == -1) { if (errno == EINTR) goto start; diff --git a/crypto/compat/getentropy_linux.c b/crypto/compat/getentropy_linux.c index bc7a6bef..c7c39c23 100644 --- a/crypto/compat/getentropy_linux.c +++ b/crypto/compat/getentropy_linux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_linux.c,v 1.47 2020/05/17 14:44:20 deraadt Exp $ */ +/* $OpenBSD: getentropy_linux.c,v 1.48 2021/10/24 21:24:20 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt @@ -212,7 +212,7 @@ getentropy_urandom(void *buf, size_t len) #ifdef O_CLOEXEC flags |= O_CLOEXEC; #endif - fd = open("/dev/urandom", flags, 0); + fd = open("/dev/urandom", flags); if (fd == -1) { if (errno == EINTR) goto start; diff --git a/crypto/compat/getentropy_osx.c b/crypto/compat/getentropy_osx.c index 5d4067bb..db028d19 100644 --- a/crypto/compat/getentropy_osx.c +++ b/crypto/compat/getentropy_osx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_osx.c,v 1.13 2020/05/17 14:44:20 deraadt Exp $ */ +/* $OpenBSD: getentropy_osx.c,v 1.14 2021/10/24 21:24:20 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt @@ -158,7 +158,7 @@ getentropy_urandom(void *buf, size_t len) #ifdef O_CLOEXEC flags |= O_CLOEXEC; #endif - fd = open("/dev/urandom", flags, 0); + fd = open("/dev/urandom", flags); if (fd == -1) { if (errno == EINTR) goto start; diff --git a/crypto/compat/getentropy_solaris.c b/crypto/compat/getentropy_solaris.c index cf5b9bff..e36426ca 100644 --- a/crypto/compat/getentropy_solaris.c +++ b/crypto/compat/getentropy_solaris.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_solaris.c,v 1.14 2020/05/17 14:44:20 deraadt Exp $ */ +/* $OpenBSD: getentropy_solaris.c,v 1.15 2021/10/24 21:24:20 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt @@ -164,7 +164,7 @@ getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck) #ifdef O_CLOEXEC flags |= O_CLOEXEC; #endif - fd = open(path, flags, 0); + fd = open(path, flags); if (fd == -1) { if (errno == EINTR) goto start; diff --git a/crypto/compat/strtonum.c b/crypto/compat/strtonum.c new file mode 100644 index 00000000..fdfc72aa --- /dev/null +++ b/crypto/compat/strtonum.c @@ -0,0 +1,65 @@ +/* $OpenBSD: strtonum.c,v 1.8 2015/09/13 08:31:48 guenther Exp $ */ + +/* + * Copyright (c) 2004 Ted Unangst and Todd Miller + * All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include + +#define INVALID 1 +#define TOOSMALL 2 +#define TOOLARGE 3 + +long long +strtonum(const char *numstr, long long minval, long long maxval, + const char **errstrp) +{ + long long ll = 0; + int error = 0; + char *ep; + struct errval { + const char *errstr; + int err; + } ev[4] = { + { NULL, 0 }, + { "invalid", EINVAL }, + { "too small", ERANGE }, + { "too large", ERANGE }, + }; + + ev[0].err = errno; + errno = 0; + if (minval > maxval) { + error = INVALID; + } else { + ll = strtoll(numstr, &ep, 10); + if (numstr == ep || *ep != '\0') + error = INVALID; + else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval) + error = TOOSMALL; + else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval) + error = TOOLARGE; + } + if (errstrp != NULL) + *errstrp = ev[error].errstr; + errno = ev[error].err; + if (error) + ll = 0; + + return (ll); +} diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c index 1e5eaff6..e6c707ab 100644 --- a/crypto/conf/conf_err.c +++ b/crypto/conf/conf_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf_err.c,v 1.14 2020/02/17 12:51:48 inoguchi Exp $ */ +/* $OpenBSD: conf_err.c,v 1.15 2022/07/12 14:42:48 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0) diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c index 4ac32a28..718c7260 100644 --- a/crypto/cpt_err.c +++ b/crypto/cpt_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cpt_err.c,v 1.13 2014/07/10 22:45:56 jsing Exp $ */ +/* $OpenBSD: cpt_err.c,v 1.14 2022/07/12 14:42:48 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0) diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h index d44738bf..6c3731d9 100644 --- a/crypto/cryptlib.h +++ b/crypto/cryptlib.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptlib.h,v 1.25 2016/11/04 17:30:30 miod Exp $ */ +/* $OpenBSD: cryptlib.h,v 1.26 2021/11/24 01:12:43 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -72,6 +72,9 @@ extern "C" { #define X509_CERT_DIR_EVP "SSL_CERT_DIR" #define X509_CERT_FILE_EVP "SSL_CERT_FILE" +#define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" +#define CTLOG_FILE_EVP "CTLOG_FILE" + void OPENSSL_cpuid_setup(void); #ifdef __cplusplus diff --git a/crypto/crypto.sym b/crypto/crypto.sym index e690e4f2..0402d678 100644 --- a/crypto/crypto.sym +++ b/crypto/crypto.sym @@ -16,6 +16,15 @@ AES_set_decrypt_key AES_set_encrypt_key AES_unwrap_key AES_wrap_key +ASIdOrRange_free +ASIdOrRange_it +ASIdOrRange_new +ASIdentifierChoice_free +ASIdentifierChoice_it +ASIdentifierChoice_new +ASIdentifiers_free +ASIdentifiers_it +ASIdentifiers_new ASN1_ANY_it ASN1_BIT_STRING_check ASN1_BIT_STRING_free @@ -30,14 +39,14 @@ ASN1_BIT_STRING_set_bit ASN1_BMPSTRING_free ASN1_BMPSTRING_it ASN1_BMPSTRING_new -ASN1_BOOLEAN_it ASN1_ENUMERATED_free ASN1_ENUMERATED_get +ASN1_ENUMERATED_get_int64 ASN1_ENUMERATED_it ASN1_ENUMERATED_new ASN1_ENUMERATED_set +ASN1_ENUMERATED_set_int64 ASN1_ENUMERATED_to_BN -ASN1_FBOOLEAN_it ASN1_GENERALIZEDTIME_adj ASN1_GENERALIZEDTIME_check ASN1_GENERALIZEDTIME_free @@ -56,9 +65,13 @@ ASN1_INTEGER_cmp ASN1_INTEGER_dup ASN1_INTEGER_free ASN1_INTEGER_get +ASN1_INTEGER_get_int64 +ASN1_INTEGER_get_uint64 ASN1_INTEGER_it ASN1_INTEGER_new ASN1_INTEGER_set +ASN1_INTEGER_set_int64 +ASN1_INTEGER_set_uint64 ASN1_INTEGER_to_BN ASN1_NULL_free ASN1_NULL_it @@ -123,17 +136,22 @@ ASN1_STRING_type_new ASN1_T61STRING_free ASN1_T61STRING_it ASN1_T61STRING_new -ASN1_TBOOLEAN_it ASN1_TIME_adj ASN1_TIME_check +ASN1_TIME_cmp_time_t +ASN1_TIME_compare +ASN1_TIME_diff ASN1_TIME_free ASN1_TIME_it ASN1_TIME_new +ASN1_TIME_normalize ASN1_TIME_print ASN1_TIME_set ASN1_TIME_set_string +ASN1_TIME_set_string_X509 ASN1_TIME_set_tm ASN1_TIME_to_generalizedtime +ASN1_TIME_to_tm ASN1_TYPE_cmp ASN1_TYPE_free ASN1_TYPE_get @@ -165,8 +183,6 @@ ASN1_VISIBLESTRING_it ASN1_VISIBLESTRING_new ASN1_add_oid_module ASN1_bn_print -ASN1_check_infinite_end -ASN1_const_check_infinite_end ASN1_d2i_bio ASN1_d2i_fp ASN1_dup @@ -214,6 +230,9 @@ ASN1_template_new ASN1_time_parse ASN1_time_tm_clamp_notafter ASN1_time_tm_cmp +ASRange_free +ASRange_it +ASRange_new AUTHORITY_INFO_ACCESS_free AUTHORITY_INFO_ACCESS_it AUTHORITY_INFO_ACCESS_new @@ -272,10 +291,12 @@ BIO_free_all BIO_get_accept_socket BIO_get_callback BIO_get_callback_arg +BIO_get_callback_ex BIO_get_data BIO_get_ex_data BIO_get_ex_new_index BIO_get_host_ip +BIO_get_init BIO_get_new_index BIO_get_port BIO_get_retry_BIO @@ -344,11 +365,14 @@ BIO_s_socket BIO_set BIO_set_callback BIO_set_callback_arg +BIO_set_callback_ex BIO_set_cipher BIO_set_data BIO_set_ex_data BIO_set_flags BIO_set_init +BIO_set_next +BIO_set_retry_reason BIO_set_shutdown BIO_set_tcp_ndelay BIO_snprintf @@ -388,6 +412,8 @@ BN_GENCB_call BN_GENCB_free BN_GENCB_get_arg BN_GENCB_new +BN_GENCB_set +BN_GENCB_set_old BN_GF2m_add BN_GF2m_arr2poly BN_GF2m_mod @@ -420,15 +446,16 @@ BN_RECP_CTX_set BN_X931_derive_prime_ex BN_X931_generate_Xpq BN_X931_generate_prime_ex +BN_abs_is_word BN_add BN_add_word BN_asc2bn BN_bin2bn BN_bn2bin BN_bn2binpad -BN_bn2lebinpad BN_bn2dec BN_bn2hex +BN_bn2lebinpad BN_bn2mpi BN_clear BN_clear_bit @@ -452,6 +479,7 @@ BN_get0_nist_prime_224 BN_get0_nist_prime_256 BN_get0_nist_prime_384 BN_get0_nist_prime_521 +BN_get_flags BN_get_params BN_get_rfc2409_prime_1024 BN_get_rfc2409_prime_768 @@ -465,10 +493,15 @@ BN_get_word BN_hex2bn BN_init BN_is_bit_set +BN_is_negative +BN_is_odd +BN_is_one BN_is_prime BN_is_prime_ex BN_is_prime_fasttest BN_is_prime_fasttest_ex +BN_is_word +BN_is_zero BN_kronecker BN_lebin2bn BN_lshift @@ -518,7 +551,9 @@ BN_rand_range BN_reciprocal BN_rshift BN_rshift1 +BN_security_bits BN_set_bit +BN_set_flags BN_set_negative BN_set_params BN_set_word @@ -528,10 +563,13 @@ BN_sub_word BN_swap BN_to_ASN1_ENUMERATED BN_to_ASN1_INTEGER +BN_to_montgomery BN_uadd BN_ucmp BN_usub BN_value_one +BN_with_flags +BN_zero_ex BUF_MEM_free BUF_MEM_grow BUF_MEM_grow_clean @@ -827,6 +865,27 @@ CRYPTO_strdup CRYPTO_thread_id CRYPTO_xchacha_20 CRYPTO_xts128_encrypt +CTLOG_STORE_free +CTLOG_STORE_get0_log_by_id +CTLOG_STORE_load_default_file +CTLOG_STORE_load_file +CTLOG_STORE_new +CTLOG_free +CTLOG_get0_log_id +CTLOG_get0_name +CTLOG_get0_public_key +CTLOG_new +CTLOG_new_from_base64 +CT_POLICY_EVAL_CTX_free +CT_POLICY_EVAL_CTX_get0_cert +CT_POLICY_EVAL_CTX_get0_issuer +CT_POLICY_EVAL_CTX_get0_log_store +CT_POLICY_EVAL_CTX_get_time +CT_POLICY_EVAL_CTX_new +CT_POLICY_EVAL_CTX_set1_cert +CT_POLICY_EVAL_CTX_set1_issuer +CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE +CT_POLICY_EVAL_CTX_set_time Camellia_cbc_encrypt Camellia_cfb128_encrypt Camellia_cfb1_encrypt @@ -889,13 +948,20 @@ DH_generate_key DH_generate_parameters DH_generate_parameters_ex DH_get0_engine +DH_get0_g DH_get0_key +DH_get0_p DH_get0_pqg +DH_get0_priv_key +DH_get0_pub_key +DH_get0_q DH_get_default_method DH_get_ex_data DH_get_ex_new_index +DH_get_length DH_new DH_new_method +DH_security_bits DH_set0_key DH_set0_pqg DH_set_default_method @@ -931,6 +997,7 @@ DSA_SIG_get0 DSA_SIG_it DSA_SIG_new DSA_SIG_set0 +DSA_bits DSA_clear_flags DSA_do_sign DSA_do_verify @@ -940,20 +1007,28 @@ DSA_generate_key DSA_generate_parameters DSA_generate_parameters_ex DSA_get0_engine +DSA_get0_g DSA_get0_key +DSA_get0_p DSA_get0_pqg +DSA_get0_priv_key +DSA_get0_pub_key +DSA_get0_q DSA_get_default_method DSA_get_ex_data DSA_get_ex_new_index DSA_meth_dup DSA_meth_free +DSA_meth_get0_name DSA_meth_new +DSA_meth_set1_name DSA_meth_set_finish DSA_meth_set_sign DSA_new DSA_new_method DSA_print DSA_print_fp +DSA_security_bits DSA_set0_key DSA_set0_pqg DSA_set_default_method @@ -1006,6 +1081,8 @@ ECDH_size ECDSA_OpenSSL ECDSA_SIG_free ECDSA_SIG_get0 +ECDSA_SIG_get0_r +ECDSA_SIG_get0_s ECDSA_SIG_it ECDSA_SIG_new ECDSA_SIG_set0 @@ -1392,7 +1469,9 @@ ESS_SIGNING_CERT_free ESS_SIGNING_CERT_it ESS_SIGNING_CERT_new EVP_AEAD_CTX_cleanup +EVP_AEAD_CTX_free EVP_AEAD_CTX_init +EVP_AEAD_CTX_new EVP_AEAD_CTX_open EVP_AEAD_CTX_seal EVP_AEAD_key_length @@ -1401,6 +1480,7 @@ EVP_AEAD_max_tag_len EVP_AEAD_nonce_length EVP_BytesToKey EVP_CIPHER_CTX_block_size +EVP_CIPHER_CTX_buf_noconst EVP_CIPHER_CTX_cipher EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_clear_flags @@ -1410,6 +1490,7 @@ EVP_CIPHER_CTX_encrypting EVP_CIPHER_CTX_flags EVP_CIPHER_CTX_free EVP_CIPHER_CTX_get_app_data +EVP_CIPHER_CTX_get_cipher_data EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_init EVP_CIPHER_CTX_iv_length @@ -1419,6 +1500,7 @@ EVP_CIPHER_CTX_nid EVP_CIPHER_CTX_rand_key EVP_CIPHER_CTX_reset EVP_CIPHER_CTX_set_app_data +EVP_CIPHER_CTX_set_cipher_data EVP_CIPHER_CTX_set_flags EVP_CIPHER_CTX_set_iv EVP_CIPHER_CTX_set_key_length @@ -1484,14 +1566,30 @@ EVP_MD_CTX_destroy EVP_MD_CTX_free EVP_MD_CTX_init EVP_MD_CTX_md +EVP_MD_CTX_md_data EVP_MD_CTX_new +EVP_MD_CTX_pkey_ctx EVP_MD_CTX_reset EVP_MD_CTX_set_flags +EVP_MD_CTX_set_pkey_ctx EVP_MD_CTX_test_flags EVP_MD_block_size EVP_MD_do_all EVP_MD_do_all_sorted EVP_MD_flags +EVP_MD_meth_dup +EVP_MD_meth_free +EVP_MD_meth_new +EVP_MD_meth_set_app_datasize +EVP_MD_meth_set_cleanup +EVP_MD_meth_set_copy +EVP_MD_meth_set_ctrl +EVP_MD_meth_set_final +EVP_MD_meth_set_flags +EVP_MD_meth_set_init +EVP_MD_meth_set_input_blocksize +EVP_MD_meth_set_result_size +EVP_MD_meth_set_update EVP_MD_pkey_type EVP_MD_size EVP_MD_type @@ -1535,14 +1633,19 @@ EVP_PKEY_asn1_get0 EVP_PKEY_asn1_get0_info EVP_PKEY_asn1_get_count EVP_PKEY_asn1_new +EVP_PKEY_asn1_set_check EVP_PKEY_asn1_set_ctrl EVP_PKEY_asn1_set_free EVP_PKEY_asn1_set_param +EVP_PKEY_asn1_set_param_check EVP_PKEY_asn1_set_private EVP_PKEY_asn1_set_public +EVP_PKEY_asn1_set_public_check +EVP_PKEY_asn1_set_security_bits EVP_PKEY_assign EVP_PKEY_base_id EVP_PKEY_bits +EVP_PKEY_check EVP_PKEY_cmp EVP_PKEY_cmp_parameters EVP_PKEY_copy_parameters @@ -1582,6 +1685,7 @@ EVP_PKEY_meth_find EVP_PKEY_meth_free EVP_PKEY_meth_get0_info EVP_PKEY_meth_new +EVP_PKEY_meth_set_check EVP_PKEY_meth_set_cleanup EVP_PKEY_meth_set_copy EVP_PKEY_meth_set_ctrl @@ -1590,7 +1694,9 @@ EVP_PKEY_meth_set_derive EVP_PKEY_meth_set_encrypt EVP_PKEY_meth_set_init EVP_PKEY_meth_set_keygen +EVP_PKEY_meth_set_param_check EVP_PKEY_meth_set_paramgen +EVP_PKEY_meth_set_public_check EVP_PKEY_meth_set_sign EVP_PKEY_meth_set_signctx EVP_PKEY_meth_set_verify @@ -1600,12 +1706,15 @@ EVP_PKEY_missing_parameters EVP_PKEY_new EVP_PKEY_new_CMAC_key EVP_PKEY_new_mac_key +EVP_PKEY_param_check EVP_PKEY_paramgen EVP_PKEY_paramgen_init EVP_PKEY_print_params EVP_PKEY_print_private EVP_PKEY_print_public +EVP_PKEY_public_check EVP_PKEY_save_parameters +EVP_PKEY_security_bits EVP_PKEY_set1_DH EVP_PKEY_set1_DSA EVP_PKEY_set1_EC_KEY @@ -1697,6 +1806,7 @@ EVP_cast5_cfb64 EVP_cast5_ecb EVP_cast5_ofb EVP_chacha20 +EVP_chacha20_poly1305 EVP_cleanup EVP_des_cbc EVP_des_cfb @@ -1720,9 +1830,6 @@ EVP_des_ede_ecb EVP_des_ede_ofb EVP_des_ofb EVP_desx_cbc -EVP_dss -EVP_dss1 -EVP_ecdsa EVP_enc_null EVP_get_cipherbyname EVP_get_digestbyname @@ -1772,6 +1879,8 @@ EVP_whirlpool EXTENDED_KEY_USAGE_free EXTENDED_KEY_USAGE_it EXTENDED_KEY_USAGE_new +FIPS_mode +FIPS_mode_set GENERAL_NAMES_free GENERAL_NAMES_it GENERAL_NAMES_new @@ -1823,11 +1932,9 @@ HKDF HKDF_expand HKDF_extract HMAC -HMAC_CTX_cleanup HMAC_CTX_copy HMAC_CTX_free HMAC_CTX_get_md -HMAC_CTX_init HMAC_CTX_new HMAC_CTX_reset HMAC_CTX_set_flags @@ -1835,6 +1942,18 @@ HMAC_Final HMAC_Init HMAC_Init_ex HMAC_Update +IPAddressChoice_free +IPAddressChoice_it +IPAddressChoice_new +IPAddressFamily_free +IPAddressFamily_it +IPAddressFamily_new +IPAddressOrRange_free +IPAddressOrRange_it +IPAddressOrRange_new +IPAddressRange_free +IPAddressRange_it +IPAddressRange_new ISSUING_DIST_POINT_free ISSUING_DIST_POINT_it ISSUING_DIST_POINT_new @@ -1869,12 +1988,6 @@ NCONF_new NETSCAPE_CERT_SEQUENCE_free NETSCAPE_CERT_SEQUENCE_it NETSCAPE_CERT_SEQUENCE_new -NETSCAPE_ENCRYPTED_PKEY_free -NETSCAPE_ENCRYPTED_PKEY_it -NETSCAPE_ENCRYPTED_PKEY_new -NETSCAPE_PKEY_free -NETSCAPE_PKEY_it -NETSCAPE_PKEY_new NETSCAPE_SPKAC_free NETSCAPE_SPKAC_it NETSCAPE_SPKAC_new @@ -1888,9 +2001,6 @@ NETSCAPE_SPKI_print NETSCAPE_SPKI_set_pubkey NETSCAPE_SPKI_sign NETSCAPE_SPKI_verify -NETSCAPE_X509_free -NETSCAPE_X509_it -NETSCAPE_X509_new NOTICEREF_free NOTICEREF_it NOTICEREF_new @@ -1905,7 +2015,6 @@ OBJ_NAME_remove OBJ_add_object OBJ_add_sigid OBJ_bsearch_ -OBJ_bsearch_ex_ OBJ_cleanup OBJ_cmp OBJ_create @@ -1913,6 +2022,8 @@ OBJ_create_objects OBJ_dup OBJ_find_sigid_algs OBJ_find_sigid_by_algs +OBJ_get0_data +OBJ_length OBJ_ln2nid OBJ_new_nid OBJ_nid2ln @@ -2045,6 +2156,13 @@ OCSP_resp_count OCSP_resp_find OCSP_resp_find_status OCSP_resp_get0 +OCSP_resp_get0_certs +OCSP_resp_get0_id +OCSP_resp_get0_produced_at +OCSP_resp_get0_respdata +OCSP_resp_get0_signature +OCSP_resp_get0_signer +OCSP_resp_get0_tbs_sigalg OCSP_response_create OCSP_response_get1_basic OCSP_response_status @@ -2058,6 +2176,7 @@ OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algorithms_noconf OPENSSL_asc2uni OPENSSL_cleanse +OPENSSL_cleanup OPENSSL_config OPENSSL_cpu_caps OPENSSL_cpuid_setup @@ -2090,9 +2209,6 @@ PEM_ASN1_read PEM_ASN1_read_bio PEM_ASN1_write PEM_ASN1_write_bio -PEM_SealFinal -PEM_SealInit -PEM_SealUpdate PEM_SignFinal PEM_SignInit PEM_SignUpdate @@ -2125,7 +2241,6 @@ PEM_read_RSAPublicKey PEM_read_RSA_PUBKEY PEM_read_X509 PEM_read_X509_AUX -PEM_read_X509_CERT_PAIR PEM_read_X509_CRL PEM_read_X509_REQ PEM_read_bio @@ -2149,7 +2264,6 @@ PEM_read_bio_RSAPublicKey PEM_read_bio_RSA_PUBKEY PEM_read_bio_X509 PEM_read_bio_X509_AUX -PEM_read_bio_X509_CERT_PAIR PEM_read_bio_X509_CRL PEM_read_bio_X509_REQ PEM_write @@ -2174,7 +2288,6 @@ PEM_write_RSAPublicKey PEM_write_RSA_PUBKEY PEM_write_X509 PEM_write_X509_AUX -PEM_write_X509_CERT_PAIR PEM_write_X509_CRL PEM_write_X509_REQ PEM_write_X509_REQ_NEW @@ -2199,12 +2312,12 @@ PEM_write_bio_PKCS8_PRIV_KEY_INFO PEM_write_bio_PUBKEY PEM_write_bio_Parameters PEM_write_bio_PrivateKey +PEM_write_bio_PrivateKey_traditional PEM_write_bio_RSAPrivateKey PEM_write_bio_RSAPublicKey PEM_write_bio_RSA_PUBKEY PEM_write_bio_X509 PEM_write_bio_X509_AUX -PEM_write_bio_X509_CERT_PAIR PEM_write_bio_X509_CRL PEM_write_bio_X509_REQ PEM_write_bio_X509_REQ_NEW @@ -2215,12 +2328,25 @@ PKCS12_BAGS_new PKCS12_MAC_DATA_free PKCS12_MAC_DATA_it PKCS12_MAC_DATA_new -PKCS12_MAKE_KEYBAG -PKCS12_MAKE_SHKEYBAG PKCS12_PBE_add PKCS12_PBE_keyivgen PKCS12_SAFEBAGS_it +PKCS12_SAFEBAG_create0_p8inf +PKCS12_SAFEBAG_create0_pkcs8 +PKCS12_SAFEBAG_create_cert +PKCS12_SAFEBAG_create_crl +PKCS12_SAFEBAG_create_pkcs8_encrypt PKCS12_SAFEBAG_free +PKCS12_SAFEBAG_get0_attr +PKCS12_SAFEBAG_get0_attrs +PKCS12_SAFEBAG_get0_p8inf +PKCS12_SAFEBAG_get0_pkcs8 +PKCS12_SAFEBAG_get0_safes +PKCS12_SAFEBAG_get0_type +PKCS12_SAFEBAG_get1_cert +PKCS12_SAFEBAG_get1_crl +PKCS12_SAFEBAG_get_bag_nid +PKCS12_SAFEBAG_get_nid PKCS12_SAFEBAG_it PKCS12_SAFEBAG_new PKCS12_add_CSPName_asc @@ -2231,12 +2357,11 @@ PKCS12_add_key PKCS12_add_localkeyid PKCS12_add_safe PKCS12_add_safes -PKCS12_certbag2x509 -PKCS12_certbag2x509crl PKCS12_create PKCS12_decrypt_skey PKCS12_free PKCS12_gen_mac +PKCS12_get0_mac PKCS12_get_attr_gen PKCS12_get_friendlyname PKCS12_init @@ -2246,6 +2371,7 @@ PKCS12_item_i2d_encrypt PKCS12_item_pack_safebag PKCS12_key_gen_asc PKCS12_key_gen_uni +PKCS12_mac_present PKCS12_new PKCS12_newpass PKCS12_pack_authsafes @@ -2259,8 +2385,6 @@ PKCS12_unpack_authsafes PKCS12_unpack_p7data PKCS12_unpack_p7encdata PKCS12_verify_mac -PKCS12_x5092certbag -PKCS12_x509crl2certbag PKCS1_MGF1 PKCS5_PBE_add PKCS5_PBE_keyivgen @@ -2361,6 +2485,7 @@ PKCS8_PRIV_KEY_INFO_new PKCS8_add_keyusage PKCS8_decrypt PKCS8_encrypt +PKCS8_get_attr PKCS8_pkey_add1_attr_by_NID PKCS8_pkey_get0 PKCS8_pkey_get0_attrs @@ -2439,8 +2564,17 @@ RSA_free RSA_generate_key RSA_generate_key_ex RSA_get0_crt_params +RSA_get0_d +RSA_get0_dmp1 +RSA_get0_dmq1 +RSA_get0_e RSA_get0_factors +RSA_get0_iqmp RSA_get0_key +RSA_get0_n +RSA_get0_p +RSA_get0_pss_params +RSA_get0_q RSA_get_default_method RSA_get_ex_data RSA_get_ex_new_index @@ -2499,6 +2633,7 @@ RSA_private_decrypt RSA_private_encrypt RSA_public_decrypt RSA_public_encrypt +RSA_security_bits RSA_set0_crt_params RSA_set0_factors RSA_set0_key @@ -2516,6 +2651,35 @@ RSA_verify RSA_verify_ASN1_OCTET_STRING RSA_verify_PKCS1_PSS RSA_verify_PKCS1_PSS_mgf1 +SCT_LIST_free +SCT_LIST_print +SCT_LIST_validate +SCT_free +SCT_get0_extensions +SCT_get0_log_id +SCT_get0_signature +SCT_get_log_entry_type +SCT_get_signature_nid +SCT_get_source +SCT_get_timestamp +SCT_get_validation_status +SCT_get_version +SCT_new +SCT_new_from_base64 +SCT_print +SCT_set0_extensions +SCT_set0_log_id +SCT_set0_signature +SCT_set1_extensions +SCT_set1_log_id +SCT_set1_signature +SCT_set_log_entry_type +SCT_set_signature_nid +SCT_set_source +SCT_set_timestamp +SCT_set_version +SCT_validate +SCT_validation_status_string SHA1 SHA1_Final SHA1_Init @@ -2659,6 +2823,7 @@ TS_RESP_CTX_set_signer_cert TS_RESP_CTX_set_signer_key TS_RESP_CTX_set_status_info TS_RESP_CTX_set_status_info_cond +TS_RESP_CTX_set_time_cb TS_RESP_create_response TS_RESP_dup TS_RESP_free @@ -2675,9 +2840,13 @@ TS_RESP_verify_signature TS_RESP_verify_token TS_STATUS_INFO_dup TS_STATUS_INFO_free +TS_STATUS_INFO_get0_failure_info +TS_STATUS_INFO_get0_status +TS_STATUS_INFO_get0_text TS_STATUS_INFO_it TS_STATUS_INFO_new TS_STATUS_INFO_print_bio +TS_STATUS_INFO_set_status TS_TST_INFO_add_ext TS_TST_INFO_delete_ext TS_TST_INFO_dup @@ -2711,10 +2880,16 @@ TS_TST_INFO_set_serial TS_TST_INFO_set_time TS_TST_INFO_set_tsa TS_TST_INFO_set_version +TS_VERIFY_CTX_add_flags TS_VERIFY_CTX_cleanup TS_VERIFY_CTX_free TS_VERIFY_CTX_init TS_VERIFY_CTX_new +TS_VERIFY_CTX_set_certs +TS_VERIFY_CTX_set_data +TS_VERIFY_CTX_set_flags +TS_VERIFY_CTX_set_imprint +TS_VERIFY_CTX_set_store TS_X509_ALGOR_print_bio TS_ext_print_bio TXT_DB_create_index @@ -2856,9 +3031,6 @@ X509_CERT_AUX_free X509_CERT_AUX_it X509_CERT_AUX_new X509_CERT_AUX_print -X509_CERT_PAIR_free -X509_CERT_PAIR_it -X509_CERT_PAIR_new X509_CINF_free X509_CINF_it X509_CINF_new @@ -2978,11 +3150,12 @@ X509_NAME_print X509_NAME_print_ex X509_NAME_print_ex_fp X509_NAME_set -X509_OBJECT_free_contents +X509_OBJECT_free X509_OBJECT_get0_X509 X509_OBJECT_get0_X509_CRL X509_OBJECT_get_type X509_OBJECT_idx_by_subject +X509_OBJECT_new X509_OBJECT_retrieve_by_subject X509_OBJECT_retrieve_match X509_OBJECT_up_ref_count @@ -3023,6 +3196,7 @@ X509_REQ_digest X509_REQ_dup X509_REQ_extension_nid X509_REQ_free +X509_REQ_get0_pubkey X509_REQ_get0_signature X509_REQ_get1_email X509_REQ_get_attr @@ -3067,6 +3241,8 @@ X509_REVOKED_new X509_REVOKED_set_revocationDate X509_REVOKED_set_serialNumber X509_SIG_free +X509_SIG_get0 +X509_SIG_getm X509_SIG_it X509_SIG_new X509_STORE_CTX_cleanup @@ -3082,6 +3258,7 @@ X509_STORE_CTX_get0_store X509_STORE_CTX_get0_untrusted X509_STORE_CTX_get1_chain X509_STORE_CTX_get1_issuer +X509_STORE_CTX_get_by_subject X509_STORE_CTX_get_chain X509_STORE_CTX_get_current_cert X509_STORE_CTX_get_error @@ -3089,6 +3266,10 @@ X509_STORE_CTX_get_error_depth X509_STORE_CTX_get_ex_data X509_STORE_CTX_get_ex_new_index X509_STORE_CTX_get_explicit_policy +X509_STORE_CTX_get_num_untrusted +X509_STORE_CTX_get_obj_by_subject +X509_STORE_CTX_get_verify +X509_STORE_CTX_get_verify_cb X509_STORE_CTX_init X509_STORE_CTX_new X509_STORE_CTX_purpose_inherit @@ -3096,16 +3277,20 @@ X509_STORE_CTX_set0_crls X509_STORE_CTX_set0_param X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_set0_untrusted +X509_STORE_CTX_set0_verified_chain X509_STORE_CTX_set_cert X509_STORE_CTX_set_chain +X509_STORE_CTX_set_current_cert X509_STORE_CTX_set_default X509_STORE_CTX_set_depth X509_STORE_CTX_set_error +X509_STORE_CTX_set_error_depth X509_STORE_CTX_set_ex_data X509_STORE_CTX_set_flags X509_STORE_CTX_set_purpose X509_STORE_CTX_set_time X509_STORE_CTX_set_trust +X509_STORE_CTX_set_verify X509_STORE_CTX_set_verify_cb X509_STORE_CTX_trusted_stack X509_STORE_add_cert @@ -3116,8 +3301,9 @@ X509_STORE_get0_objects X509_STORE_get0_param X509_STORE_get1_certs X509_STORE_get1_crls -X509_STORE_get_by_subject X509_STORE_get_ex_data +X509_STORE_get_verify +X509_STORE_get_verify_cb X509_STORE_load_locations X509_STORE_load_mem X509_STORE_new @@ -3128,6 +3314,7 @@ X509_STORE_set_ex_data X509_STORE_set_flags X509_STORE_set_purpose X509_STORE_set_trust +X509_STORE_set_verify X509_STORE_set_verify_cb X509_STORE_up_ref X509_TRUST_add @@ -3154,6 +3341,7 @@ X509_VERIFY_PARAM_get0_peername X509_VERIFY_PARAM_get_count X509_VERIFY_PARAM_get_depth X509_VERIFY_PARAM_get_flags +X509_VERIFY_PARAM_get_time X509_VERIFY_PARAM_inherit X509_VERIFY_PARAM_lookup X509_VERIFY_PARAM_new @@ -3164,6 +3352,7 @@ X509_VERIFY_PARAM_set1_ip X509_VERIFY_PARAM_set1_ip_asc X509_VERIFY_PARAM_set1_name X509_VERIFY_PARAM_set1_policies +X509_VERIFY_PARAM_set_auth_level X509_VERIFY_PARAM_set_depth X509_VERIFY_PARAM_set_flags X509_VERIFY_PARAM_set_hostflags @@ -3209,6 +3398,7 @@ X509_get0_signature X509_get0_tbs_sigalg X509_get1_email X509_get1_ocsp +X509_get_X509_PUBKEY X509_get_default_cert_area X509_get_default_cert_dir X509_get_default_cert_dir_env @@ -3223,7 +3413,10 @@ X509_get_ext_by_OBJ X509_get_ext_by_critical X509_get_ext_count X509_get_ext_d2i +X509_get_extended_key_usage +X509_get_extension_flags X509_get_issuer_name +X509_get_key_usage X509_get_pubkey X509_get_pubkey_parameters X509_get_serialNumber @@ -3301,6 +3494,25 @@ X509at_get_attr_by_NID X509at_get_attr_by_OBJ X509at_get_attr_count X509v3_add_ext +X509v3_addr_add_inherit +X509v3_addr_add_prefix +X509v3_addr_add_range +X509v3_addr_canonize +X509v3_addr_get_afi +X509v3_addr_get_range +X509v3_addr_inherits +X509v3_addr_is_canonical +X509v3_addr_subset +X509v3_addr_validate_path +X509v3_addr_validate_resource_set +X509v3_asid_add_id_or_range +X509v3_asid_add_inherit +X509v3_asid_canonize +X509v3_asid_inherits +X509v3_asid_is_canonical +X509v3_asid_subset +X509v3_asid_validate_path +X509v3_asid_validate_resource_set X509v3_delete_ext X509v3_get_ext X509v3_get_ext_by_NID @@ -3331,29 +3543,17 @@ a2i_GENERAL_NAME a2i_IPADDRESS a2i_IPADDRESS_NC a2i_ipadd -asn1_do_adb -asn1_do_lock -asn1_enc_free -asn1_enc_init -asn1_enc_restore -asn1_enc_save -asn1_ex_c2i -asn1_get_choice_selector -asn1_get_field_ptr -asn1_set_choice_selector b2i_PVK_bio b2i_PrivateKey b2i_PrivateKey_bio b2i_PublicKey b2i_PublicKey_bio -c2i_ASN1_BIT_STRING -c2i_ASN1_INTEGER -c2i_ASN1_OBJECT -check_defer d2i_ACCESS_DESCRIPTION +d2i_ASIdOrRange +d2i_ASIdentifierChoice +d2i_ASIdentifiers d2i_ASN1_BIT_STRING d2i_ASN1_BMPSTRING -d2i_ASN1_BOOLEAN d2i_ASN1_ENUMERATED d2i_ASN1_GENERALIZEDTIME d2i_ASN1_GENERALSTRING @@ -3374,6 +3574,7 @@ d2i_ASN1_UNIVERSALSTRING d2i_ASN1_UTCTIME d2i_ASN1_UTF8STRING d2i_ASN1_VISIBLESTRING +d2i_ASRange d2i_AUTHORITY_INFO_ACCESS d2i_AUTHORITY_KEYID d2i_AutoPrivateKey @@ -3420,15 +3621,15 @@ d2i_EXTENDED_KEY_USAGE d2i_GENERAL_NAME d2i_GENERAL_NAMES d2i_GOST_CIPHER_PARAMS +d2i_IPAddressChoice +d2i_IPAddressFamily +d2i_IPAddressOrRange +d2i_IPAddressRange d2i_ISSUING_DIST_POINT d2i_NETSCAPE_CERT_SEQUENCE -d2i_NETSCAPE_ENCRYPTED_PKEY -d2i_NETSCAPE_PKEY d2i_NETSCAPE_SPKAC d2i_NETSCAPE_SPKI -d2i_NETSCAPE_X509 d2i_NOTICEREF -d2i_Netscape_RSA d2i_OCSP_BASICRESP d2i_OCSP_CERTID d2i_OCSP_CERTSTATUS @@ -3493,12 +3694,12 @@ d2i_RSAPrivateKey_fp d2i_RSAPublicKey d2i_RSAPublicKey_bio d2i_RSAPublicKey_fp -d2i_RSA_NET d2i_RSA_OAEP_PARAMS d2i_RSA_PSS_PARAMS d2i_RSA_PUBKEY d2i_RSA_PUBKEY_bio d2i_RSA_PUBKEY_fp +d2i_SCT_LIST d2i_SXNET d2i_SXNETID d2i_TS_ACCURACY @@ -3522,7 +3723,6 @@ d2i_X509_ALGORS d2i_X509_ATTRIBUTE d2i_X509_AUX d2i_X509_CERT_AUX -d2i_X509_CERT_PAIR d2i_X509_CINF d2i_X509_CRL d2i_X509_CRL_INFO @@ -3559,12 +3759,12 @@ i2a_ASN1_STRING i2b_PVK_bio i2b_PrivateKey_bio i2b_PublicKey_bio -i2c_ASN1_BIT_STRING -i2c_ASN1_INTEGER i2d_ACCESS_DESCRIPTION +i2d_ASIdOrRange +i2d_ASIdentifierChoice +i2d_ASIdentifiers i2d_ASN1_BIT_STRING i2d_ASN1_BMPSTRING -i2d_ASN1_BOOLEAN i2d_ASN1_ENUMERATED i2d_ASN1_GENERALIZEDTIME i2d_ASN1_GENERALSTRING @@ -3585,6 +3785,7 @@ i2d_ASN1_UTCTIME i2d_ASN1_UTF8STRING i2d_ASN1_VISIBLESTRING i2d_ASN1_bio_stream +i2d_ASRange i2d_AUTHORITY_INFO_ACCESS i2d_AUTHORITY_KEYID i2d_BASIC_CONSTRAINTS @@ -3631,15 +3832,15 @@ i2d_EXTENDED_KEY_USAGE i2d_GENERAL_NAME i2d_GENERAL_NAMES i2d_GOST_CIPHER_PARAMS +i2d_IPAddressChoice +i2d_IPAddressFamily +i2d_IPAddressOrRange +i2d_IPAddressRange i2d_ISSUING_DIST_POINT i2d_NETSCAPE_CERT_SEQUENCE -i2d_NETSCAPE_ENCRYPTED_PKEY -i2d_NETSCAPE_PKEY i2d_NETSCAPE_SPKAC i2d_NETSCAPE_SPKI -i2d_NETSCAPE_X509 i2d_NOTICEREF -i2d_Netscape_RSA i2d_OCSP_BASICRESP i2d_OCSP_CERTID i2d_OCSP_CERTSTATUS @@ -3710,12 +3911,12 @@ i2d_RSAPrivateKey_fp i2d_RSAPublicKey i2d_RSAPublicKey_bio i2d_RSAPublicKey_fp -i2d_RSA_NET i2d_RSA_OAEP_PARAMS i2d_RSA_PSS_PARAMS i2d_RSA_PUBKEY i2d_RSA_PUBKEY_bio i2d_RSA_PUBKEY_fp +i2d_SCT_LIST i2d_SXNET i2d_SXNETID i2d_TS_ACCURACY @@ -3739,7 +3940,6 @@ i2d_X509_ALGORS i2d_X509_ATTRIBUTE i2d_X509_AUX i2d_X509_CERT_AUX -i2d_X509_CERT_PAIR i2d_X509_CINF i2d_X509_CRL i2d_X509_CRL_INFO @@ -3759,7 +3959,12 @@ i2d_X509_SIG i2d_X509_VAL i2d_X509_bio i2d_X509_fp +i2d_re_X509_CRL_tbs +i2d_re_X509_REQ_tbs +i2d_re_X509_tbs i2o_ECPublicKey +i2o_SCT +i2o_SCT_LIST i2s_ASN1_ENUMERATED i2s_ASN1_ENUMERATED_TABLE i2s_ASN1_INTEGER @@ -3791,9 +3996,9 @@ lh_retrieve lh_stats lh_stats_bio lh_strhash -name_cmp o2i_ECPublicKey -obj_cleanup_defer +o2i_SCT +o2i_SCT_LIST s2i_ASN1_INTEGER s2i_ASN1_OCTET_STRING sk_delete diff --git a/crypto/crypto_init.c b/crypto/crypto_init.c index 67e79208..69ba6299 100644 --- a/crypto/crypto_init.c +++ b/crypto/crypto_init.c @@ -19,17 +19,21 @@ #include #include -#include #include -#include +#include #include +#include +#include #include "cryptlib.h" +#include "x509_issuer_cache.h" int OpenSSL_config(const char *); int OpenSSL_no_config(void); +static pthread_once_t crypto_init_once = PTHREAD_ONCE_INIT; static pthread_t crypto_init_thread; +static int crypto_init_cleaned_up; static void OPENSSL_init_crypto_internal(void) @@ -45,12 +49,15 @@ OPENSSL_init_crypto_internal(void) int OPENSSL_init_crypto(uint64_t opts, const void *settings) { - static pthread_once_t once = PTHREAD_ONCE_INIT; + if (crypto_init_cleaned_up) { + CRYPTOerror(ERR_R_INIT_FAIL); + return 0; + } if (pthread_equal(pthread_self(), crypto_init_thread)) return 1; /* don't recurse */ - if (pthread_once(&once, OPENSSL_init_crypto_internal) != 0) + if (pthread_once(&crypto_init_once, OPENSSL_init_crypto_internal) != 0) return 0; if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) && @@ -63,3 +70,16 @@ OPENSSL_init_crypto(uint64_t opts, const void *settings) return 1; } + +void +OPENSSL_cleanup(void) +{ + /* This currently calls init... */ + ERR_free_strings(); + + ENGINE_cleanup(); + EVP_cleanup(); + x509_issuer_cache_free(); + + crypto_init_cleaned_up = 1; +} diff --git a/crypto/ct/ct_b64.c b/crypto/ct/ct_b64.c new file mode 100644 index 00000000..bfc69a7d --- /dev/null +++ b/crypto/ct/ct_b64.c @@ -0,0 +1,224 @@ +/* $OpenBSD: ct_b64.c,v 1.6 2021/12/20 17:19:19 jsing Exp $ */ +/* + * Written by Rob Stradling (rob@comodo.com) and Stephen Henson + * (steve@openssl.org) for the OpenSSL project 2014. + */ +/* ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include +#include +#include + +#include "bytestring.h" +#include "ct_local.h" + +/* + * Decodes the base64 string |in| into |out|. + * A new string will be malloc'd and assigned to |out|. This will be owned by + * the caller. Do not provide a pre-allocated string in |out|. + */ +static int +ct_base64_decode(const char *in, unsigned char **out) +{ + size_t inlen = strlen(in); + int outlen, i; + unsigned char *outbuf = NULL; + + if (inlen == 0) { + *out = NULL; + return 0; + } + + outlen = (inlen / 4) * 3; + outbuf = malloc(outlen); + if (outbuf == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen); + if (outlen < 0) { + CTerror(CT_R_BASE64_DECODE_ERROR); + goto err; + } + + /* + * Subtract padding bytes from |outlen|. + * Any more than 2 is malformed. + */ + i = 0; + while (in[--inlen] == '=') { + --outlen; + if (++i > 2) + goto err; + } + + *out = outbuf; + return outlen; + err: + free(outbuf); + return -1; +} + +SCT * +SCT_new_from_base64(unsigned char version, const char *logid_base64, + ct_log_entry_type_t entry_type, uint64_t timestamp, + const char *extensions_base64, const char *signature_base64) +{ + unsigned char *dec = NULL; + int declen; + SCT *sct; + CBS cbs; + + if ((sct = SCT_new()) == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + + /* + * RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we + * can only construct SCT versions that have been defined. + */ + if (!SCT_set_version(sct, version)) { + CTerror(CT_R_SCT_UNSUPPORTED_VERSION); + goto err; + } + + declen = ct_base64_decode(logid_base64, &dec); + if (declen < 0) { + CTerror(X509_R_BASE64_DECODE_ERROR); + goto err; + } + if (!SCT_set0_log_id(sct, dec, declen)) + goto err; + dec = NULL; + + declen = ct_base64_decode(extensions_base64, &dec); + if (declen < 0) { + CTerror(X509_R_BASE64_DECODE_ERROR); + goto err; + } + SCT_set0_extensions(sct, dec, declen); + dec = NULL; + + declen = ct_base64_decode(signature_base64, &dec); + if (declen < 0) { + CTerror(X509_R_BASE64_DECODE_ERROR); + goto err; + } + + CBS_init(&cbs, dec, declen); + if (!o2i_SCT_signature(sct, &cbs)) + goto err; + free(dec); + dec = NULL; + + SCT_set_timestamp(sct, timestamp); + + if (!SCT_set_log_entry_type(sct, entry_type)) + goto err; + + return sct; + + err: + free(dec); + SCT_free(sct); + return NULL; +} + +/* + * Allocate, build and returns a new |ct_log| from input |pkey_base64| + * It returns 1 on success, + * 0 on decoding failure, or invalid parameter if any + * -1 on internal (malloc) failure + */ +int +CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *name) +{ + unsigned char *pkey_der = NULL; + int pkey_der_len; + const unsigned char *p; + EVP_PKEY *pkey = NULL; + + if (ct_log == NULL) { + CTerror(ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der); + if (pkey_der_len < 0) { + CTerror(CT_R_LOG_CONF_INVALID_KEY); + return 0; + } + + p = pkey_der; + pkey = d2i_PUBKEY(NULL, &p, pkey_der_len); + free(pkey_der); + if (pkey == NULL) { + CTerror(CT_R_LOG_CONF_INVALID_KEY); + return 0; + } + + *ct_log = CTLOG_new(pkey, name); + if (*ct_log == NULL) { + EVP_PKEY_free(pkey); + return 0; + } + + return 1; +} diff --git a/crypto/ct/ct_err.c b/crypto/ct/ct_err.c new file mode 100644 index 00000000..2597874b --- /dev/null +++ b/crypto/ct/ct_err.c @@ -0,0 +1,147 @@ +/* $OpenBSD: ct_err.c,v 1.7 2022/07/12 14:42:48 kn Exp $ */ +/* ==================================================================== + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#ifndef OPENSSL_NO_ERR + +static ERR_STRING_DATA CT_str_functs[] = { + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW, 0), "CTLOG_new"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_BASE64, 0), + "CTLOG_new_from_base64"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_CONF, 0), + "ctlog_new_from_conf"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_CTX_NEW, 0), + "ctlog_store_load_ctx_new"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_FILE, 0), + "CTLOG_STORE_load_file"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_LOG, 0), + "ctlog_store_load_log"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_NEW, 0), "CTLOG_STORE_new"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CT_BASE64_DECODE, 0), "ct_base64_decode"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CT_POLICY_EVAL_CTX_NEW, 0), + "CT_POLICY_EVAL_CTX_new"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CT_V1_LOG_ID_FROM_PKEY, 0), + "ct_v1_log_id_from_pkey"}, + {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT, 0), "i2o_SCT"}, + {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_LIST, 0), "i2o_SCT_LIST"}, + {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_SIGNATURE, 0), "i2o_SCT_signature"}, + {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT, 0), "o2i_SCT"}, + {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_LIST, 0), "o2i_SCT_LIST"}, + {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_SIGNATURE, 0), "o2i_SCT_signature"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_NEW, 0), "SCT_CTX_new"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_VERIFY, 0), "SCT_CTX_verify"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW, 0), "SCT_new"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW_FROM_BASE64, 0), + "SCT_new_from_base64"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET0_LOG_ID, 0), "SCT_set0_log_id"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_EXTENSIONS, 0), + "SCT_set1_extensions"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_LOG_ID, 0), "SCT_set1_log_id"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_SIGNATURE, 0), + "SCT_set1_signature"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_LOG_ENTRY_TYPE, 0), + "SCT_set_log_entry_type"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_SIGNATURE_NID, 0), + "SCT_set_signature_nid"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_VERSION, 0), "SCT_set_version"}, + {0, NULL} +}; + +static ERR_STRING_DATA CT_str_reasons[] = { + {ERR_PACK(ERR_LIB_CT, 0, CT_R_BASE64_DECODE_ERROR), + "base64 decode error"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_INVALID_LOG_ID_LENGTH), + "invalid log id length"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID), "log conf invalid"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID_KEY), + "log conf invalid key"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_DESCRIPTION), + "log conf missing description"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_KEY), + "log conf missing key"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_KEY_INVALID), "log key invalid"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_FUTURE_TIMESTAMP), + "sct future timestamp"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID), "sct invalid"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID_SIGNATURE), + "sct invalid signature"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LIST_INVALID), "sct list invalid"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LOG_ID_MISMATCH), + "sct log id mismatch"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_NOT_SET), "sct not set"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_UNSUPPORTED_VERSION), + "sct unsupported version"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNRECOGNIZED_SIGNATURE_NID), + "unrecognized signature nid"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_ENTRY_TYPE), + "unsupported entry type"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_VERSION), + "unsupported version"}, + {0, NULL} +}; + +#endif + +int +ERR_load_CT_strings(void) +{ + if (ERR_func_error_string(CT_str_functs[0].error) == NULL) { + ERR_load_strings(0, CT_str_functs); + ERR_load_strings(0, CT_str_reasons); + } + return 1; +} diff --git a/crypto/ct/ct_local.h b/crypto/ct/ct_local.h new file mode 100644 index 00000000..cd19ed09 --- /dev/null +++ b/crypto/ct/ct_local.h @@ -0,0 +1,260 @@ +/* $OpenBSD: ct_local.h,v 1.8 2021/12/20 17:19:19 jsing Exp $ */ +/* + * Written by Rob Percival (robpercival@google.com) for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 2016 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include + +#include +#include +#include +#include +#include + +#include "bytestring.h" + +/* Number of bytes in an SCT v1 LogID - see RFC 6962 section 3.2. */ +#define CT_V1_LOG_ID_LEN 32 + +/* Maximum size of an SCT - see RFC 6962 section 3.3. */ +#define MAX_SCT_SIZE 65535 +#define MAX_SCT_LIST_SIZE MAX_SCT_SIZE + +/* + * Macros to write integers in network-byte order. + */ + +#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \ + c[1]=(unsigned char)(((s) )&0xff)),c+=2) + +#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \ + c[1]=(unsigned char)(((l)>> 8)&0xff), \ + c[2]=(unsigned char)(((l) )&0xff)),c+=3) + +#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ + *((c)++)=(unsigned char)(((l)>>48)&0xff), \ + *((c)++)=(unsigned char)(((l)>>40)&0xff), \ + *((c)++)=(unsigned char)(((l)>>32)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +/* Signed Certificate Timestamp */ +struct sct_st { + sct_version_t version; + /* If version is not SCT_VERSION_V1, this contains the encoded SCT */ + unsigned char *sct; + size_t sct_len; + /* + * If version is SCT_VERSION_V1, fields below contain components of + * the SCT + */ + unsigned char *log_id; + size_t log_id_len; + /* + * Note, we cannot distinguish between an unset timestamp, and one + * that is set to 0. However since CT didn't exist in 1970, no real + * SCT should ever be set as such. + */ + uint64_t timestamp; + unsigned char *ext; + size_t ext_len; + unsigned char hash_alg; + unsigned char sig_alg; + unsigned char *sig; + size_t sig_len; + /* Log entry type */ + ct_log_entry_type_t entry_type; + /* Where this SCT was found, e.g. certificate, OCSP response, etc. */ + sct_source_t source; + /* The result of the last attempt to validate this SCT. */ + sct_validation_status_t validation_status; +}; + +/* Miscellaneous data that is useful when verifying an SCT */ +struct sct_ctx_st { + /* Public key */ + EVP_PKEY *pkey; + /* Hash of public key */ + unsigned char *pkeyhash; + size_t pkeyhashlen; + /* For pre-certificate: issuer public key hash */ + unsigned char *ihash; + size_t ihashlen; + /* certificate encoding */ + unsigned char *certder; + size_t certderlen; + /* pre-certificate encoding */ + unsigned char *preder; + size_t prederlen; + /* + * milliseconds since epoch (to check that the SCT isn't from the + * future) + */ + uint64_t epoch_time_in_ms; +}; + +/* Context when evaluating whether a Certificate Transparency policy is met */ +struct ct_policy_eval_ctx_st { + X509 *cert; + X509 *issuer; + CTLOG_STORE *log_store; + /* + * milliseconds since epoch (to check that the SCT isn't from the + * future) + */ + uint64_t epoch_time_in_ms; +}; + +/* + * Creates a new context for verifying an SCT. + */ +SCT_CTX *SCT_CTX_new(void); +/* + * Deletes an SCT verification context. + */ +void SCT_CTX_free(SCT_CTX *sctx); + +/* + * Sets the certificate that the SCT was created for. + * If *cert does not have a poison extension, presigner must be NULL. + * If *cert does not have a poison extension, it may have a single SCT + * (NID_ct_precert_scts) extension. + * If either *cert or *presigner have an AKID (NID_authority_key_identifier) + * extension, both must have one. + * Returns 1 on success, 0 on failure. + */ +int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner); + +/* + * Sets the issuer of the certificate that the SCT was created for. + * This is just a convenience method to save extracting the public key and + * calling SCT_CTX_set1_issuer_pubkey(). + * Issuer must not be NULL. + * Returns 1 on success, 0 on failure. + */ +int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer); + +/* + * Sets the public key of the issuer of the certificate that the SCT was created + * for. + * The public key must not be NULL. + * Returns 1 on success, 0 on failure. + */ +int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey); + +/* + * Sets the public key of the CT log that the SCT is from. + * Returns 1 on success, 0 on failure. + */ +int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey); + +/* + * Sets the time to evaluate the SCT against, in milliseconds since the Unix + * epoch. If the SCT's timestamp is after this time, it will be interpreted as + * having been issued in the future. RFC6962 states that "TLS clients MUST + * reject SCTs whose timestamp is in the future", so an SCT will not validate + * in this case. + */ +void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms); + +/* + * Verifies an SCT with the given context. + * Returns 1 if the SCT verifies successfully; any other value indicates + * failure. See EVP_DigestVerifyFinal() for the meaning of those values. + */ +int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct); + +/* + * Does this SCT have the minimum fields populated to be usable? + * Returns 1 if so, 0 otherwise. + */ +int SCT_is_complete(const SCT *sct); + +/* + * Does this SCT have the signature-related fields populated? + * Returns 1 if so, 0 otherwise. + * This checks that the signature and hash algorithms are set to supported + * values and that the signature field is set. + */ +int SCT_signature_is_complete(const SCT *sct); + +/* + * TODO(RJPercival): Create an SCT_signature struct and make i2o_SCT_signature + * and o2i_SCT_signature conform to the i2d/d2i conventions. + */ + +/* + * Serialize (to TLS format) an |sct| signature and write it to |out|. + * If |out| is null, no signature will be output but the length will be returned. + * If |out| points to a null pointer, a string will be allocated to hold the + * TLS-format signature. It is the responsibility of the caller to free it. + * If |out| points to an allocated string, the signature will be written to it. + * The length of the signature in TLS format will be returned. + */ +int i2o_SCT_signature(const SCT *sct, unsigned char **out); + +/* + * Parses an SCT signature in TLS format and populates the |sct| with it. + * |in| should be a pointer to a string containing the TLS-format signature. + * |in| will be advanced to the end of the signature if parsing succeeds. + * |len| should be the length of the signature in |in|. + * Returns the number of bytes parsed, or a negative integer if an error occurs. + * If an error occurs, the SCT's signature NID may be updated whilst the + * signature field itself remains unset. + */ +int o2i_SCT_signature(SCT *sct, CBS *cbs); + +/* + * Handlers for Certificate Transparency X509v3/OCSP extensions + */ +extern const X509V3_EXT_METHOD v3_ct_scts[3]; diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c new file mode 100644 index 00000000..f6e3aa25 --- /dev/null +++ b/crypto/ct/ct_log.c @@ -0,0 +1,365 @@ +/* $OpenBSD: ct_log.c,v 1.5 2021/12/18 16:34:52 tb Exp $ */ +/* Author: Adam Eijdenberg . */ +/* ==================================================================== + * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include +#include +#include +#include +#include + +#include "cryptlib.h" + + +/* + * Information about a CT log server. + */ +struct ctlog_st { + char *name; + uint8_t log_id[CT_V1_HASHLEN]; + EVP_PKEY *public_key; +}; + +/* + * A store for multiple CTLOG instances. + * It takes ownership of any CTLOG instances added to it. + */ +struct ctlog_store_st { + STACK_OF(CTLOG) *logs; +}; + +/* The context when loading a CT log list from a CONF file. */ +typedef struct ctlog_store_load_ctx_st { + CTLOG_STORE *log_store; + CONF *conf; + size_t invalid_log_entries; +} CTLOG_STORE_LOAD_CTX; + +/* + * Creates an empty context for loading a CT log store. + * It should be populated before use. + */ +static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void); + +/* + * Deletes a CT log store load context. + * Does not delete any of the fields. + */ +static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX *ctx); + +static CTLOG_STORE_LOAD_CTX * +ctlog_store_load_ctx_new(void) +{ + CTLOG_STORE_LOAD_CTX *ctx = calloc(1, sizeof(*ctx)); + + if (ctx == NULL) + CTerror(ERR_R_MALLOC_FAILURE); + + return ctx; +} + +static void +ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX *ctx) +{ + free(ctx); +} + +/* Converts a log's public key into a SHA256 log ID */ +static int +ct_v1_log_id_from_pkey(EVP_PKEY *pkey, unsigned char log_id[CT_V1_HASHLEN]) +{ + int ret = 0; + unsigned char *pkey_der = NULL; + int pkey_der_len = i2d_PUBKEY(pkey, &pkey_der); + + if (pkey_der_len <= 0) { + CTerror(CT_R_LOG_KEY_INVALID); + goto err; + } + + SHA256(pkey_der, pkey_der_len, log_id); + ret = 1; + err: + free(pkey_der); + return ret; +} + +CTLOG_STORE * +CTLOG_STORE_new(void) +{ + CTLOG_STORE *ret = calloc(1, sizeof(*ret)); + + if (ret == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + + ret->logs = sk_CTLOG_new_null(); + if (ret->logs == NULL) + goto err; + + return ret; + err: + free(ret); + return NULL; +} + +void +CTLOG_STORE_free(CTLOG_STORE *store) +{ + if (store != NULL) { + sk_CTLOG_pop_free(store->logs, CTLOG_free); + free(store); + } +} + +static int +ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *section) +{ + const char *description = NCONF_get_string(conf, section, + "description"); + char *pkey_base64; + + if (description == NULL) { + CTerror(CT_R_LOG_CONF_MISSING_DESCRIPTION); + return 0; + } + + pkey_base64 = NCONF_get_string(conf, section, "key"); + if (pkey_base64 == NULL) { + CTerror(CT_R_LOG_CONF_MISSING_KEY); + return 0; + } + + return CTLOG_new_from_base64(ct_log, pkey_base64, description); +} + +int +CTLOG_STORE_load_default_file(CTLOG_STORE *store) +{ + return CTLOG_STORE_load_file(store, CTLOG_FILE); +} + +/* + * Called by CONF_parse_list, which stops if this returns <= 0, + * Otherwise, one bad log entry would stop loading of any of + * the following log entries. + * It may stop parsing and returns -1 on any internal (malloc) error. + */ +static int +ctlog_store_load_log(const char *log_name, int log_name_len, void *arg) +{ + CTLOG_STORE_LOAD_CTX *load_ctx = arg; + CTLOG *ct_log = NULL; + /* log_name may not be null-terminated, so fix that before using it */ + char *tmp; + int ret = 0; + + /* log_name will be NULL for empty list entries */ + if (log_name == NULL) + return 1; + + tmp = strndup(log_name, log_name_len); + if (tmp == NULL) + goto mem_err; + + ret = ctlog_new_from_conf(&ct_log, load_ctx->conf, tmp); + free(tmp); + + if (ret < 0) { + /* Propagate any internal error */ + return ret; + } + if (ret == 0) { + /* If we can't load this log, record that fact and skip it */ + ++load_ctx->invalid_log_entries; + return 1; + } + + if (!sk_CTLOG_push(load_ctx->log_store->logs, ct_log)) { + goto mem_err; + } + return 1; + + mem_err: + CTLOG_free(ct_log); + CTerror(ERR_R_MALLOC_FAILURE); + return -1; +} + +int +CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file) +{ + int ret = 0; + char *enabled_logs; + CTLOG_STORE_LOAD_CTX* load_ctx = ctlog_store_load_ctx_new(); + + if (load_ctx == NULL) + return 0; + load_ctx->log_store = store; + load_ctx->conf = NCONF_new(NULL); + if (load_ctx->conf == NULL) + goto end; + + if (NCONF_load(load_ctx->conf, file, NULL) <= 0) { + CTerror(CT_R_LOG_CONF_INVALID); + goto end; + } + + enabled_logs = NCONF_get_string(load_ctx->conf, NULL, "enabled_logs"); + if (enabled_logs == NULL) { + CTerror(CT_R_LOG_CONF_INVALID); + goto end; + } + + if (!CONF_parse_list(enabled_logs, ',', 1, ctlog_store_load_log, load_ctx) || + load_ctx->invalid_log_entries > 0) { + CTerror(CT_R_LOG_CONF_INVALID); + goto end; + } + + ret = 1; + end: + NCONF_free(load_ctx->conf); + ctlog_store_load_ctx_free(load_ctx); + return ret; +} + +/* + * Initialize a new CTLOG object. + * Takes ownership of the public key. + * Copies the name. + */ +CTLOG * +CTLOG_new(EVP_PKEY *public_key, const char *name) +{ + CTLOG *ret = calloc(1, sizeof(*ret)); + + if (ret == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + + ret->name = strdup(name); + if (ret->name == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + if (ct_v1_log_id_from_pkey(public_key, ret->log_id) != 1) + goto err; + + ret->public_key = public_key; + return ret; + err: + CTLOG_free(ret); + return NULL; +} + +/* Frees CT log and associated structures */ +void +CTLOG_free(CTLOG *log) +{ + if (log != NULL) { + free(log->name); + EVP_PKEY_free(log->public_key); + free(log); + } +} + +const char * +CTLOG_get0_name(const CTLOG *log) +{ + return log->name; +} + +void +CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, size_t *log_id_len) +{ + *log_id = log->log_id; + *log_id_len = CT_V1_HASHLEN; +} + +EVP_PKEY * +CTLOG_get0_public_key(const CTLOG *log) +{ + return log->public_key; +} + +/* + * Given a log ID, finds the matching log. + * Returns NULL if no match found. + */ +const CTLOG * +CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, const uint8_t *log_id, + size_t log_id_len) +{ + int i; + + for (i = 0; i < sk_CTLOG_num(store->logs); ++i) { + const CTLOG *log = sk_CTLOG_value(store->logs, i); + if (memcmp(log->log_id, log_id, log_id_len) == 0) + return log; + } + + return NULL; +} diff --git a/crypto/ct/ct_oct.c b/crypto/ct/ct_oct.c new file mode 100644 index 00000000..94e67c6b --- /dev/null +++ b/crypto/ct/ct_oct.c @@ -0,0 +1,458 @@ +/* $OpenBSD: ct_oct.c,v 1.8 2021/12/20 17:23:07 jsing Exp $ */ +/* + * Written by Rob Stradling (rob@comodo.com) and Stephen Henson + * (steve@openssl.org) for the OpenSSL project 2014. + */ +/* ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifdef OPENSSL_NO_CT +# error "CT is disabled" +#endif + +#include +#include + +#include +#include +#include +#include + +#include "bytestring.h" +#include "ct_local.h" + +int +o2i_SCT_signature(SCT *sct, CBS *cbs) +{ + uint8_t hash_alg, sig_alg; + CBS signature; + + if (sct->version != SCT_VERSION_V1) { + CTerror(CT_R_UNSUPPORTED_VERSION); + return 0; + } + + /* + * Parse a digitally-signed element - see RFC 6962 section 3.2 and + * RFC 5246 sections 4.7 and 7.4.1.4.1. + */ + if (!CBS_get_u8(cbs, &hash_alg)) + goto err_invalid; + if (!CBS_get_u8(cbs, &sig_alg)) + goto err_invalid; + if (!CBS_get_u16_length_prefixed(cbs, &signature)) + goto err_invalid; + if (CBS_len(cbs) != 0) + goto err_invalid; + + /* + * Reject empty signatures since they are invalid for all supported + * algorithms (this really should be done by SCT_set1_signature()). + */ + if (CBS_len(&signature) == 0) + goto err_invalid; + + sct->hash_alg = hash_alg; + sct->sig_alg = sig_alg; + + if (SCT_get_signature_nid(sct) == NID_undef) + goto err_invalid; + + if (!SCT_set1_signature(sct, CBS_data(&signature), CBS_len(&signature))) + return 0; + + return 1; + + err_invalid: + CTerror(CT_R_SCT_INVALID_SIGNATURE); + return 0; +} + +static int +o2i_SCT_internal(SCT **out_sct, CBS *cbs) +{ + SCT *sct = NULL; + uint8_t version; + + *out_sct = NULL; + + if ((sct = SCT_new()) == NULL) + goto err; + + if (CBS_len(cbs) > MAX_SCT_SIZE) + goto err_invalid; + if (!CBS_peek_u8(cbs, &version)) + goto err_invalid; + + sct->version = version; + + if (version == SCT_VERSION_V1) { + CBS extensions, log_id; + uint64_t timestamp; + + /* + * Parse a v1 SignedCertificateTimestamp - see RFC 6962 + * section 3.2. + */ + if (!CBS_get_u8(cbs, &version)) + goto err_invalid; + if (!CBS_get_bytes(cbs, &log_id, CT_V1_LOG_ID_LEN)) + goto err_invalid; + if (!CBS_get_u64(cbs, ×tamp)) + goto err_invalid; + if (!CBS_get_u16_length_prefixed(cbs, &extensions)) + goto err_invalid; + + if (!CBS_stow(&log_id, &sct->log_id, &sct->log_id_len)) + goto err; + + sct->timestamp = timestamp; + + if (!CBS_stow(&extensions, &sct->ext, &sct->ext_len)) + goto err; + + if (!o2i_SCT_signature(sct, cbs)) + goto err; + + if (CBS_len(cbs) != 0) + goto err_invalid; + } else { + /* If not V1 just cache encoding. */ + if (!CBS_stow(cbs, &sct->sct, &sct->sct_len)) + goto err; + } + + *out_sct = sct; + + return 1; + + err_invalid: + CTerror(CT_R_SCT_INVALID); + err: + SCT_free(sct); + + return 0; +} + +SCT * +o2i_SCT(SCT **psct, const unsigned char **in, size_t len) +{ + SCT *sct; + CBS cbs; + + CBS_init(&cbs, *in, len); + + if (psct != NULL) { + SCT_free(*psct); + *psct = NULL; + } + + if (!o2i_SCT_internal(&sct, &cbs)) + return NULL; + + if (psct != NULL) + *psct = sct; + + *in = CBS_data(&cbs); + + return sct; +} + +int +i2o_SCT_signature(const SCT *sct, unsigned char **out) +{ + size_t len; + unsigned char *p = NULL, *pstart = NULL; + + if (!SCT_signature_is_complete(sct)) { + CTerror(CT_R_SCT_INVALID_SIGNATURE); + goto err; + } + + if (sct->version != SCT_VERSION_V1) { + CTerror(CT_R_UNSUPPORTED_VERSION); + goto err; + } + + /* + * (1 byte) Hash algorithm + * (1 byte) Signature algorithm + * (2 bytes + ?) Signature + */ + len = 4 + sct->sig_len; + + if (out != NULL) { + if (*out != NULL) { + p = *out; + *out += len; + } else { + pstart = p = malloc(len); + if (p == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + goto err; + } + *out = p; + } + + *p++ = sct->hash_alg; + *p++ = sct->sig_alg; + s2n(sct->sig_len, p); + memcpy(p, sct->sig, sct->sig_len); + } + + return len; + err: + free(pstart); + return -1; +} + +int +i2o_SCT(const SCT *sct, unsigned char **out) +{ + size_t len; + unsigned char *p = NULL, *pstart = NULL; + + if (!SCT_is_complete(sct)) { + CTerror(CT_R_SCT_NOT_SET); + goto err; + } + /* + * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes) + * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions + * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2 + * bytes + ?) Signature + */ + if (sct->version == SCT_VERSION_V1) + len = 43 + sct->ext_len + 4 + sct->sig_len; + else + len = sct->sct_len; + + if (out == NULL) + return len; + + if (*out != NULL) { + p = *out; + *out += len; + } else { + pstart = p = malloc(len); + if (p == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + goto err; + } + *out = p; + } + + if (sct->version == SCT_VERSION_V1) { + *p++ = sct->version; + memcpy(p, sct->log_id, CT_V1_HASHLEN); + p += CT_V1_HASHLEN; + l2n8(sct->timestamp, p); + s2n(sct->ext_len, p); + if (sct->ext_len > 0) { + memcpy(p, sct->ext, sct->ext_len); + p += sct->ext_len; + } + if (i2o_SCT_signature(sct, &p) <= 0) + goto err; + } else { + memcpy(p, sct->sct, len); + } + + return len; + err: + free(pstart); + return -1; +} + +STACK_OF(SCT) * +o2i_SCT_LIST(STACK_OF(SCT) **out_scts, const unsigned char **pp, size_t len) +{ + CBS cbs, cbs_scts, cbs_sct; + STACK_OF(SCT) *scts = NULL; + + CBS_init(&cbs, *pp, len); + + if (CBS_len(&cbs) > MAX_SCT_LIST_SIZE) + goto err_invalid; + if (!CBS_get_u16_length_prefixed(&cbs, &cbs_scts)) + goto err_invalid; + if (CBS_len(&cbs) != 0) + goto err_invalid; + + if (out_scts != NULL) { + SCT_LIST_free(*out_scts); + *out_scts = NULL; + } + + if ((scts = sk_SCT_new_null()) == NULL) + return NULL; + + while (CBS_len(&cbs_scts) > 0) { + SCT *sct; + + if (!CBS_get_u16_length_prefixed(&cbs_scts, &cbs_sct)) + goto err_invalid; + + if (!o2i_SCT_internal(&sct, &cbs_sct)) + goto err; + if (!sk_SCT_push(scts, sct)) { + SCT_free(sct); + goto err; + } + } + + if (out_scts != NULL) + *out_scts = scts; + + *pp = CBS_data(&cbs); + + return scts; + + err_invalid: + CTerror(CT_R_SCT_LIST_INVALID); + err: + SCT_LIST_free(scts); + + return NULL; +} + +int +i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp) +{ + int len, sct_len, i, is_pp_new = 0; + size_t len2; + unsigned char *p = NULL, *p2; + + if (pp != NULL) { + if (*pp == NULL) { + if ((len = i2o_SCT_LIST(a, NULL)) == -1) { + CTerror(CT_R_SCT_LIST_INVALID); + return -1; + } + if ((*pp = malloc(len)) == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + return -1; + } + is_pp_new = 1; + } + p = *pp + 2; + } + + len2 = 2; + for (i = 0; i < sk_SCT_num(a); i++) { + if (pp != NULL) { + p2 = p; + p += 2; + if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1) + goto err; + s2n(sct_len, p2); + } else { + if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1) + goto err; + } + len2 += 2 + sct_len; + } + + if (len2 > MAX_SCT_LIST_SIZE) + goto err; + + if (pp != NULL) { + p = *pp; + s2n(len2 - 2, p); + if (!is_pp_new) + *pp += len2; + } + return len2; + + err: + if (is_pp_new) { + free(*pp); + *pp = NULL; + } + return -1; +} + +STACK_OF(SCT) * +d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len) +{ + ASN1_OCTET_STRING *oct = NULL; + STACK_OF(SCT) *sk = NULL; + const unsigned char *p; + + p = *pp; + if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL) + return NULL; + + p = oct->data; + if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL) + *pp += len; + + ASN1_OCTET_STRING_free(oct); + return sk; +} + +int +i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out) +{ + ASN1_OCTET_STRING oct; + int len; + + oct.data = NULL; + if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1) + return -1; + + len = i2d_ASN1_OCTET_STRING(&oct, out); + free(oct.data); + return len; +} diff --git a/crypto/ct/ct_policy.c b/crypto/ct/ct_policy.c new file mode 100644 index 00000000..2cb3e693 --- /dev/null +++ b/crypto/ct/ct_policy.c @@ -0,0 +1,153 @@ +/* $OpenBSD: ct_policy.c,v 1.5 2021/12/18 16:34:52 tb Exp $ */ +/* + * Implementations of Certificate Transparency SCT policies. + * Written by Rob Percival (robpercival@google.com) for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 2016 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifdef OPENSSL_NO_CT +# error "CT is disabled" +#endif + +#include +#include +#include + +#include "ct_local.h" + +/* + * Number of seconds in the future that an SCT timestamp can be, by default, + * without being considered invalid. This is added to time() when setting a + * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms. + * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time(). + */ +static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300; + +CT_POLICY_EVAL_CTX * +CT_POLICY_EVAL_CTX_new(void) +{ + CT_POLICY_EVAL_CTX *ctx = calloc(1, sizeof(CT_POLICY_EVAL_CTX)); + + if (ctx == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + + /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */ + ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) * + 1000; + + return ctx; +} + +void +CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx) +{ + if (ctx == NULL) + return; + X509_free(ctx->cert); + X509_free(ctx->issuer); + free(ctx); +} + +int +CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert) +{ + if (!X509_up_ref(cert)) + return 0; + ctx->cert = cert; + return 1; +} + +int +CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer) +{ + if (!X509_up_ref(issuer)) + return 0; + ctx->issuer = issuer; + return 1; +} + +void +CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, + CTLOG_STORE *log_store) +{ + ctx->log_store = log_store; +} + +void +CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms) +{ + ctx->epoch_time_in_ms = time_in_ms; +} + +X509 * +CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx) +{ + return ctx->cert; +} + +X509 * +CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx) +{ + return ctx->issuer; +} + +const CTLOG_STORE * +CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx) +{ + return ctx->log_store; +} + +uint64_t +CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx) +{ + return ctx->epoch_time_in_ms; +} diff --git a/crypto/ct/ct_prn.c b/crypto/ct/ct_prn.c new file mode 100644 index 00000000..ea4f3b24 --- /dev/null +++ b/crypto/ct/ct_prn.c @@ -0,0 +1,208 @@ +/* $OpenBSD: ct_prn.c,v 1.6 2021/12/18 16:34:52 tb Exp $ */ +/* + * Written by Rob Stradling (rob@comodo.com) and Stephen Henson + * (steve@openssl.org) for the OpenSSL project 2014. + */ +/* ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifdef OPENSSL_NO_CT +# error "CT is disabled" +#endif + +#include +#include + +#include "ct_local.h" + +/* + * XXX public api in OpenSSL 1.1.0 but this is the only thing that uses it. + * so I am stuffing it here for the moment. + */ +static int +BIO_hex_string(BIO *out, int indent, int width, unsigned char *data, + int datalen) +{ + int i, j = 0; + + if (datalen < 1) + return 1; + + for (i = 0; i < datalen - 1; i++) { + if (i && !j) + BIO_printf(out, "%*s", indent, ""); + + BIO_printf(out, "%02X:", data[i]); + + j = (j + 1) % width; + if (!j) + BIO_printf(out, "\n"); + } + + if (i && !j) + BIO_printf(out, "%*s", indent, ""); + BIO_printf(out, "%02X", data[datalen - 1]); + return 1; +} + +static void +SCT_signature_algorithms_print(const SCT *sct, BIO *out) +{ + int nid = SCT_get_signature_nid(sct); + + if (nid == NID_undef) + BIO_printf(out, "%02X%02X", sct->hash_alg, sct->sig_alg); + else + BIO_printf(out, "%s", OBJ_nid2ln(nid)); +} + +static void +timestamp_print(uint64_t timestamp, BIO *out) +{ + ASN1_GENERALIZEDTIME *gen = ASN1_GENERALIZEDTIME_new(); + char genstr[20]; + + if (gen == NULL) + return; + ASN1_GENERALIZEDTIME_adj(gen, (time_t)0, (int)(timestamp / 86400000), + (timestamp % 86400000) / 1000); + /* + * Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15 + * characters long with a final Z. Update it with fractional seconds. + */ + snprintf(genstr, sizeof(genstr), "%.14sZ", ASN1_STRING_get0_data(gen)); + if (ASN1_GENERALIZEDTIME_set_string(gen, genstr)) + ASN1_GENERALIZEDTIME_print(out, gen); + ASN1_GENERALIZEDTIME_free(gen); +} + +const char * +SCT_validation_status_string(const SCT *sct) +{ + switch (SCT_get_validation_status(sct)) { + case SCT_VALIDATION_STATUS_NOT_SET: + return "not set"; + case SCT_VALIDATION_STATUS_UNKNOWN_VERSION: + return "unknown version"; + case SCT_VALIDATION_STATUS_UNKNOWN_LOG: + return "unknown log"; + case SCT_VALIDATION_STATUS_UNVERIFIED: + return "unverified"; + case SCT_VALIDATION_STATUS_INVALID: + return "invalid"; + case SCT_VALIDATION_STATUS_VALID: + return "valid"; + } + return "unknown status"; +} + +void +SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *log_store) +{ + const CTLOG *log = NULL; + + if (log_store != NULL) { + log = CTLOG_STORE_get0_log_by_id(log_store, sct->log_id, + sct->log_id_len); + } + + BIO_printf(out, "%*sSigned Certificate Timestamp:", indent, ""); + BIO_printf(out, "\n%*sVersion : ", indent + 4, ""); + + if (sct->version != SCT_VERSION_V1) { + BIO_printf(out, "unknown\n%*s", indent + 16, ""); + BIO_hex_string(out, indent + 16, 16, sct->sct, sct->sct_len); + return; + } + + BIO_printf(out, "v1 (0x0)"); + + if (log != NULL) { + BIO_printf(out, "\n%*sLog : %s", indent + 4, "", + CTLOG_get0_name(log)); + } + + BIO_printf(out, "\n%*sLog ID : ", indent + 4, ""); + BIO_hex_string(out, indent + 16, 16, sct->log_id, sct->log_id_len); + + BIO_printf(out, "\n%*sTimestamp : ", indent + 4, ""); + timestamp_print(sct->timestamp, out); + + BIO_printf(out, "\n%*sExtensions: ", indent + 4, ""); + if (sct->ext_len == 0) + BIO_printf(out, "none"); + else + BIO_hex_string(out, indent + 16, 16, sct->ext, sct->ext_len); + + BIO_printf(out, "\n%*sSignature : ", indent + 4, ""); + SCT_signature_algorithms_print(sct, out); + BIO_printf(out, "\n%*s ", indent + 4, ""); + BIO_hex_string(out, indent + 16, 16, sct->sig, sct->sig_len); +} + +void +SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, + const char *separator, const CTLOG_STORE *log_store) +{ + int sct_count = sk_SCT_num(sct_list); + int i; + + for (i = 0; i < sct_count; ++i) { + SCT *sct = sk_SCT_value(sct_list, i); + + SCT_print(sct, out, indent, log_store); + if (i < sk_SCT_num(sct_list) - 1) + BIO_printf(out, "%s", separator); + } +} diff --git a/crypto/ct/ct_sct.c b/crypto/ct/ct_sct.c new file mode 100644 index 00000000..a05b0f92 --- /dev/null +++ b/crypto/ct/ct_sct.c @@ -0,0 +1,480 @@ +/* $OpenBSD: ct_sct.c,v 1.8 2022/01/22 00:29:59 inoguchi Exp $ */ +/* + * Written by Rob Stradling (rob@comodo.com), Stephen Henson (steve@openssl.org) + * and Adam Eijdenberg (adam.eijdenberg@gmail.com) for the OpenSSL project 2016. + */ +/* ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifdef OPENSSL_NO_CT +# error "CT disabled" +#endif + +#include +#include +#include +#include +#include + +#include + +#include "ct_local.h" + +SCT * +SCT_new(void) +{ + SCT *sct = calloc(1, sizeof(*sct)); + + if (sct == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + + sct->entry_type = CT_LOG_ENTRY_TYPE_NOT_SET; + sct->version = SCT_VERSION_NOT_SET; + return sct; +} + +void +SCT_free(SCT *sct) +{ + if (sct == NULL) + return; + + free(sct->log_id); + free(sct->ext); + free(sct->sig); + free(sct->sct); + free(sct); +} + +void +SCT_LIST_free(STACK_OF(SCT) *scts) +{ + sk_SCT_pop_free(scts, SCT_free); +} + +int +SCT_set_version(SCT *sct, sct_version_t version) +{ + if (version != SCT_VERSION_V1) { + CTerror(CT_R_UNSUPPORTED_VERSION); + return 0; + } + sct->version = version; + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; + return 1; +} + +int +SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type) +{ + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; + + switch (entry_type) { + case CT_LOG_ENTRY_TYPE_X509: + case CT_LOG_ENTRY_TYPE_PRECERT: + sct->entry_type = entry_type; + return 1; + case CT_LOG_ENTRY_TYPE_NOT_SET: + break; + } + CTerror(CT_R_UNSUPPORTED_ENTRY_TYPE); + return 0; +} + +int +SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len) +{ + if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) { + CTerror(CT_R_INVALID_LOG_ID_LENGTH); + return 0; + } + + free(sct->log_id); + sct->log_id = log_id; + sct->log_id_len = log_id_len; + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; + return 1; +} + +int +SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len) +{ + if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) { + CTerror(CT_R_INVALID_LOG_ID_LENGTH); + return 0; + } + + free(sct->log_id); + sct->log_id = NULL; + sct->log_id_len = 0; + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; + + if (log_id != NULL && log_id_len > 0) { + sct->log_id = malloc(log_id_len); + if (sct->log_id == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(sct->log_id, log_id, log_id_len); + sct->log_id_len = log_id_len; + } + return 1; +} + + +void +SCT_set_timestamp(SCT *sct, uint64_t timestamp) +{ + sct->timestamp = timestamp; + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; +} + +int +SCT_set_signature_nid(SCT *sct, int nid) +{ + switch (nid) { + case NID_sha256WithRSAEncryption: + sct->hash_alg = 4; /* XXX */ + sct->sig_alg = 1; /* XXX */ + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; + return 1; + case NID_ecdsa_with_SHA256: + sct->hash_alg = 4; /* XXX */ + sct->sig_alg = 3; /* XXX */ + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; + return 1; + default: + CTerror(CT_R_UNRECOGNIZED_SIGNATURE_NID); + return 0; + } +} + +void +SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len) +{ + free(sct->ext); + sct->ext = ext; + sct->ext_len = ext_len; + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; +} + +int +SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len) +{ + free(sct->ext); + sct->ext = NULL; + sct->ext_len = 0; + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; + + if (ext != NULL && ext_len > 0) { + sct->ext = malloc(ext_len); + if (sct->ext == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(sct->ext, ext, ext_len); + sct->ext_len = ext_len; + } + return 1; +} + +void +SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len) +{ + free(sct->sig); + sct->sig = sig; + sct->sig_len = sig_len; + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; +} + +int +SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len) +{ + free(sct->sig); + sct->sig = NULL; + sct->sig_len = 0; + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; + + if (sig != NULL && sig_len > 0) { + sct->sig = malloc(sig_len); + if (sct->sig == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(sct->sig, sig, sig_len); + sct->sig_len = sig_len; + } + return 1; +} + +sct_version_t +SCT_get_version(const SCT *sct) +{ + return sct->version; +} + +ct_log_entry_type_t +SCT_get_log_entry_type(const SCT *sct) +{ + return sct->entry_type; +} + +size_t +SCT_get0_log_id(const SCT *sct, unsigned char **log_id) +{ + *log_id = sct->log_id; + return sct->log_id_len; +} + +uint64_t +SCT_get_timestamp(const SCT *sct) +{ + return sct->timestamp; +} + +int +SCT_get_signature_nid(const SCT *sct) +{ + if (sct->version == SCT_VERSION_V1) { + /* XXX sigalg numbers */ + if (sct->hash_alg == 4) { + switch (sct->sig_alg) { + case 3: + return NID_ecdsa_with_SHA256; + case 1: + return NID_sha256WithRSAEncryption; + default: + return NID_undef; + } + } + } + return NID_undef; +} + +size_t +SCT_get0_extensions(const SCT *sct, unsigned char **ext) +{ + *ext = sct->ext; + return sct->ext_len; +} + +size_t +SCT_get0_signature(const SCT *sct, unsigned char **sig) +{ + *sig = sct->sig; + return sct->sig_len; +} + +int +SCT_is_complete(const SCT *sct) +{ + switch (sct->version) { + case SCT_VERSION_NOT_SET: + return 0; + case SCT_VERSION_V1: + return sct->log_id != NULL && SCT_signature_is_complete(sct); + default: + return sct->sct != NULL; /* Just need cached encoding */ + } +} + +int +SCT_signature_is_complete(const SCT *sct) +{ + return SCT_get_signature_nid(sct) != NID_undef && + sct->sig != NULL && sct->sig_len > 0; +} + +sct_source_t +SCT_get_source(const SCT *sct) +{ + return sct->source; +} + +int +SCT_set_source(SCT *sct, sct_source_t source) +{ + sct->source = source; + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; + switch (source) { + case SCT_SOURCE_TLS_EXTENSION: + case SCT_SOURCE_OCSP_STAPLED_RESPONSE: + return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_X509); + case SCT_SOURCE_X509V3_EXTENSION: + return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_PRECERT); + case SCT_SOURCE_UNKNOWN: + break; + } + /* if we aren't sure, leave the log entry type alone */ + return 1; +} + +sct_validation_status_t +SCT_get_validation_status(const SCT *sct) +{ + return sct->validation_status; +} + +int +SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx) +{ + int is_sct_valid = -1; + SCT_CTX *sctx = NULL; + X509_PUBKEY *pub = NULL, *log_pkey = NULL; + const CTLOG *log; + + /* + * With an unrecognized SCT version we don't know what such an SCT means, + * let alone validate one. So we return validation failure (0). + */ + if (sct->version != SCT_VERSION_V1) { + sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_VERSION; + return 0; + } + + log = CTLOG_STORE_get0_log_by_id(ctx->log_store, sct->log_id, + sct->log_id_len); + + /* Similarly, an SCT from an unknown log also cannot be validated. */ + if (log == NULL) { + sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_LOG; + return 0; + } + + sctx = SCT_CTX_new(); + if (sctx == NULL) + goto err; + + if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(log)) != 1) + goto err; + if (SCT_CTX_set1_pubkey(sctx, log_pkey) != 1) + goto err; + + if (SCT_get_log_entry_type(sct) == CT_LOG_ENTRY_TYPE_PRECERT) { + EVP_PKEY *issuer_pkey; + + if (ctx->issuer == NULL) { + sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED; + goto end; + } + + if ((issuer_pkey = X509_get0_pubkey(ctx->issuer)) == NULL) + goto err; + + if (X509_PUBKEY_set(&pub, issuer_pkey) != 1) + goto err; + if (SCT_CTX_set1_issuer_pubkey(sctx, pub) != 1) + goto err; + } + + SCT_CTX_set_time(sctx, ctx->epoch_time_in_ms); + + /* + * XXX: Potential for optimization. This repeats some idempotent heavy + * lifting on the certificate for each candidate SCT, and appears to not + * use any information in the SCT itself, only the certificate is + * processed. So it may make more sense to to do this just once, perhaps + * associated with the shared (by all SCTs) policy eval ctx. + * + * XXX: Failure here is global (SCT independent) and represents either an + * issue with the certificate (e.g. duplicate extensions) or an out of + * memory condition. When the certificate is incompatible with CT, we just + * mark the SCTs invalid, rather than report a failure to determine the + * validation status. That way, callbacks that want to do "soft" SCT + * processing will not abort handshakes with false positive internal + * errors. Since the function does not distinguish between certificate + * issues (peer's fault) and internal problems (out fault) the safe thing + * to do is to report a validation failure and let the callback or + * application decide what to do. + */ + if (SCT_CTX_set1_cert(sctx, ctx->cert, NULL) != 1) + sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED; + else + sct->validation_status = SCT_CTX_verify(sctx, sct) == 1 ? + SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID; + + end: + is_sct_valid = sct->validation_status == SCT_VALIDATION_STATUS_VALID; + err: + X509_PUBKEY_free(pub); + X509_PUBKEY_free(log_pkey); + SCT_CTX_free(sctx); + + return is_sct_valid; +} + +int +SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx) +{ + int are_scts_valid = 1; + int sct_count = scts != NULL ? sk_SCT_num(scts) : 0; + int i; + + for (i = 0; i < sct_count; ++i) { + int is_sct_valid = -1; + SCT *sct = sk_SCT_value(scts, i); + + if (sct == NULL) + continue; + + is_sct_valid = SCT_validate(sct, ctx); + if (is_sct_valid < 0) + return is_sct_valid; + are_scts_valid &= is_sct_valid; + } + + return are_scts_valid; +} diff --git a/crypto/ct/ct_sct_ctx.c b/crypto/ct/ct_sct_ctx.c new file mode 100644 index 00000000..b2b6d4e2 --- /dev/null +++ b/crypto/ct/ct_sct_ctx.c @@ -0,0 +1,323 @@ +/* $OpenBSD: ct_sct_ctx.c,v 1.6 2022/06/30 11:14:47 tb Exp $ */ +/* + * Written by Rob Stradling (rob@comodo.com) and Stephen Henson + * (steve@openssl.org) for the OpenSSL project 2014. + */ +/* ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifdef OPENSSL_NO_CT +# error "CT is disabled" +#endif + +#include +#include + +#include +#include +#include + +#include "ct_local.h" + +SCT_CTX * +SCT_CTX_new(void) +{ + SCT_CTX *sctx = calloc(1, sizeof(*sctx)); + + if (sctx == NULL) + CTerror(ERR_R_MALLOC_FAILURE); + + return sctx; +} + +void +SCT_CTX_free(SCT_CTX *sctx) +{ + if (sctx == NULL) + return; + EVP_PKEY_free(sctx->pkey); + free(sctx->pkeyhash); + free(sctx->ihash); + free(sctx->certder); + free(sctx->preder); + free(sctx); +} + +/* + * Finds the index of the first extension with the given NID in cert. + * If there is more than one extension with that NID, *is_duplicated is set to + * 1, otherwise 0 (unless it is NULL). + */ +static int +ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated) +{ + int ret = X509_get_ext_by_NID(cert, nid, -1); + + if (is_duplicated != NULL) + *is_duplicated = ret >= 0 && + X509_get_ext_by_NID(cert, nid, ret) >= 0; + + return ret; +} + +/* + * Modifies a certificate by deleting extensions and copying the issuer and + * AKID from the presigner certificate, if necessary. + * Returns 1 on success, 0 otherwise. + */ +static int +ct_x509_cert_fixup(X509 *cert, X509 *presigner) +{ + int preidx, certidx; + int pre_akid_ext_is_dup, cert_akid_ext_is_dup; + + if (presigner == NULL) + return 1; + + preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier, + &pre_akid_ext_is_dup); + certidx = ct_x509_get_ext(cert, NID_authority_key_identifier, + &cert_akid_ext_is_dup); + + /* An error occurred whilst searching for the extension */ + if (preidx < -1 || certidx < -1) + return 0; + /* Invalid certificate if they contain duplicate extensions */ + if (pre_akid_ext_is_dup || cert_akid_ext_is_dup) + return 0; + /* AKID must be present in both certificate or absent in both */ + if (preidx >= 0 && certidx == -1) + return 0; + if (preidx == -1 && certidx >= 0) + return 0; + /* Copy issuer name */ + if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner))) + return 0; + if (preidx != -1) { + /* Retrieve and copy AKID encoding */ + X509_EXTENSION *preext = X509_get_ext(presigner, preidx); + X509_EXTENSION *certext = X509_get_ext(cert, certidx); + ASN1_OCTET_STRING *preextdata; + + /* Should never happen */ + if (preext == NULL || certext == NULL) + return 0; + preextdata = X509_EXTENSION_get_data(preext); + if (preextdata == NULL || + !X509_EXTENSION_set_data(certext, preextdata)) + return 0; + } + return 1; +} + +int +SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner) +{ + unsigned char *certder = NULL, *preder = NULL; + X509 *pretmp = NULL; + int certderlen = 0, prederlen = 0; + int idx = -1; + int poison_ext_is_dup, sct_ext_is_dup; + int poison_idx = ct_x509_get_ext(cert, NID_ct_precert_poison, &poison_ext_is_dup); + + /* Duplicate poison extensions are present - error */ + if (poison_ext_is_dup) + goto err; + + /* If *cert doesn't have a poison extension, it isn't a precert */ + if (poison_idx == -1) { + /* cert isn't a precert, so we shouldn't have a presigner */ + if (presigner != NULL) + goto err; + + certderlen = i2d_X509(cert, &certder); + if (certderlen < 0) + goto err; + } + + /* See if cert has a precert SCTs extension */ + idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup); + /* Duplicate SCT extensions are present - error */ + if (sct_ext_is_dup) + goto err; + + if (idx >= 0 && poison_idx >= 0) { + /* + * cert can't both contain SCTs (i.e. have an SCT extension) and be a + * precert (i.e. have a poison extension). + */ + goto err; + } + + if (idx == -1) { + idx = poison_idx; + } + + /* + * If either a poison or SCT extension is present, remove it before encoding + * cert. This, along with ct_x509_cert_fixup(), gets a TBSCertificate (see + * RFC5280) from cert, which is what the CT log signed when it produced the + * SCT. + */ + if (idx >= 0) { + X509_EXTENSION *ext; + + /* Take a copy of certificate so we don't modify passed version */ + pretmp = X509_dup(cert); + if (pretmp == NULL) + goto err; + + ext = X509_delete_ext(pretmp, idx); + X509_EXTENSION_free(ext); + + if (!ct_x509_cert_fixup(pretmp, presigner)) + goto err; + + prederlen = i2d_re_X509_tbs(pretmp, &preder); + if (prederlen <= 0) + goto err; + } + + X509_free(pretmp); + + free(sctx->certder); + sctx->certder = certder; + sctx->certderlen = certderlen; + + free(sctx->preder); + sctx->preder = preder; + sctx->prederlen = prederlen; + + return 1; + err: + free(certder); + free(preder); + X509_free(pretmp); + return 0; +} + +static int +ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash, size_t *hash_len) +{ + int ret = 0; + unsigned char *md = NULL, *der = NULL; + int der_len; + unsigned int md_len; + + /* Reuse buffer if possible */ + if (*hash != NULL && *hash_len >= SHA256_DIGEST_LENGTH) { + md = *hash; + } else { + md = malloc(SHA256_DIGEST_LENGTH); + if (md == NULL) + goto err; + } + + /* Calculate key hash */ + der_len = i2d_X509_PUBKEY(pkey, &der); + if (der_len <= 0) + goto err; + + if (!EVP_Digest(der, der_len, md, &md_len, EVP_sha256(), NULL)) + goto err; + + if (md != *hash) { + free(*hash); + *hash = md; + *hash_len = SHA256_DIGEST_LENGTH; + } + + md = NULL; + ret = 1; + err: + free(md); + free(der); + return ret; +} + +int +SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer) +{ + return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer)); +} + +int +SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey) +{ + return ct_public_key_hash(pubkey, &sctx->ihash, &sctx->ihashlen); +} + +int +SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey) +{ + EVP_PKEY *pkey = X509_PUBKEY_get(pubkey); + + if (pkey == NULL) + return 0; + + if (!ct_public_key_hash(pubkey, &sctx->pkeyhash, &sctx->pkeyhashlen)) { + EVP_PKEY_free(pkey); + return 0; + } + + EVP_PKEY_free(sctx->pkey); + sctx->pkey = pkey; + return 1; +} + +void +SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms) +{ + sctx->epoch_time_in_ms = time_in_ms; +} diff --git a/crypto/ct/ct_vfy.c b/crypto/ct/ct_vfy.c new file mode 100644 index 00000000..42411726 --- /dev/null +++ b/crypto/ct/ct_vfy.c @@ -0,0 +1,195 @@ +/* $OpenBSD: ct_vfy.c,v 1.6 2022/01/06 14:34:40 jsing Exp $ */ +/* + * Written by Rob Stradling (rob@comodo.com) and Stephen Henson + * (steve@openssl.org) for the OpenSSL project 2014. + */ +/* ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include +#include +#include +#include + +#include "ct_local.h" + +typedef enum sct_signature_type_t { + SIGNATURE_TYPE_NOT_SET = -1, + SIGNATURE_TYPE_CERT_TIMESTAMP, + SIGNATURE_TYPE_TREE_HASH +} SCT_SIGNATURE_TYPE; + +/* + * Update encoding for SCT signature verification/generation to supplied + * EVP_MD_CTX. + */ +static int +sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct) +{ + CBB cbb, entry, extensions; + uint8_t *data = NULL; + size_t data_len; + int ret = 0; + + memset(&cbb, 0, sizeof(cbb)); + + if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET) + goto err; + if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL) + goto err; + + if (!CBB_init(&cbb, 0)) + goto err; + + /* + * Build the digitally-signed struct per RFC 6962 section 3.2. + */ + if (!CBB_add_u8(&cbb, sct->version)) + goto err; + if (!CBB_add_u8(&cbb, SIGNATURE_TYPE_CERT_TIMESTAMP)) + goto err; + if (!CBB_add_u64(&cbb, sct->timestamp)) + goto err; + if (!CBB_add_u16(&cbb, sct->entry_type)) + goto err; + + if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT) { + if (!CBB_add_bytes(&cbb, sctx->ihash, sctx->ihashlen)) + goto err; + } + + if (!CBB_add_u24_length_prefixed(&cbb, &entry)) + goto err; + if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT) { + if (sctx->preder == NULL) + goto err; + if (!CBB_add_bytes(&entry, sctx->preder, sctx->prederlen)) + goto err; + } else { + if (sctx->certder == NULL) + goto err; + if (!CBB_add_bytes(&entry, sctx->certder, sctx->certderlen)) + goto err; + } + + if (!CBB_add_u16_length_prefixed(&cbb, &extensions)) + goto err; + if (sct->ext_len > 0) { + if (!CBB_add_bytes(&extensions, sct->ext, sct->ext_len)) + goto err; + } + + if (!CBB_finish(&cbb, &data, &data_len)) + goto err; + + if (!EVP_DigestUpdate(ctx, data, data_len)) + goto err; + + ret = 1; + + err: + CBB_cleanup(&cbb); + free(data); + + return ret; +} + +int +SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct) +{ + EVP_MD_CTX *ctx = NULL; + int ret = 0; + + if (!SCT_is_complete(sct) || sctx->pkey == NULL || + sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET || + (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && + sctx->ihash == NULL)) { + CTerror(CT_R_SCT_NOT_SET); + return 0; + } + if (sct->version != SCT_VERSION_V1) { + CTerror(CT_R_SCT_UNSUPPORTED_VERSION); + return 0; + } + if (sct->log_id_len != sctx->pkeyhashlen || + memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) { + CTerror(CT_R_SCT_LOG_ID_MISMATCH); + return 0; + } + if (sct->timestamp > sctx->epoch_time_in_ms) { + CTerror(CT_R_SCT_FUTURE_TIMESTAMP); + return 0; + } + + if ((ctx = EVP_MD_CTX_new()) == NULL) + goto end; + + if (!EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, sctx->pkey)) + goto end; + + if (!sct_ctx_update(ctx, sctx, sct)) + goto end; + + /* Verify signature */ + /* If ret < 0 some other error: fall through without setting error */ + if ((ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len)) == 0) + CTerror(CT_R_SCT_INVALID_SIGNATURE); + + end: + EVP_MD_CTX_free(ctx); + + return ret; +} diff --git a/crypto/ct/ct_x509v3.c b/crypto/ct/ct_x509v3.c new file mode 100644 index 00000000..59f2975c --- /dev/null +++ b/crypto/ct/ct_x509v3.c @@ -0,0 +1,186 @@ +/* $OpenBSD: ct_x509v3.c,v 1.6 2021/12/25 15:42:32 tb Exp $ */ +/* + * Written by Rob Stradling (rob@comodo.com) and Stephen Henson + * (steve@openssl.org) for the OpenSSL project 2014. + */ +/* ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifdef OPENSSL_NO_CT +# error "CT is disabled" +#endif + +#include + +#include "ct_local.h" + +static char * +i2s_poison(const X509V3_EXT_METHOD *method, void *val) +{ + return strdup("NULL"); +} + +static void * +s2i_poison(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) +{ + return ASN1_NULL_new(); +} + +static int +i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list, BIO *out, + int indent) +{ + SCT_LIST_print(sct_list, out, indent, "\n", NULL); + return 1; +} + +static int +set_sct_list_source(STACK_OF(SCT) *s, sct_source_t source) +{ + if (s != NULL) { + int i; + + for (i = 0; i < sk_SCT_num(s); i++) { + int res = SCT_set_source(sk_SCT_value(s, i), source); + + if (res != 1) { + return 0; + } + } + } + return 1; +} + +static STACK_OF(SCT) * +x509_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len) +{ + STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len); + + if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) { + SCT_LIST_free(s); + *a = NULL; + return NULL; + } + return s; +} + +static STACK_OF(SCT) * +ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len) +{ + STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len); + + if (set_sct_list_source(s, SCT_SOURCE_OCSP_STAPLED_RESPONSE) != 1) { + SCT_LIST_free(s); + *a = NULL; + return NULL; + } + return s; +} + +/* Handlers for X509v3/OCSP Certificate Transparency extensions */ +const X509V3_EXT_METHOD v3_ct_scts[3] = { + /* X509v3 extension in certificates that contains SCTs */ + [0] = { + .ext_nid = NID_ct_precert_scts, + .ext_flags = 0, + .it = NULL, + .ext_new = NULL, + .ext_free = (X509V3_EXT_FREE)SCT_LIST_free, + .d2i = (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, + .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = NULL, + .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST, + .r2i = NULL, + .usr_data = NULL, + }, + + /* X509v3 extension to mark a certificate as a pre-certificate */ + [1] = { + .ext_nid = NID_ct_precert_poison, + .ext_flags = 0, + .it = &ASN1_NULL_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = i2s_poison, + .s2i = s2i_poison, + .i2v = NULL, + .v2i = NULL, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, + }, + + /* OCSP extension that contains SCTs */ + [2] = { + .ext_nid = NID_ct_cert_scts, + .ext_flags = 0, + .it = NULL, + .ext_new = NULL, + .ext_free = (X509V3_EXT_FREE)SCT_LIST_free, + .d2i = (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, + .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = NULL, + .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST, + .r2i = NULL, + .usr_data = NULL, + }, +}; diff --git a/crypto/curve25519/curve25519.c b/crypto/curve25519/curve25519.c index 13b54c3d..6df03a3a 100644 --- a/crypto/curve25519/curve25519.c +++ b/crypto/curve25519/curve25519.c @@ -1,4 +1,4 @@ -/* $OpenBSD: curve25519.c,v 1.5 2019/05/11 15:55:52 tb Exp $ */ +/* $OpenBSD: curve25519.c,v 1.6 2022/02/08 16:44:23 tb Exp $ */ /* * Copyright (c) 2015, Google Inc. * @@ -3513,7 +3513,7 @@ static void table_select(ge_precomp *t, int pos, signed char b) { * * Preconditions: * a[31] <= 127 */ -void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t *a) { +void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t a[32]) { signed char e[64]; signed char carry; ge_p1p1 r; diff --git a/crypto/des/cfb_enc.c b/crypto/des/cfb_enc.c index 59a3e718..4231f469 100644 --- a/crypto/des/cfb_enc.c +++ b/crypto/des/cfb_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cfb_enc.c,v 1.13 2015/02/10 09:46:30 miod Exp $ */ +/* $OpenBSD: cfb_enc.c,v 1.14 2021/11/09 18:40:21 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,7 +57,7 @@ */ #include "des_locl.h" -#include +#include /* The input and output are loaded in multiples of 8 bits. * What this means is that if you hame numbits=12 and length=2 diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index af15fb2c..3701946c 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_ameth.c,v 1.18 2020/01/04 13:57:43 inoguchi Exp $ */ +/* $OpenBSD: dh_ameth.c,v 1.24 2022/06/27 12:36:05 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -65,6 +65,8 @@ #include #include "asn1_locl.h" +#include "dh_local.h" +#include "evp_locl.h" static void int_dh_free(EVP_PKEY *pkey) @@ -93,7 +95,7 @@ dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) goto err; } - pstr = pval; + pstr = pval; pm = pstr->data; pmlen = pstr->length; @@ -178,7 +180,7 @@ dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) * that the AlgorithmIdentifier contains the paramaters, the private key * is explcitly included and the pubkey must be recalculated. */ - + static int dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) { @@ -202,7 +204,7 @@ dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) goto decerr; - pstr = pval; + pstr = pval; pm = pstr->data; pmlen = pstr->length; if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) @@ -351,7 +353,8 @@ do_dh_print(BIO *bp, const DH *x, int indent, ASN1_PCTX *ctx, int ptype) goto err; } - BIO_indent(bp, indent, 128); + if (!BIO_indent(bp, indent, 128)) + goto err; if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0) goto err; indent += 4; @@ -366,7 +369,8 @@ do_dh_print(BIO *bp, const DH *x, int indent, ASN1_PCTX *ctx, int ptype) if (!ASN1_bn_print(bp, "generator:", x->g, m, indent)) goto err; if (x->length != 0) { - BIO_indent(bp, indent, 128); + if (!BIO_indent(bp, indent, 128)) + goto err; if (BIO_printf(bp, "recommended-private-length: %d bits\n", (int)x->length) <= 0) goto err; @@ -393,6 +397,12 @@ dh_bits(const EVP_PKEY *pkey) return BN_num_bits(pkey->pkey.dh->p); } +static int +dh_security_bits(const EVP_PKEY *pkey) +{ + return DH_security_bits(pkey->pkey.dh); +} + static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) { @@ -464,6 +474,32 @@ DHparams_print(BIO *bp, const DH *x) return do_dh_print(bp, x, 4, NULL, 0); } +static int +dh_pkey_public_check(const EVP_PKEY *pkey) +{ + DH *dh = pkey->pkey.dh; + + if (dh->pub_key == NULL) { + DHerror(DH_R_MISSING_PUBKEY); + return 0; + } + + return DH_check_pub_key_ex(dh, dh->pub_key); +} + +static int +dh_pkey_param_check(const EVP_PKEY *pkey) +{ + DH *dh = pkey->pkey.dh; + + /* + * It would have made more sense to support EVP_PKEY_check() for DH + * keys and call DH_check_ex() there and keeping this as a wrapper + * for DH_param_check_ex(). We follow OpenSSL's choice. + */ + return DH_check_ex(dh); +} + const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { .pkey_id = EVP_PKEY_DH, .pkey_base_id = EVP_PKEY_DH, @@ -482,6 +518,7 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { .pkey_size = int_dh_size, .pkey_bits = dh_bits, + .pkey_security_bits = dh_security_bits, .param_decode = dh_param_decode, .param_encode = dh_param_encode, @@ -491,4 +528,8 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { .param_print = dh_param_print, .pkey_free = int_dh_free, + + .pkey_check = NULL, + .pkey_public_check = dh_pkey_public_check, + .pkey_param_check = dh_pkey_param_check, }; diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c index f4850293..10184f0b 100644 --- a/crypto/dh/dh_asn1.c +++ b/crypto/dh/dh_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_asn1.c,v 1.10 2016/12/30 15:26:49 jsing Exp $ */ +/* $OpenBSD: dh_asn1.c,v 1.11 2022/01/07 09:27:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -63,6 +63,8 @@ #include #include +#include "dh_local.h" + /* Override the default free and new methods */ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index a8227d31..ee405f92 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_check.c,v 1.17 2019/01/20 01:56:59 tb Exp $ */ +/* $OpenBSD: dh_check.c,v 1.25 2022/07/13 18:38:20 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,87 +60,242 @@ #include #include +#include + +#include "bn_lcl.h" +#include "dh_local.h" + +#define DH_NUMBER_ITERATIONS_FOR_PRIME 64 + +/* + * Check that p is odd and 1 < g < p - 1. The _ex version removes the need of + * inspecting flags and pushes errors on the stack instead. + */ + +int +DH_check_params_ex(const DH *dh) +{ + int flags = 0; + + if (!DH_check_params(dh, &flags)) + return 0; + + if ((flags & DH_CHECK_P_NOT_PRIME) != 0) + DHerror(DH_R_CHECK_P_NOT_PRIME); + if ((flags & DH_NOT_SUITABLE_GENERATOR) != 0) + DHerror(DH_R_NOT_SUITABLE_GENERATOR); + + return flags == 0; +} + +int +DH_check_params(const DH *dh, int *flags) +{ + BIGNUM *max_g = NULL; + int ok = 0; + + *flags = 0; + + if (!BN_is_odd(dh->p)) + *flags |= DH_CHECK_P_NOT_PRIME; + + /* + * Check that 1 < dh->g < p - 1 + */ + + if (BN_cmp(dh->g, BN_value_one()) <= 0) + *flags |= DH_NOT_SUITABLE_GENERATOR; + /* max_g = p - 1 */ + if ((max_g = BN_dup(dh->p)) == NULL) + goto err; + if (!BN_sub_word(max_g, 1)) + goto err; + /* check that g < max_g */ + if (BN_cmp(dh->g, max_g) >= 0) + *flags |= DH_NOT_SUITABLE_GENERATOR; + + ok = 1; + + err: + BN_free(max_g); + + return ok; +} /* - * Check that p is a safe prime and - * if g is 2, 3 or 5, check that it is a suitable generator - * where - * for 2, p mod 24 == 11 - * for 3, p mod 12 == 5 - * for 5, p mod 10 == 3 or 7 - * should hold. + * Check that p is a safe prime and that g is a suitable generator. + * The _ex version puts errors on the stack instead of returning flags. */ int -DH_check(const DH *dh, int *ret) +DH_check_ex(const DH *dh) +{ + int flags = 0; + + if (!DH_check(dh, &flags)) + return 0; + + if ((flags & DH_NOT_SUITABLE_GENERATOR) != 0) + DHerror(DH_R_NOT_SUITABLE_GENERATOR); + if ((flags & DH_CHECK_Q_NOT_PRIME) != 0) + DHerror(DH_R_CHECK_Q_NOT_PRIME); + if ((flags & DH_CHECK_INVALID_Q_VALUE) != 0) + DHerror(DH_R_CHECK_INVALID_Q_VALUE); + if ((flags & DH_CHECK_INVALID_J_VALUE) != 0) + DHerror(DH_R_CHECK_INVALID_J_VALUE); + if ((flags & DH_UNABLE_TO_CHECK_GENERATOR) != 0) + DHerror(DH_R_UNABLE_TO_CHECK_GENERATOR); + if ((flags & DH_CHECK_P_NOT_PRIME) != 0) + DHerror(DH_R_CHECK_P_NOT_PRIME); + if ((flags & DH_CHECK_P_NOT_SAFE_PRIME) != 0) + DHerror(DH_R_CHECK_P_NOT_SAFE_PRIME); + + return flags == 0; +} + +int +DH_check(const DH *dh, int *flags) { - int is_prime, ok = 0; BN_CTX *ctx = NULL; - BN_ULONG l; - BIGNUM *q = NULL; + int is_prime; + int ok = 0; + + *flags = 0; + + if (!DH_check_params(dh, flags)) + goto err; - *ret = 0; ctx = BN_CTX_new(); if (ctx == NULL) goto err; - q = BN_new(); - if (q == NULL) - goto err; + BN_CTX_start(ctx); + + if (dh->q != NULL) { + BIGNUM *quotient, *residue; - if (BN_is_word(dh->g, DH_GENERATOR_2)) { - l = BN_mod_word(dh->p, 24); - if (l == (BN_ULONG)-1) + if ((quotient = BN_CTX_get(ctx)) == NULL) + goto err; + if ((residue = BN_CTX_get(ctx)) == NULL) + goto err; + if ((*flags & DH_NOT_SUITABLE_GENERATOR) == 0) { + /* Check g^q == 1 mod p */ + if (!BN_mod_exp_ct(residue, dh->g, dh->q, dh->p, ctx)) + goto err; + if (!BN_is_one(residue)) + *flags |= DH_NOT_SUITABLE_GENERATOR; + } + is_prime = BN_is_prime_ex(dh->q, DH_NUMBER_ITERATIONS_FOR_PRIME, + ctx, NULL); + if (is_prime < 0) goto err; - if (l != 11) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } else if (BN_is_word(dh->g, DH_GENERATOR_5)) { - l = BN_mod_word(dh->p, 10); - if (l == (BN_ULONG)-1) + if (is_prime == 0) + *flags |= DH_CHECK_Q_NOT_PRIME; + /* Check p == 1 mod q, i.e., q divides p - 1 */ + if (!BN_div_ct(quotient, residue, dh->p, dh->q, ctx)) goto err; - if (l != 3 && l != 7) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } else - *ret |= DH_UNABLE_TO_CHECK_GENERATOR; + if (!BN_is_one(residue)) + *flags |= DH_CHECK_INVALID_Q_VALUE; + if (dh->j != NULL && BN_cmp(dh->j, quotient) != 0) + *flags |= DH_CHECK_INVALID_J_VALUE; + } - is_prime = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL); + is_prime = BN_is_prime_ex(dh->p, DH_NUMBER_ITERATIONS_FOR_PRIME, + ctx, NULL); if (is_prime < 0) goto err; if (is_prime == 0) - *ret |= DH_CHECK_P_NOT_PRIME; - else { + *flags |= DH_CHECK_P_NOT_PRIME; + else if (dh->q == NULL) { + BIGNUM *q; + + if ((q = BN_CTX_get(ctx)) == NULL) + goto err; if (!BN_rshift1(q, dh->p)) goto err; - is_prime = BN_is_prime_ex(q, BN_prime_checks, ctx, NULL); + is_prime = BN_is_prime_ex(q, DH_NUMBER_ITERATIONS_FOR_PRIME, + ctx, NULL); if (is_prime < 0) goto err; if (is_prime == 0) - *ret |= DH_CHECK_P_NOT_SAFE_PRIME; + *flags |= DH_CHECK_P_NOT_SAFE_PRIME; } + ok = 1; err: + BN_CTX_end(ctx); BN_CTX_free(ctx); - BN_free(q); return ok; } int -DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) +DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key) { - BIGNUM *q = NULL; + int flags = 0; - *ret = 0; - q = BN_new(); - if (q == NULL) + if (!DH_check_pub_key(dh, pub_key, &flags)) return 0; - BN_set_word(q, 1); - if (BN_cmp(pub_key, q) <= 0) - *ret |= DH_CHECK_PUBKEY_TOO_SMALL; - BN_copy(q, dh->p); - BN_sub_word(q, 1); - if (BN_cmp(pub_key, q) >= 0) - *ret |= DH_CHECK_PUBKEY_TOO_LARGE; - - BN_free(q); - return 1; + + if ((flags & DH_CHECK_PUBKEY_TOO_SMALL) != 0) + DHerror(DH_R_CHECK_PUBKEY_TOO_SMALL); + if ((flags & DH_CHECK_PUBKEY_TOO_LARGE) != 0) + DHerror(DH_R_CHECK_PUBKEY_TOO_LARGE); + if ((flags & DH_CHECK_PUBKEY_INVALID) != 0) + DHerror(DH_R_CHECK_PUBKEY_INVALID); + + return flags == 0; +} + +int +DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *flags) +{ + BN_CTX *ctx = NULL; + BIGNUM *max_pub_key; + int ok = 0; + + *flags = 0; + + if ((ctx = BN_CTX_new()) == NULL) + goto err; + BN_CTX_start(ctx); + if ((max_pub_key = BN_CTX_get(ctx)) == NULL) + goto err; + + /* + * Check that 1 < pub_key < dh->p - 1 + */ + + if (BN_cmp(pub_key, BN_value_one()) <= 0) + *flags |= DH_CHECK_PUBKEY_TOO_SMALL; + + /* max_pub_key = dh->p - 1 */ + if (!BN_sub(max_pub_key, dh->p, BN_value_one())) + goto err; + + if (BN_cmp(pub_key, max_pub_key) >= 0) + *flags |= DH_CHECK_PUBKEY_TOO_LARGE; + + /* + * If dh->q is set, check that pub_key^q == 1 mod p + */ + + if (dh->q != NULL) { + BIGNUM *residue; + + if ((residue = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_mod_exp_ct(residue, pub_key, dh->q, dh->p, ctx)) + goto err; + if (!BN_is_one(residue)) + *flags = DH_CHECK_PUBKEY_INVALID; + } + + ok = 1; + + err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + + return ok; } diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c index 0b75b0be..717482ca 100644 --- a/crypto/dh/dh_depr.c +++ b/crypto/dh/dh_depr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_depr.c,v 1.6 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: dh_depr.c,v 1.7 2021/12/04 16:08:32 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -62,6 +62,8 @@ #include #include +#include "bn_lcl.h" + #ifndef OPENSSL_NO_DEPRECATED DH * DH_generate_parameters(int prime_len, int generator, diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index 497f8843..db66d68e 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_err.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: dh_err.c,v 1.18 2022/07/12 14:42:49 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0) @@ -90,6 +84,17 @@ static ERR_STRING_DATA DH_str_reasons[]= {ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"}, {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"}, +{ERR_REASON(DH_R_CHECK_INVALID_J_VALUE) ,"check invalid j value"}, +{ERR_REASON(DH_R_CHECK_INVALID_Q_VALUE) ,"check invalid q value"}, +{ERR_REASON(DH_R_CHECK_PUBKEY_INVALID) ,"check pubkey invalid"}, +{ERR_REASON(DH_R_CHECK_PUBKEY_TOO_LARGE) ,"check pubkey too large"}, +{ERR_REASON(DH_R_CHECK_PUBKEY_TOO_SMALL) ,"check pubkey too small"}, +{ERR_REASON(DH_R_CHECK_P_NOT_PRIME) ,"check p not prime"}, +{ERR_REASON(DH_R_CHECK_P_NOT_SAFE_PRIME) ,"check p not safe prime"}, +{ERR_REASON(DH_R_CHECK_Q_NOT_PRIME) ,"check q not prime"}, +{ERR_REASON(DH_R_MISSING_PUBKEY) ,"missing pubkey"}, +{ERR_REASON(DH_R_NOT_SUITABLE_GENERATOR) ,"not suitable generator"}, +{ERR_REASON(DH_R_UNABLE_TO_CHECK_GENERATOR),"unable to check generator"}, {0,NULL} }; diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 99394113..6b49a287 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_gen.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: dh_gen.c,v 1.17 2022/01/07 09:27:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -67,6 +67,8 @@ #include #include +#include "dh_local.h" + static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index a77e7956..92429318 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_key.c,v 1.36 2018/11/12 17:39:17 tb Exp $ */ +/* $OpenBSD: dh_key.c,v 1.37 2022/01/07 09:27:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,6 +63,7 @@ #include #include "bn_lcl.h" +#include "dh_local.h" static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 446bc65a..35a22d1e 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */ +/* $OpenBSD: dh_lib.c,v 1.37 2022/06/27 12:31:38 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -69,6 +69,8 @@ #include #endif +#include "dh_local.h" + static const DH_METHOD *default_DH_method = NULL; void @@ -243,6 +245,19 @@ DH_bits(const DH *dh) return BN_num_bits(dh->p); } +int +DH_security_bits(const DH *dh) +{ + int N = -1; + + if (dh->q != NULL) + N = BN_num_bits(dh->q); + else if (dh->length > 0) + N = dh->length; + + return BN_security_bits(BN_num_bits(dh->p), N); +} + ENGINE * DH_get0_engine(DH *dh) { @@ -273,6 +288,7 @@ DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) if (q != NULL) { BN_free(dh->q); dh->q = q; + dh->length = BN_num_bits(dh->q); } if (g != NULL) { BN_free(dh->g); @@ -306,6 +322,36 @@ DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) return 1; } +const BIGNUM * +DH_get0_p(const DH *dh) +{ + return dh->p; +} + +const BIGNUM * +DH_get0_q(const DH *dh) +{ + return dh->q; +} + +const BIGNUM * +DH_get0_g(const DH *dh) +{ + return dh->g; +} + +const BIGNUM * +DH_get0_priv_key(const DH *dh) +{ + return dh->priv_key; +} + +const BIGNUM * +DH_get0_pub_key(const DH *dh) +{ + return dh->pub_key; +} + void DH_clear_flags(DH *dh, int flags) { @@ -324,6 +370,12 @@ DH_set_flags(DH *dh, int flags) dh->flags |= flags; } +long +DH_get_length(const DH *dh) +{ + return dh->length; +} + int DH_set_length(DH *dh, long length) { diff --git a/crypto/dh/dh_local.h b/crypto/dh/dh_local.h new file mode 100644 index 00000000..928f2c0c --- /dev/null +++ b/crypto/dh/dh_local.h @@ -0,0 +1,117 @@ +/* $OpenBSD: dh_local.h,v 1.3 2022/01/14 08:25:44 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_DH_LOCAL_H +#define HEADER_DH_LOCAL_H + +__BEGIN_HIDDEN_DECLS + +struct dh_method { + const char *name; + /* Methods here */ + int (*generate_key)(DH *dh); + int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh); + int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + int (*init)(DH *dh); + int (*finish)(DH *dh); + int flags; + char *app_data; + /* If this is non-NULL, it will be used to generate parameters */ + int (*generate_params)(DH *dh, int prime_len, int generator, + BN_GENCB *cb); +}; + +struct dh_st { + /* This first argument is used to pick up errors when + * a DH is passed instead of a EVP_PKEY */ + int pad; + int version; + BIGNUM *p; + BIGNUM *g; + long length; /* optional */ + BIGNUM *pub_key; /* g^x */ + BIGNUM *priv_key; /* x */ + + int flags; + BN_MONT_CTX *method_mont_p; + /* Place holders if we want to do X9.42 DH */ + BIGNUM *q; + BIGNUM *j; + unsigned char *seed; + int seedlen; + BIGNUM *counter; + + int references; + CRYPTO_EX_DATA ex_data; + const DH_METHOD *meth; + ENGINE *engine; +}; + +/* + * Public API in OpenSSL that we only want to use internally. + */ + +int DH_check_params_ex(const DH *dh); +int DH_check_params(const DH *dh, int *flags); +int DH_check_ex(const DH *dh); +int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key); + +__END_HIDDEN_DECLS + +#endif /* !HEADER_DH_LOCAL_H */ diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 24d16ff5..d2052a81 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_pmeth.c,v 1.10 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: dh_pmeth.c,v 1.12 2022/01/07 09:27:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -67,6 +67,8 @@ #include #include +#include "bn_lcl.h" +#include "dh_local.h" #include "evp_locl.h" /* DH pkey context structure */ diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index cfb33237..372966b3 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_ameth.c,v 1.28 2019/11/01 15:15:35 jsing Exp $ */ +/* $OpenBSD: dsa_ameth.c,v 1.37 2022/06/27 12:36:05 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -69,6 +69,8 @@ #include "asn1_locl.h" #include "bn_lcl.h" +#include "dsa_locl.h" +#include "evp_locl.h" static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) @@ -88,7 +90,7 @@ dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) X509_ALGOR_get0(NULL, &ptype, &pval, palg); if (ptype == V_ASN1_SEQUENCE) { - pstr = pval; + pstr = pval; pm = pstr->data; pmlen = pstr->length; @@ -100,13 +102,13 @@ dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) if (!(dsa = DSA_new())) { DSAerror(ERR_R_MALLOC_FAILURE); goto err; - } + } } else { DSAerror(DSA_R_PARAMETER_ENCODING_ERROR); goto err; } - if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) { + if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, pklen))) { DSAerror(DSA_R_DECODE_ERROR); goto err; } @@ -131,47 +133,46 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { DSA *dsa; - void *pval = NULL; - int ptype; + ASN1_INTEGER *pubint = NULL; + ASN1_STRING *str = NULL; + int ptype = V_ASN1_UNDEF; unsigned char *penc = NULL; int penclen; dsa = pkey->pkey.dsa; if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) { - ASN1_STRING *str; - - str = ASN1_STRING_new(); - if (str == NULL) { + if ((str = ASN1_STRING_new()) == NULL) { DSAerror(ERR_R_MALLOC_FAILURE); goto err; } str->length = i2d_DSAparams(dsa, &str->data); if (str->length <= 0) { DSAerror(ERR_R_MALLOC_FAILURE); - ASN1_STRING_free(str); goto err; } - pval = str; ptype = V_ASN1_SEQUENCE; - } else - ptype = V_ASN1_UNDEF; + } - dsa->write_params = 0; + if ((pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL)) == NULL) { + DSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } - penclen = i2d_DSAPublicKey(dsa, &penc); + penclen = i2d_ASN1_INTEGER(pubint, &penc); + ASN1_INTEGER_free(pubint); if (penclen <= 0) { DSAerror(ERR_R_MALLOC_FAILURE); goto err; } - if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), ptype, pval, + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), ptype, str, penc, penclen)) return 1; -err: + err: free(penc); - ASN1_STRING_free(pval); + ASN1_STRING_free(str); return 0; } @@ -304,6 +305,12 @@ dsa_bits(const EVP_PKEY *pkey) return BN_num_bits(pkey->pkey.dsa->p); } +static int +dsa_security_bits(const EVP_PKEY *pkey) +{ + return DSA_security_bits(pkey->pkey.dsa); +} + static int dsa_missing_parameters(const EVP_PKEY *pkey) { @@ -433,7 +440,7 @@ do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) ret = 1; err: free(m); - return(ret); + return ret; } static int @@ -478,13 +485,32 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { DSA *dsa; BN_CTX *ctx = NULL; - BIGNUM *j, *p1, *newp1; + BIGNUM *j, *p1, *newp1, *powg; + int qbits; if (!(dsa = d2i_DSAPrivateKey(NULL, pder, derlen))) { DSAerror(ERR_R_DSA_LIB); return 0; } + /* FIPS 186-3 allows only three different sizes for q. */ + qbits = BN_num_bits(dsa->q); + if (qbits != 160 && qbits != 224 && qbits != 256) { + DSAerror(DSA_R_BAD_Q_VALUE); + goto err; + } + if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { + DSAerror(DSA_R_MODULUS_TOO_LARGE); + goto err; + } + + /* Check that 1 < g < p. */ + if (BN_cmp(dsa->g, BN_value_one()) <= 0 || + BN_cmp(dsa->g, dsa->p) >= 0) { + DSAerror(DSA_R_PARAMETER_ENCODING_ERROR); /* XXX */ + goto err; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -496,7 +522,8 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) j = BN_CTX_get(ctx); p1 = BN_CTX_get(ctx); newp1 = BN_CTX_get(ctx); - if (j == NULL || p1 == NULL || newp1 == NULL) + powg = BN_CTX_get(ctx); + if (j == NULL || p1 == NULL || newp1 == NULL || powg == NULL) goto err; /* p1 = p - 1 */ if (BN_sub(p1, dsa->p, BN_value_one()) == 0) @@ -512,6 +539,19 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) goto err; } + /* + * Check that g generates a multiplicative subgroup of order q. + * We only check that g^q == 1, so the order is a divisor of q. + * Once we know that q is prime, this is enough. + */ + + if (!BN_mod_exp_ct(powg, dsa->g, dsa->q, dsa->p, ctx)) + goto err; + if (BN_cmp(powg, BN_value_one()) != 0) { + DSAerror(DSA_R_PARAMETER_ENCODING_ERROR); /* XXX */ + goto err; + } + /* * Check that q is not a composite number. */ @@ -599,7 +639,7 @@ dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) return -1; if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) - return -1; + return -1; X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); } @@ -682,6 +722,7 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = { .pkey_size = int_dsa_size, .pkey_bits = dsa_bits, + .pkey_security_bits = dsa_security_bits, .param_decode = dsa_param_decode, .param_encode = dsa_param_encode, diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index 23f08bb1..47e544c9 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */ +/* $OpenBSD: dsa_asn1.c,v 1.25 2022/09/03 16:01:23 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -64,6 +64,8 @@ #include #include +#include "dsa_locl.h" + /* Override the default new methods */ static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) @@ -95,14 +97,14 @@ static const ASN1_TEMPLATE DSA_SIG_seq_tt[] = { .tag = 0, .offset = offsetof(DSA_SIG, r), .field_name = "r", - .item = &CBIGNUM_it, + .item = &BIGNUM_it, }, { .flags = 0, .tag = 0, .offset = offsetof(DSA_SIG, s), .field_name = "s", - .item = &CBIGNUM_it, + .item = &BIGNUM_it, }, }; @@ -327,14 +329,15 @@ i2d_DSAparams_fp(FILE *fp, DSA *a) return ASN1_item_i2d_fp(&DSAparams_it, fp, a); } -/* - * DSA public key is a bit trickier... its effectively a CHOICE type - * decided by a field called write_params which can either write out - * just the public key as an INTEGER or the parameters and public key - * in a SEQUENCE - */ - -static const ASN1_TEMPLATE dsa_pub_internal_seq_tt[] = { +static const ASN1_AUX DSAPublicKey_aux = { + .app_data = NULL, + .flags = 0, + .ref_offset = 0, + .ref_lock = 0, + .asn1_cb = dsa_cb, + .enc_offset = 0, +}; +static const ASN1_TEMPLATE DSAPublicKey_seq_tt[] = { { .flags = 0, .tag = 0, @@ -365,52 +368,16 @@ static const ASN1_TEMPLATE dsa_pub_internal_seq_tt[] = { }, }; -const ASN1_ITEM dsa_pub_internal_it = { +const ASN1_ITEM DSAPublicKey_it = { .itype = ASN1_ITYPE_SEQUENCE, .utype = V_ASN1_SEQUENCE, - .templates = dsa_pub_internal_seq_tt, - .tcount = sizeof(dsa_pub_internal_seq_tt) / sizeof(ASN1_TEMPLATE), - .funcs = NULL, - .size = sizeof(DSA), - .sname = "DSA", -}; - -static const ASN1_AUX DSAPublicKey_aux = { - .app_data = NULL, - .flags = 0, - .ref_offset = 0, - .ref_lock = 0, - .asn1_cb = dsa_cb, - .enc_offset = 0, -}; -static const ASN1_TEMPLATE DSAPublicKey_ch_tt[] = { - { - .flags = 0, - .tag = 0, - .offset = offsetof(DSA, pub_key), - .field_name = "pub_key", - .item = &BIGNUM_it, - }, - { - .flags = 0 | ASN1_TFLG_COMBINE, - .tag = 0, - .offset = 0, - .field_name = NULL, - .item = &dsa_pub_internal_it, - }, -}; - -const ASN1_ITEM DSAPublicKey_it = { - .itype = ASN1_ITYPE_CHOICE, - .utype = offsetof(DSA, write_params), - .templates = DSAPublicKey_ch_tt, - .tcount = sizeof(DSAPublicKey_ch_tt) / sizeof(ASN1_TEMPLATE), + .templates = DSAPublicKey_seq_tt, + .tcount = sizeof(DSAPublicKey_seq_tt) / sizeof(ASN1_TEMPLATE), .funcs = &DSAPublicKey_aux, .size = sizeof(DSA), .sname = "DSA", }; - DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **in, long len) { diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c index 269cd634..673e7000 100644 --- a/crypto/dsa/dsa_depr.c +++ b/crypto/dsa/dsa_depr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_depr.c,v 1.7 2014/10/18 17:20:40 jsing Exp $ */ +/* $OpenBSD: dsa_depr.c,v 1.8 2021/12/04 16:08:32 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -68,6 +68,8 @@ #include #include +#include "bn_lcl.h" + #ifndef OPENSSL_NO_DEPRECATED DSA * DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index 2dcddcbf..494773c8 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_err.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: dsa_err.c,v 1.16 2022/07/12 14:42:49 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0) diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index a0487e98..a5053ec2 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_key.c,v 1.29 2018/11/09 23:45:19 tb Exp $ */ +/* $OpenBSD: dsa_key.c,v 1.30 2022/01/07 09:35:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,7 +65,9 @@ #include #include + #include "bn_lcl.h" +#include "dsa_locl.h" static int dsa_builtin_keygen(DSA *dsa); diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index d5fdd6e7..87994fe6 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -1,25 +1,25 @@ -/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */ +/* $OpenBSD: dsa_lib.c,v 1.37 2022/08/31 13:28:39 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -74,6 +74,9 @@ #include #endif +#include "dh_local.h" +#include "dsa_locl.h" + static const DSA_METHOD *default_DSA_method = NULL; void @@ -151,7 +154,6 @@ DSA_new_method(ENGINE *engine) ret->pad = 0; ret->version = 0; - ret->write_params = 1; ret->p = NULL; ret->q = NULL; ret->g = NULL; @@ -174,7 +176,7 @@ DSA_new_method(ENGINE *engine) free(ret); ret = NULL; } - + return ret; } @@ -218,23 +220,15 @@ DSA_up_ref(DSA *r) int DSA_size(const DSA *r) { - int ret, i; - ASN1_INTEGER bs; - unsigned char buf[4]; /* 4 bytes looks really small. - However, i2d_ASN1_INTEGER() will not look - beyond the first byte, as long as the second - parameter is NULL. */ - - i = BN_num_bits(r->q); - bs.length = (i + 7) / 8; - bs.data = buf; - bs.type = V_ASN1_INTEGER; - /* If the top bit is set the asn1 encoding is 1 larger. */ - buf[0] = 0xff; - - i = i2d_ASN1_INTEGER(&bs, NULL); - i += i; /* r and s */ - ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); + DSA_SIG signature; + int ret = 0; + + signature.r = r->q; + signature.s = r->q; + + if ((ret = i2d_DSA_SIG(&signature, NULL)) < 0) + ret = 0; + return ret; } @@ -258,6 +252,15 @@ DSA_get_ex_data(DSA *d, int idx) return CRYPTO_get_ex_data(&d->ex_data, idx); } +int +DSA_security_bits(const DSA *d) +{ + if (d->p == NULL || d->q == NULL) + return -1; + + return BN_security_bits(BN_num_bits(d->p), BN_num_bits(d->q)); +} + #ifndef OPENSSL_NO_DH DH * DSA_dup_DH(const DSA *r) @@ -266,7 +269,7 @@ DSA_dup_DH(const DSA *r) * DSA has p, q, g, optional pub_key, optional priv_key. * DH has p, optional length, g, optional pub_key, optional priv_key, * optional q. - */ + */ DH *ret = NULL; if (r == NULL) @@ -274,7 +277,7 @@ DSA_dup_DH(const DSA *r) ret = DH_new(); if (ret == NULL) goto err; - if (r->p != NULL) + if (r->p != NULL) if ((ret->p = BN_dup(r->p)) == NULL) goto err; if (r->q != NULL) { @@ -361,6 +364,36 @@ DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) return 1; } +const BIGNUM * +DSA_get0_p(const DSA *d) +{ + return d->p; +} + +const BIGNUM * +DSA_get0_q(const DSA *d) +{ + return d->q; +} + +const BIGNUM * +DSA_get0_g(const DSA *d) +{ + return d->g; +} + +const BIGNUM * +DSA_get0_pub_key(const DSA *d) +{ + return d->pub_key; +} + +const BIGNUM * +DSA_get0_priv_key(const DSA *d) +{ + return d->priv_key; +} + void DSA_clear_flags(DSA *d, int flags) { @@ -384,3 +417,9 @@ DSA_get0_engine(DSA *d) { return d->engine; } + +int +DSA_bits(const DSA *dsa) +{ + return BN_num_bits(dsa->p); +} diff --git a/crypto/dsa/dsa_locl.h b/crypto/dsa/dsa_locl.h index cdb38e03..f78ff818 100644 --- a/crypto/dsa/dsa_locl.h +++ b/crypto/dsa/dsa_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_locl.h,v 1.3 2016/12/21 15:49:29 jsing Exp $ */ +/* $OpenBSD: dsa_locl.h,v 1.6 2022/07/04 12:22:32 tb Exp $ */ /* ==================================================================== * Copyright (c) 2007 The OpenSSL Project. All rights reserved. * @@ -57,6 +57,59 @@ __BEGIN_HIDDEN_DECLS +struct DSA_SIG_st { + BIGNUM *r; + BIGNUM *s; +} /* DSA_SIG */; + +struct dsa_method { + char *name; + DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); + int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); + int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, + BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); + int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* Can be null */ + int (*init)(DSA *dsa); + int (*finish)(DSA *dsa); + int flags; + char *app_data; + /* If this is non-NULL, it is used to generate DSA parameters */ + int (*dsa_paramgen)(DSA *dsa, int bits, const unsigned char *seed, + int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + /* If this is non-NULL, it is used to generate DSA keys */ + int (*dsa_keygen)(DSA *dsa); +} /* DSA_METHOD */; + +struct dsa_st { + /* This first variable is used to pick up errors where + * a DSA is passed instead of of a EVP_PKEY */ + int pad; + long version; + BIGNUM *p; + BIGNUM *q; /* == 20 */ + BIGNUM *g; + + BIGNUM *pub_key; /* y public key */ + BIGNUM *priv_key; /* x private key */ + + BIGNUM *kinv; /* Signing pre-calc */ + BIGNUM *r; /* Signing pre-calc */ + + int flags; + /* Normally used to cache montgomery values */ + BN_MONT_CTX *method_mont_p; + int references; + CRYPTO_EX_DATA ex_data; + const DSA_METHOD *meth; + /* functional reference if 'meth' is ENGINE-provided */ + ENGINE *engine; +} /* DSA */; + int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, unsigned char *seed_out, diff --git a/crypto/dsa/dsa_meth.c b/crypto/dsa/dsa_meth.c index e6f043f8..40cd0593 100644 --- a/crypto/dsa/dsa_meth.c +++ b/crypto/dsa/dsa_meth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_meth.c,v 1.1 2018/03/17 15:19:12 tb Exp $ */ +/* $OpenBSD: dsa_meth.c,v 1.5 2022/07/11 05:33:14 bcook Exp $ */ /* * Copyright (c) 2018 Theo Buehler * @@ -21,6 +21,8 @@ #include #include +#include "dsa_locl.h" + DSA_METHOD * DSA_meth_new(const char *name, int flags) { @@ -40,10 +42,11 @@ DSA_meth_new(const char *name, int flags) void DSA_meth_free(DSA_METHOD *meth) { - if (meth != NULL) { - free((char *)meth->name); - free(meth); - } + if (meth == NULL) + return; + + free(meth->name); + free(meth); } DSA_METHOD * @@ -58,10 +61,32 @@ DSA_meth_dup(const DSA_METHOD *meth) free(copy); return NULL; } - + return copy; } +const char * +DSA_meth_get0_name(const DSA_METHOD *meth) +{ + return meth->name; +} + +int +DSA_meth_set1_name(DSA_METHOD *meth, const char *name) +{ + char *new_name; + + if ((new_name = strdup(name)) == NULL) { + DSAerror(ERR_R_MALLOC_FAILURE); + return 0; + } + + free(meth->name); + meth->name = new_name; + + return 1; +} + int DSA_meth_set_sign(DSA_METHOD *meth, DSA_SIG *(*sign)(const unsigned char *, int, DSA *)) diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index ecf26624..c306fc2d 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_ossl.c,v 1.42 2019/06/04 18:12:26 tb Exp $ */ +/* $OpenBSD: dsa_ossl.c,v 1.44 2022/02/24 08:35:45 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -67,6 +67,7 @@ #include #include "bn_lcl.h" +#include "dsa_locl.h" static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, @@ -314,24 +315,25 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) BN_CTX *ctx; BIGNUM u1, u2, t1; BN_MONT_CTX *mont = NULL; - int ret = -1, i; + int qbits; + int ret = -1; if (!dsa->p || !dsa->q || !dsa->g) { DSAerror(DSA_R_MISSING_PARAMETERS); return -1; } - i = BN_num_bits(dsa->q); /* FIPS 186-3 allows only three different sizes for q. */ - if (i != 160 && i != 224 && i != 256) { + qbits = BN_num_bits(dsa->q); + if (qbits != 160 && qbits != 224 && qbits != 256) { DSAerror(DSA_R_BAD_Q_VALUE); return -1; } - if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { DSAerror(DSA_R_MODULUS_TOO_LARGE); return -1; } + BN_init(&u1); BN_init(&u2); BN_init(&t1); @@ -358,8 +360,8 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) * If the digest length is greater than the size of q use the * BN_num_bits(dsa->q) leftmost bits of the digest, see FIPS 186-3, 4.2. */ - if (dgst_len > (i >> 3)) - dgst_len = (i >> 3); + if (dgst_len > (qbits >> 3)) + dgst_len = (qbits >> 3); /* Save m in u1. */ if (BN_bin2bn(dgst, dgst_len, &u1) == NULL) diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index dd0da348..ef89e2be 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_pmeth.c,v 1.12 2019/09/09 18:06:25 jsing Exp $ */ +/* $OpenBSD: dsa_pmeth.c,v 1.13 2021/12/04 16:08:32 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -66,6 +66,7 @@ #include #include +#include "bn_lcl.h" #include "dsa_locl.h" #include "evp_locl.h" diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 0f55ea18..b1fc1dbb 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_sign.c,v 1.20 2018/06/14 17:01:49 jsing Exp $ */ +/* $OpenBSD: dsa_sign.c,v 1.21 2022/01/07 09:35:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,6 +61,8 @@ #include #include +#include "dsa_locl.h" + DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c index 1965338f..38f8450e 100644 --- a/crypto/dsa/dsa_vrf.c +++ b/crypto/dsa/dsa_vrf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_vrf.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: dsa_vrf.c,v 1.17 2022/01/07 09:35:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,6 +60,8 @@ #include +#include "dsa_locl.h" + int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) { diff --git a/crypto/dso/dso_err.c b/crypto/dso/dso_err.c index be6375a3..2eee155b 100644 --- a/crypto/dso/dso_err.c +++ b/crypto/dso/dso_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dso_err.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: dso_err.c,v 1.10 2022/07/12 14:42:49 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0) diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 2e73bdd2..5c9a76c8 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_ameth.c,v 1.28 2019/09/09 20:26:16 tb Exp $ */ +/* $OpenBSD: ec_ameth.c,v 1.33 2022/06/27 12:36:05 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -67,6 +67,8 @@ #include #include "asn1_locl.h" +#include "ec_lcl.h" +#include "evp_locl.h" #ifndef OPENSSL_NO_CMS static int ecdh_cms_decrypt(CMS_RecipientInfo *ri); @@ -384,6 +386,25 @@ ec_bits(const EVP_PKEY * pkey) return ret; } +static int +ec_security_bits(const EVP_PKEY *pkey) +{ + int ecbits = ec_bits(pkey); + + if (ecbits >= 512) + return 256; + if (ecbits >= 384) + return 192; + if (ecbits >= 256) + return 128; + if (ecbits >= 224) + return 112; + if (ecbits >= 160) + return 80; + + return ecbits / 2; +} + static int ec_missing_parameters(const EVP_PKEY * pkey) { @@ -619,6 +640,41 @@ ec_pkey_ctrl(EVP_PKEY * pkey, int op, long arg1, void *arg2) } +static int +ec_pkey_check(const EVP_PKEY *pkey) +{ + EC_KEY *eckey = pkey->pkey.ec; + + if (eckey->priv_key == NULL) { + ECerror(EC_R_MISSING_PRIVATE_KEY); + return 0; + } + + return EC_KEY_check_key(eckey); +} + +static int +ec_pkey_public_check(const EVP_PKEY *pkey) +{ + EC_KEY *eckey = pkey->pkey.ec; + + /* This also checks the private key, but oh, well... */ + return EC_KEY_check_key(eckey); +} + +static int +ec_pkey_param_check(const EVP_PKEY *pkey) +{ + EC_KEY *eckey = pkey->pkey.ec; + + if (eckey->group == NULL) { + ECerror(EC_R_MISSING_PARAMETERS); + return 0; + } + + return EC_GROUP_check(eckey->group, NULL); +} + #ifndef OPENSSL_NO_CMS static int @@ -851,8 +907,8 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri) if (penclen <= 0) goto err; ASN1_STRING_set0(pubkey, penc, penclen); - pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT; + if (!asn1_abs_set_unused_bits(pubkey, 0)) + goto err; penc = NULL; X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), @@ -969,6 +1025,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { .pkey_size = int_ec_size, .pkey_bits = ec_bits, + .pkey_security_bits = ec_security_bits, .param_decode = eckey_param_decode, .param_encode = eckey_param_encode, @@ -980,5 +1037,9 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { .pkey_free = int_ec_free, .pkey_ctrl = ec_pkey_ctrl, .old_priv_decode = old_ec_priv_decode, - .old_priv_encode = old_ec_priv_encode + .old_priv_encode = old_ec_priv_encode, + + .pkey_check = ec_pkey_check, + .pkey_public_check = ec_pkey_public_check, + .pkey_param_check = ec_pkey_param_check, }; diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index befeee99..6bf7e47d 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_asn1.c,v 1.34 2021/08/31 20:14:40 tb Exp $ */ +/* $OpenBSD: ec_asn1.c,v 1.37 2022/05/24 20:06:32 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -60,11 +60,13 @@ #include -#include "ec_lcl.h" #include #include #include +#include "asn1_locl.h" +#include "ec_lcl.h" + int EC_GROUP_get_basis_type(const EC_GROUP * group) { @@ -295,7 +297,6 @@ static const ASN1_ADB_TABLE X9_62_CHARACTERISTIC_TWO_adbtbl[] = { static const ASN1_ADB X9_62_CHARACTERISTIC_TWO_adb = { .flags = 0, .offset = offsetof(X9_62_CHARACTERISTIC_TWO, type), - .app_items = 0, .tbl = X9_62_CHARACTERISTIC_TWO_adbtbl, .tblcount = sizeof(X9_62_CHARACTERISTIC_TWO_adbtbl) / sizeof(ASN1_ADB_TABLE), .default_tt = &char_two_def_tt, @@ -387,7 +388,6 @@ static const ASN1_ADB_TABLE X9_62_FIELDID_adbtbl[] = { static const ASN1_ADB X9_62_FIELDID_adb = { .flags = 0, .offset = offsetof(X9_62_FIELDID, fieldType), - .app_items = 0, .tbl = X9_62_FIELDID_adbtbl, .tblcount = sizeof(X9_62_FIELDID_adbtbl) / sizeof(ASN1_ADB_TABLE), .default_tt = &fieldID_def_tt, @@ -862,24 +862,24 @@ ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve) ECerror(ERR_R_ASN1_LIB); goto err; } + + ASN1_BIT_STRING_free(curve->seed); + curve->seed = NULL; + /* set the seed (optional) */ - if (group->seed) { - if (!curve->seed) - if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) { - ECerror(ERR_R_MALLOC_FAILURE); - goto err; - } - curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT; + if (group->seed != NULL) { + if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } if (!ASN1_BIT_STRING_set(curve->seed, group->seed, (int) group->seed_len)) { ECerror(ERR_R_ASN1_LIB); goto err; } - } else { - if (curve->seed) { - ASN1_BIT_STRING_free(curve->seed); - curve->seed = NULL; + if (!asn1_abs_set_unused_bits(curve->seed, 0)) { + ECerror(ERR_R_ASN1_LIB); + goto err; } } @@ -1287,7 +1287,7 @@ EC_GROUP * d2i_ECPKParameters(EC_GROUP ** a, const unsigned char **in, long len) { EC_GROUP *group = NULL; - ECPKPARAMETERS *params = NULL; + ECPKPARAMETERS *params; if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { ECerror(EC_R_D2I_ECPKPARAMETERS_FAILURE); @@ -1334,13 +1334,8 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len) EC_KEY *ret = NULL; EC_PRIVATEKEY *priv_key = NULL; - if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { - ECerror(ERR_R_MALLOC_FAILURE); - return NULL; - } - if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) { + if ((priv_key = d2i_EC_PRIVATEKEY(NULL, in, len)) == NULL) { ECerror(ERR_R_EC_LIB); - EC_PRIVATEKEY_free(priv_key); return NULL; } if (a == NULL || *a == NULL) { @@ -1488,10 +1483,11 @@ i2d_ECPrivateKey(EC_KEY * a, unsigned char **out) ECerror(ERR_R_EC_LIB); goto err; } - priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT; - if (!ASN1_STRING_set(priv_key->publicKey, buffer, - buf_len)) { + if (!ASN1_STRING_set(priv_key->publicKey, buffer, buf_len)) { + ECerror(ERR_R_ASN1_LIB); + goto err; + } + if (!asn1_abs_set_unused_bits(priv_key->publicKey, 0)) { ECerror(ERR_R_ASN1_LIB); goto err; } diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index b575f7ba..09f8cfe9 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_curve.c,v 1.21 2021/04/20 17:16:37 tb Exp $ */ +/* $OpenBSD: ec_curve.c,v 1.22 2022/06/30 11:14:47 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -73,9 +73,10 @@ #include -#include "ec_lcl.h" #include -#include +#include + +#include "ec_lcl.h" typedef struct { int field_type, /* either NID_X9_62_prime_field or diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 95c15a11..d8ead963 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_err.c,v 1.12 2019/09/29 10:09:09 tb Exp $ */ +/* $OpenBSD: ec_err.c,v 1.13 2022/07/12 14:42:49 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0) diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c index 1fb9e57f..4203dff2 100644 --- a/crypto/ec/ec_kmeth.c +++ b/crypto/ec/ec_kmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_kmeth.c,v 1.5 2019/05/10 19:15:06 bcook Exp $ */ +/* $OpenBSD: ec_kmeth.c,v 1.6 2021/12/04 16:08:32 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -58,6 +58,7 @@ #endif #include +#include "bn_lcl.h" #include "ec_lcl.h" #include "ecs_locl.h" diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index ced04c7e..f0a5618b 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_lcl.h,v 1.18 2021/09/08 17:29:21 tb Exp $ */ +/* $OpenBSD: ec_lcl.h,v 1.20 2022/06/30 11:14:47 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -71,10 +71,12 @@ #include -#include +#include #include #include -#include +#include + +#include "bn_lcl.h" __BEGIN_HIDDEN_DECLS diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 7cc69f81..4ec17d5d 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_lib.c,v 1.41 2021/09/12 16:23:19 tb Exp $ */ +/* $OpenBSD: ec_lib.c,v 1.45 2022/04/07 17:37:25 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -114,7 +114,7 @@ EC_GROUP_new(const EC_METHOD * meth) } -void +void EC_GROUP_free(EC_GROUP * group) { if (!group) @@ -135,7 +135,7 @@ EC_GROUP_free(EC_GROUP * group) } -void +void EC_GROUP_clear_free(EC_GROUP * group) { if (!group) @@ -157,7 +157,7 @@ EC_GROUP_clear_free(EC_GROUP * group) } -int +int EC_GROUP_copy(EC_GROUP * dest, const EC_GROUP * src) { EC_EXTRA_DATA *d; @@ -247,7 +247,7 @@ EC_GROUP_method_of(const EC_GROUP *group) } -int +int EC_METHOD_get_field_type(const EC_METHOD *meth) { return meth->field_type; @@ -300,7 +300,7 @@ ec_guess_cofactor(EC_GROUP *group) if (!BN_copy(q, &group->field)) goto err; } - + /* * Compute * h = \lfloor (q + 1)/n \rceil = \lfloor (q + 1 + n/2) / n \rfloor. @@ -321,14 +321,18 @@ ec_guess_cofactor(EC_GROUP *group) goto err; ret = 1; + err: BN_CTX_end(ctx); BN_CTX_free(ctx); - BN_zero(&group->cofactor); + + if (ret != 1) + BN_zero(&group->cofactor); + return ret; } -int +int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor) { @@ -344,10 +348,10 @@ EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, } /* - * Require order >= 1 and enforce an upper bound of at most one bit more + * Require order > 1 and enforce an upper bound of at most one bit more * than the field cardinality due to Hasse's theorem. */ - if (order == NULL || BN_is_zero(order) || BN_is_negative(order) || + if (order == NULL || BN_cmp(order, BN_value_one()) <= 0 || BN_num_bits(order) > BN_num_bits(&group->field) + 1) { ECerror(EC_R_INVALID_GROUP_ORDER); return 0; @@ -381,6 +385,12 @@ EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, } else if (!ec_guess_cofactor(group)) return 0; + /* Use Hasse's theorem to bound the cofactor. */ + if (BN_num_bits(&group->cofactor) > BN_num_bits(&group->field) + 1) { + ECerror(EC_R_INVALID_GROUP_ORDER); + return 0; + } + return 1; } @@ -392,7 +402,7 @@ EC_GROUP_get0_generator(const EC_GROUP *group) } -int +int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) { if (!BN_copy(order, &group->order)) @@ -407,7 +417,7 @@ EC_GROUP_order_bits(const EC_GROUP *group) return group->meth->group_order_bits(group); } -int +int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) { if (!BN_copy(cofactor, &group->cofactor)) @@ -417,35 +427,35 @@ EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) } -void +void EC_GROUP_set_curve_name(EC_GROUP * group, int nid) { group->curve_name = nid; } -int +int EC_GROUP_get_curve_name(const EC_GROUP * group) { return group->curve_name; } -void +void EC_GROUP_set_asn1_flag(EC_GROUP * group, int flag) { group->asn1_flag = flag; } -int +int EC_GROUP_get_asn1_flag(const EC_GROUP * group) { return group->asn1_flag; } -void +void EC_GROUP_set_point_conversion_form(EC_GROUP * group, point_conversion_form_t form) { @@ -453,14 +463,14 @@ EC_GROUP_set_point_conversion_form(EC_GROUP * group, } -point_conversion_form_t +point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP * group) { return group->asn1_form; } -size_t +size_t EC_GROUP_set_seed(EC_GROUP * group, const unsigned char *p, size_t len) { if (group->seed) { @@ -487,7 +497,7 @@ EC_GROUP_get0_seed(const EC_GROUP * group) } -size_t +size_t EC_GROUP_get_seed_len(const EC_GROUP * group) { return group->seed_len; @@ -545,7 +555,7 @@ EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, } #endif -int +int EC_GROUP_get_degree(const EC_GROUP * group) { if (group->meth->group_get_degree == 0) { @@ -556,7 +566,7 @@ EC_GROUP_get_degree(const EC_GROUP * group) } -int +int EC_GROUP_check_discriminant(const EC_GROUP * group, BN_CTX * ctx) { if (group->meth->group_check_discriminant == 0) { @@ -567,7 +577,7 @@ EC_GROUP_check_discriminant(const EC_GROUP * group, BN_CTX * ctx) } -int +int EC_GROUP_cmp(const EC_GROUP * a, const EC_GROUP * b, BN_CTX * ctx) { int r = 0; @@ -660,7 +670,7 @@ ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) } /* this has 'package' visibility */ -int +int EC_EX_DATA_set_data(EC_EXTRA_DATA ** ex_data, void *data, void *(*dup_func) (void *), void (*free_func) (void *), @@ -716,7 +726,7 @@ EC_EX_DATA_get_data(const EC_EXTRA_DATA * ex_data, } /* this has 'package' visibility */ -void +void EC_EX_DATA_free_data(EC_EXTRA_DATA ** ex_data, void *(*dup_func) (void *), void (*free_func) (void *), @@ -743,7 +753,7 @@ EC_EX_DATA_free_data(EC_EXTRA_DATA ** ex_data, } /* this has 'package' visibility */ -void +void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA ** ex_data, void *(*dup_func) (void *), void (*free_func) (void *), @@ -770,7 +780,7 @@ EC_EX_DATA_clear_free_data(EC_EXTRA_DATA ** ex_data, } /* this has 'package' visibility */ -void +void EC_EX_DATA_free_all_data(EC_EXTRA_DATA ** ex_data) { EC_EXTRA_DATA *d; @@ -791,7 +801,7 @@ EC_EX_DATA_free_all_data(EC_EXTRA_DATA ** ex_data) } /* this has 'package' visibility */ -void +void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA ** ex_data) { EC_EXTRA_DATA *d; @@ -842,7 +852,7 @@ EC_POINT_new(const EC_GROUP * group) } -void +void EC_POINT_free(EC_POINT * point) { if (!point) @@ -854,7 +864,7 @@ EC_POINT_free(EC_POINT * point) } -void +void EC_POINT_clear_free(EC_POINT * point) { if (!point) @@ -868,7 +878,7 @@ EC_POINT_clear_free(EC_POINT * point) } -int +int EC_POINT_copy(EC_POINT * dest, const EC_POINT * src) { if (dest->meth->point_copy == 0) { @@ -913,7 +923,7 @@ EC_POINT_method_of(const EC_POINT * point) } -int +int EC_POINT_set_to_infinity(const EC_GROUP * group, EC_POINT * point) { if (group->meth->point_set_to_infinity == 0) { @@ -1041,7 +1051,7 @@ EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *poin } #endif -int +int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) { @@ -1057,7 +1067,7 @@ EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, } -int +int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) { if (group->meth->dbl == 0) { @@ -1072,7 +1082,7 @@ EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) } -int +int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) { if (group->meth->invert == 0) { @@ -1087,7 +1097,7 @@ EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) } -int +int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) { if (group->meth->is_at_infinity == 0) { @@ -1102,7 +1112,7 @@ EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) } -int +int EC_POINT_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX * ctx) { if (group->meth->is_on_curve == 0) { @@ -1117,7 +1127,7 @@ EC_POINT_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX * ct } -int +int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX * ctx) { @@ -1133,7 +1143,7 @@ EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, } -int +int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) { if (group->meth->make_affine == 0) { @@ -1148,7 +1158,7 @@ EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) } -int +int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) { @@ -1169,7 +1179,7 @@ EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], /* Functions for point multiplication */ -int +int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) { @@ -1184,22 +1194,22 @@ EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - + /* Either bP or aG + bP, this is sane. */ if (num == 1 && points != NULL && scalars != NULL) return EC_POINT_mul(group, r, scalar, points[0], scalars[0], ctx); - + /* aG, this is sane */ if (scalar != NULL && points == NULL && scalars == NULL) return EC_POINT_mul(group, r, scalar, NULL, NULL, ctx); - + /* anything else is an error */ ECerror(ERR_R_EC_LIB); return 0; } -int +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) { @@ -1241,13 +1251,13 @@ EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, return group->meth->mul_double_nonct(group, r, g_scalar, p_scalar, point, ctx); } - + /* Anything else is an error. */ ECerror(ERR_R_EC_LIB); return 0; } -int +int EC_GROUP_precompute_mult(EC_GROUP * group, BN_CTX * ctx) { if (group->meth->precompute_mult != 0) @@ -1256,7 +1266,7 @@ EC_GROUP_precompute_mult(EC_GROUP * group, BN_CTX * ctx) return 1; /* nothing to do, so report success */ } -int +int EC_GROUP_have_precompute_mult(const EC_GROUP * group) { if (group->meth->have_precompute_mult != 0) @@ -1290,5 +1300,5 @@ ECParameters_dup(EC_KEY *key) if ((len = i2d_ECParameters(key, &p)) > 0) k = d2i_ECParameters(NULL, (const unsigned char **)&p, len); - return (k); + return (k); } diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index c57d26ae..63e63592 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_pmeth.c,v 1.12 2019/09/09 18:06:25 jsing Exp $ */ +/* $OpenBSD: ec_pmeth.c,v 1.13 2021/12/04 16:08:32 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -66,6 +66,7 @@ #include #include +#include "bn_lcl.h" #include "ec_lcl.h" #include "ech_locl.h" #include "evp_locl.h" diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index f7dae16e..b3cea0c4 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_nist.c,v 1.18 2021/09/08 17:29:21 tb Exp $ */ +/* $OpenBSD: ecp_nist.c,v 1.19 2022/06/30 11:14:47 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -64,7 +64,8 @@ #include #include -#include +#include + #include "ec_lcl.h" const EC_METHOD * diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 1d0b1d61..6f5280bb 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_smpl.c,v 1.33 2021/09/08 17:29:21 tb Exp $ */ +/* $OpenBSD: ecp_smpl.c,v 1.34 2022/01/20 11:02:44 inoguchi Exp $ */ /* Includes code written by Lenka Fibikova * for the OpenSSL project. * Includes code written by Bodo Moeller for the OpenSSL project. @@ -586,7 +586,7 @@ ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP * group, const EC_POIN } } } else { - if (!BN_mod_inverse_ct(Z_1, Z_, &group->field, ctx)) { + if (BN_mod_inverse_ct(Z_1, Z_, &group->field, ctx) == NULL) { ECerror(ERR_R_BN_LIB); goto err; } @@ -1316,7 +1316,7 @@ ec_GFp_simple_points_make_affine(const EC_GROUP * group, size_t num, EC_POINT * /* invert heap[1] */ if (!BN_is_zero(heap[1])) { - if (!BN_mod_inverse_ct(heap[1], heap[1], &group->field, ctx)) { + if (BN_mod_inverse_ct(heap[1], heap[1], &group->field, ctx) == NULL) { ECerror(ERR_R_BN_LIB); goto err; } diff --git a/crypto/ecdh/ech_err.c b/crypto/ecdh/ech_err.c index 149c2a85..e0cfddfe 100644 --- a/crypto/ecdh/ech_err.c +++ b/crypto/ecdh/ech_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ech_err.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ech_err.c,v 1.7 2022/07/12 14:42:49 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0) diff --git a/crypto/ecdh/ech_key.c b/crypto/ecdh/ech_key.c index e59ce8bc..ee789058 100644 --- a/crypto/ecdh/ech_key.c +++ b/crypto/ecdh/ech_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ech_key.c,v 1.11 2021/04/20 17:23:37 tb Exp $ */ +/* $OpenBSD: ech_key.c,v 1.13 2022/06/30 11:14:47 tb Exp $ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -74,9 +74,10 @@ #include #include -#include +#include #include +#include "bn_lcl.h" #include "ech_locl.h" #include "ec_lcl.h" diff --git a/crypto/ecdsa/ecs_asn1.c b/crypto/ecdsa/ecs_asn1.c index e4638586..d4cbf1e3 100644 --- a/crypto/ecdsa/ecs_asn1.c +++ b/crypto/ecdsa/ecs_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */ +/* $OpenBSD: ecs_asn1.c,v 1.11 2022/09/03 16:01:23 jsing Exp $ */ /* ==================================================================== * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. * @@ -63,14 +63,14 @@ static const ASN1_TEMPLATE ECDSA_SIG_seq_tt[] = { .tag = 0, .offset = offsetof(ECDSA_SIG, r), .field_name = "r", - .item = &CBIGNUM_it, + .item = &BIGNUM_it, }, { .flags = 0, .tag = 0, .offset = offsetof(ECDSA_SIG, s), .field_name = "s", - .item = &CBIGNUM_it, + .item = &BIGNUM_it, }, }; @@ -123,6 +123,18 @@ ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) *ps = sig->s; } +const BIGNUM * +ECDSA_SIG_get0_r(const ECDSA_SIG *sig) +{ + return sig->r; +} + +const BIGNUM * +ECDSA_SIG_get0_s(const ECDSA_SIG *sig) +{ + return sig->s; +} + int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) { diff --git a/crypto/ecdsa/ecs_err.c b/crypto/ecdsa/ecs_err.c index 9c5a5467..c839c352 100644 --- a/crypto/ecdsa/ecs_err.c +++ b/crypto/ecdsa/ecs_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_err.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ecs_err.c,v 1.7 2022/07/12 14:42:49 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -53,19 +53,13 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include -#include #include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0) diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c index c688a95f..18eecba7 100644 --- a/crypto/ecdsa/ecs_lib.c +++ b/crypto/ecdsa/ecs_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_lib.c,v 1.13 2018/04/14 07:09:21 tb Exp $ */ +/* $OpenBSD: ecs_lib.c,v 1.14 2022/08/31 13:01:01 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * @@ -197,36 +197,33 @@ ecdsa_check(EC_KEY *key) int ECDSA_size(const EC_KEY *r) { - int ret, i; - ASN1_INTEGER bs; - BIGNUM *order = NULL; - unsigned char buf[4]; + BIGNUM *order = NULL; const EC_GROUP *group; + ECDSA_SIG signature; + int ret = 0; if (r == NULL) - return 0; - group = EC_KEY_get0_group(r); - if (group == NULL) - return 0; + goto err; + + if ((group = EC_KEY_get0_group(r)) == NULL) + goto err; if ((order = BN_new()) == NULL) - return 0; - if (!EC_GROUP_get_order(group, order, NULL)) { - BN_clear_free(order); - return 0; - } - i = BN_num_bits(order); - bs.length = (i + 7) / 8; - bs.data = buf; - bs.type = V_ASN1_INTEGER; - /* If the top bit is set the asn1 encoding is 1 larger. */ - buf[0] = 0xff; - - i = i2d_ASN1_INTEGER(&bs, NULL); - i += i; /* r and s */ - ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); + goto err; + + if (!EC_GROUP_get_order(group, order, NULL)) + goto err; + + signature.r = order; + signature.s = order; + + if ((ret = i2d_ECDSA_SIG(&signature, NULL)) < 0) + ret = 0; + + err: BN_clear_free(order); - return (ret); + + return ret; } int diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h index 0a9f1790..a53ec379 100644 --- a/crypto/ecdsa/ecs_locl.h +++ b/crypto/ecdsa/ecs_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_locl.h,v 1.6 2019/01/19 01:07:00 tb Exp $ */ +/* $OpenBSD: ecs_locl.h,v 1.7 2022/01/14 08:31:03 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -73,6 +73,11 @@ typedef struct ecdsa_data_st { CRYPTO_EX_DATA ex_data; } ECDSA_DATA; +struct ECDSA_SIG_st { + BIGNUM *r; + BIGNUM *s; +}; + /** ecdsa_check * checks whether ECKEY->meth_data is a pointer to a ECDSA_DATA structure * and if not it removes the old meth_data and creates a ECDSA_DATA structure. diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index e7e7a526..48ef1312 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_ossl.c,v 1.22 2021/04/20 17:23:37 tb Exp $ */ +/* $OpenBSD: ecs_ossl.c,v 1.25 2022/06/30 11:14:47 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -60,9 +60,9 @@ #include -#include -#include #include +#include +#include #include "bn_lcl.h" #include "ecs_locl.h" @@ -163,6 +163,11 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) goto err; } + if (BN_cmp(order, BN_value_one()) <= 0) { + ECDSAerror(EC_R_INVALID_GROUP_ORDER); + goto err; + } + /* Preallocate space. */ order_bits = BN_num_bits(order); if (!BN_set_bit(k, order_bits) || @@ -216,7 +221,7 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) } } while (BN_is_zero(r)); - if (!BN_mod_inverse_ct(k, k, order, ctx)) { + if (BN_mod_inverse_ct(k, k, order, ctx) == NULL) { ECDSAerror(ERR_R_BN_LIB); goto err; } @@ -487,7 +492,7 @@ ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, if (!ecdsa_prepare_digest(dgst, dgst_len, order, m)) goto err; - if (!BN_mod_inverse_ct(u2, sig->s, order, ctx)) { /* w = inv(s) */ + if (BN_mod_inverse_ct(u2, sig->s, order, ctx) == NULL) { /* w = inv(s) */ ECDSAerror(ERR_R_BN_LIB); goto err; } diff --git a/crypto/ecdsa/ecs_sign.c b/crypto/ecdsa/ecs_sign.c index 5beb853b..6424a3ca 100644 --- a/crypto/ecdsa/ecs_sign.c +++ b/crypto/ecdsa/ecs_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_sign.c,v 1.7 2019/01/19 01:07:00 tb Exp $ */ +/* $OpenBSD: ecs_sign.c,v 1.9 2022/01/27 20:30:29 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -58,7 +58,10 @@ #ifndef OPENSSL_NO_ENGINE #include #endif +#include +#include +#include "bn_lcl.h" #include "ecs_locl.h" #include "ec_lcl.h" diff --git a/crypto/ecdsa/ecs_vrf.c b/crypto/ecdsa/ecs_vrf.c index 4c1bc85e..7db5a937 100644 --- a/crypto/ecdsa/ecs_vrf.c +++ b/crypto/ecdsa/ecs_vrf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_vrf.c,v 1.7 2019/01/19 01:12:48 tb Exp $ */ +/* $OpenBSD: ecs_vrf.c,v 1.9 2022/01/27 20:30:29 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -58,11 +58,15 @@ #include -#include "ecs_locl.h" -#include "ec_lcl.h" #ifndef OPENSSL_NO_ENGINE #include #endif +#include +#include + +#include "bn_lcl.h" +#include "ecs_locl.h" +#include "ec_lcl.h" /* returns * 1: correct signature diff --git a/crypto/engine/eng_err.c b/crypto/engine/eng_err.c index b604cbba..5f86a415 100644 --- a/crypto/engine/eng_err.c +++ b/crypto/engine/eng_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: eng_err.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: eng_err.c,v 1.12 2022/07/12 14:42:49 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0) diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index f8f6c8f5..1a6113ba 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: eng_openssl.c,v 1.13 2018/04/14 07:18:37 tb Exp $ */ +/* $OpenBSD: eng_openssl.c,v 1.15 2022/01/09 23:55:31 tb Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -84,6 +84,8 @@ #include #endif +#include "evp_locl.h" + /* This testing gunk is implemented (and explained) lower down. It also assumes * the application explicitly calls "ENGINE_load_openssl()" because this is no * longer automatic in ENGINE_load_builtin_engines(). */ @@ -349,18 +351,17 @@ test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) } static const EVP_MD test_sha_md = { - NID_sha1, - NID_sha1WithRSAEncryption, - SHA_DIGEST_LENGTH, - 0, - test_sha1_init, - test_sha1_update, - test_sha1_final, - NULL, - NULL, - EVP_PKEY_RSA_method, - SHA_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA_CTX), + .type = NID_sha1, + .pkey_type = NID_sha1WithRSAEncryption, + .md_size = SHA_DIGEST_LENGTH, + .flags = 0, + .init = test_sha1_init, + .update = test_sha1_update, + .final = test_sha1_final, + .copy = NULL, + .cleanup = NULL, + .block_size = SHA_CBLOCK, + .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX), }; static int diff --git a/crypto/err/err.c b/crypto/err/err.c index f05567e1..34914054 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: err.c,v 1.48 2019/10/17 14:28:53 jsing Exp $ */ +/* $OpenBSD: err.c,v 1.49 2022/08/29 06:49:24 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -215,6 +215,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = { {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"}, {ERR_R_INTERNAL_ERROR, "internal error"}, {ERR_R_DISABLED , "called a function that was disabled at compile-time"}, + {ERR_R_INIT_FAIL, "initialization failure"}, {0, NULL}, }; diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index e641238e..74d39d30 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -1,4 +1,4 @@ -/* $OpenBSD: err_all.c,v 1.25 2019/09/09 17:56:21 jsing Exp $ */ +/* $OpenBSD: err_all.c,v 1.27 2022/05/07 17:20:41 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,11 +65,14 @@ #include #include #include -#include #include +#include +#include +#include #include #include #include +#include #include #include #include @@ -112,52 +115,59 @@ ERR_load_crypto_strings_internal(void) { #ifndef OPENSSL_NO_ERR ERR_load_ERR_strings_internal(); /* include error strings for SYSerr */ + + ERR_load_ASN1_strings(); + ERR_load_BIO_strings(); ERR_load_BN_strings(); -#ifndef OPENSSL_NO_RSA - ERR_load_RSA_strings(); + ERR_load_BUF_strings(); +#ifndef OPENSSL_NO_CMS + ERR_load_CMS_strings(); +#endif +#ifdef ZLIB + ERR_load_COMP_strings(); +#endif + ERR_load_CONF_strings(); + ERR_load_CRYPTO_strings(); +#ifndef OPENSSL_NO_CT + ERR_load_CT_strings(); #endif #ifndef OPENSSL_NO_DH ERR_load_DH_strings(); #endif - ERR_load_EVP_strings(); - ERR_load_BUF_strings(); - ERR_load_OBJ_strings(); - ERR_load_PEM_strings(); #ifndef OPENSSL_NO_DSA ERR_load_DSA_strings(); #endif - ERR_load_X509_strings(); - ERR_load_ASN1_strings(); - ERR_load_CONF_strings(); - ERR_load_CRYPTO_strings(); -#ifndef OPENSSL_NO_EC - ERR_load_EC_strings(); + ERR_load_DSO_strings(); +#ifndef OPENSSL_NO_ECDH + ERR_load_ECDH_strings(); #endif #ifndef OPENSSL_NO_ECDSA ERR_load_ECDSA_strings(); #endif -#ifndef OPENSSL_NO_ECDH - ERR_load_ECDH_strings(); +#ifndef OPENSSL_NO_EC + ERR_load_EC_strings(); #endif - /* skip ERR_load_SSL_strings() because it is not in this library */ - ERR_load_BIO_strings(); - ERR_load_PKCS7_strings(); - ERR_load_X509V3_strings(); - ERR_load_PKCS12_strings(); - ERR_load_RAND_strings(); - ERR_load_DSO_strings(); - ERR_load_TS_strings(); #ifndef OPENSSL_NO_ENGINE ERR_load_ENGINE_strings(); #endif - ERR_load_OCSP_strings(); - ERR_load_UI_strings(); + ERR_load_EVP_strings(); #ifndef OPENSSL_NO_GOST ERR_load_GOST_strings(); #endif -#ifndef OPENSSL_NO_CMS - ERR_load_CMS_strings(); + ERR_load_KDF_strings(); + ERR_load_OBJ_strings(); + ERR_load_OCSP_strings(); + ERR_load_PEM_strings(); + ERR_load_PKCS12_strings(); + ERR_load_PKCS7_strings(); + ERR_load_RAND_strings(); +#ifndef OPENSSL_NO_RSA + ERR_load_RSA_strings(); #endif + ERR_load_TS_strings(); + ERR_load_UI_strings(); + ERR_load_X509V3_strings(); + ERR_load_X509_strings(); #endif } diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c index 48166829..6b5c455f 100644 --- a/crypto/err/err_prn.c +++ b/crypto/err/err_prn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: err_prn.c,v 1.18 2017/02/07 15:52:33 jsing Exp $ */ +/* $OpenBSD: err_prn.c,v 1.19 2022/01/07 09:02:18 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -64,6 +64,8 @@ #include #include +#include "bio_local.h" + void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u) { diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c index 82aaa8bf..b61a342a 100644 --- a/crypto/evp/bio_b64.c +++ b/crypto/evp/bio_b64.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_b64.c,v 1.22 2018/08/24 19:47:25 tb Exp $ */ +/* $OpenBSD: bio_b64.c,v 1.25 2022/01/14 08:40:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,6 +63,9 @@ #include #include +#include "bio_local.h" +#include "evp_locl.h" + static int b64_write(BIO *h, const char *buf, int num); static int b64_read(BIO *h, char *buf, int size); static int b64_puts(BIO *h, const char *str); @@ -70,7 +73,7 @@ static int b64_puts(BIO *h, const char *str); static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int b64_new(BIO *h); static int b64_free(BIO *data); -static long b64_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long b64_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); #define B64_BLOCK_SIZE 1024 #define B64_BLOCK_SIZE2 768 #define B64_NONE 0 @@ -547,7 +550,7 @@ b64_ctrl(BIO *b, int cmd, long num, void *ptr) } static long -b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +b64_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c index 7b559989..2a0f76fc 100644 --- a/crypto/evp/bio_enc.c +++ b/crypto/evp/bio_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_enc.c,v 1.22 2018/08/24 19:30:24 tb Exp $ */ +/* $OpenBSD: bio_enc.c,v 1.26 2022/01/14 08:40:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,6 +63,9 @@ #include #include +#include "bio_local.h" +#include "evp_locl.h" + static int enc_write(BIO *h, const char *buf, int num); static int enc_read(BIO *h, char *buf, int size); /*static int enc_puts(BIO *h, const char *str); */ @@ -70,7 +73,7 @@ static int enc_read(BIO *h, char *buf, int size); static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int enc_new(BIO *h); static int enc_free(BIO *data); -static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); +static long enc_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fps); #define ENC_BLOCK_SIZE (1024*4) #define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2) @@ -370,7 +373,7 @@ enc_ctrl(BIO *b, int cmd, long num, void *ptr) } static long -enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +enc_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; @@ -384,26 +387,6 @@ enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) return (ret); } -/* -void BIO_set_cipher_ctx(b,c) -BIO *b; -EVP_CIPHER_ctx *c; - { - if (b == NULL) return; - - if ((b->callback != NULL) && - (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0)) - return; - - b->init=1; - ctx=(BIO_ENC_CTX *)b->ptr; - memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX)); - - if (b->callback != NULL) - b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); - } -*/ - int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, const unsigned char *i, int e) diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c index 44f72185..4ae5f1f4 100644 --- a/crypto/evp/bio_md.c +++ b/crypto/evp/bio_md.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_md.c,v 1.15 2018/05/02 15:51:41 tb Exp $ */ +/* $OpenBSD: bio_md.c,v 1.18 2022/01/14 08:40:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,9 @@ #include #include +#include "bio_local.h" +#include "evp_locl.h" + /* BIO_put and BIO_get both add to the digest, * BIO_gets returns the digest */ @@ -72,7 +75,7 @@ static int md_gets(BIO *h, char *str, int size); static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int md_new(BIO *h); static int md_free(BIO *data); -static long md_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long md_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); static const BIO_METHOD methods_md = { .type = BIO_TYPE_MD, @@ -238,7 +241,7 @@ md_ctrl(BIO *b, int cmd, long num, void *ptr) } static long -md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +md_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c index 9e9d39d5..690215c8 100644 --- a/crypto/evp/c_all.c +++ b/crypto/evp/c_all.c @@ -1,4 +1,4 @@ -/* $OpenBSD: c_all.c,v 1.26 2019/03/17 18:07:41 tb Exp $ */ +/* $OpenBSD: c_all.c,v 1.27 2022/01/14 08:38:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -263,24 +263,10 @@ OpenSSL_add_all_digests_internal(void) EVP_add_digest_alias(SN_md5, "ssl3-md5"); #endif -#if !defined(OPENSSL_NO_SHA) -#ifndef OPENSSL_NO_DSA - EVP_add_digest(EVP_dss()); -#endif -#endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); -#ifndef OPENSSL_NO_DSA - EVP_add_digest(EVP_dss1()); - EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); - EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); - EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); -#endif -#ifndef OPENSSL_NO_ECDSA - EVP_add_digest(EVP_ecdsa()); -#endif #endif #ifndef OPENSSL_NO_GOST diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 4cd3565c..ecb52925 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: digest.c,v 1.31 2019/04/19 17:04:45 jsing Exp $ */ +/* $OpenBSD: digest.c,v 1.34 2022/01/10 10:51:31 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -122,6 +122,8 @@ #include #endif +#include "evp_locl.h" + int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) { @@ -279,6 +281,14 @@ EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) tmp_buf = NULL; EVP_MD_CTX_cleanup(out); memcpy(out, in, sizeof *out); + out->md_data = NULL; + out->pctx = NULL; + + /* + * Because of the EVP_PKEY_CTX_dup() below, EVP_MD_CTX_cleanup() needs + * to free out->pctx in all cases (even if this flag is set on in). + */ + EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); if (in->md_data && out->digest->ctx_size) { if (tmp_buf) { @@ -381,7 +391,12 @@ EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) if (ctx->digest && ctx->digest->ctx_size && ctx->md_data && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) freezero(ctx->md_data, ctx->digest->ctx_size); - EVP_PKEY_CTX_free(ctx->pctx); + /* + * If EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set, EVP_MD_CTX_set_pkey() was + * called and its strange API contract implies we don't own ctx->pctx. + */ + if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) + EVP_PKEY_CTX_free(ctx->pctx); #ifndef OPENSSL_NO_ENGINE ENGINE_finish(ctx->engine); #endif diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 05ed0029..d674be38 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_aes.c,v 1.42 2020/06/05 18:44:42 tb Exp $ */ +/* $OpenBSD: e_aes.c,v 1.49 2022/09/13 04:59:18 jsing Exp $ */ /* ==================================================================== * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. * @@ -257,26 +257,6 @@ aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -#define aesni_ofb_cipher aes_ofb_cipher -static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -#define aesni_cfb_cipher aes_cfb_cipher -static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -#define aesni_cfb8_cipher aes_cfb8_cipher -static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -#define aesni_cfb1_cipher aes_cfb1_cipher -static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -#define aesni_ctr_cipher aes_ctr_cipher -static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) @@ -312,10 +292,6 @@ aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; } -#define aesni_gcm_cipher aes_gcm_cipher -static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) @@ -354,10 +330,6 @@ aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; } -#define aesni_xts_cipher aes_xts_cipher -static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) @@ -381,124 +353,7 @@ aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; } -#define aesni_ccm_cipher aes_ccm_cipher -static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -#define BLOCK_CIPHER_generic(n,keylen,blocksize,ivlen,nmode,mode,MODE,fl) \ -static const EVP_CIPHER aesni_##keylen##_##mode = { \ - .nid = n##_##keylen##_##nmode, \ - .block_size = blocksize, \ - .key_len = keylen / 8, \ - .iv_len = ivlen, \ - .flags = fl | EVP_CIPH_##MODE##_MODE, \ - .init = aesni_init_key, \ - .do_cipher = aesni_##mode##_cipher, \ - .ctx_size = sizeof(EVP_AES_KEY) \ -}; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - .nid = n##_##keylen##_##nmode, \ - .block_size = blocksize, \ - .key_len = keylen / 8, \ - .iv_len = ivlen, \ - .flags = fl | EVP_CIPH_##MODE##_MODE, \ - .init = aes_init_key, \ - .do_cipher = aes_##mode##_cipher, \ - .ctx_size = sizeof(EVP_AES_KEY) \ -}; \ -const EVP_CIPHER * \ -EVP_aes_##keylen##_##mode(void) \ -{ \ - return AESNI_CAPABLE ? \ - &aesni_##keylen##_##mode : &aes_##keylen##_##mode; \ -} - -#define BLOCK_CIPHER_custom(n,keylen,blocksize,ivlen,mode,MODE,fl) \ -static const EVP_CIPHER aesni_##keylen##_##mode = { \ - .nid = n##_##keylen##_##mode, \ - .block_size = blocksize, \ - .key_len = \ - (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * \ - keylen / 8, \ - .iv_len = ivlen, \ - .flags = fl | EVP_CIPH_##MODE##_MODE, \ - .init = aesni_##mode##_init_key, \ - .do_cipher = aesni_##mode##_cipher, \ - .cleanup = aes_##mode##_cleanup, \ - .ctx_size = sizeof(EVP_AES_##MODE##_CTX), \ - .ctrl = aes_##mode##_ctrl \ -}; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - .nid = n##_##keylen##_##mode, \ - .block_size = blocksize, \ - .key_len = \ - (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * \ - keylen / 8, \ - .iv_len = ivlen, \ - .flags = fl | EVP_CIPH_##MODE##_MODE, \ - .init = aes_##mode##_init_key, \ - .do_cipher = aes_##mode##_cipher, \ - .cleanup = aes_##mode##_cleanup, \ - .ctx_size = sizeof(EVP_AES_##MODE##_CTX), \ - .ctrl = aes_##mode##_ctrl \ -}; \ -const EVP_CIPHER * \ -EVP_aes_##keylen##_##mode(void) \ -{ \ - return AESNI_CAPABLE ? \ - &aesni_##keylen##_##mode : &aes_##keylen##_##mode; \ -} - -#else - -#define BLOCK_CIPHER_generic(n,keylen,blocksize,ivlen,nmode,mode,MODE,fl) \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - .nid = n##_##keylen##_##nmode, \ - .block_size = blocksize, \ - .key_len = keylen / 8, \ - .iv_len = ivlen, \ - .flags = fl | EVP_CIPH_##MODE##_MODE, \ - .init = aes_init_key, \ - .do_cipher = aes_##mode##_cipher, \ - .ctx_size = sizeof(EVP_AES_KEY) \ -}; \ -const EVP_CIPHER * \ -EVP_aes_##keylen##_##mode(void) \ -{ \ - return &aes_##keylen##_##mode; \ -} - -#define BLOCK_CIPHER_custom(n,keylen,blocksize,ivlen,mode,MODE,fl) \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - .nid = n##_##keylen##_##mode, \ - .block_size = blocksize, \ - .key_len = \ - (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * \ - keylen / 8, \ - .iv_len = ivlen, \ - .flags = fl | EVP_CIPH_##MODE##_MODE, \ - .init = aes_##mode##_init_key, \ - .do_cipher = aes_##mode##_cipher, \ - .cleanup = aes_##mode##_cleanup, \ - .ctx_size = sizeof(EVP_AES_##MODE##_CTX), \ - .ctrl = aes_##mode##_ctrl \ -}; \ -const EVP_CIPHER * \ -EVP_aes_##keylen##_##mode(void) \ -{ \ - return &aes_##keylen##_##mode; \ -} - -#endif - -#define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ - BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags) +#endif static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -656,6 +511,8 @@ aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK*8, &dat->ks, ctx->iv, &ctx->num, ctx->encrypt, dat->block); len -= MAXBITCHUNK; + in += MAXBITCHUNK; + out += MAXBITCHUNK; } if (len) CRYPTO_cfb128_1_encrypt(in, out, len*8, &dat->ks, @@ -664,7 +521,8 @@ aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -static int aes_ctr_cipher (EVP_CIPHER_CTX *ctx, unsigned char *out, +static int +aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { unsigned int num = ctx->num; @@ -680,19 +538,732 @@ static int aes_ctr_cipher (EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS) -BLOCK_CIPHER_generic_pack(NID_aes, 192, EVP_CIPH_FLAG_FIPS) -BLOCK_CIPHER_generic_pack(NID_aes, 256, EVP_CIPH_FLAG_FIPS) -static int +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_128_cbc = { + .nid = NID_aes_128_cbc, + .block_size = 16, + .key_len = 16, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE, + .init = aesni_init_key, + .do_cipher = aesni_cbc_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_128_cbc = { + .nid = NID_aes_128_cbc, + .block_size = 16, + .key_len = 16, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE, + .init = aes_init_key, + .do_cipher = aes_cbc_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_128_cbc(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_128_cbc : &aes_128_cbc; +#else + return &aes_128_cbc; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_128_ecb = { + .nid = NID_aes_128_ecb, + .block_size = 16, + .key_len = 16, + .iv_len = 0, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE, + .init = aesni_init_key, + .do_cipher = aesni_ecb_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_128_ecb = { + .nid = NID_aes_128_ecb, + .block_size = 16, + .key_len = 16, + .iv_len = 0, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE, + .init = aes_init_key, + .do_cipher = aes_ecb_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_128_ecb(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_128_ecb : &aes_128_ecb; +#else + return &aes_128_ecb; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_128_ofb = { + .nid = NID_aes_128_ofb128, + .block_size = 1, + .key_len = 16, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE, + .init = aesni_init_key, + .do_cipher = aes_ofb_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_128_ofb = { + .nid = NID_aes_128_ofb128, + .block_size = 1, + .key_len = 16, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE, + .init = aes_init_key, + .do_cipher = aes_ofb_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_128_ofb(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_128_ofb : &aes_128_ofb; +#else + return &aes_128_ofb; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_128_cfb = { + .nid = NID_aes_128_cfb128, + .block_size = 1, + .key_len = 16, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE, + .init = aesni_init_key, + .do_cipher = aes_cfb_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_128_cfb = { + .nid = NID_aes_128_cfb128, + .block_size = 1, + .key_len = 16, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE, + .init = aes_init_key, + .do_cipher = aes_cfb_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_128_cfb(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_128_cfb : &aes_128_cfb; +#else + return &aes_128_cfb; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_128_cfb1 = { + .nid = NID_aes_128_cfb1, + .block_size = 1, + .key_len = 16, + .iv_len = 16, + .flags = EVP_CIPH_CFB_MODE, + .init = aesni_init_key, + .do_cipher = aes_cfb1_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_128_cfb1 = { + .nid = NID_aes_128_cfb1, + .block_size = 1, + .key_len = 16, + .iv_len = 16, + .flags = EVP_CIPH_CFB_MODE, + .init = aes_init_key, + .do_cipher = aes_cfb1_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_128_cfb1(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_128_cfb1 : &aes_128_cfb1; +#else + return &aes_128_cfb1; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_128_cfb8 = { + .nid = NID_aes_128_cfb8, + .block_size = 1, + .key_len = 16, + .iv_len = 16, + .flags = EVP_CIPH_CFB_MODE, + .init = aesni_init_key, + .do_cipher = aes_cfb8_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_128_cfb8 = { + .nid = NID_aes_128_cfb8, + .block_size = 1, + .key_len = 16, + .iv_len = 16, + .flags = EVP_CIPH_CFB_MODE, + .init = aes_init_key, + .do_cipher = aes_cfb8_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_128_cfb8(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_128_cfb8 : &aes_128_cfb8; +#else + return &aes_128_cfb8; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_128_ctr = { + .nid = NID_aes_128_ctr, + .block_size = 1, + .key_len = 16, + .iv_len = 16, + .flags = EVP_CIPH_CTR_MODE, + .init = aesni_init_key, + .do_cipher = aes_ctr_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_128_ctr = { + .nid = NID_aes_128_ctr, + .block_size = 1, + .key_len = 16, + .iv_len = 16, + .flags = EVP_CIPH_CTR_MODE, + .init = aes_init_key, + .do_cipher = aes_ctr_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_128_ctr(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_128_ctr : &aes_128_ctr; +#else + return &aes_128_ctr; +#endif +} + + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_192_cbc = { + .nid = NID_aes_192_cbc, + .block_size = 16, + .key_len = 24, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE, + .init = aesni_init_key, + .do_cipher = aesni_cbc_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_192_cbc = { + .nid = NID_aes_192_cbc, + .block_size = 16, + .key_len = 24, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE, + .init = aes_init_key, + .do_cipher = aes_cbc_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_192_cbc(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_192_cbc : &aes_192_cbc; +#else + return &aes_192_cbc; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_192_ecb = { + .nid = NID_aes_192_ecb, + .block_size = 16, + .key_len = 24, + .iv_len = 0, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE, + .init = aesni_init_key, + .do_cipher = aesni_ecb_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_192_ecb = { + .nid = NID_aes_192_ecb, + .block_size = 16, + .key_len = 24, + .iv_len = 0, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE, + .init = aes_init_key, + .do_cipher = aes_ecb_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_192_ecb(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_192_ecb : &aes_192_ecb; +#else + return &aes_192_ecb; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_192_ofb = { + .nid = NID_aes_192_ofb128, + .block_size = 1, + .key_len = 24, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE, + .init = aesni_init_key, + .do_cipher = aes_ofb_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_192_ofb = { + .nid = NID_aes_192_ofb128, + .block_size = 1, + .key_len = 24, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE, + .init = aes_init_key, + .do_cipher = aes_ofb_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_192_ofb(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_192_ofb : &aes_192_ofb; +#else + return &aes_192_ofb; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_192_cfb = { + .nid = NID_aes_192_cfb128, + .block_size = 1, + .key_len = 24, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE, + .init = aesni_init_key, + .do_cipher = aes_cfb_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_192_cfb = { + .nid = NID_aes_192_cfb128, + .block_size = 1, + .key_len = 24, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE, + .init = aes_init_key, + .do_cipher = aes_cfb_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_192_cfb(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_192_cfb : &aes_192_cfb; +#else + return &aes_192_cfb; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_192_cfb1 = { + .nid = NID_aes_192_cfb1, + .block_size = 1, + .key_len = 24, + .iv_len = 16, + .flags = EVP_CIPH_CFB_MODE, + .init = aesni_init_key, + .do_cipher = aes_cfb1_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_192_cfb1 = { + .nid = NID_aes_192_cfb1, + .block_size = 1, + .key_len = 24, + .iv_len = 16, + .flags = EVP_CIPH_CFB_MODE, + .init = aes_init_key, + .do_cipher = aes_cfb1_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_192_cfb1(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_192_cfb1 : &aes_192_cfb1; +#else + return &aes_192_cfb1; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_192_cfb8 = { + .nid = NID_aes_192_cfb8, + .block_size = 1, + .key_len = 24, + .iv_len = 16, + .flags = EVP_CIPH_CFB_MODE, + .init = aesni_init_key, + .do_cipher = aes_cfb8_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_192_cfb8 = { + .nid = NID_aes_192_cfb8, + .block_size = 1, + .key_len = 24, + .iv_len = 16, + .flags = EVP_CIPH_CFB_MODE, + .init = aes_init_key, + .do_cipher = aes_cfb8_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_192_cfb8(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_192_cfb8 : &aes_192_cfb8; +#else + return &aes_192_cfb8; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_192_ctr = { + .nid = NID_aes_192_ctr, + .block_size = 1, + .key_len = 24, + .iv_len = 16, + .flags = EVP_CIPH_CTR_MODE, + .init = aesni_init_key, + .do_cipher = aes_ctr_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_192_ctr = { + .nid = NID_aes_192_ctr, + .block_size = 1, + .key_len = 24, + .iv_len = 16, + .flags = EVP_CIPH_CTR_MODE, + .init = aes_init_key, + .do_cipher = aes_ctr_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_192_ctr(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_192_ctr : &aes_192_ctr; +#else + return &aes_192_ctr; +#endif +} + + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_256_cbc = { + .nid = NID_aes_256_cbc, + .block_size = 16, + .key_len = 32, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE, + .init = aesni_init_key, + .do_cipher = aesni_cbc_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_256_cbc = { + .nid = NID_aes_256_cbc, + .block_size = 16, + .key_len = 32, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE, + .init = aes_init_key, + .do_cipher = aes_cbc_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_256_cbc(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_256_cbc : &aes_256_cbc; +#else + return &aes_256_cbc; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_256_ecb = { + .nid = NID_aes_256_ecb, + .block_size = 16, + .key_len = 32, + .iv_len = 0, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE, + .init = aesni_init_key, + .do_cipher = aesni_ecb_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_256_ecb = { + .nid = NID_aes_256_ecb, + .block_size = 16, + .key_len = 32, + .iv_len = 0, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE, + .init = aes_init_key, + .do_cipher = aes_ecb_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_256_ecb(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_256_ecb : &aes_256_ecb; +#else + return &aes_256_ecb; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_256_ofb = { + .nid = NID_aes_256_ofb128, + .block_size = 1, + .key_len = 32, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE, + .init = aesni_init_key, + .do_cipher = aes_ofb_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_256_ofb = { + .nid = NID_aes_256_ofb128, + .block_size = 1, + .key_len = 32, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE, + .init = aes_init_key, + .do_cipher = aes_ofb_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_256_ofb(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_256_ofb : &aes_256_ofb; +#else + return &aes_256_ofb; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_256_cfb = { + .nid = NID_aes_256_cfb128, + .block_size = 1, + .key_len = 32, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE, + .init = aesni_init_key, + .do_cipher = aes_cfb_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_256_cfb = { + .nid = NID_aes_256_cfb128, + .block_size = 1, + .key_len = 32, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE, + .init = aes_init_key, + .do_cipher = aes_cfb_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_256_cfb(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_256_cfb : &aes_256_cfb; +#else + return &aes_256_cfb; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_256_cfb1 = { + .nid = NID_aes_256_cfb1, + .block_size = 1, + .key_len = 32, + .iv_len = 16, + .flags = EVP_CIPH_CFB_MODE, + .init = aesni_init_key, + .do_cipher = aes_cfb1_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_256_cfb1 = { + .nid = NID_aes_256_cfb1, + .block_size = 1, + .key_len = 32, + .iv_len = 16, + .flags = EVP_CIPH_CFB_MODE, + .init = aes_init_key, + .do_cipher = aes_cfb1_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_256_cfb1(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_256_cfb1 : &aes_256_cfb1; +#else + return &aes_256_cfb1; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_256_cfb8 = { + .nid = NID_aes_256_cfb8, + .block_size = 1, + .key_len = 32, + .iv_len = 16, + .flags = EVP_CIPH_CFB_MODE, + .init = aesni_init_key, + .do_cipher = aes_cfb8_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_256_cfb8 = { + .nid = NID_aes_256_cfb8, + .block_size = 1, + .key_len = 32, + .iv_len = 16, + .flags = EVP_CIPH_CFB_MODE, + .init = aes_init_key, + .do_cipher = aes_cfb8_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_256_cfb8(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_256_cfb8 : &aes_256_cfb8; +#else + return &aes_256_cfb8; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_256_ctr = { + .nid = NID_aes_256_ctr, + .block_size = 1, + .key_len = 32, + .iv_len = 16, + .flags = EVP_CIPH_CTR_MODE, + .init = aesni_init_key, + .do_cipher = aes_ctr_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; +#endif + +static const EVP_CIPHER aes_256_ctr = { + .nid = NID_aes_256_ctr, + .block_size = 1, + .key_len = 32, + .iv_len = 16, + .flags = EVP_CIPH_CTR_MODE, + .init = aes_init_key, + .do_cipher = aes_ctr_cipher, + .ctx_size = sizeof(EVP_AES_KEY), +}; + +const EVP_CIPHER * +EVP_aes_256_ctr(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_256_ctr : &aes_256_ctr; +#else + return &aes_256_ctr; +#endif +} + +static void aes_gcm_cleanup(EVP_CIPHER_CTX *c) { EVP_AES_GCM_CTX *gctx = c->cipher_data; if (gctx->iv != c->iv) free(gctx->iv); + explicit_bzero(gctx, sizeof(*gctx)); - return 1; } /* increment counter (64-bit int) by 1 */ @@ -1061,12 +1632,120 @@ aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | \ EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY ) -BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, - EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM, - EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM, - EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_128_gcm = { + .nid = NID_aes_128_gcm, + .block_size = 1, + .key_len = 16, + .iv_len = 12, + .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE, + .init = aesni_gcm_init_key, + .do_cipher = aes_gcm_cipher, + .cleanup = aes_gcm_cleanup, + .ctx_size = sizeof(EVP_AES_GCM_CTX), + .ctrl = aes_gcm_ctrl, +}; +#endif + +static const EVP_CIPHER aes_128_gcm = { + .nid = NID_aes_128_gcm, + .block_size = 1, + .key_len = 16, + .iv_len = 12, + .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE, + .init = aes_gcm_init_key, + .do_cipher = aes_gcm_cipher, + .cleanup = aes_gcm_cleanup, + .ctx_size = sizeof(EVP_AES_GCM_CTX), + .ctrl = aes_gcm_ctrl, +}; + +const EVP_CIPHER * +EVP_aes_128_gcm(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_128_gcm : &aes_128_gcm; +#else + return &aes_128_gcm; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_192_gcm = { + .nid = NID_aes_192_gcm, + .block_size = 1, + .key_len = 24, + .iv_len = 12, + .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE, + .init = aesni_gcm_init_key, + .do_cipher = aes_gcm_cipher, + .cleanup = aes_gcm_cleanup, + .ctx_size = sizeof(EVP_AES_GCM_CTX), + .ctrl = aes_gcm_ctrl, +}; +#endif + +static const EVP_CIPHER aes_192_gcm = { + .nid = NID_aes_192_gcm, + .block_size = 1, + .key_len = 24, + .iv_len = 12, + .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE, + .init = aes_gcm_init_key, + .do_cipher = aes_gcm_cipher, + .cleanup = aes_gcm_cleanup, + .ctx_size = sizeof(EVP_AES_GCM_CTX), + .ctrl = aes_gcm_ctrl, +}; + +const EVP_CIPHER * +EVP_aes_192_gcm(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_192_gcm : &aes_192_gcm; +#else + return &aes_192_gcm; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_256_gcm = { + .nid = NID_aes_256_gcm, + .block_size = 1, + .key_len = 32, + .iv_len = 12, + .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE, + .init = aesni_gcm_init_key, + .do_cipher = aes_gcm_cipher, + .cleanup = aes_gcm_cleanup, + .ctx_size = sizeof(EVP_AES_GCM_CTX), + .ctrl = aes_gcm_ctrl, +}; +#endif + +static const EVP_CIPHER aes_256_gcm = { + .nid = NID_aes_256_gcm, + .block_size = 1, + .key_len = 32, + .iv_len = 12, + .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE, + .init = aes_gcm_init_key, + .do_cipher = aes_gcm_cipher, + .cleanup = aes_gcm_cleanup, + .ctx_size = sizeof(EVP_AES_GCM_CTX), + .ctrl = aes_gcm_ctrl, +}; + +const EVP_CIPHER * +EVP_aes_256_gcm(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_256_gcm : &aes_256_gcm; +#else + return &aes_256_gcm; +#endif +} static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) @@ -1191,14 +1870,86 @@ aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -#define aes_xts_cleanup NULL - #define XTS_FLAGS \ ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \ EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY ) -BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS) + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_128_xts = { + .nid = NID_aes_128_xts, + .block_size = 1, + .key_len = 2 * 16, + .iv_len = 16, + .flags = XTS_FLAGS | EVP_CIPH_XTS_MODE, + .init = aesni_xts_init_key, + .do_cipher = aes_xts_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_AES_XTS_CTX), + .ctrl = aes_xts_ctrl, +}; +#endif + +static const EVP_CIPHER aes_128_xts = { + .nid = NID_aes_128_xts, + .block_size = 1, + .key_len = 2 * 16, + .iv_len = 16, + .flags = XTS_FLAGS | EVP_CIPH_XTS_MODE, + .init = aes_xts_init_key, + .do_cipher = aes_xts_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_AES_XTS_CTX), + .ctrl = aes_xts_ctrl, +}; + +const EVP_CIPHER * +EVP_aes_128_xts(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_128_xts : &aes_128_xts; +#else + return &aes_128_xts; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_256_xts = { + .nid = NID_aes_256_xts, + .block_size = 1, + .key_len = 2 * 32, + .iv_len = 16, + .flags = XTS_FLAGS | EVP_CIPH_XTS_MODE, + .init = aesni_xts_init_key, + .do_cipher = aes_xts_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_AES_XTS_CTX), + .ctrl = aes_xts_ctrl, +}; +#endif + +static const EVP_CIPHER aes_256_xts = { + .nid = NID_aes_256_xts, + .block_size = 1, + .key_len = 2 * 32, + .iv_len = 16, + .flags = XTS_FLAGS | EVP_CIPH_XTS_MODE, + .init = aes_xts_init_key, + .do_cipher = aes_xts_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_AES_XTS_CTX), + .ctrl = aes_xts_ctrl, +}; + +const EVP_CIPHER * +EVP_aes_256_xts(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_256_xts : &aes_256_xts; +#else + return &aes_256_xts; +#endif +} static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) @@ -1358,14 +2109,119 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } -#define aes_ccm_cleanup NULL +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_128_ccm = { + .nid = NID_aes_128_ccm, + .block_size = 1, + .key_len = 16, + .iv_len = 12, + .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE, + .init = aesni_ccm_init_key, + .do_cipher = aes_ccm_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_AES_CCM_CTX), + .ctrl = aes_ccm_ctrl, +}; +#endif -BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, - EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, - EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, - EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) +static const EVP_CIPHER aes_128_ccm = { + .nid = NID_aes_128_ccm, + .block_size = 1, + .key_len = 16, + .iv_len = 12, + .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE, + .init = aes_ccm_init_key, + .do_cipher = aes_ccm_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_AES_CCM_CTX), + .ctrl = aes_ccm_ctrl, +}; + +const EVP_CIPHER * +EVP_aes_128_ccm(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_128_ccm : &aes_128_ccm; +#else + return &aes_128_ccm; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_192_ccm = { + .nid = NID_aes_192_ccm, + .block_size = 1, + .key_len = 24, + .iv_len = 12, + .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE, + .init = aesni_ccm_init_key, + .do_cipher = aes_ccm_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_AES_CCM_CTX), + .ctrl = aes_ccm_ctrl, +}; +#endif + +static const EVP_CIPHER aes_192_ccm = { + .nid = NID_aes_192_ccm, + .block_size = 1, + .key_len = 24, + .iv_len = 12, + .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE, + .init = aes_ccm_init_key, + .do_cipher = aes_ccm_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_AES_CCM_CTX), + .ctrl = aes_ccm_ctrl, +}; + +const EVP_CIPHER * +EVP_aes_192_ccm(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_192_ccm : &aes_192_ccm; +#else + return &aes_192_ccm; +#endif +} + +#ifdef AESNI_CAPABLE +static const EVP_CIPHER aesni_256_ccm = { + .nid = NID_aes_256_ccm, + .block_size = 1, + .key_len = 32, + .iv_len = 12, + .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE, + .init = aesni_ccm_init_key, + .do_cipher = aes_ccm_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_AES_CCM_CTX), + .ctrl = aes_ccm_ctrl, +}; +#endif + +static const EVP_CIPHER aes_256_ccm = { + .nid = NID_aes_256_ccm, + .block_size = 1, + .key_len = 32, + .iv_len = 12, + .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE, + .init = aes_ccm_init_key, + .do_cipher = aes_ccm_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_AES_CCM_CTX), + .ctrl = aes_ccm_ctrl, +}; + +const EVP_CIPHER * +EVP_aes_256_ccm(void) +{ +#ifdef AESNI_CAPABLE + return AESNI_CAPABLE ? &aesni_256_ccm : &aes_256_ccm; +#else + return &aes_256_ccm; +#endif +} #define EVP_AEAD_AES_GCM_TAG_LEN 16 diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index 9be17e36..eef9c280 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.15 2019/04/03 15:33:37 tb Exp $ */ +/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.16 2021/12/12 21:30:13 tb Exp $ */ /* ==================================================================== * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. * @@ -59,8 +59,9 @@ #include #include #include -#include "evp_locl.h" + #include "constant_time_locl.h" +#include "evp_locl.h" #define TLS1_1_VERSION 0x0302 diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c index 615c9bd7..4632b523 100644 --- a/crypto/evp/e_bf.c +++ b/crypto/evp/e_bf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_bf.c,v 1.8 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: e_bf.c,v 1.14 2022/09/15 07:04:19 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #include #include @@ -68,18 +69,11 @@ #include "evp_locl.h" -static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - typedef struct { BF_KEY ks; } EVP_BF_KEY; -#define data(ctx) EVP_C_DATA(EVP_BF_KEY,ctx) - -IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64, - EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) +#define data(ctx) ((EVP_BF_KEY *)(ctx)->cipher_data) static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -88,4 +82,166 @@ bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, BF_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key); return 1; } + +static int +bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + BF_cbc_encrypt(in, out, (long)chunk, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; + } + + if (inl) + BF_cbc_encrypt(in, out, (long)inl, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + + return 1; +} + +static int +bf_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = LONG_MAX & ~0xff; + + if (inl < chunk) + chunk = inl; + + while (inl && inl >= chunk) { + BF_cfb64_encrypt(in, out, (long)chunk, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; + if (inl < chunk) + chunk = inl; + } + + return 1; +} + +static int +bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t i, bl; + + bl = ctx->cipher->block_size; + + if (inl < bl) + return 1; + + inl -= bl; + + for (i = 0; i <= inl; i += bl) + BF_ecb_encrypt(in + i, out + i, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->encrypt); + + return 1; +} + +static int +bf_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + BF_ofb64_encrypt(in, out, (long)chunk, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + inl -= chunk; + in += chunk; + out += chunk; + } + + if (inl) + BF_ofb64_encrypt(in, out, (long)inl, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + + return 1; +} + +static const EVP_CIPHER bf_cbc = { + .nid = NID_bf_cbc, + .block_size = 8, + .key_len = 16, + .iv_len = 8, + .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CBC_MODE, + .init = bf_init_key, + .do_cipher = bf_cbc_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_BF_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_bf_cbc(void) +{ + return &bf_cbc; +} + +static const EVP_CIPHER bf_cfb64 = { + .nid = NID_bf_cfb64, + .block_size = 1, + .key_len = 16, + .iv_len = 8, + .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CFB_MODE, + .init = bf_init_key, + .do_cipher = bf_cfb64_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_BF_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_bf_cfb64(void) +{ + return &bf_cfb64; +} + +static const EVP_CIPHER bf_ofb = { + .nid = NID_bf_ofb64, + .block_size = 1, + .key_len = 16, + .iv_len = 8, + .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_OFB_MODE, + .init = bf_init_key, + .do_cipher = bf_ofb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_BF_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_bf_ofb(void) +{ + return &bf_ofb; +} + +static const EVP_CIPHER bf_ecb = { + .nid = NID_bf_ecb, + .block_size = 8, + .key_len = 16, + .iv_len = 0, + .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ECB_MODE, + .init = bf_init_key, + .do_cipher = bf_ecb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_BF_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_bf_ecb(void) +{ + return &bf_ecb; +} #endif diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c index fd12cf9c..3976baaa 100644 --- a/crypto/evp/e_camellia.c +++ b/crypto/evp/e_camellia.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_camellia.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: e_camellia.c,v 1.15 2022/09/10 17:39:47 jsing Exp $ */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * @@ -61,10 +61,8 @@ #include #include #include -#include "evp_locl.h" -static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); +#include "evp_locl.h" /* Camellia subkey Structure */ typedef struct { @@ -72,39 +70,8 @@ typedef struct { } EVP_CAMELLIA_KEY; /* Attribute operation for Camellia */ -#define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx) - -IMPLEMENT_BLOCK_CIPHER(camellia_128, ks, Camellia, EVP_CAMELLIA_KEY, - NID_camellia_128, 16, 16, 16, 128, - 0, camellia_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) -IMPLEMENT_BLOCK_CIPHER(camellia_192, ks, Camellia, EVP_CAMELLIA_KEY, - NID_camellia_192, 16, 24, 16, 128, - 0, camellia_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) -IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY, - NID_camellia_256, 16, 32, 16, 128, - 0, camellia_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) - -#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16) - -IMPLEMENT_CAMELLIA_CFBR(128, 1) -IMPLEMENT_CAMELLIA_CFBR(192, 1) -IMPLEMENT_CAMELLIA_CFBR(256, 1) - -IMPLEMENT_CAMELLIA_CFBR(128, 8) -IMPLEMENT_CAMELLIA_CFBR(192, 8) -IMPLEMENT_CAMELLIA_CFBR(256, 8) - - -/* The subkey for Camellia is generated. */ +#define data(ctx) ((EVP_CAMELLIA_KEY *)(ctx)->cipher_data) + static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) @@ -120,4 +87,737 @@ camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; } + +static int +camellia_128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + while (inl >= EVP_MAXCHUNK) { + Camellia_cbc_encrypt(in, out, EVP_MAXCHUNK, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + + if (inl) + Camellia_cbc_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + + return 1; +} + +static int +camellia_128_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = EVP_MAXCHUNK; + + if (inl < chunk) + chunk = inl; + + while (inl && inl >= chunk) { + Camellia_cfb128_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; + if (inl < chunk) + chunk = inl; + } + + return 1; +} + +static int +camellia_128_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t i, bl; + + bl = ctx->cipher->block_size; + + if (inl < bl) + return 1; + + inl -= bl; + + for (i = 0; i <= inl; i += bl) + Camellia_ecb_encrypt(in + i, out + i, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->encrypt); + + return 1; +} + +static int +camellia_128_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + while (inl >= EVP_MAXCHUNK) { + Camellia_ofb128_encrypt(in, out, EVP_MAXCHUNK, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + + if (inl) + Camellia_ofb128_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + + return 1; +} + +static const EVP_CIPHER camellia_128_cbc = { + .nid = NID_camellia_128_cbc, + .block_size = 16, + .key_len = 16, + .iv_len = 16, + .flags = 0 | EVP_CIPH_CBC_MODE, + .init = camellia_init_key, + .do_cipher = camellia_128_cbc_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAMELLIA_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_camellia_128_cbc(void) +{ + return &camellia_128_cbc; +} + +static const EVP_CIPHER camellia_128_cfb128 = { + .nid = NID_camellia_128_cfb128, + .block_size = 1, + .key_len = 16, + .iv_len = 16, + .flags = 0 | EVP_CIPH_CFB_MODE, + .init = camellia_init_key, + .do_cipher = camellia_128_cfb128_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAMELLIA_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_camellia_128_cfb128(void) +{ + return &camellia_128_cfb128; +} + +static const EVP_CIPHER camellia_128_ofb = { + .nid = NID_camellia_128_ofb128, + .block_size = 1, + .key_len = 16, + .iv_len = 16, + .flags = 0 | EVP_CIPH_OFB_MODE, + .init = camellia_init_key, + .do_cipher = camellia_128_ofb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAMELLIA_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_camellia_128_ofb(void) +{ + return &camellia_128_ofb; +} + +static const EVP_CIPHER camellia_128_ecb = { + .nid = NID_camellia_128_ecb, + .block_size = 16, + .key_len = 16, + .iv_len = 0, + .flags = 0 | EVP_CIPH_ECB_MODE, + .init = camellia_init_key, + .do_cipher = camellia_128_ecb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAMELLIA_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_camellia_128_ecb(void) +{ + return &camellia_128_ecb; +} + +static int +camellia_192_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + while (inl >= EVP_MAXCHUNK) { + Camellia_cbc_encrypt(in, out, EVP_MAXCHUNK, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + + if (inl) + Camellia_cbc_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + + return 1; +} + +static int +camellia_192_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = EVP_MAXCHUNK; + + if (inl < chunk) + chunk = inl; + + while (inl && inl >= chunk) { + Camellia_cfb128_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; + if (inl < chunk) + chunk = inl; + } + + return 1; +} + +static int +camellia_192_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t i, bl; + + bl = ctx->cipher->block_size; + + if (inl < bl) + return 1; + + inl -= bl; + + for (i = 0; i <= inl; i += bl) + Camellia_ecb_encrypt(in + i, out + i, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->encrypt); + + return 1; +} + +static int +camellia_192_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + while (inl >= EVP_MAXCHUNK) { + Camellia_ofb128_encrypt(in, out, EVP_MAXCHUNK, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + + if (inl) + Camellia_ofb128_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + + return 1; +} + +static const EVP_CIPHER camellia_192_cbc = { + .nid = NID_camellia_192_cbc, + .block_size = 16, + .key_len = 24, + .iv_len = 16, + .flags = 0 | EVP_CIPH_CBC_MODE, + .init = camellia_init_key, + .do_cipher = camellia_192_cbc_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAMELLIA_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_camellia_192_cbc(void) +{ + return &camellia_192_cbc; +} + +static const EVP_CIPHER camellia_192_cfb128 = { + .nid = NID_camellia_192_cfb128, + .block_size = 1, + .key_len = 24, + .iv_len = 16, + .flags = 0 | EVP_CIPH_CFB_MODE, + .init = camellia_init_key, + .do_cipher = camellia_192_cfb128_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAMELLIA_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_camellia_192_cfb128(void) +{ + return &camellia_192_cfb128; +} + +static const EVP_CIPHER camellia_192_ofb = { + .nid = NID_camellia_192_ofb128, + .block_size = 1, + .key_len = 24, + .iv_len = 16, + .flags = 0 | EVP_CIPH_OFB_MODE, + .init = camellia_init_key, + .do_cipher = camellia_192_ofb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAMELLIA_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_camellia_192_ofb(void) +{ + return &camellia_192_ofb; +} + +static const EVP_CIPHER camellia_192_ecb = { + .nid = NID_camellia_192_ecb, + .block_size = 16, + .key_len = 24, + .iv_len = 0, + .flags = 0 | EVP_CIPH_ECB_MODE, + .init = camellia_init_key, + .do_cipher = camellia_192_ecb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAMELLIA_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_camellia_192_ecb(void) +{ + return &camellia_192_ecb; +} + +static int +camellia_256_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + while (inl >= EVP_MAXCHUNK) { + Camellia_cbc_encrypt(in, out, EVP_MAXCHUNK, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + + if (inl) + Camellia_cbc_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + + return 1; +} + +static int +camellia_256_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = EVP_MAXCHUNK; + + if (inl < chunk) + chunk = inl; + + while (inl && inl >= chunk) { + Camellia_cfb128_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; + if (inl < chunk) + chunk = inl; + } + + return 1; +} + +static int +camellia_256_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t i, bl; + + bl = ctx->cipher->block_size; + + if (inl < bl) + return 1; + + inl -= bl; + + for (i = 0; i <= inl; i += bl) + Camellia_ecb_encrypt(in + i, out + i, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->encrypt); + + return 1; +} + +static int +camellia_256_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + while (inl >= EVP_MAXCHUNK) { + Camellia_ofb128_encrypt(in, out, EVP_MAXCHUNK, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + + if (inl) + Camellia_ofb128_encrypt(in, out, inl, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + + return 1; +} + +static const EVP_CIPHER camellia_256_cbc = { + .nid = NID_camellia_256_cbc, + .block_size = 16, + .key_len = 32, + .iv_len = 16, + .flags = 0 | EVP_CIPH_CBC_MODE, + .init = camellia_init_key, + .do_cipher = camellia_256_cbc_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAMELLIA_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_camellia_256_cbc(void) +{ + return &camellia_256_cbc; +} + +static const EVP_CIPHER camellia_256_cfb128 = { + .nid = NID_camellia_256_cfb128, + .block_size = 1, + .key_len = 32, + .iv_len = 16, + .flags = 0 | EVP_CIPH_CFB_MODE, + .init = camellia_init_key, + .do_cipher = camellia_256_cfb128_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAMELLIA_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_camellia_256_cfb128(void) +{ + return &camellia_256_cfb128; +} + +static const EVP_CIPHER camellia_256_ofb = { + .nid = NID_camellia_256_ofb128, + .block_size = 1, + .key_len = 32, + .iv_len = 16, + .flags = 0 | EVP_CIPH_OFB_MODE, + .init = camellia_init_key, + .do_cipher = camellia_256_ofb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAMELLIA_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_camellia_256_ofb(void) +{ + return &camellia_256_ofb; +} + +static const EVP_CIPHER camellia_256_ecb = { + .nid = NID_camellia_256_ecb, + .block_size = 16, + .key_len = 32, + .iv_len = 0, + .flags = 0 | EVP_CIPH_ECB_MODE, + .init = camellia_init_key, + .do_cipher = camellia_256_ecb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAMELLIA_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_camellia_256_ecb(void) +{ + return &camellia_256_ecb; +} + +static int +camellia_128_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = EVP_MAXCHUNK; + + chunk >>= 3; + + if (inl < chunk) + chunk = inl; + + while (inl && inl >= chunk) { + Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? chunk * 8 : chunk), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; + if (inl < chunk) + chunk = inl; + } + + return 1; +} + +static const EVP_CIPHER camellia_128_cfb1 = { + .nid = NID_camellia_128_cfb1, + .block_size = 1, + .key_len = 128/8, + .iv_len = 16, + .flags = 0 | EVP_CIPH_CFB_MODE, + .init = camellia_init_key, + .do_cipher = camellia_128_cfb1_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAMELLIA_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_camellia_128_cfb1(void) +{ + return &camellia_128_cfb1; +} + +static int +camellia_192_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = EVP_MAXCHUNK; + + chunk >>= 3; + + if (inl < chunk) + chunk = inl; + + while (inl && inl >= chunk) { + Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? chunk * 8 : chunk), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; + if (inl < chunk) + chunk = inl; + } + + return 1; +} + +static const EVP_CIPHER camellia_192_cfb1 = { + .nid = NID_camellia_192_cfb1, + .block_size = 1, + .key_len = 192/8, + .iv_len = 16, + .flags = 0 | EVP_CIPH_CFB_MODE, + .init = camellia_init_key, + .do_cipher = camellia_192_cfb1_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAMELLIA_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_camellia_192_cfb1(void) +{ + return &camellia_192_cfb1; +} + +static int +camellia_256_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = EVP_MAXCHUNK; + + chunk >>= 3; + + if (inl < chunk) + chunk = inl; + + while (inl && inl >= chunk) { + Camellia_cfb1_encrypt(in, out, ((1 == 1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ? chunk * 8 : chunk), &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; + if (inl < chunk) + chunk = inl; + } + + return 1; +} + +static const EVP_CIPHER camellia_256_cfb1 = { + .nid = NID_camellia_256_cfb1, + .block_size = 1, + .key_len = 256/8, + .iv_len = 16, + .flags = 0 | EVP_CIPH_CFB_MODE, + .init = camellia_init_key, + .do_cipher = camellia_256_cfb1_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAMELLIA_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_camellia_256_cfb1(void) +{ + return &camellia_256_cfb1; +} + + +static int +camellia_128_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = EVP_MAXCHUNK; + + if (inl < chunk) + chunk = inl; + + while (inl && inl >= chunk) { + Camellia_cfb8_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; + if (inl < chunk) + chunk = inl; + } + + return 1; +} + +static const EVP_CIPHER camellia_128_cfb8 = { + .nid = NID_camellia_128_cfb8, + .block_size = 1, + .key_len = 128/8, + .iv_len = 16, + .flags = 0 | EVP_CIPH_CFB_MODE, + .init = camellia_init_key, + .do_cipher = camellia_128_cfb8_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAMELLIA_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_camellia_128_cfb8(void) +{ + return &camellia_128_cfb8; +} + +static int +camellia_192_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = EVP_MAXCHUNK; + + if (inl < chunk) + chunk = inl; + + while (inl && inl >= chunk) { + Camellia_cfb8_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; + if (inl < chunk) + chunk = inl; + } + + return 1; +} + +static const EVP_CIPHER camellia_192_cfb8 = { + .nid = NID_camellia_192_cfb8, + .block_size = 1, + .key_len = 192/8, + .iv_len = 16, + .flags = 0 | EVP_CIPH_CFB_MODE, + .init = camellia_init_key, + .do_cipher = camellia_192_cfb8_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAMELLIA_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_camellia_192_cfb8(void) +{ + return &camellia_192_cfb8; +} + +static int +camellia_256_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = EVP_MAXCHUNK; + + if (inl < chunk) + chunk = inl; + + while (inl && inl >= chunk) { + Camellia_cfb8_encrypt(in, out, chunk, &((EVP_CAMELLIA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; + if (inl < chunk) + chunk = inl; + } + + return 1; +} + +static const EVP_CIPHER camellia_256_cfb8 = { + .nid = NID_camellia_256_cfb8, + .block_size = 1, + .key_len = 256/8, + .iv_len = 16, + .flags = 0 | EVP_CIPH_CFB_MODE, + .init = camellia_init_key, + .do_cipher = camellia_256_cfb8_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAMELLIA_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_camellia_256_cfb8(void) +{ + return &camellia_256_cfb8; +} #endif diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c index 707daa96..702c26e0 100644 --- a/crypto/evp/e_cast.c +++ b/crypto/evp/e_cast.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_cast.c,v 1.7 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: e_cast.c,v 1.13 2022/09/15 07:04:19 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #include #include @@ -68,19 +69,11 @@ #include "evp_locl.h" -static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - typedef struct { CAST_KEY ks; } EVP_CAST_KEY; -#define data(ctx) EVP_C_DATA(EVP_CAST_KEY,ctx) - -IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, - NID_cast5, 8, CAST_KEY_LENGTH, 8, 64, - EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) +#define data(ctx) ((EVP_CAST_KEY *)(ctx)->cipher_data) static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -89,4 +82,166 @@ cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, CAST_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key); return 1; } + +static int +cast5_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + CAST_cbc_encrypt(in, out, (long)chunk, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; + } + + if (inl) + CAST_cbc_encrypt(in, out, (long)inl, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + + return 1; +} + +static int +cast5_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = LONG_MAX & ~0xff; + + if (inl < chunk) + chunk = inl; + + while (inl && inl >= chunk) { + CAST_cfb64_encrypt(in, out, (long)chunk, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; + if (inl < chunk) + chunk = inl; + } + + return 1; +} + +static int +cast5_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t i, bl; + + bl = ctx->cipher->block_size; + + if (inl < bl) + return 1; + + inl -= bl; + + for (i = 0; i <= inl; i += bl) + CAST_ecb_encrypt(in + i, out + i, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->encrypt); + + return 1; +} + +static int +cast5_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + CAST_ofb64_encrypt(in, out, (long)chunk, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + inl -= chunk; + in += chunk; + out += chunk; + } + + if (inl) + CAST_ofb64_encrypt(in, out, (long)inl, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + + return 1; +} + +static const EVP_CIPHER cast5_cbc = { + .nid = NID_cast5_cbc, + .block_size = 8, + .key_len = CAST_KEY_LENGTH, + .iv_len = 8, + .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CBC_MODE, + .init = cast_init_key, + .do_cipher = cast5_cbc_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAST_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_cast5_cbc(void) +{ + return &cast5_cbc; +} + +static const EVP_CIPHER cast5_cfb64 = { + .nid = NID_cast5_cfb64, + .block_size = 1, + .key_len = CAST_KEY_LENGTH, + .iv_len = 8, + .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CFB_MODE, + .init = cast_init_key, + .do_cipher = cast5_cfb64_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAST_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_cast5_cfb64(void) +{ + return &cast5_cfb64; +} + +static const EVP_CIPHER cast5_ofb = { + .nid = NID_cast5_ofb64, + .block_size = 1, + .key_len = CAST_KEY_LENGTH, + .iv_len = 8, + .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_OFB_MODE, + .init = cast_init_key, + .do_cipher = cast5_ofb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAST_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_cast5_ofb(void) +{ + return &cast5_ofb; +} + +static const EVP_CIPHER cast5_ecb = { + .nid = NID_cast5_ecb, + .block_size = 8, + .key_len = CAST_KEY_LENGTH, + .iv_len = 0, + .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ECB_MODE, + .init = cast_init_key, + .do_cipher = cast5_ecb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_CAST_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_cast5_ecb(void) +{ + return &cast5_ecb; +} #endif diff --git a/crypto/evp/e_chacha.c b/crypto/evp/e_chacha.c index a27a3c64..447ce7e9 100644 --- a/crypto/evp/e_chacha.c +++ b/crypto/evp/e_chacha.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_chacha.c,v 1.8 2020/01/26 07:47:26 tb Exp $ */ +/* $OpenBSD: e_chacha.c,v 1.9 2022/07/30 17:11:38 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -25,10 +25,29 @@ #include "evp_locl.h" -static int chacha_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); -static int chacha_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); +static int +chacha_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *openssl_iv, int enc) +{ + if (key != NULL) + ChaCha_set_key((ChaCha_ctx *)ctx->cipher_data, key, + EVP_CIPHER_CTX_key_length(ctx) * 8); + if (openssl_iv != NULL) { + const unsigned char *iv = openssl_iv + 8; + const unsigned char *counter = openssl_iv; + + ChaCha_set_iv((ChaCha_ctx *)ctx->cipher_data, iv, counter); + } + return 1; +} + +static int +chacha_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t len) +{ + ChaCha((ChaCha_ctx *)ctx->cipher_data, out, in, len); + return 1; +} static const EVP_CIPHER chacha20_cipher = { .nid = NID_chacha20, @@ -56,28 +75,4 @@ EVP_chacha20(void) return (&chacha20_cipher); } -static int -chacha_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *openssl_iv, int enc) -{ - if (key != NULL) - ChaCha_set_key((ChaCha_ctx *)ctx->cipher_data, key, - EVP_CIPHER_CTX_key_length(ctx) * 8); - if (openssl_iv != NULL) { - const unsigned char *iv = openssl_iv + 8; - const unsigned char *counter = openssl_iv; - - ChaCha_set_iv((ChaCha_ctx *)ctx->cipher_data, iv, counter); - } - return 1; -} - -static int -chacha_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, - size_t len) -{ - ChaCha((ChaCha_ctx *)ctx->cipher_data, out, in, len); - return 1; -} - #endif diff --git a/crypto/evp/e_chacha20poly1305.c b/crypto/evp/e_chacha20poly1305.c index 4fd92eb0..45026484 100644 --- a/crypto/evp/e_chacha20poly1305.c +++ b/crypto/evp/e_chacha20poly1305.c @@ -1,6 +1,7 @@ -/* $OpenBSD: e_chacha20poly1305.c,v 1.21 2019/03/27 15:34:01 jsing Exp $ */ +/* $OpenBSD: e_chacha20poly1305.c,v 1.26 2022/09/13 04:59:18 jsing Exp $ */ /* + * Copyright (c) 2022 Joel Sing * Copyright (c) 2015 Reyk Floter * Copyright (c) 2014, Google Inc. * @@ -29,6 +30,7 @@ #include #include +#include "bytestring.h" #include "evp_locl.h" #define POLY1305_TAG_LEN 16 @@ -99,14 +101,11 @@ poly1305_update_with_length(poly1305_state *poly1305, } static void -poly1305_update_with_pad16(poly1305_state *poly1305, - const unsigned char *data, size_t data_len) +poly1305_pad16(poly1305_state *poly1305, size_t data_len) { static const unsigned char zero_pad16[16]; size_t pad_len; - CRYPTO_poly1305_update(poly1305, data, data_len); - /* pad16() is defined in RFC 7539 2.8.1. */ if ((pad_len = data_len % 16) == 0) return; @@ -114,6 +113,14 @@ poly1305_update_with_pad16(poly1305_state *poly1305, CRYPTO_poly1305_update(poly1305, zero_pad16, 16 - pad_len); } +static void +poly1305_update_with_pad16(poly1305_state *poly1305, + const unsigned char *data, size_t data_len) +{ + CRYPTO_poly1305_update(poly1305, data, data_len); + poly1305_pad16(poly1305, data_len); +} + static int aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len, size_t max_out_len, const unsigned char *nonce, @@ -124,21 +131,8 @@ aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, unsigned char poly1305_key[32]; poly1305_state poly1305; const unsigned char *iv; - const uint64_t in_len_64 = in_len; uint64_t ctr; - /* The underlying ChaCha implementation may not overflow the block - * counter into the second counter word. Therefore we disallow - * individual operations that work on more than 2TB at a time. - * in_len_64 is needed because, on 32-bit platforms, size_t is only - * 32-bits and this produces a warning because it's always false. - * Casting to uint64_t inside the conditional is not sufficient to stop - * the warning. */ - if (in_len_64 >= (1ULL << 32) * 64 - 64) { - EVPerror(EVP_R_TOO_LARGE); - return 0; - } - if (max_out_len < in_len + c20_ctx->tag_len) { EVPerror(EVP_R_BUFFER_TOO_SMALL); return 0; @@ -188,7 +182,6 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out, unsigned char poly1305_key[32]; const unsigned char *iv = nonce; poly1305_state poly1305; - const uint64_t in_len_64 = in_len; size_t plaintext_len; uint64_t ctr = 0; @@ -197,18 +190,6 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out, return 0; } - /* The underlying ChaCha implementation may not overflow the block - * counter into the second counter word. Therefore we disallow - * individual operations that work on more than 2TB at a time. - * in_len_64 is needed because, on 32-bit platforms, size_t is only - * 32-bits and this produces a warning because it's always false. - * Casting to uint64_t inside the conditional is not sufficient to stop - * the warning. */ - if (in_len_64 >= (1ULL << 32) * 64 - 64) { - EVPerror(EVP_R_TOO_LARGE); - return 0; - } - if (nonce_len != ctx->aead->nonce_len) { EVPerror(EVP_R_IV_TOO_LARGE); return 0; @@ -386,4 +367,242 @@ EVP_aead_xchacha20_poly1305() return &aead_xchacha20_poly1305; } +struct chacha20_poly1305_ctx { + ChaCha_ctx chacha; + poly1305_state poly1305; + + unsigned char key[32]; + unsigned char nonce[CHACHA20_NONCE_LEN]; + size_t nonce_len; + unsigned char tag[POLY1305_TAG_LEN]; + size_t tag_len; + + size_t ad_len; + size_t in_len; + + int in_ad; + int started; +}; + +static int +chacha20_poly1305_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int encrypt) +{ + struct chacha20_poly1305_ctx *cpx = ctx->cipher_data; + uint8_t *data; + CBB cbb; + int ret = 0; + + memset(&cbb, 0, sizeof(cbb)); + + if (key == NULL && iv == NULL) + goto done; + + cpx->started = 0; + + if (key != NULL) + memcpy(cpx->key, key, sizeof(cpx->key)); + + if (iv != NULL) { + /* + * Left zero pad if configured nonce length is less than ChaCha + * nonce length. + */ + if (!CBB_init_fixed(&cbb, cpx->nonce, sizeof(cpx->nonce))) + goto err; + if (!CBB_add_space(&cbb, &data, sizeof(cpx->nonce) - cpx->nonce_len)) + goto err; + if (!CBB_add_bytes(&cbb, iv, cpx->nonce_len)) + goto err; + if (!CBB_finish(&cbb, NULL, NULL)) + goto err; + } + + done: + ret = 1; + + err: + CBB_cleanup(&cbb); + + return ret; +} + +static int +chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + struct chacha20_poly1305_ctx *cpx = ctx->cipher_data; + + /* + * Since we're making AEAD work within the constraints of EVP_CIPHER... + * If in is non-NULL then this is an update, while if in is NULL then + * this is a final. If in is non-NULL but out is NULL, then the input + * being provided is associated data. Plus we have to handle encryption + * (sealing) and decryption (opening) in the same function. + */ + + if (!cpx->started) { + unsigned char poly1305_key[32]; + const unsigned char *iv; + uint64_t ctr; + + ctr = (uint64_t)((uint32_t)(cpx->nonce[0]) | + (uint32_t)(cpx->nonce[1]) << 8 | + (uint32_t)(cpx->nonce[2]) << 16 | + (uint32_t)(cpx->nonce[3]) << 24) << 32; + iv = cpx->nonce + CHACHA20_CONSTANT_LEN; + + ChaCha_set_key(&cpx->chacha, cpx->key, 8 * sizeof(cpx->key)); + ChaCha_set_iv(&cpx->chacha, iv, NULL); + + /* See chacha.c for details re handling of counter. */ + cpx->chacha.input[12] = (uint32_t)ctr; + cpx->chacha.input[13] = (uint32_t)(ctr >> 32); + + memset(poly1305_key, 0, sizeof(poly1305_key)); + ChaCha(&cpx->chacha, poly1305_key, poly1305_key, + sizeof(poly1305_key)); + CRYPTO_poly1305_init(&cpx->poly1305, poly1305_key); + + /* Mark remaining key block as used. */ + cpx->chacha.unused = 0; + + cpx->ad_len = 0; + cpx->in_len = 0; + cpx->in_ad = 0; + + cpx->started = 1; + } + + if (len > SIZE_MAX - cpx->in_len) { + EVPerror(EVP_R_TOO_LARGE); + return 0; + } + + /* Disallow authenticated data after plaintext/ciphertext. */ + if (cpx->in_len > 0 && in != NULL && out == NULL) + return -1; + + if (cpx->in_ad && (in == NULL || out != NULL)) { + poly1305_pad16(&cpx->poly1305, cpx->ad_len); + cpx->in_ad = 0; + } + + /* Update with AD or plaintext/ciphertext. */ + if (in != NULL) { + if (out == NULL) { + cpx->ad_len += len; + cpx->in_ad = 1; + } else { + ChaCha(&cpx->chacha, out, in, len); + cpx->in_len += len; + } + if (ctx->encrypt && out != NULL) + CRYPTO_poly1305_update(&cpx->poly1305, out, len); + else + CRYPTO_poly1305_update(&cpx->poly1305, in, len); + + return len; + } + + /* Final. */ + poly1305_pad16(&cpx->poly1305, cpx->in_len); + poly1305_update_with_length(&cpx->poly1305, NULL, cpx->ad_len); + poly1305_update_with_length(&cpx->poly1305, NULL, cpx->in_len); + + if (ctx->encrypt) { + CRYPTO_poly1305_finish(&cpx->poly1305, cpx->tag); + cpx->tag_len = sizeof(cpx->tag); + } else { + unsigned char tag[POLY1305_TAG_LEN]; + + /* Ensure that a tag has been provided. */ + if (cpx->tag_len <= 0) + return -1; + + CRYPTO_poly1305_finish(&cpx->poly1305, tag); + if (timingsafe_memcmp(tag, cpx->tag, cpx->tag_len) != 0) + return -1; + } + + cpx->started = 0; + + return len; +} + +static void +chacha20_poly1305_cleanup(EVP_CIPHER_CTX *ctx) +{ + struct chacha20_poly1305_ctx *cpx = ctx->cipher_data; + + explicit_bzero(cpx, sizeof(*cpx)); +} + +static int +chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) +{ + struct chacha20_poly1305_ctx *cpx = ctx->cipher_data; + + switch (type) { + case EVP_CTRL_INIT: + memset(cpx, 0, sizeof(*cpx)); + cpx->nonce_len = sizeof(cpx->nonce); + return 1; + + case EVP_CTRL_AEAD_SET_IVLEN: + if (arg <= 0 || arg > sizeof(cpx->nonce)) + return 0; + cpx->nonce_len = arg; + return 1; + + case EVP_CTRL_AEAD_SET_TAG: + if (ctx->encrypt) + return 0; + if (arg <= 0 || arg > sizeof(cpx->tag)) + return 0; + if (ptr != NULL) { + memcpy(cpx->tag, ptr, arg); + cpx->tag_len = arg; + } + return 1; + + case EVP_CTRL_AEAD_GET_TAG: + if (!ctx->encrypt) + return 0; + if (arg <= 0 || arg > cpx->tag_len) + return 0; + memcpy(ptr, cpx->tag, arg); + return 1; + + case EVP_CTRL_AEAD_SET_IV_FIXED: + if (arg != sizeof(cpx->nonce)) + return 0; + memcpy(cpx->nonce, ptr, arg); + return 1; + } + + return 0; +} + +static const EVP_CIPHER cipher_chacha20_poly1305 = { + .nid = NID_chacha20_poly1305, + .block_size = 1, + .key_len = 32, + .iv_len = 12, + .flags = EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | + EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_AEAD_CIPHER | + EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1, + .init = chacha20_poly1305_init, + .do_cipher = chacha20_poly1305_cipher, + .cleanup = chacha20_poly1305_cleanup, + .ctx_size = sizeof(struct chacha20_poly1305_ctx), + .ctrl = chacha20_poly1305_ctrl, +}; + +const EVP_CIPHER * +EVP_chacha20_poly1305(void) +{ + return &cipher_chacha20_poly1305; +} + #endif /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */ diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index ad91720f..8fcab72e 100644 --- a/crypto/evp/e_des.c +++ b/crypto/evp/e_des.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_des.c,v 1.14 2015/10/12 06:05:52 guenther Exp $ */ +/* $OpenBSD: e_des.c,v 1.19 2022/09/15 07:04:19 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #include #include @@ -68,19 +69,47 @@ #include "evp_locl.h" -static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); +static int +des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + DES_cblock *deskey = (DES_cblock *)key; + + DES_set_key_unchecked(deskey, ctx->cipher_data); + return 1; +} + +static int +des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +{ + switch (type) { + case EVP_CTRL_RAND_KEY: + if (DES_random_key((DES_cblock *)ptr) == 0) + return 0; + return 1; -/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */ + default: + return -1; + } +} static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - BLOCK_CIPHER_ecb_loop() + size_t i, bl; + + bl = ctx->cipher->block_size; + + if (inl < bl) + return 1; + + inl -= bl; + + for (i = 0; i <= inl; i += bl) DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt); + return 1; } @@ -88,12 +117,14 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - while (inl >= EVP_MAXCHUNK) { - DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + DES_ofb64_encrypt(in, out, (long)chunk, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + inl -= chunk; + in += chunk; + out += chunk; } if (inl) DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, @@ -105,12 +136,14 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - while (inl >= EVP_MAXCHUNK) { - DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + DES_ncbc_encrypt(in, out, (long)chunk, ctx->cipher_data, (DES_cblock *)ctx->iv, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + inl -= chunk; + in += chunk; + out += chunk; } if (inl) DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, @@ -122,12 +155,14 @@ static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - while (inl >= EVP_MAXCHUNK) { - DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + DES_cfb64_encrypt(in, out, (long)chunk, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + inl -= chunk; + in += chunk; + out += chunk; } if (inl) DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, @@ -141,8 +176,9 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - size_t n, chunk = EVP_MAXCHUNK/8; unsigned char c[1], d[1]; + size_t chunk = LONG_MAX / 8; + size_t n; if (inl < chunk) chunk = inl; @@ -170,12 +206,14 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - while (inl >= EVP_MAXCHUNK) { - DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + DES_cfb_encrypt(in, out, 8, (long)chunk, ctx->cipher_data, (DES_cblock *)ctx->iv, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + inl -= chunk; + in += chunk; + out += chunk; } if (inl) DES_cfb_encrypt(in, out, 8, (long)inl, ctx->cipher_data, @@ -183,44 +221,135 @@ des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, - EVP_CIPH_RAND_KEY, des_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - des_ctrl) +static const EVP_CIPHER des_cbc = { + .nid = NID_des_cbc, + .block_size = 8, + .key_len = 8, + .iv_len = 8, + .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE, + .init = des_init_key, + .do_cipher = des_cbc_cipher, + .cleanup = NULL, + .ctx_size = sizeof(DES_key_schedule), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = des_ctrl, + .app_data = NULL, +}; -BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 1, - EVP_CIPH_RAND_KEY, des_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, des_ctrl) +const EVP_CIPHER * +EVP_des_cbc(void) +{ + return &des_cbc; +} -BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 8, - EVP_CIPH_RAND_KEY, des_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, des_ctrl) +static const EVP_CIPHER des_cfb64 = { + .nid = NID_des_cfb64, + .block_size = 1, + .key_len = 8, + .iv_len = 8, + .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE, + .init = des_init_key, + .do_cipher = des_cfb64_cipher, + .cleanup = NULL, + .ctx_size = sizeof(DES_key_schedule), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = des_ctrl, + .app_data = NULL, +}; -static int -des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) +const EVP_CIPHER * +EVP_des_cfb64(void) { - DES_cblock *deskey = (DES_cblock *)key; + return &des_cfb64; +} - DES_set_key_unchecked(deskey, ctx->cipher_data); - return 1; +static const EVP_CIPHER des_ofb = { + .nid = NID_des_ofb64, + .block_size = 1, + .key_len = 8, + .iv_len = 8, + .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_OFB_MODE, + .init = des_init_key, + .do_cipher = des_ofb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(DES_key_schedule), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = des_ctrl, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_des_ofb(void) +{ + return &des_ofb; } -static int -des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +static const EVP_CIPHER des_ecb = { + .nid = NID_des_ecb, + .block_size = 8, + .key_len = 8, + .iv_len = 0, + .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE, + .init = des_init_key, + .do_cipher = des_ecb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(DES_key_schedule), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = des_ctrl, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_des_ecb(void) { - switch (type) { - case EVP_CTRL_RAND_KEY: - if (DES_random_key((DES_cblock *)ptr) == 0) - return 0; - return 1; + return &des_ecb; +} - default: - return -1; - } +static const EVP_CIPHER des_cfb1 = { + .nid = NID_des_cfb1, + .block_size = 1, + .key_len = 8, + .iv_len = 8, + .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE, + .init = des_init_key, + .do_cipher = des_cfb1_cipher, + .cleanup = NULL, + .ctx_size = sizeof(DES_key_schedule), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = des_ctrl, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_des_cfb1(void) +{ + return &des_cfb1; } +static const EVP_CIPHER des_cfb8 = { + .nid = NID_des_cfb8, + .block_size = 1, + .key_len = 8, + .iv_len = 8, + .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE, + .init = des_init_key, + .do_cipher = des_cfb8_cipher, + .cleanup = NULL, + .ctx_size = sizeof(DES_key_schedule), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = des_ctrl, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_des_cfb8(void) +{ + return &des_cfb8; +} #endif diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 01388397..6a5d03fe 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_des3.c,v 1.20 2019/05/14 15:40:44 beck Exp $ */ +/* $OpenBSD: e_des3.c,v 1.25 2022/09/15 07:04:19 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #include #include @@ -69,14 +70,6 @@ #include "evp_locl.h" -static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - -static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - -static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); - typedef struct { DES_key_schedule ks1;/* key schedule */ DES_key_schedule ks2;/* key schedule (for ede) */ @@ -85,15 +78,69 @@ typedef struct { #define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data) -/* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */ +static int +des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + DES_cblock *deskey = (DES_cblock *)key; + + DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1); + DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2); + memcpy(&data(ctx)->ks3, &data(ctx)->ks1, + sizeof(data(ctx)->ks1)); + return 1; +} + +static int +des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + DES_cblock *deskey = (DES_cblock *)key; + + + DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1); + DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2); + DES_set_key_unchecked(&deskey[2], &data(ctx)->ks3); + return 1; +} + +static int +des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +{ + DES_cblock *deskey = ptr; + + switch (type) { + case EVP_CTRL_RAND_KEY: + if (DES_random_key(deskey) == 0) + return 0; + if (c->key_len >= 16 && DES_random_key(deskey + 1) == 0) + return 0; + if (c->key_len >= 24 && DES_random_key(deskey + 2) == 0) + return 0; + return 1; + + default: + return -1; + } +} static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - BLOCK_CIPHER_ecb_loop() - DES_ecb3_encrypt((const_DES_cblock *)(in + i), (DES_cblock *)(out + i), - &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ctx->encrypt); + size_t i, bl; + + bl = ctx->cipher->block_size; + + if (inl < bl) + return 1; + + inl -= bl; + + for (i = 0; i <= inl; i += bl) + DES_ecb3_encrypt((const_DES_cblock *)(in + i), (DES_cblock *)(out + i), + &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ctx->encrypt); + return 1; } @@ -101,13 +148,15 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - while (inl >= EVP_MAXCHUNK) { - DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + DES_ede3_ofb64_encrypt(in, out, (long)chunk, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, (DES_cblock *)ctx->iv, &ctx->num); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + inl -= chunk; + in += chunk; + out += chunk; } if (inl) DES_ede3_ofb64_encrypt(in, out, (long)inl, @@ -121,13 +170,15 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - while (inl >= EVP_MAXCHUNK) { - DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + DES_ede3_cbc_encrypt(in, out, (long)chunk, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, (DES_cblock *)ctx->iv, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + inl -= chunk; + in += chunk; + out += chunk; } if (inl) DES_ede3_cbc_encrypt(in, out, (long)inl, @@ -140,13 +191,15 @@ static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - while (inl >= EVP_MAXCHUNK) { - DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + DES_ede3_cfb64_encrypt(in, out, (long)chunk, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + inl -= chunk; + in += chunk; + out += chunk; } if (inl) DES_ede3_cfb64_encrypt(in, out, (long)inl, @@ -161,8 +214,9 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - size_t n; unsigned char c[1], d[1]; + size_t n; + if (!(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS)) inl *= 8; @@ -182,13 +236,15 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - while (inl >= EVP_MAXCHUNK) { - DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + DES_ede3_cfb_encrypt(in, out, 8, (long)chunk, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, (DES_cblock *)ctx->iv, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + inl -= chunk; + in += chunk; + out += chunk; } if (inl) DES_ede3_cfb_encrypt(in, out, 8, (long)inl, @@ -197,79 +253,232 @@ des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, - EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - des3_ctrl) +static const EVP_CIPHER des_ede_cbc = { + .nid = NID_des_ede_cbc, + .block_size = 8, + .key_len = 16, + .iv_len = 8, + .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE, + .init = des_ede_init_key, + .do_cipher = des_ede_cbc_cipher, + .cleanup = NULL, + .ctx_size = sizeof(DES_EDE_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = des3_ctrl, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_des_ede_cbc(void) +{ + return &des_ede_cbc; +} + +static const EVP_CIPHER des_ede_cfb64 = { + .nid = NID_des_ede_cfb64, + .block_size = 1, + .key_len = 16, + .iv_len = 8, + .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE, + .init = des_ede_init_key, + .do_cipher = des_ede_cfb64_cipher, + .cleanup = NULL, + .ctx_size = sizeof(DES_EDE_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = des3_ctrl, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_des_ede_cfb64(void) +{ + return &des_ede_cfb64; +} + +static const EVP_CIPHER des_ede_ofb = { + .nid = NID_des_ede_ofb64, + .block_size = 1, + .key_len = 16, + .iv_len = 8, + .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_OFB_MODE, + .init = des_ede_init_key, + .do_cipher = des_ede_ofb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(DES_EDE_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = des3_ctrl, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_des_ede_ofb(void) +{ + return &des_ede_ofb; +} + +static const EVP_CIPHER des_ede_ecb = { + .nid = NID_des_ede_ecb, + .block_size = 8, + .key_len = 16, + .iv_len = 0, + .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE, + .init = des_ede_init_key, + .do_cipher = des_ede_ecb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(DES_EDE_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = des3_ctrl, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_des_ede_ecb(void) +{ + return &des_ede_ecb; +} + #define des_ede3_cfb64_cipher des_ede_cfb64_cipher #define des_ede3_ofb_cipher des_ede_ofb_cipher #define des_ede3_cbc_cipher des_ede_cbc_cipher #define des_ede3_ecb_cipher des_ede_ecb_cipher -BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, - EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - des3_ctrl) +static const EVP_CIPHER des_ede3_cbc = { + .nid = NID_des_ede3_cbc, + .block_size = 8, + .key_len = 24, + .iv_len = 8, + .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE, + .init = des_ede3_init_key, + .do_cipher = des_ede3_cbc_cipher, + .cleanup = NULL, + .ctx_size = sizeof(DES_EDE_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = des3_ctrl, + .app_data = NULL, +}; -BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, - EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - des3_ctrl) +const EVP_CIPHER * +EVP_des_ede3_cbc(void) +{ + return &des_ede3_cbc; +} -BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, - EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - des3_ctrl) +static const EVP_CIPHER des_ede3_cfb64 = { + .nid = NID_des_ede3_cfb64, + .block_size = 1, + .key_len = 24, + .iv_len = 8, + .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE, + .init = des_ede3_init_key, + .do_cipher = des_ede3_cfb64_cipher, + .cleanup = NULL, + .ctx_size = sizeof(DES_EDE_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = des3_ctrl, + .app_data = NULL, +}; -static int -des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) +const EVP_CIPHER * +EVP_des_ede3_cfb64(void) { - DES_cblock *deskey = (DES_cblock *)key; - - DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1); - DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2); - memcpy(&data(ctx)->ks3, &data(ctx)->ks1, - sizeof(data(ctx)->ks1)); - return 1; + return &des_ede3_cfb64; } -static int -des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) +static const EVP_CIPHER des_ede3_ofb = { + .nid = NID_des_ede3_ofb64, + .block_size = 1, + .key_len = 24, + .iv_len = 8, + .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_OFB_MODE, + .init = des_ede3_init_key, + .do_cipher = des_ede3_ofb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(DES_EDE_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = des3_ctrl, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_des_ede3_ofb(void) { - DES_cblock *deskey = (DES_cblock *)key; + return &des_ede3_ofb; +} +static const EVP_CIPHER des_ede3_ecb = { + .nid = NID_des_ede3_ecb, + .block_size = 8, + .key_len = 24, + .iv_len = 0, + .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE, + .init = des_ede3_init_key, + .do_cipher = des_ede3_ecb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(DES_EDE_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = des3_ctrl, + .app_data = NULL, +}; - DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1); - DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2); - DES_set_key_unchecked(&deskey[2], &data(ctx)->ks3); - return 1; +const EVP_CIPHER * +EVP_des_ede3_ecb(void) +{ + return &des_ede3_ecb; } -static int -des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + +static const EVP_CIPHER des_ede3_cfb1 = { + .nid = NID_des_ede3_cfb1, + .block_size = 1, + .key_len = 24, + .iv_len = 8, + .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE, + .init = des_ede3_init_key, + .do_cipher = des_ede3_cfb1_cipher, + .cleanup = NULL, + .ctx_size = sizeof(DES_EDE_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = des3_ctrl, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_des_ede3_cfb1(void) { - DES_cblock *deskey = ptr; + return &des_ede3_cfb1; +} - switch (type) { - case EVP_CTRL_RAND_KEY: - if (DES_random_key(deskey) == 0) - return 0; - if (c->key_len >= 16 && DES_random_key(deskey + 1) == 0) - return 0; - if (c->key_len >= 24 && DES_random_key(deskey + 2) == 0) - return 0; - return 1; - default: - return -1; - } +static const EVP_CIPHER des_ede3_cfb8 = { + .nid = NID_des_ede3_cfb8, + .block_size = 1, + .key_len = 24, + .iv_len = 8, + .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE, + .init = des_ede3_init_key, + .do_cipher = des_ede3_cfb8_cipher, + .cleanup = NULL, + .ctx_size = sizeof(DES_EDE_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = des3_ctrl, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_des_ede3_cfb8(void) +{ + return &des_ede3_cfb8; } const EVP_CIPHER * diff --git a/crypto/evp/e_gost2814789.c b/crypto/evp/e_gost2814789.c index 730de4fe..cff66e8c 100644 --- a/crypto/evp/e_gost2814789.c +++ b/crypto/evp/e_gost2814789.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_gost2814789.c,v 1.4 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: e_gost2814789.c,v 1.10 2022/09/10 17:39:47 jsing Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -48,6 +48,7 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */ + #include #include @@ -56,6 +57,7 @@ #include #include #include + #include "evp_locl.h" typedef struct { @@ -63,6 +65,15 @@ typedef struct { int param_nid; } EVP_GOST2814789_CTX; +static int +gost2814789_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + EVP_GOST2814789_CTX *c = ctx->cipher_data; + + return Gost2814789_set_key(&c->ks, key, ctx->key_len * 8); +} + static int gost2814789_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { @@ -87,15 +98,6 @@ gost2814789_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) } } -static int -gost2814789_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_GOST2814789_CTX *c = ctx->cipher_data; - - return Gost2814789_set_key(&c->ks, key, ctx->key_len * 8); -} - int gost2814789_set_asn1_params(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) { @@ -184,8 +186,43 @@ gost2814789_get_asn1_params(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) return 1; } -BLOCK_CIPHER_func_ecb(gost2814789, Gost2814789, EVP_GOST2814789_CTX, ks) -BLOCK_CIPHER_func_cfb(gost2814789, Gost2814789, 64, EVP_GOST2814789_CTX, ks) +static int +gost2814789_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t i, bl; + + bl = ctx->cipher->block_size; + + if (inl < bl) + return 1; + + inl -= bl; + + for (i = 0; i <= inl; i += bl) + Gost2814789_ecb_encrypt(in + i, out + i, &((EVP_GOST2814789_CTX *)ctx->cipher_data)->ks, ctx->encrypt); + + return 1; +} + +static int +gost2814789_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = EVP_MAXCHUNK; + + if (inl < chunk) + chunk = inl; + + while (inl && inl >= chunk) { + Gost2814789_cfb64_encrypt(in, out, chunk, &((EVP_GOST2814789_CTX *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; + if (inl < chunk) + chunk = inl; + } + + return 1; +} static int gost2814789_cnt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, @@ -194,7 +231,7 @@ gost2814789_cnt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, EVP_GOST2814789_CTX *c = ctx->cipher_data; while (inl >= EVP_MAXCHUNK) { - Gost2814789_cnt_encrypt(in, out, (long)EVP_MAXCHUNK, &c->ks, + Gost2814789_cnt_encrypt(in, out, EVP_MAXCHUNK, &c->ks, ctx->iv, ctx->buf, &ctx->num); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; @@ -210,16 +247,69 @@ gost2814789_cnt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* gost89 is CFB-64 */ #define NID_gost89_cfb64 NID_id_Gost28147_89 -BLOCK_CIPHER_def_ecb(gost2814789, EVP_GOST2814789_CTX, NID_gost89, 8, 32, - EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT, - gost2814789_init_key, NULL, gost2814789_set_asn1_params, - gost2814789_get_asn1_params, gost2814789_ctl) -BLOCK_CIPHER_def_cfb(gost2814789, EVP_GOST2814789_CTX, NID_gost89, 32, 8, 64, - EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT, - gost2814789_init_key, NULL, gost2814789_set_asn1_params, - gost2814789_get_asn1_params, gost2814789_ctl) -BLOCK_CIPHER_def1(gost2814789, cnt, cnt, OFB, EVP_GOST2814789_CTX, NID_gost89, - 1, 32, 8, EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT, - gost2814789_init_key, NULL, gost2814789_set_asn1_params, - gost2814789_get_asn1_params, gost2814789_ctl) +static const EVP_CIPHER gost2814789_ecb = { + .nid = NID_gost89_ecb, + .block_size = 8, + .key_len = 32, + .iv_len = 0, + .flags = EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT | EVP_CIPH_ECB_MODE, + .init = gost2814789_init_key, + .do_cipher = gost2814789_ecb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_GOST2814789_CTX), + .set_asn1_parameters = gost2814789_set_asn1_params, + .get_asn1_parameters = gost2814789_get_asn1_params, + .ctrl = gost2814789_ctl, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_gost2814789_ecb(void) +{ + return &gost2814789_ecb; +} + +static const EVP_CIPHER gost2814789_cfb64 = { + .nid = NID_gost89_cfb64, + .block_size = 1, + .key_len = 32, + .iv_len = 8, + .flags = EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT | EVP_CIPH_CFB_MODE, + .init = gost2814789_init_key, + .do_cipher = gost2814789_cfb64_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_GOST2814789_CTX), + .set_asn1_parameters = gost2814789_set_asn1_params, + .get_asn1_parameters = gost2814789_get_asn1_params, + .ctrl = gost2814789_ctl, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_gost2814789_cfb64(void) +{ + return &gost2814789_cfb64; +} + +static const EVP_CIPHER gost2814789_cnt = { + .nid = NID_gost89_cnt, + .block_size = 1, + .key_len = 32, + .iv_len = 8, + .flags = EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT | EVP_CIPH_OFB_MODE, + .init = gost2814789_init_key, + .do_cipher = gost2814789_cnt_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_GOST2814789_CTX), + .set_asn1_parameters = gost2814789_set_asn1_params, + .get_asn1_parameters = gost2814789_get_asn1_params, + .ctrl = gost2814789_ctl, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_gost2814789_cnt(void) +{ + return &gost2814789_cnt; +} #endif diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c index 454ad4e6..b45ffd56 100644 --- a/crypto/evp/e_idea.c +++ b/crypto/evp/e_idea.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_idea.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */ +/* $OpenBSD: e_idea.c,v 1.17 2022/09/15 07:04:19 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #include #include @@ -69,36 +70,10 @@ #include "evp_locl.h" -static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - /* NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a special * case */ -static int -idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - BLOCK_CIPHER_ecb_loop() - idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); - return 1; -} - -/* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */ - -typedef struct { - IDEA_KEY_SCHEDULE ks; -} EVP_IDEA_KEY; - -BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks) -BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks) -BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks) - -BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, - 0, idea_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) - static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) @@ -122,4 +97,170 @@ idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; } +static int +idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + size_t i, bl; + + bl = ctx->cipher->block_size; + + if (inl < bl) + return 1; + + inl -= bl; + + for (i = 0; i <= inl; i += bl) + idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); + + return 1; +} + +typedef struct { + IDEA_KEY_SCHEDULE ks; +} EVP_IDEA_KEY; + +static int +idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + idea_cbc_encrypt(in, out, (long)chunk, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; + } + + if (inl) + idea_cbc_encrypt(in, out, (long)inl, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + + return 1; +} + +static int +idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + idea_ofb64_encrypt(in, out, (long)chunk, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + inl -= chunk; + in += chunk; + out += chunk; + } + + if (inl) + idea_ofb64_encrypt(in, out, (long)inl, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + + return 1; +} + +static int +idea_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = LONG_MAX & ~0xff; + + if (inl < chunk) + chunk = inl; + + while (inl && inl >= chunk) { + idea_cfb64_encrypt(in, out, (long)chunk, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; + if (inl < chunk) + chunk = inl; + } + + return 1; +} + +static const EVP_CIPHER idea_cbc = { + .nid = NID_idea_cbc, + .block_size = 8, + .key_len = 16, + .iv_len = 8, + .flags = 0 | EVP_CIPH_CBC_MODE, + .init = idea_init_key, + .do_cipher = idea_cbc_cipher, + .cleanup = NULL, + .ctx_size = sizeof(IDEA_KEY_SCHEDULE), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_idea_cbc(void) +{ + return &idea_cbc; +} + +static const EVP_CIPHER idea_cfb64 = { + .nid = NID_idea_cfb64, + .block_size = 1, + .key_len = 16, + .iv_len = 8, + .flags = 0 | EVP_CIPH_CFB_MODE, + .init = idea_init_key, + .do_cipher = idea_cfb64_cipher, + .cleanup = NULL, + .ctx_size = sizeof(IDEA_KEY_SCHEDULE), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_idea_cfb64(void) +{ + return &idea_cfb64; +} + +static const EVP_CIPHER idea_ofb = { + .nid = NID_idea_ofb64, + .block_size = 1, + .key_len = 16, + .iv_len = 8, + .flags = 0 | EVP_CIPH_OFB_MODE, + .init = idea_init_key, + .do_cipher = idea_ofb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(IDEA_KEY_SCHEDULE), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_idea_ofb(void) +{ + return &idea_ofb; +} + +static const EVP_CIPHER idea_ecb = { + .nid = NID_idea_ecb, + .block_size = 8, + .key_len = 16, + .iv_len = 0, + .flags = 0 | EVP_CIPH_ECB_MODE, + .init = idea_init_key, + .do_cipher = idea_ecb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(IDEA_KEY_SCHEDULE), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_idea_ecb(void) +{ + return &idea_ecb; +} #endif diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c index 65374cc3..db79e1ec 100644 --- a/crypto/evp/e_null.c +++ b/crypto/evp/e_null.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_null.c,v 1.14 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: e_null.c,v 1.15 2021/12/12 21:30:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,8 @@ #include #include +#include "evp_locl.h" + static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index de1b24a3..1af17a7c 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_rc2.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: e_rc2.c,v 1.19 2022/09/15 07:04:19 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #include #include @@ -84,13 +85,167 @@ typedef struct { #define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data) -IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2, - 8, - RC2_KEY_LENGTH, 8, 64, - EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, - rc2_init_key, NULL, - rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, - rc2_ctrl) +static int +rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + RC2_cbc_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; + } + + if (inl) + RC2_cbc_encrypt(in, out, (long)inl, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + + return 1; +} + +static int +rc2_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = LONG_MAX & ~0xff; + + if (inl < chunk) + chunk = inl; + + while (inl && inl >= chunk) { + RC2_cfb64_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; + if (inl < chunk) + chunk = inl; + } + + return 1; +} + +static int +rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t i, bl; + + bl = ctx->cipher->block_size; + + if (inl < bl) + return 1; + + inl -= bl; + + for (i = 0; i <= inl; i += bl) + RC2_ecb_encrypt(in + i, out + i, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->encrypt); + + return 1; +} + +static int +rc2_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + RC2_ofb64_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + inl -= chunk; + in += chunk; + out += chunk; + } + + if (inl) + RC2_ofb64_encrypt(in, out, (long)inl, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + + return 1; +} + +static const EVP_CIPHER rc2_cbc = { + .nid = NID_rc2_cbc, + .block_size = 8, + .key_len = RC2_KEY_LENGTH, + .iv_len = 8, + .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_CBC_MODE, + .init = rc2_init_key, + .do_cipher = rc2_cbc_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_RC2_KEY), + .set_asn1_parameters = rc2_set_asn1_type_and_iv, + .get_asn1_parameters = rc2_get_asn1_type_and_iv, + .ctrl = rc2_ctrl, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_rc2_cbc(void) +{ + return &rc2_cbc; +} + +static const EVP_CIPHER rc2_cfb64 = { + .nid = NID_rc2_cfb64, + .block_size = 1, + .key_len = RC2_KEY_LENGTH, + .iv_len = 8, + .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_CFB_MODE, + .init = rc2_init_key, + .do_cipher = rc2_cfb64_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_RC2_KEY), + .set_asn1_parameters = rc2_set_asn1_type_and_iv, + .get_asn1_parameters = rc2_get_asn1_type_and_iv, + .ctrl = rc2_ctrl, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_rc2_cfb64(void) +{ + return &rc2_cfb64; +} + +static const EVP_CIPHER rc2_ofb = { + .nid = NID_rc2_ofb64, + .block_size = 1, + .key_len = RC2_KEY_LENGTH, + .iv_len = 8, + .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_OFB_MODE, + .init = rc2_init_key, + .do_cipher = rc2_ofb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_RC2_KEY), + .set_asn1_parameters = rc2_set_asn1_type_and_iv, + .get_asn1_parameters = rc2_get_asn1_type_and_iv, + .ctrl = rc2_ctrl, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_rc2_ofb(void) +{ + return &rc2_ofb; +} + +static const EVP_CIPHER rc2_ecb = { + .nid = NID_rc2_ecb, + .block_size = 8, + .key_len = RC2_KEY_LENGTH, + .iv_len = 0, + .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_ECB_MODE, + .init = rc2_init_key, + .do_cipher = rc2_ecb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_RC2_KEY), + .set_asn1_parameters = rc2_set_asn1_type_and_iv, + .get_asn1_parameters = rc2_get_asn1_type_and_iv, + .ctrl = rc2_ctrl, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_rc2_ecb(void) +{ + return &rc2_ecb; +} #define RC2_40_MAGIC 0xa0 #define RC2_64_MAGIC 0x78 @@ -150,7 +305,8 @@ rc2_meth_to_magic(EVP_CIPHER_CTX *e) { int i; - EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i); + if (EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i) <= 0) + return (0); if (i == 128) return (RC2_128_MAGIC); else if (i == 64) @@ -199,9 +355,11 @@ rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) return (-1); if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1)) return -1; - EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, - key_bits, NULL); - EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); + if (EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, + key_bits, NULL) <= 0) + return -1; + if (!EVP_CIPHER_CTX_set_key_length(c, key_bits / 8)) + return -1; } return (i); } diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c index ac73361f..b8a6b449 100644 --- a/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/evp/e_rc4_hmac_md5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_rc4_hmac_md5.c,v 1.8 2017/01/31 13:17:21 inoguchi Exp $ */ +/* $OpenBSD: e_rc4_hmac_md5.c,v 1.9 2021/12/12 21:30:13 tb Exp $ */ /* ==================================================================== * Copyright (c) 2011 The OpenSSL Project. All rights reserved. * @@ -60,6 +60,8 @@ #include #include +#include "evp_locl.h" + /* FIXME: surely this is available elsewhere? */ #define EVP_RC4_KEY_SIZE 16 diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c index 554915b2..11e9a74d 100644 --- a/crypto/evp/e_sm4.c +++ b/crypto/evp/e_sm4.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_sm4.c,v 1.1 2019/03/17 17:42:37 tb Exp $ */ +/* $OpenBSD: e_sm4.c,v 1.6 2022/09/10 17:39:47 jsing Exp $ */ /* * Copyright (c) 2017, 2019 Ribose Inc * @@ -74,14 +74,169 @@ sm4_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t length, (block128_f)SM4_encrypt); } -IMPLEMENT_BLOCK_CIPHER(sm4, ks, sm4, EVP_SM4_KEY, NID_sm4, 16, 16, 16, 128, - EVP_CIPH_FLAG_DEFAULT_ASN1, sm4_init_key, NULL, 0, 0, 0) +static int +sm4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + while (inl >= EVP_MAXCHUNK) { + sm4_cbc_encrypt(in, out, EVP_MAXCHUNK, &((EVP_SM4_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + + if (inl) + sm4_cbc_encrypt(in, out, inl, &((EVP_SM4_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + + return 1; +} + +static int +sm4_cfb128_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t chunk = EVP_MAXCHUNK; + + if (inl < chunk) + chunk = inl; + + while (inl && inl >= chunk) { + sm4_cfb128_encrypt(in, out, chunk, &((EVP_SM4_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; + if (inl < chunk) + chunk = inl; + } + + return 1; +} + +static int +sm4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + size_t i, bl; + + bl = ctx->cipher->block_size; + + if (inl < bl) + return 1; + + inl -= bl; + + for (i = 0; i <= inl; i += bl) + sm4_ecb_encrypt(in + i, out + i, &((EVP_SM4_KEY *)ctx->cipher_data)->ks, ctx->encrypt); + + return 1; +} + +static int +sm4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) +{ + while (inl >= EVP_MAXCHUNK) { + sm4_ofb128_encrypt(in, out, EVP_MAXCHUNK, &((EVP_SM4_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + + if (inl) + sm4_ofb128_encrypt(in, out, inl, &((EVP_SM4_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + + return 1; +} + +static const EVP_CIPHER sm4_cbc = { + .nid = NID_sm4_cbc, + .block_size = 16, + .key_len = 16, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE, + .init = sm4_init_key, + .do_cipher = sm4_cbc_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_SM4_KEY), + .set_asn1_parameters = 0, + .get_asn1_parameters = 0, + .ctrl = 0, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_sm4_cbc(void) +{ + return &sm4_cbc; +} + +static const EVP_CIPHER sm4_cfb128 = { + .nid = NID_sm4_cfb128, + .block_size = 1, + .key_len = 16, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE, + .init = sm4_init_key, + .do_cipher = sm4_cfb128_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_SM4_KEY), + .set_asn1_parameters = 0, + .get_asn1_parameters = 0, + .ctrl = 0, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_sm4_cfb128(void) +{ + return &sm4_cfb128; +} + +static const EVP_CIPHER sm4_ofb = { + .nid = NID_sm4_ofb128, + .block_size = 1, + .key_len = 16, + .iv_len = 16, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE, + .init = sm4_init_key, + .do_cipher = sm4_ofb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_SM4_KEY), + .set_asn1_parameters = 0, + .get_asn1_parameters = 0, + .ctrl = 0, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_sm4_ofb(void) +{ + return &sm4_ofb; +} + +static const EVP_CIPHER sm4_ecb = { + .nid = NID_sm4_ecb, + .block_size = 16, + .key_len = 16, + .iv_len = 0, + .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE, + .init = sm4_init_key, + .do_cipher = sm4_ecb_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_SM4_KEY), + .set_asn1_parameters = 0, + .get_asn1_parameters = 0, + .ctrl = 0, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_sm4_ecb(void) +{ + return &sm4_ecb; +} static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - EVP_SM4_KEY *key = EVP_C_DATA(EVP_SM4_KEY, ctx); + EVP_SM4_KEY *key = ((EVP_SM4_KEY *)(ctx)->cipher_data); CRYPTO_ctr128_encrypt(in, out, len, &key->ks, ctx->iv, ctx->buf, &ctx->num, (block128_f)SM4_encrypt); @@ -109,5 +264,4 @@ EVP_sm4_ctr(void) { return &sm4_ctr_mode; } - #endif diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index 2f942a03..30fcd858 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: encode.c,v 1.28 2020/03/04 11:53:21 inoguchi Exp $ */ +/* $OpenBSD: encode.c,v 1.29 2021/12/12 21:30:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,8 @@ #include +#include "evp_locl.h" + static unsigned char conv_ascii2bin(unsigned char a); #define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) diff --git a/crypto/evp/evp_aead.c b/crypto/evp/evp_aead.c index 40471b00..93d523af 100644 --- a/crypto/evp/evp_aead.c +++ b/crypto/evp/evp_aead.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_aead.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: evp_aead.c,v 1.7 2022/01/07 21:58:17 tb Exp $ */ /* * Copyright (c) 2014, Google Inc. * @@ -68,6 +68,22 @@ EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx) ctx->aead = NULL; } +EVP_AEAD_CTX * +EVP_AEAD_CTX_new(void) +{ + return calloc(1, sizeof(EVP_AEAD_CTX)); +} + +void +EVP_AEAD_CTX_free(EVP_AEAD_CTX *ctx) +{ + if (ctx == NULL) + return; + + EVP_AEAD_CTX_cleanup(ctx); + free(ctx); +} + /* check_alias returns 0 if out points within the buffer determined by in * and in_len and 1 otherwise. * diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 896b9e1a..49e0ffa1 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_enc.c,v 1.44 2021/02/18 19:12:29 tb Exp $ */ +/* $OpenBSD: evp_enc.c,v 1.47 2022/09/13 04:59:18 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -74,8 +74,6 @@ #include "evp_locl.h" -#define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl) - int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, int enc) @@ -300,8 +298,16 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, { int i, j, bl; + *outl = 0; + + if (inl < 0) + return 0; + + if (inl == 0 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE) + return 1; + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - i = M_do_cipher(ctx, out, in, inl); + i = ctx->cipher->do_cipher(ctx, out, in, inl); if (i < 0) return 0; else @@ -309,13 +315,8 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 1; } - if (inl <= 0) { - *outl = 0; - return inl == 0; - } - if (ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) { - if (M_do_cipher(ctx, out, in, inl)) { + if (ctx->cipher->do_cipher(ctx, out, in, inl)) { *outl = inl; return 1; } else { @@ -350,7 +351,7 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 0; } memcpy(&(ctx->buf[i]), in, j); - if (!M_do_cipher(ctx, out, ctx->buf, bl)) + if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl)) return 0; inl -= j; in += j; @@ -362,7 +363,7 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, i = inl&(bl - 1); inl -= i; if (inl > 0) { - if (!M_do_cipher(ctx, out, in, inl)) + if (!ctx->cipher->do_cipher(ctx, out, in, inl)) return 0; *outl += inl; } @@ -392,7 +393,7 @@ EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) unsigned int i, b, bl; if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - ret = M_do_cipher(ctx, out, NULL, 0); + ret = ctx->cipher->do_cipher(ctx, out, NULL, 0); if (ret < 0) return 0; else @@ -422,7 +423,7 @@ EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) n = b - bl; for (i = bl; i < b; i++) ctx->buf[i] = n; - ret = M_do_cipher(ctx, out, ctx->buf, b); + ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b); if (ret) @@ -438,8 +439,16 @@ EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, int fix_len; unsigned int b; + *outl = 0; + + if (inl < 0) + return 0; + + if (inl == 0 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE) + return 1; + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - fix_len = M_do_cipher(ctx, out, in, inl); + fix_len = ctx->cipher->do_cipher(ctx, out, in, inl); if (fix_len < 0) { *outl = 0; return 0; @@ -448,11 +457,6 @@ EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 1; } - if (inl <= 0) { - *outl = 0; - return inl == 0; - } - if (ctx->flags & EVP_CIPH_NO_PADDING) return EVP_EncryptUpdate(ctx, out, outl, in, inl); @@ -518,7 +522,7 @@ EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) *outl = 0; if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - i = M_do_cipher(ctx, out, NULL, 0); + i = ctx->cipher->do_cipher(ctx, out, NULL, 0); if (i < 0) return 0; else @@ -597,18 +601,21 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { if (c->cipher != NULL) { - if (c->cipher->cleanup && !c->cipher->cleanup(c)) - return 0; - /* Cleanse cipher context data */ - if (c->cipher_data) + if (c->cipher->cleanup != NULL) + c->cipher->cleanup(c); + if (c->cipher_data != NULL) explicit_bzero(c->cipher_data, c->cipher->ctx_size); } + /* XXX - store size of cipher_data so we can always freezero(). */ free(c->cipher_data); + #ifndef OPENSSL_NO_ENGINE ENGINE_finish(c->engine); #endif + explicit_bzero(c, sizeof(EVP_CIPHER_CTX)); + return 1; } diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 07ece82c..4feea1aa 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_err.c,v 1.27 2021/03/29 15:57:23 tb Exp $ */ +/* $OpenBSD: evp_err.c,v 1.28 2022/07/12 14:42:49 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0) diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 91d0fc0d..dcfb94e3 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_key.c,v 1.26 2018/08/14 17:59:26 tb Exp $ */ +/* $OpenBSD: evp_key.c,v 1.27 2021/12/12 21:30:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,6 +65,8 @@ #include #include +#include "evp_locl.h" + /* should be init to zeros. */ static char prompt_string[80]; diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 90107739..0e354d62 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */ +/* $OpenBSD: evp_lib.c,v 1.24 2022/01/10 13:42:28 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,6 +63,9 @@ #include #include +#include "asn1_locl.h" +#include "evp_locl.h" + int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { @@ -237,6 +240,23 @@ EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) ctx->app_data = data; } +void * +EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher_data; +} + +void * +EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data) +{ + void *old_cipher_data; + + old_cipher_data = ctx->cipher_data; + ctx->cipher_data = cipher_data; + + return old_cipher_data; +} + int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) { @@ -249,6 +269,12 @@ EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) return ctx->cipher->iv_len; } +unsigned char * +EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx) +{ + return ctx->buf; +} + int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) { @@ -345,6 +371,114 @@ EVP_MD_flags(const EVP_MD *md) return md->flags; } +EVP_MD * +EVP_MD_meth_new(int md_type, int pkey_type) +{ + EVP_MD *md; + + if ((md = calloc(1, sizeof(*md))) == NULL) + return NULL; + + md->type = md_type; + md->pkey_type = pkey_type; + + return md; +} + +EVP_MD * +EVP_MD_meth_dup(const EVP_MD *md) +{ + EVP_MD *to; + + if ((to = EVP_MD_meth_new(md->type, md->pkey_type)) == NULL) + return NULL; + + memcpy(to, md, sizeof(*to)); + + return to; +} + +void +EVP_MD_meth_free(EVP_MD *md) +{ + freezero(md, sizeof(*md)); +} + +int +EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize) +{ + md->block_size = blocksize; + return 1; +} + +int +EVP_MD_meth_set_result_size(EVP_MD *md, int result_size) +{ + md->md_size = result_size; + return 1; +} + +int +EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize) +{ + md->ctx_size = datasize; + return 1; +} + +int +EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags) +{ + md->flags = flags; + return 1; +} + +int +EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)) +{ + md->init = init; + return 1; +} + +int +EVP_MD_meth_set_update(EVP_MD *md, + int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count)) +{ + md->update = update; + return 1; +} + +int +EVP_MD_meth_set_final(EVP_MD *md, + int (*final)(EVP_MD_CTX *ctx, unsigned char *md)) +{ + md->final = final; + return 1; +} + +int +EVP_MD_meth_set_copy(EVP_MD *md, + int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from)) +{ + md->copy = copy; + return 1; +} + +int +EVP_MD_meth_set_cleanup(EVP_MD *md, + int (*cleanup)(EVP_MD_CTX *ctx)) +{ + md->cleanup = cleanup; + return 1; +} + +int +EVP_MD_meth_set_ctrl(EVP_MD *md, + int (*ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)) +{ + md->md_ctrl = ctrl; + return 1; +} + const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx) { @@ -353,6 +487,41 @@ EVP_MD_CTX_md(const EVP_MD_CTX *ctx) return ctx->digest; } +void * +EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx) +{ + return ctx->md_data; +} + +EVP_PKEY_CTX * +EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx) +{ + return ctx->pctx; +} + +void +EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx) +{ + if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) { + EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); + } else { + EVP_PKEY_CTX_free(ctx->pctx); + } + + ctx->pctx = pctx; + + if (pctx != NULL) { + /* + * For unclear reasons it was decided that the caller keeps + * ownership of pctx. So a flag was invented to make sure we + * don't free it in EVP_MD_CTX_cleanup(). We also need to + * unset it in EVP_MD_CTX_copy_ex(). Fortunately, the flag + * isn't public... + */ + EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); + } +} + void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) { diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 8df61354..1e79af4c 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_locl.h,v 1.16 2019/10/29 07:52:17 jsing Exp $ */ +/* $OpenBSD: evp_locl.h,v 1.28 2022/09/13 04:59:18 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -56,215 +56,136 @@ * */ -__BEGIN_HIDDEN_DECLS - -/* Macros to code block cipher wrappers */ +#ifndef HEADER_EVP_LOCL_H +#define HEADER_EVP_LOCL_H -/* Wrapper functions for each cipher mode */ - -#define BLOCK_CIPHER_ecb_loop() \ - size_t i, bl; \ - bl = ctx->cipher->block_size;\ - if(inl < bl) return 1;\ - inl -= bl; \ - for(i=0; i <= inl; i+=bl) +__BEGIN_HIDDEN_DECLS -#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ -static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - BLOCK_CIPHER_ecb_loop() \ - cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\ - return 1;\ -} +/* + * Don't free md_ctx->pctx in EVP_MD_CTX_cleanup(). Needed for ownership + * handling in EVP_MD_CTX_set_pkey_ctx(). + */ +#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 + +typedef int evp_sign_method(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigret, unsigned int *siglen, + void *key); +typedef int evp_verify_method(int type, const unsigned char *m, + unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, + void *key); + +/* Type needs to be a bit field + * Sub-type needs to be for variations on the method, as in, can it do + * arbitrary encryption.... */ +struct evp_pkey_st { + int type; + int save_type; + int references; + const EVP_PKEY_ASN1_METHOD *ameth; + ENGINE *engine; + union { + char *ptr; +#ifndef OPENSSL_NO_RSA + struct rsa_st *rsa; /* RSA */ +#endif +#ifndef OPENSSL_NO_DSA + struct dsa_st *dsa; /* DSA */ +#endif +#ifndef OPENSSL_NO_DH + struct dh_st *dh; /* DH */ +#endif +#ifndef OPENSSL_NO_EC + struct ec_key_st *ec; /* ECC */ +#endif +#ifndef OPENSSL_NO_GOST + struct gost_key_st *gost; /* GOST */ +#endif + } pkey; + int save_parameters; + STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ +} /* EVP_PKEY */; + +struct env_md_st { + int type; + int pkey_type; + int md_size; + unsigned long flags; + int (*init)(EVP_MD_CTX *ctx); + int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); + int (*final)(EVP_MD_CTX *ctx, unsigned char *md); + int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from); + int (*cleanup)(EVP_MD_CTX *ctx); + + int block_size; + int ctx_size; /* how big does the ctx->md_data need to be */ + /* control function */ + int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); +} /* EVP_MD */; + +struct env_md_ctx_st { + const EVP_MD *digest; + ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ + unsigned long flags; + void *md_data; + /* Public key context for sign/verify */ + EVP_PKEY_CTX *pctx; + /* Update function: usually copied from EVP_MD */ + int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); +} /* EVP_MD_CTX */; + +struct evp_cipher_st { + int nid; + int block_size; + int key_len; /* Default value for variable length ciphers */ + int iv_len; + unsigned long flags; /* Various flags */ + int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); /* init key */ + int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl);/* encrypt/decrypt data */ + void (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ + int ctx_size; /* how big ctx->cipher_data needs to be */ + int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ + int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */ + int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */ + void *app_data; /* Application data */ +} /* EVP_CIPHER */; + +struct evp_cipher_ctx_st { + const EVP_CIPHER *cipher; + ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ + int encrypt; /* encrypt or decrypt */ + int buf_len; /* number we have left */ + + unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ + unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ + unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */ + int num; /* used by cfb/ofb/ctr mode */ + + void *app_data; /* application stuff */ + int key_len; /* May change for variable length cipher */ + unsigned long flags; /* Various flags */ + void *cipher_data; /* per EVP data */ + int final_used; + int block_mask; + unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */ +} /* EVP_CIPHER_CTX */; + +struct evp_Encode_Ctx_st { + + int num; /* number saved in a partial encode/decode */ + int length; /* The length is either the output line length + * (in input bytes) or the shortest input line + * length that is ok. Once decoding begins, + * the length is adjusted up each time a longer + * line is decoded */ + unsigned char enc_data[80]; /* data to encode */ + int line_num; /* number read on current line */ + int expect_nl; +} /* EVP_ENCODE_CTX */; #define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2)) -#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ -static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - while(inl>=EVP_MAXCHUNK)\ - {\ - cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ - inl-=EVP_MAXCHUNK;\ - in +=EVP_MAXCHUNK;\ - out+=EVP_MAXCHUNK;\ - }\ - if (inl)\ - cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ - return 1;\ -} - -#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ -static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - while(inl>=EVP_MAXCHUNK) \ - {\ - cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ - inl-=EVP_MAXCHUNK;\ - in +=EVP_MAXCHUNK;\ - out+=EVP_MAXCHUNK;\ - }\ - if (inl)\ - cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ - return 1;\ -} - -#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ -static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - size_t chunk=EVP_MAXCHUNK;\ - if (cbits==1) chunk>>=3;\ - if (inl=chunk)\ - {\ - cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ - inl-=chunk;\ - in +=chunk;\ - out+=chunk;\ - if(inlc))+\ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ - set_asn1, get_asn1,\ - ctrl, \ - NULL \ -};\ -const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ -static const EVP_CIPHER cname##_cfb = {\ - nid##_cfb64, 1, key_len, iv_len, \ - flags | EVP_CIPH_CFB_MODE,\ - init_key,\ - cname##_cfb_cipher,\ - cleanup,\ - sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ - set_asn1, get_asn1,\ - ctrl,\ - NULL \ -};\ -const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ -static const EVP_CIPHER cname##_ofb = {\ - nid##_ofb64, 1, key_len, iv_len, \ - flags | EVP_CIPH_OFB_MODE,\ - init_key,\ - cname##_ofb_cipher,\ - cleanup,\ - sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ - set_asn1, get_asn1,\ - ctrl,\ - NULL \ -};\ -const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ -static const EVP_CIPHER cname##_ecb = {\ - nid##_ecb, block_size, key_len, iv_len, \ - flags | EVP_CIPH_ECB_MODE,\ - init_key,\ - cname##_ecb_cipher,\ - cleanup,\ - sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ - set_asn1, get_asn1,\ - ctrl,\ - NULL \ -};\ -const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } -*/ - -#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ - block_size, key_len, iv_len, cbits, \ - flags, init_key, \ - cleanup, set_asn1, get_asn1, ctrl) \ - BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ - BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ - cbits, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) - -#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) - -#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \ - BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ - BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ - NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ - 0, cipher##_init_key, NULL, \ - EVP_CIPHER_set_asn1_iv, \ - EVP_CIPHER_get_asn1_iv, \ - NULL) - struct evp_pkey_ctx_st { /* Method associated with this operation */ const EVP_PKEY_METHOD *pmeth; @@ -338,6 +259,10 @@ struct evp_pkey_method_st { int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value); + + int (*check)(EVP_PKEY *pkey); + int (*public_check)(EVP_PKEY *pkey); + int (*param_check)(EVP_PKEY *pkey); } /* EVP_PKEY_METHOD */; void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); @@ -367,6 +292,18 @@ struct evp_aead_st { const unsigned char *ad, size_t ad_len); }; +/* An EVP_AEAD_CTX represents an AEAD algorithm configured with a specific key + * and message-independent IV. */ +struct evp_aead_ctx_st { + const EVP_AEAD *aead; + /* aead_state is an opaque pointer to the AEAD specific state. */ + void *aead_state; +}; + +int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str); +int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md_name); __END_HIDDEN_DECLS + +#endif /* !HEADER_EVP_LOCL_H */ diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index 9ff544b8..3ba0e1dd 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_pkey.c,v 1.23 2018/08/24 20:26:03 tb Exp $ */ +/* $OpenBSD: evp_pkey.c,v 1.24 2021/12/12 21:30:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -63,6 +63,7 @@ #include #include "asn1_locl.h" +#include "evp_locl.h" /* Extract a private key from a PKCS8 structure */ diff --git a/crypto/evp/m_gost2814789.c b/crypto/evp/m_gost2814789.c index 279af872..7d11ec8c 100644 --- a/crypto/evp/m_gost2814789.c +++ b/crypto/evp/m_gost2814789.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_gost2814789.c,v 1.2 2014/11/09 23:06:50 miod Exp $ */ +/* $OpenBSD: m_gost2814789.c,v 1.3 2021/12/12 21:30:13 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -48,6 +48,7 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */ + #include #ifndef OPENSSL_NO_GOST @@ -56,6 +57,8 @@ #include #include +#include "evp_locl.h" + static int gost2814789_init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_gostr341194.c b/crypto/evp/m_gostr341194.c index 66d9b4f3..f479675b 100644 --- a/crypto/evp/m_gostr341194.c +++ b/crypto/evp/m_gostr341194.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_gostr341194.c,v 1.2 2014/11/09 23:06:50 miod Exp $ */ +/* $OpenBSD: m_gostr341194.c,v 1.4 2022/01/14 08:38:05 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -48,6 +48,7 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */ + #include #include @@ -58,6 +59,8 @@ #include #include +#include "evp_locl.h" + static int gostr341194_init(EVP_MD_CTX *ctx) { @@ -81,7 +84,7 @@ static const EVP_MD gostr341194_md = { .type = NID_id_GostR3411_94, .pkey_type = NID_undef, .md_size = GOSTR341194_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, + .flags = 0, .init = gostr341194_init, .update = gostr341194_update, .final = gostr341194_final, diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c index ab3cc852..97756528 100644 --- a/crypto/evp/m_md4.c +++ b/crypto/evp/m_md4.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_md4.c,v 1.16 2015/09/14 01:45:03 doug Exp $ */ +/* $OpenBSD: m_md4.c,v 1.18 2022/01/14 08:38:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -71,6 +71,8 @@ #include #endif +#include "evp_locl.h" + static int init(EVP_MD_CTX *ctx) { @@ -99,13 +101,6 @@ static const EVP_MD md4_md = { .final = final, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = MD4_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(MD4_CTX), }; diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c index 36cff7ab..daa7aee7 100644 --- a/crypto/evp/m_md5.c +++ b/crypto/evp/m_md5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_md5.c,v 1.15 2014/07/13 09:30:02 miod Exp $ */ +/* $OpenBSD: m_md5.c,v 1.17 2022/01/14 08:38:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -71,6 +71,8 @@ #include #endif +#include "evp_locl.h" + static int init(EVP_MD_CTX *ctx) { @@ -99,13 +101,6 @@ static const EVP_MD md5_md = { .final = final, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = MD5_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(MD5_CTX), }; diff --git a/crypto/evp/m_md5_sha1.c b/crypto/evp/m_md5_sha1.c index 4e8a0c32..f8bec10d 100644 --- a/crypto/evp/m_md5_sha1.c +++ b/crypto/evp/m_md5_sha1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_md5_sha1.c,v 1.2 2018/08/10 17:30:29 jsing Exp $ */ +/* $OpenBSD: m_md5_sha1.c,v 1.4 2022/01/14 08:38:06 tb Exp $ */ /* * Copyright (c) 2017 Joel Sing * @@ -24,6 +24,8 @@ #include #endif +#include "evp_locl.h" + struct md5_sha1_ctx { MD5_CTX md5; SHA_CTX sha1; @@ -78,13 +80,6 @@ static const EVP_MD md5_sha1_md = { .final = md5_sha1_final, .block_size = MD5_CBLOCK, /* MD5_CBLOCK == SHA_CBLOCK */ .ctx_size = sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx), -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif }; const EVP_MD * diff --git a/crypto/evp/m_null.c b/crypto/evp/m_null.c index 897be3ce..4334decb 100644 --- a/crypto/evp/m_null.c +++ b/crypto/evp/m_null.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_null.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: m_null.c,v 1.11 2022/01/14 08:38:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,8 @@ #include #include +#include "evp_locl.h" + static int init(EVP_MD_CTX *ctx) { @@ -90,11 +92,6 @@ static const EVP_MD null_md = { .final = final, .copy = NULL, .cleanup = NULL, - .sign = NULL, - .verify = NULL, - .required_pkey_type = { - 0, 0, 0, 0, - }, .block_size = 0, .ctx_size = sizeof(EVP_MD *), }; diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c index be7f1393..47397833 100644 --- a/crypto/evp/m_ripemd.c +++ b/crypto/evp/m_ripemd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_ripemd.c,v 1.12 2014/07/13 09:30:02 miod Exp $ */ +/* $OpenBSD: m_ripemd.c,v 1.14 2022/01/14 08:38:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -71,6 +71,8 @@ #include #endif +#include "evp_locl.h" + static int init(EVP_MD_CTX *ctx) { @@ -99,13 +101,6 @@ static const EVP_MD ripemd160_md = { .final = final, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = RIPEMD160_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX), }; diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index 13d5b030..a6fb5364 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_sha1.c,v 1.17 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: m_sha1.c,v 1.19 2022/01/14 08:38:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -70,6 +70,8 @@ #include #endif +#include "evp_locl.h" + static int init(EVP_MD_CTX *ctx) { @@ -92,19 +94,12 @@ static const EVP_MD sha1_md = { .type = NID_sha1, .pkey_type = NID_sha1WithRSAEncryption, .md_size = SHA_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .flags = EVP_MD_FLAG_DIGALGID_ABSENT, .init = init, .update = update, .final = final, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = SHA_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX), }; @@ -149,19 +144,12 @@ static const EVP_MD sha224_md = { .type = NID_sha224, .pkey_type = NID_sha224WithRSAEncryption, .md_size = SHA224_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .flags = EVP_MD_FLAG_DIGALGID_ABSENT, .init = init224, .update = update256, .final = final256, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = SHA256_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(SHA256_CTX), }; @@ -176,19 +164,12 @@ static const EVP_MD sha256_md = { .type = NID_sha256, .pkey_type = NID_sha256WithRSAEncryption, .md_size = SHA256_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .flags = EVP_MD_FLAG_DIGALGID_ABSENT, .init = init256, .update = update256, .final = final256, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = SHA256_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(SHA256_CTX), }; @@ -229,19 +210,12 @@ static const EVP_MD sha384_md = { .type = NID_sha384, .pkey_type = NID_sha384WithRSAEncryption, .md_size = SHA384_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .flags = EVP_MD_FLAG_DIGALGID_ABSENT, .init = init384, .update = update512, .final = final512, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = SHA512_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(SHA512_CTX), }; @@ -256,19 +230,12 @@ static const EVP_MD sha512_md = { .type = NID_sha512, .pkey_type = NID_sha512WithRSAEncryption, .md_size = SHA512_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .flags = EVP_MD_FLAG_DIGALGID_ABSENT, .init = init512, .update = update512, .final = final512, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = SHA512_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(SHA512_CTX), }; diff --git a/crypto/evp/m_sm3.c b/crypto/evp/m_sm3.c index 66582b8e..ae8b342e 100644 --- a/crypto/evp/m_sm3.c +++ b/crypto/evp/m_sm3.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_sm3.c,v 1.1 2018/11/11 06:53:31 tb Exp $ */ +/* $OpenBSD: m_sm3.c,v 1.3 2022/01/14 08:38:06 tb Exp $ */ /* * Copyright (c) 2018, Ribose Inc * @@ -25,6 +25,8 @@ #include #endif +#include "evp_locl.h" + static int sm3_init(EVP_MD_CTX *ctx) { @@ -47,19 +49,12 @@ static const EVP_MD sm3_md = { .type = NID_sm3, .pkey_type = NID_sm3WithRSAEncryption, .md_size = SM3_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .flags = EVP_MD_FLAG_DIGALGID_ABSENT, .init = sm3_init, .update = sm3_update, .final = sm3_final, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = SM3_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(SM3_CTX), }; diff --git a/crypto/evp/m_streebog.c b/crypto/evp/m_streebog.c index 882c7852..3f825e3a 100644 --- a/crypto/evp/m_streebog.c +++ b/crypto/evp/m_streebog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_streebog.c,v 1.2 2014/11/09 23:06:50 miod Exp $ */ +/* $OpenBSD: m_streebog.c,v 1.4 2022/01/14 08:38:06 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -57,6 +57,8 @@ #include #include +#include "evp_locl.h" + static int streebog_init256(EVP_MD_CTX *ctx) { @@ -97,7 +99,7 @@ static const EVP_MD streebog256_md = { .type = NID_id_tc26_gost3411_2012_256, .pkey_type = NID_undef, .md_size = STREEBOG256_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, + .flags = 0, .init = streebog_init256, .update = streebog_update256, .final = streebog_final256, @@ -109,7 +111,7 @@ static const EVP_MD streebog512_md = { .type = NID_id_tc26_gost3411_2012_512, .pkey_type = NID_undef, .md_size = STREEBOG512_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, + .flags = 0, .init = streebog_init512, .update = streebog_update512, .final = streebog_final512, diff --git a/crypto/evp/m_wp.c b/crypto/evp/m_wp.c index 3f543ac0..07ae7ca5 100644 --- a/crypto/evp/m_wp.c +++ b/crypto/evp/m_wp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_wp.c,v 1.8 2014/07/13 09:30:02 miod Exp $ */ +/* $OpenBSD: m_wp.c,v 1.10 2022/01/14 08:38:06 tb Exp $ */ #include @@ -11,6 +11,8 @@ #include #include +#include "evp_locl.h" + static int init(EVP_MD_CTX *ctx) { @@ -39,11 +41,6 @@ static const EVP_MD whirlpool_md = { .final = final, .copy = NULL, .cleanup = NULL, - .sign = NULL, - .verify = NULL, - .required_pkey_type = { - 0, 0, 0, 0, - }, .block_size = WHIRLPOOL_BBLOCK / 8, .ctx_size = sizeof(EVP_MD *) + sizeof(WHIRLPOOL_CTX), }; diff --git a/crypto/evp/names.c b/crypto/evp/names.c index dfcf9ee2..02529eef 100644 --- a/crypto/evp/names.c +++ b/crypto/evp/names.c @@ -1,4 +1,4 @@ -/* $OpenBSD: names.c,v 1.14 2018/03/17 16:20:01 beck Exp $ */ +/* $OpenBSD: names.c,v 1.15 2021/12/12 21:30:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,8 @@ #include #include +#include "evp_locl.h" + int EVP_add_cipher(const EVP_CIPHER *c) { diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index 98e4549d..b9482e08 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_crpt.c,v 1.19 2020/01/12 07:11:13 inoguchi Exp $ */ +/* $OpenBSD: p5_crpt.c,v 1.20 2021/12/12 21:30:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -64,6 +64,8 @@ #include #include +#include "evp_locl.h" + /* Doesn't do anything now: Builtin PBE algorithms in static table. */ diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 4bef2877..f3585ff3 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_crpt2.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p5_crpt2.c,v 1.24 2021/12/12 21:27:37 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -70,6 +70,7 @@ #include #include "evp_locl.h" +#include "hmac_local.h" /* This is an implementation of PKCS#5 v2.0 password based encryption key * derivation function PBKDF2. diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c index c827c5e4..c19cc651 100644 --- a/crypto/evp/p_dec.c +++ b/crypto/evp/p_dec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_dec.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p_dec.c,v 1.12 2021/12/12 21:30:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -69,6 +69,8 @@ #include #endif +#include "evp_locl.h" + int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, EVP_PKEY *priv) diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c index 49c46f1a..5553429c 100644 --- a/crypto/evp/p_enc.c +++ b/crypto/evp/p_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_enc.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p_enc.c,v 1.12 2021/12/12 21:30:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -69,6 +69,8 @@ #include #endif +#include "evp_locl.h" + int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, int key_len, EVP_PKEY *pubk) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 9577b10e..b6cef5a1 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_lib.c,v 1.26 2021/03/29 15:57:23 tb Exp $ */ +/* $OpenBSD: p_lib.c,v 1.29 2022/06/27 12:36:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -82,6 +82,7 @@ #endif #include "asn1_locl.h" +#include "evp_locl.h" static void EVP_PKEY_free_it(EVP_PKEY *x); @@ -93,6 +94,17 @@ EVP_PKEY_bits(const EVP_PKEY *pkey) return 0; } +int +EVP_PKEY_security_bits(const EVP_PKEY *pkey) +{ + if (pkey == NULL) + return 0; + if (pkey->ameth == NULL || pkey->ameth->pkey_security_bits == NULL) + return -2; + + return pkey->ameth->pkey_security_bits(pkey); +} + int EVP_PKEY_size(const EVP_PKEY *pkey) { @@ -525,7 +537,8 @@ EVP_PKEY_free_it(EVP_PKEY *x) static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent, const char *kstr) { - BIO_indent(out, indent, 128); + if (!BIO_indent(out, indent, 128)) + return 0; BIO_printf(out, "%s algorithm \"%s\" unsupported\n", kstr, OBJ_nid2ln(pkey->type)); return 1; diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c index 57a46706..e4c59e68 100644 --- a/crypto/evp/p_open.c +++ b/crypto/evp/p_open.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_open.c,v 1.19 2017/05/02 03:59:44 deraadt Exp $ */ +/* $OpenBSD: p_open.c,v 1.20 2021/12/12 21:30:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -69,6 +69,8 @@ #include #include +#include "evp_locl.h" + int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv) diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c index 63129245..1e33cfbe 100644 --- a/crypto/evp/p_sign.c +++ b/crypto/evp/p_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_sign.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p_sign.c,v 1.16 2022/01/14 08:38:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,15 +63,18 @@ #include #include +#include "evp_locl.h" + int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey) { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; - int i = 0, ok = 0, v; EVP_MD_CTX tmp_ctx; EVP_PKEY_CTX *pkctx = NULL; + size_t sltmp; + int ret = 0; *siglen = 0; EVP_MD_CTX_init(&tmp_ctx); @@ -81,43 +84,21 @@ EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, goto err; EVP_MD_CTX_cleanup(&tmp_ctx); - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { - size_t sltmp = (size_t)EVP_PKEY_size(pkey); - i = 0; - pkctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!pkctx) - goto err; - if (EVP_PKEY_sign_init(pkctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) - goto err; - if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) - goto err; - *siglen = sltmp; - i = 1; -err: - EVP_PKEY_CTX_free(pkctx); - return i; - } + sltmp = (size_t)EVP_PKEY_size(pkey); + + if ((pkctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) + goto err; + if (EVP_PKEY_sign_init(pkctx) <= 0) + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + goto err; + if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) + goto err; + *siglen = sltmp; - for (i = 0; i < 4; i++) { - v = ctx->digest->required_pkey_type[i]; - if (v == 0) - break; - if (pkey->type == v) { - ok = 1; - break; - } - } - if (!ok) { - EVPerror(EVP_R_WRONG_PUBLIC_KEY_TYPE); - return (0); - } + ret = 1; - if (ctx->digest->sign == NULL) { - EVPerror(EVP_R_NO_SIGN_FUNCTION_CONFIGURED); - return (0); - } - return(ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen, - pkey->pkey.ptr)); + err: + EVP_PKEY_CTX_free(pkctx); + return ret; } diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c index 7dd752c4..d51d1b4a 100644 --- a/crypto/evp/p_verify.c +++ b/crypto/evp/p_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_verify.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p_verify.c,v 1.15 2022/01/14 08:38:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,15 +63,17 @@ #include #include +#include "evp_locl.h" + int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey) { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; - int i = 0, ok = 0, v; EVP_MD_CTX tmp_ctx; EVP_PKEY_CTX *pkctx = NULL; + int ret = 0; EVP_MD_CTX_init(&tmp_ctx); if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) @@ -80,39 +82,16 @@ EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, goto err; EVP_MD_CTX_cleanup(&tmp_ctx); - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { - i = -1; - pkctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!pkctx) - goto err; - if (EVP_PKEY_verify_init(pkctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) - goto err; - i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); -err: - EVP_PKEY_CTX_free(pkctx); - return i; - } - - for (i = 0; i < 4; i++) { - v = ctx->digest->required_pkey_type[i]; - if (v == 0) - break; - if (pkey->type == v) { - ok = 1; - break; - } - } - if (!ok) { - EVPerror(EVP_R_WRONG_PUBLIC_KEY_TYPE); - return (-1); - } - if (ctx->digest->verify == NULL) { - EVPerror(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); - return (0); - } + ret = -1; + if ((pkctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) + goto err; + if (EVP_PKEY_verify_init(pkctx) <= 0) + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + goto err; + ret = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); - return(ctx->digest->verify(ctx->digest->type, m, m_len, - sigbuf, siglen, pkey->pkey.ptr)); + err: + EVP_PKEY_CTX_free(pkctx); + return ret; } diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index d1cbdc40..7d921d23 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pmeth_gn.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: pmeth_gn.c,v 1.10 2022/01/10 12:10:26 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -64,6 +64,8 @@ #include #include +#include "asn1_locl.h" +#include "bn_lcl.h" #include "evp_locl.h" int @@ -187,7 +189,7 @@ trans_cb(int a, int b, BN_GENCB *gcb) void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx) { - BN_GENCB_set(cb, trans_cb, ctx) + BN_GENCB_set(cb, trans_cb, ctx); } int @@ -221,3 +223,66 @@ EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, int keylen) EVP_PKEY_CTX_free(mac_ctx); return mac_key; } + +int +EVP_PKEY_check(EVP_PKEY_CTX *ctx) +{ + EVP_PKEY *pkey; + + if ((pkey = ctx->pkey) == NULL) { + EVPerror(EVP_R_NO_KEY_SET); + return 0; + } + + if (ctx->pmeth->check != NULL) + return ctx->pmeth->check(pkey); + + if (pkey->ameth == NULL || pkey->ameth->pkey_check == NULL) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + return pkey->ameth->pkey_check(pkey); +} + +int +EVP_PKEY_public_check(EVP_PKEY_CTX *ctx) +{ + EVP_PKEY *pkey; + + if ((pkey = ctx->pkey) == NULL) { + EVPerror(EVP_R_NO_KEY_SET); + return 0; + } + + if (ctx->pmeth->public_check != NULL) + return ctx->pmeth->public_check(pkey); + + if (pkey->ameth == NULL || pkey->ameth->pkey_public_check == NULL) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + return pkey->ameth->pkey_public_check(pkey); +} + +int +EVP_PKEY_param_check(EVP_PKEY_CTX *ctx) +{ + EVP_PKEY *pkey; + + if ((pkey = ctx->pkey) == NULL) { + EVPerror(EVP_R_NO_KEY_SET); + return 0; + } + + if (ctx->pmeth->param_check != NULL) + return ctx->pmeth->param_check(pkey); + + if (pkey->ameth == NULL || pkey->ameth->pkey_param_check == NULL) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + return pkey->ameth->pkey_param_check(pkey); +} diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 36bfe8d9..96024492 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pmeth_lib.c,v 1.16 2019/11/01 15:08:57 jsing Exp $ */ +/* $OpenBSD: pmeth_lib.c,v 1.22 2022/05/05 08:51:21 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -56,6 +56,7 @@ * */ +#include #include #include #include @@ -65,6 +66,7 @@ #include #include #include +#include #ifndef OPENSSL_NO_ENGINE #include @@ -82,6 +84,7 @@ extern const EVP_PKEY_METHOD rsa_pkey_meth, rsa_pss_pkey_meth; extern const EVP_PKEY_METHOD dh_pkey_meth, dsa_pkey_meth; extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth; extern const EVP_PKEY_METHOD gostimit_pkey_meth, gostr01_pkey_meth; +extern const EVP_PKEY_METHOD hkdf_pkey_meth; static const EVP_PKEY_METHOD *standard_methods[] = { #ifndef OPENSSL_NO_RSA @@ -105,6 +108,7 @@ static const EVP_PKEY_METHOD *standard_methods[] = { #ifndef OPENSSL_NO_RSA &rsa_pss_pkey_meth, #endif + &hkdf_pkey_meth, }; static int pmeth_cmp_BSEARCH_CMP_FN(const void *, const void *); @@ -224,39 +228,12 @@ EVP_PKEY_meth_new(int id, int flags) { EVP_PKEY_METHOD *pmeth; - pmeth = calloc(1, sizeof(EVP_PKEY_METHOD)); - if (!pmeth) + if ((pmeth = calloc(1, sizeof(EVP_PKEY_METHOD))) == NULL) return NULL; pmeth->pkey_id = id; pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; - pmeth->init = 0; - pmeth->copy = 0; - pmeth->cleanup = 0; - pmeth->paramgen_init = 0; - pmeth->paramgen = 0; - pmeth->keygen_init = 0; - pmeth->keygen = 0; - pmeth->sign_init = 0; - pmeth->sign = 0; - pmeth->verify_init = 0; - pmeth->verify = 0; - pmeth->verify_recover_init = 0; - pmeth->verify_recover = 0; - pmeth->signctx_init = 0; - pmeth->signctx = 0; - pmeth->verifyctx_init = 0; - pmeth->verifyctx = 0; - pmeth->encrypt_init = 0; - pmeth->encrypt = 0; - pmeth->decrypt_init = 0; - pmeth->decrypt = 0; - pmeth->derive_init = 0; - pmeth->derive = 0; - pmeth->ctrl = 0; - pmeth->ctrl_str = 0; - return pmeth; } @@ -272,42 +249,15 @@ EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, const EVP_PKEY_METHOD *meth) void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src) { - dst->init = src->init; - dst->copy = src->copy; - dst->cleanup = src->cleanup; - - dst->paramgen_init = src->paramgen_init; - dst->paramgen = src->paramgen; - - dst->keygen_init = src->keygen_init; - dst->keygen = src->keygen; - - dst->sign_init = src->sign_init; - dst->sign = src->sign; - - dst->verify_init = src->verify_init; - dst->verify = src->verify; + EVP_PKEY_METHOD preserve; - dst->verify_recover_init = src->verify_recover_init; - dst->verify_recover = src->verify_recover; + preserve.pkey_id = dst->pkey_id; + preserve.flags = dst->flags; - dst->signctx_init = src->signctx_init; - dst->signctx = src->signctx; + *dst = *src; - dst->verifyctx_init = src->verifyctx_init; - dst->verifyctx = src->verifyctx; - - dst->encrypt_init = src->encrypt_init; - dst->encrypt = src->encrypt; - - dst->decrypt_init = src->decrypt_init; - dst->decrypt = src->decrypt; - - dst->derive_init = src->derive_init; - dst->derive = src->derive; - - dst->ctrl = src->ctrl; - dst->ctrl_str = src->ctrl_str; + dst->pkey_id = preserve.pkey_id; + dst->flags = preserve.flags; } void @@ -448,6 +398,38 @@ EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *name, const char *value) return ctx->pmeth->ctrl_str(ctx, name, value); } +int +EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str) +{ + size_t len; + + if ((len = strlen(str)) > INT_MAX) + return -1; + + return ctx->pmeth->ctrl(ctx, cmd, len, (void *)str); +} + +int +EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hexstr) +{ + unsigned char *hex = NULL; + long length; + int ret = 0; + + if ((hex = string_to_hex(hexstr, &length)) == NULL) + goto err; + if (length < 0 || length > INT_MAX) { + ret = -1; + goto err; + } + + ret = ctx->pmeth->ctrl(ctx, cmd, length, hex); + + err: + free(hex); + return ret; +} + int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md_name) { @@ -636,3 +618,23 @@ EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, pmeth->ctrl = ctrl; pmeth->ctrl_str = ctrl_str; } + +void +EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, int (*check)(EVP_PKEY *pkey)) +{ + pmeth->check = check; +} + +void +EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, + int (*public_check)(EVP_PKEY *pkey)) +{ + pmeth->public_check = public_check; +} + +void +EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, + int (*param_check)(EVP_PKEY *pkey)) +{ + pmeth->param_check = param_check; +} diff --git a/crypto/gost/gost2814789.c b/crypto/gost/gost2814789.c index f1066f24..0841a03b 100644 --- a/crypto/gost/gost2814789.c +++ b/crypto/gost/gost2814789.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gost2814789.c,v 1.6 2020/09/12 02:45:05 inoguchi Exp $ */ +/* $OpenBSD: gost2814789.c,v 1.7 2021/11/09 18:40:21 bcook Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -49,8 +49,7 @@ * ==================================================================== */ -#include - +#include #include #include diff --git a/crypto/gost/gost89imit_ameth.c b/crypto/gost/gost89imit_ameth.c index a2631d97..3fdfa3ee 100644 --- a/crypto/gost/gost89imit_ameth.c +++ b/crypto/gost/gost89imit_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gost89imit_ameth.c,v 1.2 2014/11/09 23:06:52 miod Exp $ */ +/* $OpenBSD: gost89imit_ameth.c,v 1.3 2021/12/12 21:30:14 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -55,6 +55,7 @@ #include #include "asn1_locl.h" +#include "evp_locl.h" static void mackey_free_gost(EVP_PKEY *pk) diff --git a/crypto/gost/gost_err.c b/crypto/gost/gost_err.c index e7111dd3..0c46dbc3 100644 --- a/crypto/gost/gost_err.c +++ b/crypto/gost/gost_err.c @@ -53,16 +53,10 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_GOST,func,0) diff --git a/crypto/gost/gostr341001.c b/crypto/gost/gostr341001.c index bfbd0321..a6082568 100644 --- a/crypto/gost/gostr341001.c +++ b/crypto/gost/gostr341001.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gostr341001.c,v 1.8 2021/04/20 17:16:38 tb Exp $ */ +/* $OpenBSD: gostr341001.c,v 1.9 2022/01/07 09:40:03 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -59,6 +59,7 @@ #include #include "bn_lcl.h" +#include "ecs_locl.h" #include "gost_locl.h" /* Convert little-endian byte array into bignum */ diff --git a/crypto/gost/gostr341001_ameth.c b/crypto/gost/gostr341001_ameth.c index 294b654d..ce203a6c 100644 --- a/crypto/gost/gostr341001_ameth.c +++ b/crypto/gost/gostr341001_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gostr341001_ameth.c,v 1.17 2021/04/20 17:16:38 tb Exp $ */ +/* $OpenBSD: gostr341001_ameth.c,v 1.19 2021/12/26 15:38:49 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -63,6 +63,7 @@ #include "asn1_locl.h" +#include "evp_locl.h" #include "gost_locl.h" #include "gost_asn1.h" @@ -364,7 +365,8 @@ pub_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) BIO_printf(out, "X:"); BN_print(out, X); BIO_printf(out, "\n"); - BIO_indent(out, indent + 3, 128); + if (BIO_indent(out, indent + 3, 128) == 0) + goto err; BIO_printf(out, "Y:"); BN_print(out, Y); BIO_printf(out, "\n"); diff --git a/crypto/gost/gostr341001_pmeth.c b/crypto/gost/gostr341001_pmeth.c index 0eb1d873..ae39b059 100644 --- a/crypto/gost/gostr341001_pmeth.c +++ b/crypto/gost/gostr341001_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gostr341001_pmeth.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: gostr341001_pmeth.c,v 1.16 2022/03/30 07:17:48 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -62,6 +62,7 @@ #include #include +#include "ecs_locl.h" #include "evp_locl.h" #include "gost_locl.h" #include "gost_asn1.h" @@ -174,7 +175,10 @@ pkey_gost01_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) static void pkey_gost01_cleanup(EVP_PKEY_CTX *ctx) { - struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); + struct gost_pmeth_data *data; + + if ((data = EVP_PKEY_CTX_get_data(ctx)) == NULL) + return; free(data->shared_ukm); free(data); diff --git a/crypto/gost/streebog.c b/crypto/gost/streebog.c index 61bce0e3..b237a2c5 100644 --- a/crypto/gost/streebog.c +++ b/crypto/gost/streebog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: streebog.c,v 1.6 2019/05/09 22:54:28 tb Exp $ */ +/* $OpenBSD: streebog.c,v 1.7 2021/11/09 18:40:21 bcook Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -49,8 +49,7 @@ * ==================================================================== */ -#include - +#include #include #include diff --git a/crypto/hkdf/hkdf.c b/crypto/hkdf/hkdf.c index e912481d..9adf1260 100644 --- a/crypto/hkdf/hkdf.c +++ b/crypto/hkdf/hkdf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hkdf.c,v 1.5 2021/08/27 16:12:33 tb Exp $ */ +/* $OpenBSD: hkdf.c,v 1.7 2021/12/12 21:30:14 tb Exp $ */ /* Copyright (c) 2014, Google Inc. * * Permission to use, copy, modify, and/or distribute this software for any @@ -21,6 +21,9 @@ #include #include +#include "evp_locl.h" +#include "hmac_local.h" + /* https://tools.ietf.org/html/rfc5869#section-2 */ int HKDF(uint8_t *out_key, size_t out_len, const EVP_MD *digest, diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c index cfa02397..84bb5f0c 100644 --- a/crypto/hmac/hm_ameth.c +++ b/crypto/hmac/hm_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hm_ameth.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */ +/* $OpenBSD: hm_ameth.c,v 1.12 2021/12/12 21:30:14 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2007. */ @@ -60,8 +60,11 @@ #include #include +#include #include "asn1_locl.h" +#include "evp_locl.h" +#include "hmac_local.h" #define HMAC_TEST_PRIVATE_KEY_FORMAT diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c index 390725fa..4017f570 100644 --- a/crypto/hmac/hm_pmeth.c +++ b/crypto/hmac/hm_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hm_pmeth.c,v 1.10 2017/05/02 03:59:44 deraadt Exp $ */ +/* $OpenBSD: hm_pmeth.c,v 1.13 2022/03/30 07:17:48 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2007. */ @@ -65,6 +65,7 @@ #include #include "evp_locl.h" +#include "hmac_local.h" /* HMAC pkey context structure */ @@ -79,13 +80,9 @@ pkey_hmac_init(EVP_PKEY_CTX *ctx) { HMAC_PKEY_CTX *hctx; - hctx = malloc(sizeof(HMAC_PKEY_CTX)); - if (!hctx) + if ((hctx = calloc(1, sizeof(HMAC_PKEY_CTX))) == NULL) return 0; - hctx->md = NULL; - hctx->ktmp.data = NULL; - hctx->ktmp.length = 0; - hctx->ktmp.flags = 0; + hctx->ktmp.type = V_ASN1_OCTET_STRING; HMAC_CTX_init(&hctx->ctx); @@ -119,7 +116,10 @@ pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) { - HMAC_PKEY_CTX *hctx = ctx->data; + HMAC_PKEY_CTX *hctx; + + if ((hctx = ctx->data) == NULL) + return; HMAC_CTX_cleanup(&hctx->ctx); freezero(hctx->ktmp.data, hctx->ktmp.length); diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 7bf17eed..3421119b 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hmac.c,v 1.25 2018/02/17 14:53:58 jsing Exp $ */ +/* $OpenBSD: hmac.c,v 1.28 2022/05/05 18:29:34 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,6 +63,9 @@ #include #include +#include "evp_locl.h" +#include "hmac_local.h" + int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl) @@ -258,11 +261,16 @@ HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, { HMAC_CTX c; static unsigned char m[EVP_MAX_MD_SIZE]; + const unsigned char dummy_key[1] = { 0 }; if (md == NULL) md = m; + if (key == NULL) { + key = dummy_key; + key_len = 0; + } HMAC_CTX_init(&c); - if (!HMAC_Init(&c, key, key_len, evp_md)) + if (!HMAC_Init_ex(&c, key, key_len, evp_md, NULL)) goto err; if (!HMAC_Update(&c, d, n)) goto err; diff --git a/crypto/hmac/hmac_local.h b/crypto/hmac/hmac_local.h new file mode 100644 index 00000000..5900bc1c --- /dev/null +++ b/crypto/hmac/hmac_local.h @@ -0,0 +1,83 @@ +/* $OpenBSD: hmac_local.h,v 1.3 2022/01/14 08:06:03 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#ifndef HEADER_HMAC_LOCAL_H +#define HEADER_HMAC_LOCAL_H + +#include + +#include + +#include "evp_locl.h" + +__BEGIN_HIDDEN_DECLS + +struct hmac_ctx_st { + const EVP_MD *md; + EVP_MD_CTX md_ctx; + EVP_MD_CTX i_ctx; + EVP_MD_CTX o_ctx; + unsigned int key_length; + unsigned char key[HMAC_MAX_MD_CBLOCK]; +} /* HMAC_CTX */; + +void HMAC_CTX_init(HMAC_CTX *ctx); +void HMAC_CTX_cleanup(HMAC_CTX *ctx); + +__END_HIDDEN_DECLS + +#endif /* !HEADER_HMAC_LOCAL_H */ diff --git a/crypto/kdf/hkdf_evp.c b/crypto/kdf/hkdf_evp.c new file mode 100644 index 00000000..736208de --- /dev/null +++ b/crypto/kdf/hkdf_evp.c @@ -0,0 +1,269 @@ +/* $OpenBSD: hkdf_evp.c,v 1.18 2022/05/05 19:48:06 tb Exp $ */ +/* ==================================================================== + * Copyright (c) 2016-2018 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include + +#include +#include +#include +#include +#include + +#include "evp_locl.h" + +#define HKDF_MAXBUF 1024 + +typedef struct { + int mode; + const EVP_MD *md; + unsigned char *salt; + size_t salt_len; + unsigned char *key; + size_t key_len; + unsigned char info[HKDF_MAXBUF]; + size_t info_len; +} HKDF_PKEY_CTX; + +static int +pkey_hkdf_init(EVP_PKEY_CTX *ctx) +{ + HKDF_PKEY_CTX *kctx; + + if ((kctx = calloc(1, sizeof(*kctx))) == NULL) { + KDFerror(ERR_R_MALLOC_FAILURE); + return 0; + } + + ctx->data = kctx; + + return 1; +} + +static void +pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx) +{ + HKDF_PKEY_CTX *kctx = ctx->data; + + freezero(kctx->salt, kctx->salt_len); + freezero(kctx->key, kctx->key_len); + freezero(kctx, sizeof(*kctx)); +} + +static int +pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ + HKDF_PKEY_CTX *kctx = ctx->data; + + switch (type) { + case EVP_PKEY_CTRL_HKDF_MD: + if (p2 == NULL) + return 0; + + kctx->md = p2; + return 1; + + case EVP_PKEY_CTRL_HKDF_MODE: + kctx->mode = p1; + return 1; + + case EVP_PKEY_CTRL_HKDF_SALT: + if (p1 == 0 || p2 == NULL) + return 1; + + if (p1 < 0) + return 0; + + freezero(kctx->salt, kctx->salt_len); + if ((kctx->salt = malloc(p1)) == NULL) + return 0; + memcpy(kctx->salt, p2, p1); + + kctx->salt_len = p1; + return 1; + + case EVP_PKEY_CTRL_HKDF_KEY: + if (p1 <= 0) + return 0; + + freezero(kctx->key, kctx->key_len); + if ((kctx->key = malloc(p1)) == NULL) + return 0; + memcpy(kctx->key, p2, p1); + + kctx->key_len = p1; + return 1; + + case EVP_PKEY_CTRL_HKDF_INFO: + if (p1 == 0 || p2 == NULL) + return 1; + + if (p1 < 0 || p1 > (int)(HKDF_MAXBUF - kctx->info_len)) + return 0; + + memcpy(kctx->info + kctx->info_len, p2, p1); + kctx->info_len += p1; + return 1; + + default: + return -2; + } +} + +static int +pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value) +{ + if (strcmp(type, "mode") == 0) { + int mode; + + if (strcmp(value, "EXTRACT_AND_EXPAND") == 0) + mode = EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND; + else if (strcmp(value, "EXTRACT_ONLY") == 0) + mode = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY; + else if (strcmp(value, "EXPAND_ONLY") == 0) + mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY; + else + return 0; + + return EVP_PKEY_CTX_hkdf_mode(ctx, mode); + } + + if (strcmp(type, "md") == 0) + return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_HKDF_MD, value); + + if (strcmp(type, "salt") == 0) + return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, + value); + + if (strcmp(type, "hexsalt") == 0) + return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, + value); + + if (strcmp(type, "key") == 0) + return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value); + + if (strcmp(type, "hexkey") == 0) + return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value); + + if (strcmp(type, "info") == 0) + return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, + value); + + if (strcmp(type, "hexinfo") == 0) + return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, + value); + + KDFerror(KDF_R_UNKNOWN_PARAMETER_TYPE); + return -2; +} + +static int +pkey_hkdf_derive_init(EVP_PKEY_CTX *ctx) +{ + HKDF_PKEY_CTX *kctx = ctx->data; + + freezero(kctx->key, kctx->key_len); + freezero(kctx->salt, kctx->salt_len); + explicit_bzero(kctx, sizeof(*kctx)); + + return 1; +} + +static int +pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, + size_t *keylen) +{ + HKDF_PKEY_CTX *kctx = ctx->data; + + if (kctx->md == NULL) { + KDFerror(KDF_R_MISSING_MESSAGE_DIGEST); + return 0; + } + if (kctx->key == NULL) { + KDFerror(KDF_R_MISSING_KEY); + return 0; + } + + switch (kctx->mode) { + case EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND: + return HKDF(key, *keylen, kctx->md, kctx->key, kctx->key_len, + kctx->salt, kctx->salt_len, kctx->info, kctx->info_len); + + case EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY: + if (key == NULL) { + *keylen = EVP_MD_size(kctx->md); + return 1; + } + return HKDF_extract(key, keylen, kctx->md, kctx->key, + kctx->key_len, kctx->salt, kctx->salt_len); + + case EVP_PKEY_HKDEF_MODE_EXPAND_ONLY: + return HKDF_expand(key, *keylen, kctx->md, kctx->key, + kctx->key_len, kctx->info, kctx->info_len); + + default: + return 0; + } +} + +const EVP_PKEY_METHOD hkdf_pkey_meth = { + .pkey_id = EVP_PKEY_HKDF, + .flags = 0, + + .init = pkey_hkdf_init, + .copy = NULL, + .cleanup = pkey_hkdf_cleanup, + + .derive_init = pkey_hkdf_derive_init, + .derive = pkey_hkdf_derive, + .ctrl = pkey_hkdf_ctrl, + .ctrl_str = pkey_hkdf_ctrl_str, +}; diff --git a/crypto/kdf/kdf_err.c b/crypto/kdf/kdf_err.c new file mode 100644 index 00000000..4dd32370 --- /dev/null +++ b/crypto/kdf/kdf_err.c @@ -0,0 +1,89 @@ +/* $OpenBSD: kdf_err.c,v 1.9 2022/07/12 14:42:49 kn Exp $ */ +/* ==================================================================== + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#ifndef OPENSSL_NO_ERR + +static ERR_STRING_DATA KDF_str_functs[] = { + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_CTRL_STR, 0), "pkey_hkdf_ctrl_str"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_DERIVE, 0), "pkey_hkdf_derive"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_INIT, 0), "pkey_hkdf_init"}, + {0, NULL}, +}; + +static ERR_STRING_DATA KDF_str_reasons[] = { + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_KEY), "missing key"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_MESSAGE_DIGEST), + "missing message digest"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNKNOWN_PARAMETER_TYPE), + "unknown parameter type"}, + {0, NULL}, +}; + +#endif + +int +ERR_load_KDF_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(KDF_str_functs[0].error) == NULL) { + ERR_load_strings(0, KDF_str_functs); + ERR_load_strings(0, KDF_str_reasons); + } +#endif + return 1; +} diff --git a/crypto/modes/cbc128.c b/crypto/modes/cbc128.c index fe45103b..c5cf5a63 100644 --- a/crypto/modes/cbc128.c +++ b/crypto/modes/cbc128.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cbc128.c,v 1.4 2015/02/10 09:46:30 miod Exp $ */ +/* $OpenBSD: cbc128.c,v 1.5 2022/01/22 00:45:17 inoguchi Exp $ */ /* ==================================================================== * Copyright (c) 2008 The OpenSSL Project. All rights reserved. * @@ -110,7 +110,7 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, in += 16; out += 16; } - memcpy(ivec,iv,16); + memmove(ivec,iv,16); } void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, @@ -148,7 +148,7 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, out += 16; } } - memcpy(ivec,iv,16); + memmove(ivec,iv,16); } else { if (STRICT_ALIGNMENT && ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) { diff --git a/crypto/modes/modes_lcl.h b/crypto/modes/modes_lcl.h index bfea1894..d0126e87 100644 --- a/crypto/modes/modes_lcl.h +++ b/crypto/modes/modes_lcl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: modes_lcl.h,v 1.10 2016/12/21 15:49:29 jsing Exp $ */ +/* $OpenBSD: modes_lcl.h,v 1.11 2021/11/09 18:40:21 bcook Exp $ */ /* ==================================================================== * Copyright (c) 2010 The OpenSSL Project. All rights reserved. * @@ -6,7 +6,7 @@ * ==================================================================== */ -#include +#include #include diff --git a/crypto/modes/xts128.c b/crypto/modes/xts128.c index 0be23d4e..2084892e 100644 --- a/crypto/modes/xts128.c +++ b/crypto/modes/xts128.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xts128.c,v 1.7 2017/08/13 17:46:24 bcook Exp $ */ +/* $OpenBSD: xts128.c,v 1.8 2021/11/09 18:40:21 bcook Exp $ */ /* ==================================================================== * Copyright (c) 2011 The OpenSSL Project. All rights reserved. * @@ -48,9 +48,10 @@ * ==================================================================== */ -#include #include #include "modes_lcl.h" + +#include #include #ifndef MODES_DEBUG diff --git a/crypto/o_fips.c b/crypto/o_fips.c new file mode 100644 index 00000000..b1487e3b --- /dev/null +++ b/crypto/o_fips.c @@ -0,0 +1,76 @@ +/* $OpenBSD: o_fips.c,v 1.6 2021/10/23 13:57:00 schwarze Exp $ */ +/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL + * project 2011. + */ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include "cryptlib.h" + +int +FIPS_mode(void) +{ + return 0; +} + +int +FIPS_mode_set(int r) +{ + if (r == 0) + return 1; + CRYPTOerror(CRYPTO_R_FIPS_MODE_NOT_SUPPORTED); + return 0; +} diff --git a/crypto/o_time.c b/crypto/o_time.c index 9b2e7e5b..3f164c7f 100644 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -1,4 +1,4 @@ -/* $OpenBSD: o_time.c,v 1.15 2014/06/12 15:49:27 deraadt Exp $ */ +/* $OpenBSD: o_time.c,v 1.16 2021/10/27 09:50:56 beck Exp $ */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL * project 2001. */ @@ -72,6 +72,8 @@ static long date_to_julian(int y, int m, int d); static void julian_to_date(long jd, int *y, int *m, int *d); +static int julian_adj(const struct tm *tm, int off_day, long offset_sec, + long *pday, int *psec); int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec) @@ -131,6 +133,85 @@ OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec) } +int +OPENSSL_gmtime_diff(int *pday, int *psec, const struct tm *from, + const struct tm *to) +{ + int from_sec, to_sec, diff_sec; + long from_jd, to_jd, diff_day; + + if (!julian_adj(from, 0, 0, &from_jd, &from_sec)) + return 0; + if (!julian_adj(to, 0, 0, &to_jd, &to_sec)) + return 0; + diff_day = to_jd - from_jd; + diff_sec = to_sec - from_sec; + /* Adjust differences so both positive or both negative */ + if (diff_day > 0 && diff_sec < 0) { + diff_day--; + diff_sec += SECS_PER_DAY; + } + if (diff_day < 0 && diff_sec > 0) { + diff_day++; + diff_sec -= SECS_PER_DAY; + } + + if (pday) + *pday = (int)diff_day; + if (psec) + *psec = diff_sec; + + return 1; + +} + +/* Convert tm structure and offset into julian day and seconds */ +static int +julian_adj(const struct tm *tm, int off_day, long offset_sec, long *pday, + int *psec) +{ + int time_year, time_month, time_day; + long offset_day, time_jd; + int offset_hms; + + /* split offset into days and day seconds */ + offset_day = offset_sec / SECS_PER_DAY; + /* Avoid sign issues with % operator */ + offset_hms = offset_sec - (offset_day * SECS_PER_DAY); + offset_day += off_day; + /* Add current time seconds to offset */ + offset_hms += tm->tm_hour * 3600 + tm->tm_min * 60 + tm->tm_sec; + /* Adjust day seconds if overflow */ + if (offset_hms >= SECS_PER_DAY) { + offset_day++; + offset_hms -= SECS_PER_DAY; + } else if (offset_hms < 0) { + offset_day--; + offset_hms += SECS_PER_DAY; + } + + /* + * Convert date of time structure into a Julian day number. + */ + + time_year = tm->tm_year + 1900; + time_month = tm->tm_mon + 1; + time_day = tm->tm_mday; + + time_jd = date_to_julian(time_year, time_month, time_day); + + /* Work out Julian day of new date */ + time_jd += offset_day; + + if (time_jd < 0) + return 0; + + *pday = time_jd; + *psec = offset_hms; + + return 1; +} + /* Convert date to and from julian day * Uses Fliegel & Van Flandern algorithm */ diff --git a/crypto/o_time.h b/crypto/o_time.h index 8c6301db..064f2cc2 100644 --- a/crypto/o_time.h +++ b/crypto/o_time.h @@ -1,4 +1,4 @@ -/* $OpenBSD: o_time.h,v 1.7 2016/12/21 15:49:29 jsing Exp $ */ +/* $OpenBSD: o_time.h,v 1.8 2021/10/27 09:50:56 beck Exp $ */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL * project 2001. */ @@ -64,7 +64,8 @@ __BEGIN_HIDDEN_DECLS int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); +int OPENSSL_gmtime_diff(int *pday, int *psec, const struct tm *from, + const struct tm *to); __END_HIDDEN_DECLS - #endif diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index db257999..bcb7ee2d 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: obj_dat.c,v 1.43 2021/09/01 09:42:28 beck Exp $ */ +/* $OpenBSD: obj_dat.c,v 1.49 2022/03/19 17:49:32 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -69,6 +69,8 @@ #include #include +#include "asn1_locl.h" + /* obj_dat.h is generated from objects.h by obj_dat.pl */ #include "obj_dat.h" @@ -456,9 +458,9 @@ OBJ_obj2nid(const ASN1_OBJECT *a) const unsigned int *op; ADDED_OBJ ad, *adp; - if (a == NULL) + if (a == NULL || a->length == 0) return (NID_undef); - if (a->nid != 0) + if (a->nid != NID_undef) return (a->nid); if (added != NULL) { @@ -483,12 +485,7 @@ OBJ_obj2nid(const ASN1_OBJECT *a) ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name) { - int nid = NID_undef; - ASN1_OBJECT *op = NULL; - unsigned char *buf; - unsigned char *p; - const unsigned char *cp; - int i, j; + int nid; if (!no_name) { if (((nid = OBJ_sn2nid(s)) != NID_undef) || @@ -496,148 +493,16 @@ OBJ_txt2obj(const char *s, int no_name) return OBJ_nid2obj(nid); } - /* Work out size of content octets */ - i = a2d_ASN1_OBJECT(NULL, 0, s, -1); - if (i <= 0) { - /* Don't clear the error */ - /*ERR_clear_error();*/ - return NULL; - } - /* Work out total size */ - j = ASN1_object_size(0, i, V_ASN1_OBJECT); - - if ((buf = malloc(j)) == NULL) - return NULL; - - p = buf; - /* Write out tag+length */ - ASN1_put_object(&p, 0, i, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); - /* Write out contents */ - a2d_ASN1_OBJECT(p, i, s, -1); - - cp = buf; - op = d2i_ASN1_OBJECT(NULL, &cp, j); - free(buf); - return op; + return t2i_ASN1_OBJECT_internal(s); } int -OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) +OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *aobj, int no_name) { - int i, ret = 0, len, nid, first = 1, use_bn; - BIGNUM *bl = NULL; - unsigned long l; - const unsigned char *p; - - /* Ensure that, at every state, |buf| is NUL-terminated. */ - if (buf_len > 0) - buf[0] = '\0'; - - if ((a == NULL) || (a->data == NULL)) - goto err; - - if (!no_name && (nid = OBJ_obj2nid(a)) != NID_undef) { - const char *s; - s = OBJ_nid2ln(nid); - if (s == NULL) - s = OBJ_nid2sn(nid); - if (s) { - ret = strlcpy(buf, s, buf_len); - goto out; - } - } - - len = a->length; - p = a->data; - - while (len > 0) { - l = 0; - use_bn = 0; - for (;;) { - unsigned char c = *p++; - len--; - if ((len == 0) && (c & 0x80)) - goto err; - if (use_bn) { - if (!BN_add_word(bl, c & 0x7f)) - goto err; - } else - l |= c & 0x7f; - if (!(c & 0x80)) - break; - if (!use_bn && (l > (ULONG_MAX >> 7L))) { - if (!bl && !(bl = BN_new())) - goto err; - if (!BN_set_word(bl, l)) - goto err; - use_bn = 1; - } - if (use_bn) { - if (!BN_lshift(bl, bl, 7)) - goto err; - } else - l <<= 7L; - } - - if (first) { - first = 0; - if (l >= 80) { - i = 2; - if (use_bn) { - if (!BN_sub_word(bl, 80)) - goto err; - } else - l -= 80; - } else { - i = (int)(l / 40); - l -= (long)(i * 40); - } - if (buf_len > 1) { - *buf++ = i + '0'; - *buf = '\0'; - buf_len--; - } - ret++; - } - - if (use_bn) { - char *bndec; - - bndec = BN_bn2dec(bl); - if (!bndec) - goto err; - i = snprintf(buf, buf_len, ".%s", bndec); - free(bndec); - if (i < 0) - goto err; - if (i >= buf_len) { - buf_len = 0; - } else { - buf += i; - buf_len -= i; - } - ret += i; - } else { - i = snprintf(buf, buf_len, ".%lu", l); - if (i < 0) - goto err; - if (i >= buf_len) { - buf_len = 0; - } else { - buf += i; - buf_len -= i; - } - ret += i; - } - } - - out: - BN_free(bl); - return ret; + if (aobj == NULL || aobj->data == NULL) + return 0; - err: - ret = 0; - goto out; + return i2t_ASN1_OBJECT_internal(aobj, buf, buf_len, no_name); } int @@ -814,3 +679,24 @@ OBJ_create(const char *oid, const char *sn, const char *ln) free(buf); return (ok); } + +size_t +OBJ_length(const ASN1_OBJECT *obj) +{ + if (obj == NULL) + return 0; + + if (obj->length < 0) + return 0; + + return obj->length; +} + +const unsigned char * +OBJ_get0_data(const ASN1_OBJECT *obj) +{ + if (obj == NULL) + return NULL; + + return obj->data; +} diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 6f50a900..75400edb 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 1016 -#define NUM_SN 1009 -#define NUM_LN 1009 -#define NUM_OBJ 939 +#define NUM_NID 1025 +#define NUM_SN 1018 +#define NUM_LN 1018 +#define NUM_OBJ 947 -static const unsigned char lvalues[6618]={ +static const unsigned char lvalues[6699]={ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -1001,6 +1001,14 @@ static const unsigned char lvalues[6618]={ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x2F,/* [6587] OBJ_id_ct_geofeedCSVwithCRLF */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x30,/* [6598] OBJ_id_ct_signedChecklist */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1E, /* [6609] OBJ_id_kp_bgpsec_router */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18, /* [6617] OBJ_tlsfeature */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x31,/* [6625] OBJ_id_ct_ASPA */ +0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,/* [6636] OBJ_ct_precert_scts */ +0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03,/* [6646] OBJ_ct_precert_poison */ +0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04,/* [6656] OBJ_ct_precert_signer */ +0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05,/* [6666] OBJ_ct_cert_scts */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x2F,/* [6676] OBJ_id_smime_aa_signingCertificateV2 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x32,/* [6687] OBJ_id_ct_signedTAL */ }; static const ASN1_OBJECT nid_objs[NUM_NID]={ @@ -2653,6 +2661,22 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ NID_id_ct_signedChecklist,11,&(lvalues[6598]),0}, {"id-kp-bgpsec-router","BGPsec Router",NID_id_kp_bgpsec_router,8, &(lvalues[6609]),0}, +{"tlsfeature","TLS Feature",NID_tlsfeature,8,&(lvalues[6617]),0}, +{"id-ct-ASPA","id-ct-ASPA",NID_id_ct_ASPA,11,&(lvalues[6625]),0}, +{"ct_precert_scts","CT Precertificate SCTs",NID_ct_precert_scts,10, + &(lvalues[6636]),0}, +{"ct_precert_poison","CT Precertificate Poison",NID_ct_precert_poison, + 10,&(lvalues[6646]),0}, +{"ct_precert_signer","CT Precertificate Signer",NID_ct_precert_signer, + 10,&(lvalues[6656]),0}, +{"ct_cert_scts","CT Certificate SCTs",NID_ct_cert_scts,10, + &(lvalues[6666]),0}, +{"HKDF","hkdf",NID_hkdf,0,NULL,0}, +{"id-smime-aa-signingCertificateV2", + "id-smime-aa-signingCertificateV2", + NID_id_smime_aa_signingCertificateV2,11,&(lvalues[6676]),0}, +{"id-ct-signedTAL","id-ct-signedTAL",NID_id_ct_signedTAL,11, + &(lvalues[6687]),0}, }; static const unsigned int sn_objs[NUM_SN]={ @@ -2753,6 +2777,7 @@ static const unsigned int sn_objs[NUM_SN]={ 955, /* "Ed448ph" */ 936, /* "FRP256v1" */ 99, /* "GN" */ +1022, /* "HKDF" */ 855, /* "HMAC" */ 780, /* "HMAC-MD5" */ 781, /* "HMAC-SHA1" */ @@ -2955,6 +2980,10 @@ static const unsigned int sn_objs[NUM_SN]={ 884, /* "crossCertificatePair" */ 806, /* "cryptocom" */ 805, /* "cryptopro" */ +1021, /* "ct_cert_scts" */ +1019, /* "ct_precert_poison" */ +1018, /* "ct_precert_scts" */ +1020, /* "ct_precert_signer" */ 500, /* "dITRedirect" */ 451, /* "dNSDomain" */ 495, /* "dSAQuality" */ @@ -3138,6 +3167,7 @@ static const unsigned int sn_objs[NUM_SN]={ 327, /* "id-cmc-statusInfo" */ 331, /* "id-cmc-transactionId" */ 1005, /* "id-cp" */ +1017, /* "id-ct-ASPA" */ 787, /* "id-ct-asciiTextWithCRLF" */ 1013, /* "id-ct-geofeedCSVwithCRLF" */ 1004, /* "id-ct-resourceTaggedAttest" */ @@ -3145,6 +3175,7 @@ static const unsigned int sn_objs[NUM_SN]={ 1003, /* "id-ct-rpkiGhostbusters" */ 1002, /* "id-ct-rpkiManifest" */ 1014, /* "id-ct-signedChecklist" */ +1024, /* "id-ct-signedTAL" */ 408, /* "id-ecPublicKey" */ 508, /* "id-hex-multipart-message" */ 507, /* "id-hex-partial-message" */ @@ -3243,6 +3274,7 @@ static const unsigned int sn_objs[NUM_SN]={ 213, /* "id-smime-aa-securityLabel" */ 239, /* "id-smime-aa-signatureType" */ 223, /* "id-smime-aa-signingCertificate" */ +1023, /* "id-smime-aa-signingCertificateV2" */ 224, /* "id-smime-aa-smimeEncryptCerts" */ 225, /* "id-smime-aa-timeStampToken" */ 192, /* "id-smime-alg" */ @@ -3637,6 +3669,7 @@ static const unsigned int sn_objs[NUM_SN]={ 293, /* "textNotice" */ 133, /* "timeStamping" */ 106, /* "title" */ +1016, /* "tlsfeature" */ 682, /* "tpBasis" */ 375, /* "trustRoot" */ 436, /* "ucl" */ @@ -3679,6 +3712,10 @@ static const unsigned int ln_objs[NUM_LN]={ 285, /* "Biometric Info" */ 179, /* "CA Issuers" */ 785, /* "CA Repository" */ +1021, /* "CT Certificate SCTs" */ +1019, /* "CT Precertificate Poison" */ +1018, /* "CT Precertificate SCTs" */ +1020, /* "CT Precertificate Signer" */ 131, /* "Code Signing" */ 783, /* "Diffie-Hellman based MAC" */ 382, /* "Directory" */ @@ -3798,6 +3835,7 @@ static const unsigned int ln_objs[NUM_LN]={ 1011, /* "Signed Object" */ 143, /* "Strong Extranet ID" */ 398, /* "Subject Information Access" */ +1016, /* "TLS Feature" */ 130, /* "TLS Web Client Authentication" */ 129, /* "TLS Web Server Authentication" */ 133, /* "Time Stamping" */ @@ -4052,6 +4090,7 @@ static const unsigned int ln_objs[NUM_LN]={ 939, /* "gost89-cbc" */ 814, /* "gost89-cnt" */ 938, /* "gost89-ecb" */ +1022, /* "hkdf" */ 855, /* "hmac" */ 780, /* "hmac-md5" */ 781, /* "hmac-sha1" */ @@ -4148,6 +4187,7 @@ static const unsigned int ln_objs[NUM_LN]={ 327, /* "id-cmc-statusInfo" */ 331, /* "id-cmc-transactionId" */ 1005, /* "id-cp" */ +1017, /* "id-ct-ASPA" */ 787, /* "id-ct-asciiTextWithCRLF" */ 1013, /* "id-ct-geofeedCSVwithCRLF" */ 1004, /* "id-ct-resourceTaggedAttest" */ @@ -4155,6 +4195,7 @@ static const unsigned int ln_objs[NUM_LN]={ 1003, /* "id-ct-rpkiGhostbusters" */ 1002, /* "id-ct-rpkiManifest" */ 1014, /* "id-ct-signedChecklist" */ +1024, /* "id-ct-signedTAL" */ 408, /* "id-ecPublicKey" */ 508, /* "id-hex-multipart-message" */ 507, /* "id-hex-partial-message" */ @@ -4245,6 +4286,7 @@ static const unsigned int ln_objs[NUM_LN]={ 213, /* "id-smime-aa-securityLabel" */ 239, /* "id-smime-aa-signatureType" */ 223, /* "id-smime-aa-signingCertificate" */ +1023, /* "id-smime-aa-signingCertificateV2" */ 224, /* "id-smime-aa-smimeEncryptCerts" */ 225, /* "id-smime-aa-timeStampToken" */ 192, /* "id-smime-alg" */ @@ -5209,6 +5251,7 @@ static const unsigned int obj_objs[NUM_OBJ]={ 397, /* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */ 398, /* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ 663, /* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */ +1016, /* OBJ_tlsfeature 1 3 6 1 5 5 7 1 24 */ 1006, /* OBJ_sbgp_ipAddrBlockv2 1 3 6 1 5 5 7 1 28 */ 1007, /* OBJ_sbgp_autonomousSysNumv2 1 3 6 1 5 5 7 1 29 */ 164, /* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ @@ -5532,6 +5575,10 @@ static const unsigned int obj_objs[NUM_OBJ]={ 138, /* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ 648, /* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ 649, /* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ +1018, /* OBJ_ct_precert_scts 1 3 6 1 4 1 11129 2 4 2 */ +1019, /* OBJ_ct_precert_poison 1 3 6 1 4 1 11129 2 4 3 */ +1020, /* OBJ_ct_precert_signer 1 3 6 1 4 1 11129 2 4 4 */ +1021, /* OBJ_ct_cert_scts 1 3 6 1 4 1 11129 2 4 5 */ 751, /* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */ 752, /* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */ 753, /* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */ @@ -5562,6 +5609,8 @@ static const unsigned int obj_objs[NUM_OBJ]={ 1004, /* OBJ_id_ct_resourceTaggedAttest 1 2 840 113549 1 9 16 1 36 */ 1013, /* OBJ_id_ct_geofeedCSVwithCRLF 1 2 840 113549 1 9 16 1 47 */ 1014, /* OBJ_id_ct_signedChecklist 1 2 840 113549 1 9 16 1 48 */ +1017, /* OBJ_id_ct_ASPA 1 2 840 113549 1 9 16 1 49 */ +1024, /* OBJ_id_ct_signedTAL 1 2 840 113549 1 9 16 1 50 */ 212, /* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ 213, /* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ 214, /* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ @@ -5591,6 +5640,7 @@ static const unsigned int obj_objs[NUM_OBJ]={ 238, /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */ 239, /* OBJ_id_smime_aa_signatureType 1 2 840 113549 1 9 16 2 28 */ 240, /* OBJ_id_smime_aa_dvcs_dvc 1 2 840 113549 1 9 16 2 29 */ +1023, /* OBJ_id_smime_aa_signingCertificateV2 1 2 840 113549 1 9 16 2 47 */ 241, /* OBJ_id_smime_alg_ESDHwith3DES 1 2 840 113549 1 9 16 3 1 */ 242, /* OBJ_id_smime_alg_ESDHwithRC2 1 2 840 113549 1 9 16 3 2 */ 243, /* OBJ_id_smime_alg_3DESwrap 1 2 840 113549 1 9 16 3 3 */ diff --git a/crypto/objects/obj_err.c b/crypto/objects/obj_err.c index e1413190..50e2a0e0 100644 --- a/crypto/objects/obj_err.c +++ b/crypto/objects/obj_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: obj_err.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: obj_err.c,v 1.13 2022/07/12 14:42:49 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0) diff --git a/crypto/objects/obj_lib.c b/crypto/objects/obj_lib.c index 5327a0cb..39cd4124 100644 --- a/crypto/objects/obj_lib.c +++ b/crypto/objects/obj_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: obj_lib.c,v 1.15 2018/09/08 10:31:24 tb Exp $ */ +/* $OpenBSD: obj_lib.c,v 1.16 2022/01/07 11:13:54 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -64,6 +64,8 @@ #include #include +#include "asn1_locl.h" + ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o) { diff --git a/crypto/ocsp/ocsp_asn.c b/crypto/ocsp/ocsp_asn.c index bb58ca79..3f00fca1 100644 --- a/crypto/ocsp/ocsp_asn.c +++ b/crypto/ocsp/ocsp_asn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_asn.c,v 1.9 2016/11/04 18:35:30 jsing Exp $ */ +/* $OpenBSD: ocsp_asn.c,v 1.10 2022/01/07 09:45:52 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -59,6 +59,8 @@ #include #include +#include "ocsp_local.h" + static const ASN1_TEMPLATE OCSP_SIGNATURE_seq_tt[] = { { .flags = 0, diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index cb5a2f3d..bcc484c3 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_cl.c,v 1.17 2020/10/09 17:19:35 tb Exp $ */ +/* $OpenBSD: ocsp_cl.c,v 1.21 2022/01/07 09:45:52 tb Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -71,6 +71,8 @@ #include #include +#include "ocsp_local.h" + /* Utility functions related to sending OCSP requests and extracting * relevant information from the response. */ @@ -86,7 +88,7 @@ OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) if ((one = OCSP_ONEREQ_new()) == NULL) goto err; if (req != NULL) { - if (!sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) + if (!sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) goto err; } OCSP_CERTID_free(one->reqCert); @@ -136,7 +138,7 @@ OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) if (!sk_X509_push(sig->certs, cert)) return 0; - CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(cert); return 1; } @@ -233,6 +235,55 @@ OCSP_resp_get0(OCSP_BASICRESP *bs, int idx) return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx); } +const ASN1_GENERALIZEDTIME * +OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs) +{ + return bs->tbsResponseData->producedAt; +} + +const STACK_OF(X509) * +OCSP_resp_get0_certs(const OCSP_BASICRESP *bs) +{ + return bs->certs; +} + +int +OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING **pid, + const X509_NAME **pname) +{ + const OCSP_RESPID *rid = bs->tbsResponseData->responderId; + + if (rid->type == V_OCSP_RESPID_NAME) { + *pname = rid->value.byName; + *pid = NULL; + } else if (rid->type == V_OCSP_RESPID_KEY) { + *pid = rid->value.byKey; + *pname = NULL; + } else { + return 0; + } + + return 1; +} + +const ASN1_OCTET_STRING * +OCSP_resp_get0_signature(const OCSP_BASICRESP *bs) +{ + return bs->signature; +} + +const X509_ALGOR * +OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs) +{ + return bs->signatureAlgorithm; +} + +const OCSP_RESPDATA * +OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs) +{ + return bs->tbsResponseData; +} + /* Look single response matching a given certificate ID */ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) diff --git a/crypto/ocsp/ocsp_err.c b/crypto/ocsp/ocsp_err.c index 9e3237f6..7cf5b7e8 100644 --- a/crypto/ocsp/ocsp_err.c +++ b/crypto/ocsp/ocsp_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_err.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ocsp_err.c,v 1.9 2022/07/12 14:42:49 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0) diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index eb51cfbf..1400ad70 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_ext.c,v 1.18 2018/05/14 23:47:10 tb Exp $ */ +/* $OpenBSD: ocsp_ext.c,v 1.20 2022/01/07 09:45:52 tb Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -70,6 +70,9 @@ #include #include +#include "ocsp_local.h" +#include "x509_lcl.h" + /* Standard wrapper functions for extensions */ /* OCSP request extensions */ diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 53d51602..09bccc0c 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_lib.c,v 1.23 2018/08/24 20:03:21 tb Exp $ */ +/* $OpenBSD: ocsp_lib.c,v 1.25 2022/01/22 00:31:23 inoguchi Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -74,6 +74,8 @@ #include #include +#include "ocsp_local.h" + /* Convert a certificate and its issuer to an OCSP_CERTID */ OCSP_CERTID * @@ -94,7 +96,9 @@ OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, const X509 *issuer) iname = X509_get_subject_name(issuer); serial = NULL; } - ikey = X509_get0_pubkey_bitstr(issuer); + if ((ikey = X509_get0_pubkey_bitstr(issuer)) == NULL) + return NULL; + return OCSP_cert_id_new(dgst, iname, ikey, serial); } diff --git a/crypto/ocsp/ocsp_local.h b/crypto/ocsp/ocsp_local.h new file mode 100644 index 00000000..bd933b19 --- /dev/null +++ b/crypto/ocsp/ocsp_local.h @@ -0,0 +1,291 @@ +/* $OpenBSD: ocsp_local.h,v 1.2 2022/01/14 08:32:26 tb Exp $ */ +/* Written by Tom Titchener for the OpenSSL + * project. */ + +/* History: + This file was transfered to Richard Levitte from CertCo by Kathy + Weinhold in mid-spring 2000 to be included in OpenSSL or released + as a patch kit. */ + +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_OCSP_LOCAL_H +#define HEADER_OCSP_LOCAL_H + +__BEGIN_HIDDEN_DECLS + +/* CertID ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier, + * issuerNameHash OCTET STRING, -- Hash of Issuer's DN + * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) + * serialNumber CertificateSerialNumber } + */ +struct ocsp_cert_id_st { + X509_ALGOR *hashAlgorithm; + ASN1_OCTET_STRING *issuerNameHash; + ASN1_OCTET_STRING *issuerKeyHash; + ASN1_INTEGER *serialNumber; +} /* OCSP_CERTID */; + +/* Request ::= SEQUENCE { + * reqCert CertID, + * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } + */ +struct ocsp_one_request_st { + OCSP_CERTID *reqCert; + STACK_OF(X509_EXTENSION) *singleRequestExtensions; +} /* OCSP_ONEREQ */; + +/* TBSRequest ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1, + * requestorName [1] EXPLICIT GeneralName OPTIONAL, + * requestList SEQUENCE OF Request, + * requestExtensions [2] EXPLICIT Extensions OPTIONAL } + */ +struct ocsp_req_info_st { + ASN1_INTEGER *version; + GENERAL_NAME *requestorName; + STACK_OF(OCSP_ONEREQ) *requestList; + STACK_OF(X509_EXTENSION) *requestExtensions; +} /* OCSP_REQINFO */; + +/* Signature ::= SEQUENCE { + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING, + * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + */ +struct ocsp_signature_st { + X509_ALGOR *signatureAlgorithm; + ASN1_BIT_STRING *signature; + STACK_OF(X509) *certs; +} /* OCSP_SIGNATURE */; + +/* OCSPRequest ::= SEQUENCE { + * tbsRequest TBSRequest, + * optionalSignature [0] EXPLICIT Signature OPTIONAL } + */ +struct ocsp_request_st { + OCSP_REQINFO *tbsRequest; + OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ +} /* OCSP_REQUEST */; + +/* OCSPResponseStatus ::= ENUMERATED { + * successful (0), --Response has valid confirmations + * malformedRequest (1), --Illegal confirmation request + * internalError (2), --Internal error in issuer + * tryLater (3), --Try again later + * --(4) is not used + * sigRequired (5), --Must sign the request + * unauthorized (6) --Request unauthorized + * } + */ + +/* ResponseBytes ::= SEQUENCE { + * responseType OBJECT IDENTIFIER, + * response OCTET STRING } + */ +struct ocsp_resp_bytes_st { + ASN1_OBJECT *responseType; + ASN1_OCTET_STRING *response; +} /* OCSP_RESPBYTES */; + +/* OCSPResponse ::= SEQUENCE { + * responseStatus OCSPResponseStatus, + * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } + */ +struct ocsp_response_st { + ASN1_ENUMERATED *responseStatus; + OCSP_RESPBYTES *responseBytes; +}; + +/* ResponderID ::= CHOICE { + * byName [1] Name, + * byKey [2] KeyHash } + */ +struct ocsp_responder_id_st { + int type; + union { + X509_NAME* byName; + ASN1_OCTET_STRING *byKey; + } value; +}; + +/* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key + * --(excluding the tag and length fields) + */ + +/* RevokedInfo ::= SEQUENCE { + * revocationTime GeneralizedTime, + * revocationReason [0] EXPLICIT CRLReason OPTIONAL } + */ +struct ocsp_revoked_info_st { + ASN1_GENERALIZEDTIME *revocationTime; + ASN1_ENUMERATED *revocationReason; +} /* OCSP_REVOKEDINFO */; + +/* CertStatus ::= CHOICE { + * good [0] IMPLICIT NULL, + * revoked [1] IMPLICIT RevokedInfo, + * unknown [2] IMPLICIT UnknownInfo } + */ +struct ocsp_cert_status_st { + int type; + union { + ASN1_NULL *good; + OCSP_REVOKEDINFO *revoked; + ASN1_NULL *unknown; + } value; +} /* OCSP_CERTSTATUS */; + +/* SingleResponse ::= SEQUENCE { + * certID CertID, + * certStatus CertStatus, + * thisUpdate GeneralizedTime, + * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, + * singleExtensions [1] EXPLICIT Extensions OPTIONAL } + */ +struct ocsp_single_response_st { + OCSP_CERTID *certId; + OCSP_CERTSTATUS *certStatus; + ASN1_GENERALIZEDTIME *thisUpdate; + ASN1_GENERALIZEDTIME *nextUpdate; + STACK_OF(X509_EXTENSION) *singleExtensions; +} /* OCSP_SINGLERESP */; + +/* ResponseData ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1, + * responderID ResponderID, + * producedAt GeneralizedTime, + * responses SEQUENCE OF SingleResponse, + * responseExtensions [1] EXPLICIT Extensions OPTIONAL } + */ +struct ocsp_response_data_st { + ASN1_INTEGER *version; + OCSP_RESPID *responderId; + ASN1_GENERALIZEDTIME *producedAt; + STACK_OF(OCSP_SINGLERESP) *responses; + STACK_OF(X509_EXTENSION) *responseExtensions; +} /* OCSP_RESPDATA */; + +/* BasicOCSPResponse ::= SEQUENCE { + * tbsResponseData ResponseData, + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING, + * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + */ + /* Note 1: + The value for "signature" is specified in the OCSP rfc2560 as follows: + "The value for the signature SHALL be computed on the hash of the DER + encoding ResponseData." This means that you must hash the DER-encoded + tbsResponseData, and then run it through a crypto-signing function, which + will (at least w/RSA) do a hash-'n'-private-encrypt operation. This seems + a bit odd, but that's the spec. Also note that the data structures do not + leave anywhere to independently specify the algorithm used for the initial + hash. So, we look at the signature-specification algorithm, and try to do + something intelligent. -- Kathy Weinhold, CertCo */ + /* Note 2: + It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open + for interpretation. I've done tests against another responder, and found + that it doesn't do the double hashing that the RFC seems to say one + should. Therefore, all relevant functions take a flag saying which + variant should be used. -- Richard Levitte, OpenSSL team and CeloCom */ +struct ocsp_basic_response_st { + OCSP_RESPDATA *tbsResponseData; + X509_ALGOR *signatureAlgorithm; + ASN1_BIT_STRING *signature; + STACK_OF(X509) *certs; +} /* OCSP_BASICRESP */; + +/* CrlID ::= SEQUENCE { + * crlUrl [0] EXPLICIT IA5String OPTIONAL, + * crlNum [1] EXPLICIT INTEGER OPTIONAL, + * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } + */ +struct ocsp_crl_id_st { + ASN1_IA5STRING *crlUrl; + ASN1_INTEGER *crlNum; + ASN1_GENERALIZEDTIME *crlTime; +} /* OCSP_CRLID */; + +/* ServiceLocator ::= SEQUENCE { + * issuer Name, + * locator AuthorityInfoAccessSyntax OPTIONAL } + */ +struct ocsp_service_locator_st { + X509_NAME* issuer; + STACK_OF(ACCESS_DESCRIPTION) *locator; +} /* OCSP_SERVICELOC */; + +#define OCSP_REQUEST_sign(o,pkey,md) \ + ASN1_item_sign(&OCSP_REQINFO_it, \ + (o)->optionalSignature->signatureAlgorithm, NULL, \ + (o)->optionalSignature->signature,o->tbsRequest, (pkey), (md)) + +#define OCSP_BASICRESP_sign(o,pkey,md,d) \ + ASN1_item_sign(&OCSP_RESPDATA_it,o->signatureAlgorithm,NULL, \ + (o)->signature,(o)->tbsResponseData,(pkey),(md)) + +#define OCSP_REQUEST_verify(a,r) \ + ASN1_item_verify(&OCSP_REQINFO_it, \ + (a)->optionalSignature->signatureAlgorithm, \ + (a)->optionalSignature->signature, (a)->tbsRequest, (r)) + +#define OCSP_BASICRESP_verify(a,r,d) \ + ASN1_item_verify(&OCSP_RESPDATA_it, \ + (a)->signatureAlgorithm, (a)->signature, (a)->tbsResponseData, (r)) + +__END_HIDDEN_DECLS + +#endif /* !HEADER_OCSP_LOCAL_H */ diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c index 37d033ad..fecd14bb 100644 --- a/crypto/ocsp/ocsp_prn.c +++ b/crypto/ocsp/ocsp_prn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_prn.c,v 1.8 2015/07/16 02:16:19 miod Exp $ */ +/* $OpenBSD: ocsp_prn.c,v 1.9 2022/01/07 09:45:52 tb Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -66,6 +66,8 @@ #include #include +#include "ocsp_local.h" + static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent) { diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index a9e0aaab..d2352070 100644 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_srv.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ocsp_srv.c,v 1.12 2022/01/07 09:45:52 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -65,6 +65,8 @@ #include #include +#include "ocsp_local.h" + /* Utility functions related to sending OCSP responses and extracting * relevant information from the request. */ @@ -213,7 +215,7 @@ OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert) if (!sk_X509_push(resp->certs, cert)) return 0; - CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(cert); return 1; } diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index ebdd8268..0da402fd 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_vfy.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ocsp_vfy.c,v 1.21 2022/01/22 00:33:02 inoguchi Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -60,6 +60,9 @@ #include #include +#include "ocsp_local.h" +#include "x509_lcl.h" + static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags); static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); @@ -94,10 +97,9 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, if (!(flags & OCSP_NOSIGS)) { EVP_PKEY *skey; - skey = X509_get_pubkey(signer); + skey = X509_get0_pubkey(signer); if (skey) { ret = OCSP_BASICRESP_verify(bs, skey, 0); - EVP_PKEY_free(skey); } if (!skey || ret <= 0) { OCSPerror(OCSP_R_SIGNATURE_FAILURE); @@ -118,8 +120,11 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, goto end; } } - } else + } else if (certs != NULL) { + untrusted = certs; + } else { untrusted = bs->certs; + } init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted); if (!init_res) { ret = -1; @@ -179,6 +184,13 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, return ret; } +int +OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs) +{ + return ocsp_find_signer(signer, bs, extra_certs, NULL, 0) > 0; +} + static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags) @@ -395,9 +407,9 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, if (!(flags & OCSP_NOSIGS)) { EVP_PKEY *skey; - skey = X509_get_pubkey(signer); + if ((skey = X509_get0_pubkey(signer)) == NULL) + return 0; ret = OCSP_REQUEST_verify(req, skey); - EVP_PKEY_free(skey); if (ret <= 0) { OCSPerror(OCSP_R_SIGNATURE_FAILURE); return 0; diff --git a/crypto/pem/pem_err.c b/crypto/pem/pem_err.c index 8d3c278b..d817caff 100644 --- a/crypto/pem/pem_err.c +++ b/crypto/pem/pem_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_err.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: pem_err.c,v 1.13 2022/07/12 14:42:50 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0) diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index 33c1de43..aecdbb2e 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_info.c,v 1.24 2020/07/25 11:53:37 schwarze Exp $ */ +/* $OpenBSD: pem_info.c,v 1.25 2021/12/12 21:30:14 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -75,6 +75,8 @@ #include #endif +#include "evp_locl.h" + STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index f0126790..7076023e 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_lib.c,v 1.49 2019/09/06 17:41:05 jsing Exp $ */ +/* $OpenBSD: pem_lib.c,v 1.51 2022/07/31 09:48:27 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -79,6 +79,7 @@ #endif #include "asn1_locl.h" +#include "evp_locl.h" #define MIN_LENGTH 4 @@ -607,8 +608,7 @@ PEM_write_bio(BIO *bp, const char *name, const char *header, (BIO_write(bp, "-----\n", 6) != 6)) goto err; - i = strlen(header); - if (i > 0) { + if (header != NULL && (i = strlen(header)) > 0) { if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1)) goto err; diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 89181a25..2e580039 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_pkey.c,v 1.23 2017/05/02 03:59:44 deraadt Exp $ */ +/* $OpenBSD: pem_pkey.c,v 1.25 2021/12/24 12:59:18 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -74,6 +74,7 @@ #endif #include "asn1_locl.h" +#include "evp_locl.h" int pem_check_suffix(const char *pem_str, const char *suffix); @@ -151,12 +152,21 @@ int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb, void *u) { - char pem_str[80]; - - if (!x->ameth || x->ameth->priv_encode) + if (x->ameth == NULL || x->ameth->priv_encode != NULL) return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, (char *)kstr, klen, cb, u); + return PEM_write_bio_PrivateKey_traditional(bp, x, enc, kstr, klen, cb, + u); +} + +int +PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, + const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb, + void *u) +{ + char pem_str[80]; + (void) snprintf(pem_str, sizeof(pem_str), "%s PRIVATE KEY", x->ameth->pem_str); return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, diff --git a/crypto/pem/pem_xaux.c b/crypto/pem/pem_xaux.c index 0dd81523..68a78517 100644 --- a/crypto/pem/pem_xaux.c +++ b/crypto/pem/pem_xaux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_xaux.c,v 1.9 2016/09/04 16:10:38 jsing Exp $ */ +/* $OpenBSD: pem_xaux.c,v 1.10 2021/10/31 16:28:50 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -92,31 +92,3 @@ PEM_write_bio_X509_AUX(BIO *bp, X509 *x) return PEM_ASN1_write_bio((i2d_of_void *)i2d_X509_AUX, PEM_STRING_X509_TRUSTED, bp, x, NULL, NULL, 0, NULL, NULL); } - -X509_CERT_PAIR * -PEM_read_X509_CERT_PAIR(FILE *fp, X509_CERT_PAIR **x, pem_password_cb *cb, void *u) -{ - return PEM_ASN1_read((d2i_of_void *)d2i_X509_CERT_PAIR, PEM_STRING_X509_PAIR, fp, - (void **)x, cb, u); -} - -int -PEM_write_X509_CERT_PAIR(FILE *fp, X509_CERT_PAIR *x) -{ - return PEM_ASN1_write((i2d_of_void *)i2d_X509_CERT_PAIR, PEM_STRING_X509_PAIR, fp, - x, NULL, NULL, 0, NULL, NULL); -} - -X509_CERT_PAIR * -PEM_read_bio_X509_CERT_PAIR(BIO *bp, X509_CERT_PAIR **x, pem_password_cb *cb, void *u) -{ - return PEM_ASN1_read_bio((d2i_of_void *)d2i_X509_CERT_PAIR, PEM_STRING_X509_PAIR, bp, - (void **)x, cb, u); -} - -int -PEM_write_bio_X509_CERT_PAIR(BIO *bp, X509_CERT_PAIR *x) -{ - return PEM_ASN1_write_bio((i2d_of_void *)i2d_X509_CERT_PAIR, PEM_STRING_X509_PAIR, bp, - x, NULL, NULL, 0, NULL, NULL); -} diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index abb7f7ee..dffe1a36 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pvkfmt.c,v 1.22 2019/07/08 11:56:18 inoguchi Exp $ */ +/* $OpenBSD: pvkfmt.c,v 1.25 2022/01/07 09:55:31 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ @@ -74,6 +74,9 @@ #include #include "bn_lcl.h" +#include "dsa_locl.h" +#include "evp_locl.h" +#include "rsa_locl.h" /* Utility function: read a DWORD (4 byte unsigned integer) in little endian * format diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c index 08bb75d3..a7b8c1ea 100644 --- a/crypto/pkcs12/p12_add.c +++ b/crypto/pkcs12/p12_add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_add.c,v 1.17 2018/05/13 14:24:07 tb Exp $ */ +/* $OpenBSD: p12_add.c,v 1.20 2022/09/11 17:30:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -61,6 +61,8 @@ #include #include +#include "pkcs12_local.h" + /* Pack an object into an OCTET STRING and turn into a safebag */ PKCS12_SAFEBAG * @@ -89,54 +91,6 @@ PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2) return safebag; } -/* Turn PKCS8 object into a keybag */ - -PKCS12_SAFEBAG * -PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) -{ - PKCS12_SAFEBAG *bag; - - if (!(bag = PKCS12_SAFEBAG_new())) { - PKCS12error(ERR_R_MALLOC_FAILURE); - return NULL; - } - bag->type = OBJ_nid2obj(NID_keyBag); - bag->value.keybag = p8; - return bag; -} - -/* Turn PKCS8 object into a shrouded keybag */ - -PKCS12_SAFEBAG * -PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8) -{ - PKCS12_SAFEBAG *bag; - const EVP_CIPHER *pbe_ciph; - - /* Set up the safe bag */ - if (!(bag = PKCS12_SAFEBAG_new())) { - PKCS12error(ERR_R_MALLOC_FAILURE); - return NULL; - } - - bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); - - pbe_ciph = EVP_get_cipherbynid(pbe_nid); - - if (pbe_ciph) - pbe_nid = -1; - - if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, - passlen, salt, saltlen, iter, p8))) { - PKCS12error(ERR_R_MALLOC_FAILURE); - PKCS12_SAFEBAG_free(bag); - return NULL; - } - - return bag; -} - /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ PKCS7 * PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) diff --git a/crypto/pkcs12/p12_asn.c b/crypto/pkcs12/p12_asn.c index 3baf8f43..f8239eac 100644 --- a/crypto/pkcs12/p12_asn.c +++ b/crypto/pkcs12/p12_asn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_asn.c,v 1.9 2015/07/25 17:08:40 jsing Exp $ */ +/* $OpenBSD: p12_asn.c,v 1.12 2022/08/20 09:16:18 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -61,6 +61,8 @@ #include #include +#include "pkcs12_local.h" + /* PKCS#12 ASN1 module */ static const ASN1_TEMPLATE PKCS12_seq_tt[] = { @@ -230,7 +232,6 @@ static const ASN1_ADB_TABLE PKCS12_BAGS_adbtbl[] = { static const ASN1_ADB PKCS12_BAGS_adb = { .flags = 0, .offset = offsetof(PKCS12_BAGS, type), - .app_items = 0, .tbl = PKCS12_BAGS_adbtbl, .tblcount = sizeof(PKCS12_BAGS_adbtbl) / sizeof(ASN1_ADB_TABLE), .default_tt = &bag_default_tt, @@ -324,7 +325,7 @@ static const ASN1_ADB_TABLE PKCS12_SAFEBAG_adbtbl[] = { { .value = NID_safeContentsBag, .tt = { - .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SET_OF, + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF, .tag = 0, .offset = offsetof(PKCS12_SAFEBAG, value.safes), .field_name = "value.safes", @@ -369,7 +370,6 @@ static const ASN1_ADB_TABLE PKCS12_SAFEBAG_adbtbl[] = { static const ASN1_ADB PKCS12_SAFEBAG_adb = { .flags = 0, .offset = offsetof(PKCS12_SAFEBAG, type), - .app_items = 0, .tbl = PKCS12_SAFEBAG_adbtbl, .tblcount = sizeof(PKCS12_SAFEBAG_adbtbl) / sizeof(ASN1_ADB_TABLE), .default_tt = &safebag_default_tt, diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c index e8e340a2..989a1476 100644 --- a/crypto/pkcs12/p12_attr.c +++ b/crypto/pkcs12/p12_attr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_attr.c,v 1.13 2021/07/09 14:07:59 tb Exp $ */ +/* $OpenBSD: p12_attr.c,v 1.17 2022/08/20 09:16:18 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -60,6 +60,9 @@ #include +#include "pkcs12_local.h" +#include "x509_lcl.h" + /* Add a local keyid to a safebag */ int @@ -127,12 +130,8 @@ PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) return NULL; for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) { attrib = sk_X509_ATTRIBUTE_value(attrs, i); - if (OBJ_obj2nid(attrib->object) == attr_nid) { - if (sk_ASN1_TYPE_num(attrib->value.set)) - return sk_ASN1_TYPE_value(attrib->value.set, 0); - else - return NULL; - } + if (OBJ_obj2nid(attrib->object) == attr_nid) + return sk_ASN1_TYPE_value(attrib->set, 0); } return NULL; } @@ -140,12 +139,18 @@ PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) char * PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag) { - ASN1_TYPE *atype; + const ASN1_TYPE *atype; - if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) + if (!(atype = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName))) return NULL; if (atype->type != V_ASN1_BMPSTRING) return NULL; return OPENSSL_uni2asc(atype->value.bmpstring->data, atype->value.bmpstring->length); } + +const STACK_OF(X509_ATTRIBUTE) * +PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag) +{ + return bag->attrib; +} diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index f8ba3357..794b749f 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_crt.c,v 1.18 2018/05/13 13:46:55 tb Exp $ */ +/* $OpenBSD: p12_crt.c,v 1.20 2022/08/20 09:16:18 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -61,6 +61,8 @@ #include #include +#include "pkcs12_local.h" + static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); @@ -232,12 +234,12 @@ PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage, if (key_usage && !PKCS8_add_keyusage(p8, key_usage)) goto err; if (nid_key != -1) { - bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, - iter, p8); + bag = PKCS12_SAFEBAG_create_pkcs8_encrypt(nid_key, pass, -1, + NULL, 0, iter, p8); PKCS8_PRIV_KEY_INFO_free(p8); p8 = NULL; } else { - bag = PKCS12_MAKE_KEYBAG(p8); + bag = PKCS12_SAFEBAG_create0_p8inf(p8); if (bag != NULL) p8 = NULL; } diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c index 8ac7f17c..c352ba56 100644 --- a/crypto/pkcs12/p12_decr.c +++ b/crypto/pkcs12/p12_decr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_decr.c,v 1.20 2021/07/09 14:08:00 tb Exp $ */ +/* $OpenBSD: p12_decr.c,v 1.21 2021/12/12 21:30:14 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -62,6 +62,8 @@ #include #include +#include "evp_locl.h" + /* Encrypt/Decrypt a buffer based on password and algor, result in a * malloc'ed buffer */ diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c index 637c430b..e305bde1 100644 --- a/crypto/pkcs12/p12_init.c +++ b/crypto/pkcs12/p12_init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_init.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p12_init.c,v 1.14 2022/08/20 09:16:18 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -61,6 +61,8 @@ #include #include +#include "pkcs12_local.h" + /* Initialise a PKCS12 structure to take data */ PKCS12 * @@ -72,8 +74,10 @@ PKCS12_init(int mode) PKCS12error(ERR_R_MALLOC_FAILURE); return NULL; } - ASN1_INTEGER_set(pkcs12->version, 3); - pkcs12->authsafes->type = OBJ_nid2obj(mode); + if (!ASN1_INTEGER_set(pkcs12->version, 3)) + goto err; + if ((pkcs12->authsafes->type = OBJ_nid2obj(mode)) == NULL) + goto err; switch (mode) { case NID_pkcs7_data: if (!(pkcs12->authsafes->d.data = diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c index 28879481..d226525b 100644 --- a/crypto/pkcs12/p12_key.c +++ b/crypto/pkcs12/p12_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_key.c,v 1.27 2021/07/09 14:08:00 tb Exp $ */ +/* $OpenBSD: p12_key.c,v 1.31 2022/07/30 11:27:06 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -63,6 +63,8 @@ #include #include +#include "evp_locl.h" + /* PKCS12 compatible key/IV generation */ #ifndef min #define min(a,b) ((a) < (b) ? (a) : (b)) @@ -97,50 +99,63 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type) { - unsigned char *B, *D, *I, *p, *Ai; - int Slen, Plen, Ilen, Ijlen; + EVP_MD_CTX *ctx = NULL; + unsigned char *B = NULL, *D = NULL, *I = NULL, *Ai = NULL; + unsigned char *p; + int Slen, Plen, Ilen; int i, j, u, v; int ret = 0; - BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ - EVP_MD_CTX ctx; - v = EVP_MD_block_size(md_type); - u = EVP_MD_size(md_type); - if (u < 0) - return 0; + if ((ctx = EVP_MD_CTX_new()) == NULL) + goto err; + + if ((v = EVP_MD_block_size(md_type)) <= 0) + goto err; + if ((u = EVP_MD_size(md_type)) <= 0) + goto err; + + if ((D = malloc(v)) == NULL) + goto err; + if ((Ai = malloc(u)) == NULL) + goto err; + if ((B = malloc(v + 1)) == NULL) + goto err; - EVP_MD_CTX_init(&ctx); - D = malloc(v); - Ai = malloc(u); - B = malloc(v + 1); Slen = v * ((saltlen + v - 1) / v); + + Plen = 0; if (passlen) - Plen = v * ((passlen + v - 1)/v); - else - Plen = 0; + Plen = v * ((passlen + v - 1) / v); + Ilen = Slen + Plen; - I = malloc(Ilen); - Ij = BN_new(); - Bpl1 = BN_new(); - if (!D || !Ai || !B || !I || !Ij || !Bpl1) + + if ((I = malloc(Ilen)) == NULL) goto err; + for (i = 0; i < v; i++) D[i] = id; + p = I; for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen]; for (i = 0; i < Plen; i++) *p++ = pass[i % passlen]; + for (;;) { - if (!EVP_DigestInit_ex(&ctx, md_type, NULL) || - !EVP_DigestUpdate(&ctx, D, v) || - !EVP_DigestUpdate(&ctx, I, Ilen) || - !EVP_DigestFinal_ex(&ctx, Ai, NULL)) + if (!EVP_DigestInit_ex(ctx, md_type, NULL)) + goto err; + if (!EVP_DigestUpdate(ctx, D, v)) + goto err; + if (!EVP_DigestUpdate(ctx, I, Ilen)) + goto err; + if (!EVP_DigestFinal_ex(ctx, Ai, NULL)) goto err; for (j = 1; j < iter; j++) { - if (!EVP_DigestInit_ex(&ctx, md_type, NULL) || - !EVP_DigestUpdate(&ctx, Ai, u) || - !EVP_DigestFinal_ex(&ctx, Ai, NULL)) + if (!EVP_DigestInit_ex(ctx, md_type, NULL)) + goto err; + if (!EVP_DigestUpdate(ctx, Ai, u)) + goto err; + if (!EVP_DigestFinal_ex(ctx, Ai, NULL)) goto err; } memcpy(out, Ai, min(n, u)); @@ -152,46 +167,29 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, out += u; for (j = 0; j < v; j++) B[j] = Ai[j % u]; - /* Work out B + 1 first then can use B as tmp space */ - if (!BN_bin2bn(B, v, Bpl1)) - goto err; - if (!BN_add_word(Bpl1, 1)) - goto err; + for (j = 0; j < Ilen; j += v) { - if (!BN_bin2bn(I + j, v, Ij)) - goto err; - if (!BN_add(Ij, Ij, Bpl1)) - goto err; - if (!BN_bn2bin(Ij, B)) - goto err; - Ijlen = BN_num_bytes(Ij); - /* If more than 2^(v*8) - 1 cut off MSB */ - if (Ijlen > v) { - if (!BN_bn2bin(Ij, B)) - goto err; - memcpy(I + j, B + 1, v); -#ifndef PKCS12_BROKEN_KEYGEN - /* If less than v bytes pad with zeroes */ - } else if (Ijlen < v) { - memset(I + j, 0, v - Ijlen); - if (!BN_bn2bin(Ij, I + j + v - Ijlen)) - goto err; -#endif - } else if (!BN_bn2bin(Ij, I + j)) - goto err; + uint16_t c = 1; + int k; + + /* Work out I[j] = I[j] + B + 1. */ + for (k = v - 1; k >= 0; k--) { + c += I[j + k] + B[k]; + I[j + k] = (unsigned char)c; + c >>= 8; + } } } -err: + err: PKCS12error(ERR_R_MALLOC_FAILURE); -end: + end: free(Ai); free(B); free(D); free(I); - BN_free(Ij); - BN_free(Bpl1); - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_free(ctx); + return ret; } diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index 54a80926..f7551856 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_kiss.c,v 1.21 2021/07/09 14:08:00 tb Exp $ */ +/* $OpenBSD: p12_kiss.c,v 1.25 2022/08/20 09:16:18 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -61,6 +61,8 @@ #include #include +#include "pkcs12_local.h" + /* Simplified PKCS#12 routines */ static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, @@ -84,18 +86,17 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, { STACK_OF(X509) *ocerts = NULL; X509 *x = NULL; - /* Check for NULL PKCS12 structure */ - - if (!p12) { - PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER); - return 0; - } - if (pkey) + if (pkey != NULL) *pkey = NULL; - if (cert) + if (cert != NULL) *cert = NULL; + if (p12 == NULL) { + PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER); + goto err; + } + /* Check the mac */ /* If password is zero length or NULL then try verifying both cases @@ -104,7 +105,7 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, * password are two different things... */ - if (!pass || !*pass) { + if (pass == NULL || *pass == '\0') { if (PKCS12_verify_mac(p12, NULL, 0)) pass = NULL; else if (PKCS12_verify_mac(p12, "", 0)) @@ -119,10 +120,9 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, } /* Allocate stack for other certificates */ - ocerts = sk_X509_new_null(); - if (!ocerts) { + if ((ocerts = sk_X509_new_null()) == NULL) { PKCS12error(ERR_R_MALLOC_FAILURE); - return 0; + goto err; } if (!parse_pk12(p12, pass, -1, pkey, ocerts)) { @@ -130,8 +130,9 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, goto err; } - while ((x = sk_X509_pop(ocerts))) { - if (pkey && *pkey && cert && !*cert) { + while ((x = sk_X509_pop(ocerts)) != NULL) { + if (pkey != NULL && *pkey != NULL && + cert != NULL && *cert == NULL) { ERR_set_mark(); if (X509_check_private_key(x, *pkey)) { *cert = x; @@ -140,31 +141,31 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, ERR_pop_to_mark(); } - if (ca && x) { - if (!*ca) + if (ca != NULL && x != NULL) { + if (*ca == NULL) *ca = sk_X509_new_null(); - if (!*ca) + if (*ca == NULL) goto err; if (!sk_X509_push(*ca, x)) goto err; x = NULL; } X509_free(x); + x = NULL; } - if (ocerts) - sk_X509_pop_free(ocerts, X509_free); + sk_X509_pop_free(ocerts, X509_free); return 1; err: - if (pkey && *pkey) + if (pkey != NULL) EVP_PKEY_free(*pkey); - if (cert) + if (cert != NULL) X509_free(*cert); X509_free(x); - if (ocerts) - sk_X509_pop_free(ocerts, X509_free); + sk_X509_pop_free(ocerts, X509_free); + return 0; } @@ -225,14 +226,14 @@ parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey, { PKCS8_PRIV_KEY_INFO *p8; X509 *x509; - ASN1_TYPE *attrib; + const ASN1_TYPE *attrib; ASN1_BMPSTRING *fname = NULL; ASN1_OCTET_STRING *lkid = NULL; - if ((attrib = PKCS12_get_attr(bag, NID_friendlyName))) + if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName))) fname = attrib->value.bmpstring; - if ((attrib = PKCS12_get_attr(bag, NID_localKeyID))) + if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID))) lkid = attrib->value.octet_string; switch (OBJ_obj2nid(bag->type)) { @@ -265,7 +266,7 @@ parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey, } if (fname) { int len, r; - unsigned char *data; + unsigned char *data = NULL; len = ASN1_STRING_to_UTF8(&data, fname); if (len >= 0) { r = X509_alias_set1(x509, data, len); diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index d45ab078..b1aafe9b 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_mutl.c,v 1.24 2021/07/09 14:08:00 tb Exp $ */ +/* $OpenBSD: p12_mutl.c,v 1.32 2022/08/20 09:16:18 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -68,53 +68,104 @@ #include #include +#include "evp_locl.h" +#include "hmac_local.h" +#include "pkcs12_local.h" +#include "x509_lcl.h" + +int +PKCS12_mac_present(const PKCS12 *p12) +{ + return p12->mac != NULL; +} + +void +PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, const X509_ALGOR **pmacalg, + const ASN1_OCTET_STRING **psalt, const ASN1_INTEGER **piter, + const PKCS12 *p12) +{ + if (p12->mac == NULL) { + if (pmac != NULL) + *pmac = NULL; + if (pmacalg != NULL) + *pmacalg = NULL; + if (psalt != NULL) + *psalt = NULL; + if (piter != NULL) + *piter = NULL; + return; + } + + if (pmac != NULL) + *pmac = p12->mac->dinfo->digest; + if (pmacalg != NULL) + *pmacalg = p12->mac->dinfo->algor; + if (psalt != NULL) + *psalt = p12->mac->salt; + if (piter != NULL) + *piter = p12->mac->iter; +} + /* Generate a MAC */ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *mac, unsigned int *maclen) { const EVP_MD *md_type; - HMAC_CTX hmac; + HMAC_CTX *hmac = NULL; unsigned char key[EVP_MAX_MD_SIZE], *salt; int saltlen, iter; int md_size; + int ret = 0; if (!PKCS7_type_is_data(p12->authsafes)) { PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA); - return 0; + goto err; } salt = p12->mac->salt->data; saltlen = p12->mac->salt->length; - if (!p12->mac->iter) - iter = 1; - else if ((iter = ASN1_INTEGER_get(p12->mac->iter)) <= 0) { - PKCS12error(PKCS12_R_DECODE_ERROR); - return 0; + + iter = 1; + if (p12->mac->iter != NULL) { + if ((iter = ASN1_INTEGER_get(p12->mac->iter)) <= 0) { + PKCS12error(PKCS12_R_DECODE_ERROR); + goto err; + } } - if (!(md_type = EVP_get_digestbyobj( - p12->mac->dinfo->algor->algorithm))) { + + md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm); + if (md_type == NULL) { PKCS12error(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); - return 0; + goto err; } - md_size = EVP_MD_size(md_type); - if (md_size < 0) - return 0; + + if ((md_size = EVP_MD_size(md_type)) < 0) + goto err; + if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, md_size, key, md_type)) { PKCS12error(PKCS12_R_KEY_GEN_ERROR); - return 0; + goto err; } - HMAC_CTX_init(&hmac); - if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL) || - !HMAC_Update(&hmac, p12->authsafes->d.data->data, - p12->authsafes->d.data->length) || - !HMAC_Final(&hmac, mac, maclen)) { - HMAC_CTX_cleanup(&hmac); - return 0; - } - HMAC_CTX_cleanup(&hmac); - return 1; + + if ((hmac = HMAC_CTX_new()) == NULL) + goto err; + if (!HMAC_Init_ex(hmac, key, md_size, md_type, NULL)) + goto err; + if (!HMAC_Update(hmac, p12->authsafes->d.data->data, + p12->authsafes->d.data->length)) + goto err; + if (!HMAC_Final(hmac, mac, maclen)) + goto err; + + ret = 1; + + err: + explicit_bzero(key, sizeof(key)); + HMAC_CTX_free(hmac); + + return ret; } /* Verify the mac */ @@ -170,7 +221,8 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, const EVP_MD *md_type) { - if (!(p12->mac = PKCS12_MAC_DATA_new())) + PKCS12_MAC_DATA_free(p12->mac); + if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL) return PKCS12_ERROR; if (iter > 1) { if (!(p12->mac->iter = ASN1_INTEGER_new())) { diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c index d6b12eda..7141e3ce 100644 --- a/crypto/pkcs12/p12_npas.c +++ b/crypto/pkcs12/p12_npas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_npas.c,v 1.13 2018/05/13 14:22:34 tb Exp $ */ +/* $OpenBSD: p12_npas.c,v 1.15 2022/08/20 09:16:18 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -63,6 +63,9 @@ #include #include +#include "pkcs12_local.h" +#include "x509_lcl.h" + /* PKCS#12 password change routine */ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass); diff --git a/crypto/pkcs12/p12_p8d.c b/crypto/pkcs12/p12_p8d.c index 0286d4ac..ce1b28bc 100644 --- a/crypto/pkcs12/p12_p8d.c +++ b/crypto/pkcs12/p12_p8d.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_p8d.c,v 1.7 2018/05/13 14:28:14 tb Exp $ */ +/* $OpenBSD: p12_p8d.c,v 1.8 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -60,6 +60,8 @@ #include +#include "x509_lcl.h" + PKCS8_PRIV_KEY_INFO * PKCS8_decrypt(const X509_SIG *p8, const char *pass, int passlen) { diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c index 5e3fc648..7f5f61d6 100644 --- a/crypto/pkcs12/p12_p8e.c +++ b/crypto/pkcs12/p12_p8e.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_p8e.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p12_p8e.c,v 1.9 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -61,6 +61,8 @@ #include #include +#include "x509_lcl.h" + X509_SIG * PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c new file mode 100644 index 00000000..cbcb02d2 --- /dev/null +++ b/crypto/pkcs12/p12_sbag.c @@ -0,0 +1,225 @@ +/* $OpenBSD: p12_sbag.c,v 1.5 2022/08/20 09:16:18 tb Exp $ */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999-2018. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include +#include + +#include "pkcs12_local.h" +#include "x509_lcl.h" + +const ASN1_TYPE * +PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, int attr_nid) +{ + return PKCS12_get_attr_gen(bag->attrib, attr_nid); +} + +ASN1_TYPE * +PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid) +{ + return PKCS12_get_attr_gen(p8->attributes, attr_nid); +} + +const PKCS8_PRIV_KEY_INFO * +PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag) +{ + if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag) + return NULL; + + return bag->value.keybag; +} + +const X509_SIG * +PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag) +{ + if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag) + return NULL; + + return bag->value.shkeybag; +} + +const STACK_OF(PKCS12_SAFEBAG) * +PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag) +{ + if (PKCS12_SAFEBAG_get_nid(bag) != NID_safeContentsBag) + return NULL; + + return bag->value.safes; +} + +const ASN1_OBJECT * +PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag) +{ + return bag->type; +} + +int +PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag) +{ + return OBJ_obj2nid(bag->type); +} + +int +PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag) +{ + int bag_type; + + bag_type = PKCS12_SAFEBAG_get_nid(bag); + + if (bag_type == NID_certBag || bag_type == NID_crlBag || + bag_type == NID_secretBag) + return OBJ_obj2nid(bag->value.bag->type); + + return -1; +} + +X509 * +PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag) +{ + if (OBJ_obj2nid(bag->type) != NID_certBag) + return NULL; + if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate) + return NULL; + return ASN1_item_unpack(bag->value.bag->value.octet, &X509_it); +} + +X509_CRL * +PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag) +{ + if (OBJ_obj2nid(bag->type) != NID_crlBag) + return NULL; + if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl) + return NULL; + return ASN1_item_unpack(bag->value.bag->value.octet, &X509_CRL_it); +} + +PKCS12_SAFEBAG * +PKCS12_SAFEBAG_create_cert(X509 *x509) +{ + return PKCS12_item_pack_safebag(x509, &X509_it, + NID_x509Certificate, NID_certBag); +} + +PKCS12_SAFEBAG * +PKCS12_SAFEBAG_create_crl(X509_CRL *crl) +{ + return PKCS12_item_pack_safebag(crl, &X509_CRL_it, + NID_x509Crl, NID_crlBag); +} + +/* Turn PKCS8 object into a keybag */ + +PKCS12_SAFEBAG * +PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8) +{ + PKCS12_SAFEBAG *bag; + + if ((bag = PKCS12_SAFEBAG_new()) == NULL) { + PKCS12error(ERR_R_MALLOC_FAILURE); + return NULL; + } + + bag->type = OBJ_nid2obj(NID_keyBag); + bag->value.keybag = p8; + + return bag; +} + +/* Turn PKCS8 object into a shrouded keybag */ + +PKCS12_SAFEBAG * +PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8) +{ + PKCS12_SAFEBAG *bag; + + /* Set up the safe bag */ + if ((bag = PKCS12_SAFEBAG_new()) == NULL) { + PKCS12error(ERR_R_MALLOC_FAILURE); + return NULL; + } + + bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); + bag->value.shkeybag = p8; + + return bag; +} + +PKCS12_SAFEBAG * +PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8info) +{ + const EVP_CIPHER *pbe_ciph; + X509_SIG *p8; + PKCS12_SAFEBAG *bag; + + if ((pbe_ciph = EVP_get_cipherbynid(pbe_nid)) != NULL) + pbe_nid = -1; + + if ((p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, + iter, p8info)) == NULL) + return NULL; + + if ((bag = PKCS12_SAFEBAG_create0_pkcs8(p8)) == NULL) { + X509_SIG_free(p8); + return NULL; + } + + return bag; +} diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c index ff3a035d..4fe557f6 100644 --- a/crypto/pkcs12/p12_utl.c +++ b/crypto/pkcs12/p12_utl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_utl.c,v 1.16 2018/05/30 15:32:11 tb Exp $ */ +/* $OpenBSD: p12_utl.c,v 1.19 2022/09/11 17:30:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -62,6 +62,8 @@ #include +#include "pkcs12_local.h" + /* Cheap and nasty Unicode stuff */ unsigned char * @@ -147,39 +149,3 @@ d2i_PKCS12_fp(FILE *fp, PKCS12 **p12) { return ASN1_item_d2i_fp(&PKCS12_it, fp, p12); } - -PKCS12_SAFEBAG * -PKCS12_x5092certbag(X509 *x509) -{ - return PKCS12_item_pack_safebag(x509, &X509_it, - NID_x509Certificate, NID_certBag); -} - -PKCS12_SAFEBAG * -PKCS12_x509crl2certbag(X509_CRL *crl) -{ - return PKCS12_item_pack_safebag(crl, &X509_CRL_it, - NID_x509Crl, NID_crlBag); -} - -X509 * -PKCS12_certbag2x509(PKCS12_SAFEBAG *bag) -{ - if (OBJ_obj2nid(bag->type) != NID_certBag) - return NULL; - if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate) - return NULL; - return ASN1_item_unpack(bag->value.bag->value.octet, - &X509_it); -} - -X509_CRL * -PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag) -{ - if (OBJ_obj2nid(bag->type) != NID_crlBag) - return NULL; - if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl) - return NULL; - return ASN1_item_unpack(bag->value.bag->value.octet, - &X509_CRL_it); -} diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c index c1d075a0..23166bfd 100644 --- a/crypto/pkcs12/pk12err.c +++ b/crypto/pkcs12/pk12err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk12err.c,v 1.11 2020/06/05 16:51:12 jsing Exp $ */ +/* $OpenBSD: pk12err.c,v 1.12 2022/07/12 14:42:50 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0) diff --git a/crypto/pkcs12/pkcs12_local.h b/crypto/pkcs12/pkcs12_local.h new file mode 100644 index 00000000..8723fdb2 --- /dev/null +++ b/crypto/pkcs12/pkcs12_local.h @@ -0,0 +1,101 @@ +/* $OpenBSD: pkcs12_local.h,v 1.2 2022/09/11 17:30:13 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_PKCS12_LOCAL_H +#define HEADER_PKCS12_LOCAL_H + +__BEGIN_HIDDEN_DECLS + +struct PKCS12_MAC_DATA_st { + X509_SIG *dinfo; + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *iter; /* defaults to 1 */ +}; + +struct PKCS12_st { + ASN1_INTEGER *version; + PKCS12_MAC_DATA *mac; + PKCS7 *authsafes; +}; + +struct PKCS12_SAFEBAG_st { + ASN1_OBJECT *type; + union { + struct pkcs12_bag_st *bag; /* secret, crl and certbag */ + struct pkcs8_priv_key_info_st *keybag; /* keybag */ + X509_SIG *shkeybag; /* shrouded key bag */ + STACK_OF(PKCS12_SAFEBAG) *safes; + ASN1_TYPE *other; + } value; + STACK_OF(X509_ATTRIBUTE) *attrib; +}; + +struct pkcs12_bag_st { + ASN1_OBJECT *type; + union { + ASN1_OCTET_STRING *x509cert; + ASN1_OCTET_STRING *x509crl; + ASN1_OCTET_STRING *octet; + ASN1_IA5STRING *sdsicert; + ASN1_TYPE *other; /* Secret or other bag */ + } value; +}; + +__END_HIDDEN_DECLS + +#endif /* HEADER_PKCS12_LOCAL_H */ diff --git a/crypto/pkcs7/pk7_asn1.c b/crypto/pkcs7/pk7_asn1.c index 81e4a01f..66659051 100644 --- a/crypto/pkcs7/pk7_asn1.c +++ b/crypto/pkcs7/pk7_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_asn1.c,v 1.12 2015/07/25 15:33:06 jsing Exp $ */ +/* $OpenBSD: pk7_asn1.c,v 1.13 2022/01/14 08:16:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -146,7 +146,6 @@ static const ASN1_ADB_TABLE PKCS7_adbtbl[] = { static const ASN1_ADB PKCS7_adb = { .flags = 0, .offset = offsetof(PKCS7, type), - .app_items = 0, .tbl = PKCS7_adbtbl, .tblcount = sizeof(PKCS7_adbtbl) / sizeof(ASN1_ADB_TABLE), .default_tt = &p7default_tt, diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 81a72f68..b3140696 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_doit.c,v 1.44 2019/10/04 18:03:55 tb Exp $ */ +/* $OpenBSD: pk7_doit.c,v 1.47 2022/05/09 19:19:33 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,6 +65,9 @@ #include #include +#include "evp_locl.h" +#include "x509_lcl.h" + static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value); static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid); @@ -1126,12 +1129,8 @@ get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) return (NULL); for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { xa = sk_X509_ATTRIBUTE_value(sk, i); - if (OBJ_cmp(xa->object, o) == 0) { - if (!xa->single && sk_ASN1_TYPE_num(xa->value.set)) - return (sk_ASN1_TYPE_value(xa->value.set, 0)); - else - return (NULL); - } + if (OBJ_cmp(xa->object, o) == 0) + return (sk_ASN1_TYPE_value(xa->set, 0)); } return (NULL); } diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index afcc1792..7e92df1e 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_lib.c,v 1.21 2020/01/21 10:18:52 inoguchi Exp $ */ +/* $OpenBSD: pk7_lib.c,v 1.23 2021/12/12 21:30:14 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,6 +63,8 @@ #include #include "asn1_locl.h" +#include "evp_locl.h" +#include "x509_lcl.h" long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index bf9f2dd8..f11d23e3 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_smime.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: pk7_smime.c,v 1.23 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -64,6 +64,8 @@ #include #include +#include "x509_lcl.h" + static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si); PKCS7 * diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c index 251e7816..bd3791e3 100644 --- a/crypto/pkcs7/pkcs7err.c +++ b/crypto/pkcs7/pkcs7err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs7err.c,v 1.12 2020/06/05 16:51:12 jsing Exp $ */ +/* $OpenBSD: pkcs7err.c,v 1.13 2022/07/12 14:42:50 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0) diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c index 1ac00be7..c57b9a8d 100644 --- a/crypto/rand/rand_err.c +++ b/crypto/rand/rand_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rand_err.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: rand_err.c,v 1.16 2022/07/12 14:42:50 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0) diff --git a/crypto/rc4/rc4_enc.c b/crypto/rc4/rc4_enc.c index bd928b58..aa2766a1 100644 --- a/crypto/rc4/rc4_enc.c +++ b/crypto/rc4/rc4_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rc4_enc.c,v 1.16 2017/08/13 17:46:24 bcook Exp $ */ +/* $OpenBSD: rc4_enc.c,v 1.17 2021/11/09 18:40:21 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,7 +56,8 @@ * [including the GNU Public Licence.] */ -#include +#include + #include #include "rc4_locl.h" diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index d373d7c1..448458f8 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_ameth.c,v 1.24 2019/11/20 10:46:17 inoguchi Exp $ */ +/* $OpenBSD: rsa_ameth.c,v 1.26 2022/06/27 12:36:06 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -271,6 +271,12 @@ rsa_bits(const EVP_PKEY *pkey) return BN_num_bits(pkey->pkey.rsa->n); } +static int +rsa_security_bits(const EVP_PKEY *pkey) +{ + return RSA_security_bits(pkey->pkey.rsa); +} + static void int_rsa_free(EVP_PKEY *pkey) { @@ -916,6 +922,12 @@ rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, return 2; } +static int +rsa_pkey_check(const EVP_PKEY *pkey) +{ + return RSA_check_key(pkey->pkey.rsa); +} + #ifndef OPENSSL_NO_CMS static RSA_OAEP_PARAMS * rsa_oaep_decode(const X509_ALGOR *alg) @@ -1097,6 +1109,7 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { .pkey_size = int_rsa_size, .pkey_bits = rsa_bits, + .pkey_security_bits = rsa_security_bits, .sig_print = rsa_sig_print, @@ -1105,14 +1118,18 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { .old_priv_decode = old_rsa_priv_decode, .old_priv_encode = old_rsa_priv_encode, .item_verify = rsa_item_verify, - .item_sign = rsa_item_sign + .item_sign = rsa_item_sign, + + .pkey_check = rsa_pkey_check, }, { .pkey_id = EVP_PKEY_RSA2, .pkey_base_id = EVP_PKEY_RSA, - .pkey_flags = ASN1_PKEY_ALIAS - } + .pkey_flags = ASN1_PKEY_ALIAS, + + .pkey_check = rsa_pkey_check, + }, }; const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = { diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c index 5345d31d..ac9dbf7a 100644 --- a/crypto/rsa/rsa_chk.c +++ b/crypto/rsa/rsa_chk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_chk.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: rsa_chk.c,v 1.16 2022/01/20 11:08:12 inoguchi Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -53,6 +53,7 @@ #include #include "bn_lcl.h" +#include "rsa_locl.h" int RSA_check_key(const RSA *key) @@ -80,6 +81,15 @@ RSA_check_key(const RSA *key) goto err; } + if (BN_is_one(key->e)) { + ret = 0; + RSAerror(RSA_R_BAD_E_VALUE); + } + if (!BN_is_odd(key->e)) { + ret = 0; + RSAerror(RSA_R_BAD_E_VALUE); + } + /* p prime? */ r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL); if (r != 1) { @@ -189,7 +199,7 @@ RSA_check_key(const RSA *key) } /* iqmp = q^-1 mod p? */ - if (!BN_mod_inverse_ct(i, key->q, key->p, ctx)) { + if (BN_mod_inverse_ct(i, key->q, key->p, ctx) == NULL) { ret = -1; goto err; } diff --git a/crypto/rsa/rsa_crpt.c b/crypto/rsa/rsa_crpt.c index a646ded4..4fd21cd7 100644 --- a/crypto/rsa/rsa_crpt.c +++ b/crypto/rsa/rsa_crpt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_crpt.c,v 1.19 2018/02/18 12:52:13 tb Exp $ */ +/* $OpenBSD: rsa_crpt.c,v 1.20 2022/01/07 09:55:32 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -67,6 +67,7 @@ #include #include "bn_lcl.h" +#include "rsa_locl.h" #ifndef OPENSSL_NO_ENGINE #include diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c index b830a229..54a669cc 100644 --- a/crypto/rsa/rsa_depr.c +++ b/crypto/rsa/rsa_depr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_depr.c,v 1.8 2014/07/11 08:44:49 jsing Exp $ */ +/* $OpenBSD: rsa_depr.c,v 1.9 2021/12/04 16:08:32 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -64,6 +64,8 @@ #include #include +#include "bn_lcl.h" + #ifndef OPENSSL_NO_DEPRECATED RSA * diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 33201a8a..0f8c324d 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_eay.c,v 1.51 2019/11/02 13:52:31 jsing Exp $ */ +/* $OpenBSD: rsa_eay.c,v 1.54 2022/01/20 11:10:11 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -119,6 +119,7 @@ #include #include "bn_lcl.h" +#include "rsa_locl.h" static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); @@ -446,7 +447,8 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, goto err; if (padding == RSA_X931_PADDING) { - BN_sub(f, rsa->n, ret); + if (!BN_sub(f, rsa->n, ret)) + goto err; if (BN_cmp(ret, f) > 0) res = f; else @@ -753,6 +755,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) goto err; /* compute I mod p */ + BN_init(&c); BN_with_flags(&c, I, BN_FLG_CONSTTIME); if (!BN_mod_ct(r1, &c, rsa->p, ctx)) diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c index 46149370..79425c0f 100644 --- a/crypto/rsa/rsa_err.c +++ b/crypto/rsa/rsa_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_err.c,v 1.20 2019/11/01 15:13:05 jsing Exp $ */ +/* $OpenBSD: rsa_err.c,v 1.21 2022/07/12 14:42:50 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0) diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 596eb8eb..5f062a7a 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_gen.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: rsa_gen.c,v 1.25 2022/01/20 11:11:17 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -70,6 +70,7 @@ #include #include "bn_lcl.h" +#include "rsa_locl.h" static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); @@ -194,12 +195,14 @@ rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) if (!BN_mul(r0, r1, r2, ctx)) /* (p-1)(q-1) */ goto err; + BN_init(&pr0); BN_with_flags(&pr0, r0, BN_FLG_CONSTTIME); - if (!BN_mod_inverse_ct(rsa->d, rsa->e, &pr0, ctx)) /* d */ + if (BN_mod_inverse_ct(rsa->d, rsa->e, &pr0, ctx) == NULL) /* d */ goto err; /* set up d for correct BN_FLG_CONSTTIME flag */ + BN_init(&d); BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); /* calculate d mod (p-1) */ @@ -211,8 +214,9 @@ rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) goto err; /* calculate inverse of q mod p */ + BN_init(&p); BN_with_flags(&p, rsa->p, BN_FLG_CONSTTIME); - if (!BN_mod_inverse_ct(rsa->iqmp, rsa->q, &p, ctx)) + if (BN_mod_inverse_ct(rsa->iqmp, rsa->q, &p, ctx) == NULL) goto err; ok = 1; diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 0b76aae3..570bb6c0 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_lib.c,v 1.40 2020/01/17 10:40:03 inoguchi Exp $ */ +/* $OpenBSD: rsa_lib.c,v 1.43 2022/06/27 12:30:28 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -68,6 +68,7 @@ #include #include "evp_locl.h" +#include "rsa_locl.h" #ifndef OPENSSL_NO_ENGINE #include @@ -240,6 +241,12 @@ RSA_get_ex_data(const RSA *r, int idx) return CRYPTO_get_ex_data(&r->ex_data, idx); } +int +RSA_security_bits(const RSA *rsa) +{ + return BN_security_bits(RSA_bits(rsa), -1); +} + void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) { @@ -336,6 +343,60 @@ RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) return 1; } +const BIGNUM * +RSA_get0_n(const RSA *r) +{ + return r->n; +} + +const BIGNUM * +RSA_get0_e(const RSA *r) +{ + return r->e; +} + +const BIGNUM * +RSA_get0_d(const RSA *r) +{ + return r->d; +} + +const BIGNUM * +RSA_get0_p(const RSA *r) +{ + return r->p; +} + +const BIGNUM * +RSA_get0_q(const RSA *r) +{ + return r->q; +} + +const BIGNUM * +RSA_get0_dmp1(const RSA *r) +{ + return r->dmp1; +} + +const BIGNUM * +RSA_get0_dmq1(const RSA *r) +{ + return r->dmq1; +} + +const BIGNUM * +RSA_get0_iqmp(const RSA *r) +{ + return r->iqmp; +} + +const RSA_PSS_PARAMS * +RSA_get0_pss_params(const RSA *r) +{ + return r->pss; +} + void RSA_clear_flags(RSA *r, int flags) { diff --git a/crypto/rsa/rsa_locl.h b/crypto/rsa/rsa_locl.h index 7036449c..1a2412ad 100644 --- a/crypto/rsa/rsa_locl.h +++ b/crypto/rsa/rsa_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_locl.h,v 1.11 2019/11/02 13:47:41 jsing Exp $ */ +/* $OpenBSD: rsa_locl.h,v 1.13 2022/07/04 12:23:30 tb Exp $ */ __BEGIN_HIDDEN_DECLS @@ -8,6 +8,80 @@ __BEGIN_HIDDEN_DECLS #define pkey_is_pss(pkey) (pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS) #define pkey_ctx_is_pss(ctx) (ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS) +struct rsa_meth_st { + char *name; + int (*rsa_pub_enc)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_pub_dec)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_priv_enc)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_priv_dec)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_mod_exp)(BIGNUM *r0, const BIGNUM *I, RSA *rsa, + BN_CTX *ctx); /* Can be null */ + int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* Can be null */ + int (*init)(RSA *rsa); /* called at new */ + int (*finish)(RSA *rsa); /* called at free */ + int flags; /* RSA_METHOD_FLAG_* things */ + char *app_data; /* may be needed! */ +/* New sign and verify functions: some libraries don't allow arbitrary data + * to be signed/verified: this allows them to be used. Note: for this to work + * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used + * RSA_sign(), RSA_verify() should be used instead. Note: for backwards + * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER + * option is set in 'flags'. + */ + int (*rsa_sign)(int type, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, const RSA *rsa); + int (*rsa_verify)(int dtype, const unsigned char *m, + unsigned int m_length, const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa); +/* If this callback is NULL, the builtin software RSA key-gen will be used. This + * is for behavioural compatibility whilst the code gets rewired, but one day + * it would be nice to assume there are no such things as "builtin software" + * implementations. */ + int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +}; + +struct rsa_st { + /* The first parameter is used to pickup errors where + * this is passed instead of aEVP_PKEY, it is set to 0 */ + int pad; + long version; + const RSA_METHOD *meth; + + /* functional reference if 'meth' is ENGINE-provided */ + ENGINE *engine; + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + BIGNUM *p; + BIGNUM *q; + BIGNUM *dmp1; + BIGNUM *dmq1; + BIGNUM *iqmp; + + /* Parameter restrictions for PSS only keys. */ + RSA_PSS_PARAMS *pss; + + /* be careful using this if the RSA structure is shared */ + CRYPTO_EX_DATA ex_data; + int references; + int flags; + + /* Used to cache montgomery values */ + BN_MONT_CTX *_method_mod_n; + BN_MONT_CTX *_method_mod_p; + BN_MONT_CTX *_method_mod_q; + + /* all BIGNUM values are actually in the following data, if it is not + * NULL */ + BN_BLINDING *blinding; + BN_BLINDING *mt_blinding; +}; + RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd, const EVP_MD *mgf1md, int saltlen); int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd, diff --git a/crypto/rsa/rsa_meth.c b/crypto/rsa/rsa_meth.c index 095368b0..d6be1ea0 100644 --- a/crypto/rsa/rsa_meth.c +++ b/crypto/rsa/rsa_meth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_meth.c,v 1.3 2019/06/05 15:41:33 gilles Exp $ */ +/* $OpenBSD: rsa_meth.c,v 1.5 2022/07/04 12:23:30 tb Exp $ */ /* * Copyright (c) 2018 Theo Buehler * @@ -21,6 +21,8 @@ #include #include +#include "rsa_locl.h" + RSA_METHOD * RSA_meth_new(const char *name, int flags) { @@ -40,10 +42,11 @@ RSA_meth_new(const char *name, int flags) void RSA_meth_free(RSA_METHOD *meth) { - if (meth != NULL) { - free((char *)meth->name); - free(meth); - } + if (meth == NULL) + return; + + free(meth->name); + free(meth); } RSA_METHOD * @@ -65,12 +68,12 @@ RSA_meth_dup(const RSA_METHOD *meth) int RSA_meth_set1_name(RSA_METHOD *meth, const char *name) { - char *copy; + char *new_name; - if ((copy = strdup(name)) == NULL) + if ((new_name = strdup(name)) == NULL) return 0; - free((char *)meth->name); - meth->name = copy; + free(meth->name); + meth->name = new_name; return 1; } diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index e54600b0..93269500 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_oaep.c,v 1.33 2019/10/17 14:31:56 jsing Exp $ */ +/* $OpenBSD: rsa_oaep.c,v 1.35 2022/02/20 19:16:34 tb Exp $ */ /* * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * @@ -80,6 +80,7 @@ #include #include "constant_time_locl.h" +#include "evp_locl.h" #include "rsa_locl.h" int @@ -223,17 +224,16 @@ RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, from -= 1 & mask; *--em = *from & mask; } - from = em; /* * The first byte must be zero, however we must not leak if this is * true. See James H. Manger, "A Chosen Ciphertext Attack on RSA * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001). */ - good = constant_time_is_zero(from[0]); + good = constant_time_is_zero(em[0]); - maskedseed = from + 1; - maskeddb = from + 1 + mdlen; + maskedseed = em + 1; + maskeddb = em + 1 + mdlen; if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) goto cleanup; @@ -289,15 +289,16 @@ RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, * should be noted that failure is indistinguishable from normal * operation if |tlen| is fixed by protocol. */ - tlen = constant_time_select_int(constant_time_lt(dblen, tlen), dblen, tlen); + tlen = constant_time_select_int(constant_time_lt(dblen - mdlen - 1, tlen), + dblen - mdlen - 1, tlen); msg_index = constant_time_select_int(good, msg_index, dblen - tlen); mlen = dblen - msg_index; - for (from = db + msg_index, mask = good, i = 0; i < tlen; i++) { - unsigned int equals = constant_time_eq(i, mlen); + for (mask = good, i = 0; i < tlen; i++) { + unsigned int equals = constant_time_eq(msg_index, dblen); - from -= dblen & equals; /* if (i == mlen) rewind */ - mask &= mask ^ equals; /* if (i == mlen) mask = 0 */ - to[i] = constant_time_select_8(mask, from[i], to[i]); + msg_index -= tlen & equals; /* rewind at EOF */ + mask &= ~equals; /* mask = 0 at EOF */ + to[i] = constant_time_select_8(mask, db[msg_index++], to[i]); } /* diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index 008d425b..36a2a277 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_pmeth.c,v 1.32 2019/10/31 14:05:30 jsing Exp $ */ +/* $OpenBSD: rsa_pmeth.c,v 1.33 2021/12/04 16:08:32 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -70,6 +70,7 @@ #include #include +#include "bn_lcl.h" #include "evp_locl.h" #include "rsa_locl.h" diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index 562f7b25..cce38efa 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_pss.c,v 1.13 2018/09/05 00:55:33 djm Exp $ */ +/* $OpenBSD: rsa_pss.c,v 1.15 2022/01/07 09:55:32 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ @@ -66,6 +66,9 @@ #include #include +#include "evp_locl.h" +#include "rsa_locl.h" + static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; int diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index d205046b..bd45a95d 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_sign.c,v 1.32 2021/05/14 18:03:42 tb Exp $ */ +/* $OpenBSD: rsa_sign.c,v 1.34 2022/01/07 11:13:55 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,7 +65,9 @@ #include #include +#include "asn1_locl.h" #include "rsa_locl.h" +#include "x509_lcl.h" /* Size of an SSL signature: MD5+SHA1 */ #define SSL_SIG_LENGTH 36 diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c index 9c05d3b0..e826ca9e 100644 --- a/crypto/sha/sha256.c +++ b/crypto/sha/sha256.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sha256.c,v 1.10 2019/01/21 23:20:31 jsg Exp $ */ +/* $OpenBSD: sha256.c,v 1.11 2021/11/09 18:40:21 bcook Exp $ */ /* ==================================================================== * Copyright (c) 2004 The OpenSSL Project. All rights reserved * according to the OpenSSL license [found in ../../LICENSE]. @@ -9,8 +9,7 @@ #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) -#include - +#include #include #include diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index 6b95cfa7..56a207f7 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -1,12 +1,11 @@ -/* $OpenBSD: sha512.c,v 1.15 2016/11/04 13:56:05 miod Exp $ */ +/* $OpenBSD: sha512.c,v 1.16 2021/11/09 18:40:21 bcook Exp $ */ /* ==================================================================== * Copyright (c) 2004 The OpenSSL Project. All rights reserved * according to the OpenSSL license [found in ../../LICENSE]. * ==================================================================== */ -#include - +#include #include #include diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h index 46c9a39b..5daab29f 100644 --- a/crypto/sha/sha_locl.h +++ b/crypto/sha/sha_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sha_locl.h,v 1.23 2016/12/23 23:22:25 patrick Exp $ */ +/* $OpenBSD: sha_locl.h,v 1.24 2021/11/09 18:40:21 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -186,7 +186,7 @@ int SHA1_Init(SHA_CTX *c) #endif #if !defined(SHA1_ASM) -#include +#include static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) { const unsigned char *data=p; diff --git a/crypto/ts/ts_asn1.c b/crypto/ts/ts_asn1.c index bc89f136..6537f1c8 100644 --- a/crypto/ts/ts_asn1.c +++ b/crypto/ts/ts_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_asn1.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ts_asn1.c,v 1.13 2022/07/24 08:16:47 tb Exp $ */ /* Written by Nils Larsch for the OpenSSL project 2004. */ /* ==================================================================== @@ -61,6 +61,8 @@ #include #include +#include "ts_local.h" + static const ASN1_TEMPLATE TS_MSG_IMPRINT_seq_tt[] = { { .flags = 0, @@ -846,6 +848,129 @@ ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *x) return ASN1_item_dup(&ESS_SIGNING_CERT_it, x); } +static const ASN1_TEMPLATE ESS_CERT_ID_V2_seq_tt[] = { + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(ESS_CERT_ID_V2, hash_alg), + .field_name = "hash_alg", + .item = &X509_ALGOR_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(ESS_CERT_ID_V2, hash), + .field_name = "hash", + .item = &ASN1_OCTET_STRING_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(ESS_CERT_ID_V2, issuer_serial), + .field_name = "issuer_serial", + .item = &ESS_ISSUER_SERIAL_it, + }, +}; + +static const ASN1_ITEM ESS_CERT_ID_V2_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = ESS_CERT_ID_V2_seq_tt, + .tcount = sizeof(ESS_CERT_ID_V2_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(ESS_CERT_ID_V2), + .sname = "ESS_CERT_ID_V2", +}; + +ESS_CERT_ID_V2 * +d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 **a, const unsigned char **in, long len) +{ + return (ESS_CERT_ID_V2 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ESS_CERT_ID_V2_it); +} + +int +i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ESS_CERT_ID_V2_it); +} + +ESS_CERT_ID_V2 * +ESS_CERT_ID_V2_new(void) +{ + return (ESS_CERT_ID_V2 *)ASN1_item_new(&ESS_CERT_ID_V2_it); +} + +void +ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ESS_CERT_ID_V2_it); +} + +ESS_CERT_ID_V2 * +ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 *x) +{ + return ASN1_item_dup(&ESS_CERT_ID_V2_it, x); +} + +static const ASN1_TEMPLATE ESS_SIGNING_CERT_V2_seq_tt[] = { + { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = offsetof(ESS_SIGNING_CERT_V2, cert_ids), + .field_name = "cert_ids", + .item = &ESS_CERT_ID_V2_it, + }, + { + .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(ESS_SIGNING_CERT_V2, policy_info), + .field_name = "policy_info", + .item = &POLICYINFO_it, + }, +}; + +static const ASN1_ITEM ESS_SIGNING_CERT_V2_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = ESS_SIGNING_CERT_V2_seq_tt, + .tcount = sizeof(ESS_SIGNING_CERT_V2_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(ESS_SIGNING_CERT_V2), + .sname = "ESS_SIGNING_CERT_V2", +}; + +ESS_SIGNING_CERT_V2 * +d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 **a, const unsigned char **in, long len) +{ + return (ESS_SIGNING_CERT_V2 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ESS_SIGNING_CERT_V2_it); +} + +int +i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ESS_SIGNING_CERT_V2_it); +} + +ESS_SIGNING_CERT_V2 * +ESS_SIGNING_CERT_V2_new(void) +{ + return (ESS_SIGNING_CERT_V2 *)ASN1_item_new(&ESS_SIGNING_CERT_V2_it); +} + +void +ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ESS_SIGNING_CERT_V2_it); +} + +ESS_SIGNING_CERT_V2 * +ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 *x) +{ + return ASN1_item_dup(&ESS_SIGNING_CERT_V2_it, x); +} + /* Getting encapsulated TS_TST_INFO object from PKCS7. */ TS_TST_INFO * PKCS7_to_TS_TST_INFO(PKCS7 *token) diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c index 4b899093..ddd532a6 100644 --- a/crypto/ts/ts_err.c +++ b/crypto/ts/ts_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_err.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ts_err.c,v 1.6 2022/07/12 14:42:50 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_TS,func,0) diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c index 29356411..b6d50a36 100644 --- a/crypto/ts/ts_lib.c +++ b/crypto/ts/ts_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_lib.c,v 1.10 2015/09/10 14:29:22 jsing Exp $ */ +/* $OpenBSD: ts_lib.c,v 1.12 2021/12/04 16:08:32 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -64,6 +64,9 @@ #include #include +#include "bn_lcl.h" +#include "x509_lcl.h" + /* Local function declarations. */ /* Function definitions. */ diff --git a/crypto/ts/ts_local.h b/crypto/ts/ts_local.h new file mode 100644 index 00000000..cf1e9e05 --- /dev/null +++ b/crypto/ts/ts_local.h @@ -0,0 +1,316 @@ +/* $OpenBSD: ts_local.h,v 1.2 2022/09/11 17:31:19 tb Exp $ */ +/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL + * project 2002, 2003, 2004. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_TS_LOCAL_H +#define HEADER_TS_LOCAL_H + +__BEGIN_HIDDEN_DECLS + +/* + * MessageImprint ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier, + * hashedMessage OCTET STRING } + */ + +struct TS_msg_imprint_st { + X509_ALGOR *hash_algo; + ASN1_OCTET_STRING *hashed_msg; +}; + +/* + * TimeStampReq ::= SEQUENCE { + * version INTEGER { v1(1) }, + * messageImprint MessageImprint, + * --a hash algorithm OID and the hash value of the data to be + * --time-stamped + * reqPolicy TSAPolicyId OPTIONAL, + * nonce INTEGER OPTIONAL, + * certReq BOOLEAN DEFAULT FALSE, + * extensions [0] IMPLICIT Extensions OPTIONAL } + */ + +struct TS_req_st { + ASN1_INTEGER *version; + TS_MSG_IMPRINT *msg_imprint; + ASN1_OBJECT *policy_id; /* OPTIONAL */ + ASN1_INTEGER *nonce; /* OPTIONAL */ + ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */ + STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */ +}; + +/* + * Accuracy ::= SEQUENCE { + * seconds INTEGER OPTIONAL, + * millis [0] INTEGER (1..999) OPTIONAL, + * micros [1] INTEGER (1..999) OPTIONAL } + */ + +struct TS_accuracy_st { + ASN1_INTEGER *seconds; + ASN1_INTEGER *millis; + ASN1_INTEGER *micros; +}; + +/* + * TSTInfo ::= SEQUENCE { + * version INTEGER { v1(1) }, + * policy TSAPolicyId, + * messageImprint MessageImprint, + * -- MUST have the same value as the similar field in + * -- TimeStampReq + * serialNumber INTEGER, + * -- Time-Stamping users MUST be ready to accommodate integers + * -- up to 160 bits. + * genTime GeneralizedTime, + * accuracy Accuracy OPTIONAL, + * ordering BOOLEAN DEFAULT FALSE, + * nonce INTEGER OPTIONAL, + * -- MUST be present if the similar field was present + * -- in TimeStampReq. In that case it MUST have the same value. + * tsa [0] GeneralName OPTIONAL, + * extensions [1] IMPLICIT Extensions OPTIONAL } + */ + +struct TS_tst_info_st { + ASN1_INTEGER *version; + ASN1_OBJECT *policy_id; + TS_MSG_IMPRINT *msg_imprint; + ASN1_INTEGER *serial; + ASN1_GENERALIZEDTIME *time; + TS_ACCURACY *accuracy; + ASN1_BOOLEAN ordering; + ASN1_INTEGER *nonce; + GENERAL_NAME *tsa; + STACK_OF(X509_EXTENSION) *extensions; +}; + +/* + * PKIStatusInfo ::= SEQUENCE { + * status PKIStatus, + * statusString PKIFreeText OPTIONAL, + * failInfo PKIFailureInfo OPTIONAL } + * + * From RFC 1510 - section 3.1.1: + * PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String + * -- text encoded as UTF-8 String (note: each UTF8String SHOULD + * -- include an RFC 1766 language tag to indicate the language + * -- of the contained text) + */ + +struct TS_status_info_st { + ASN1_INTEGER *status; + STACK_OF(ASN1_UTF8STRING) *text; + ASN1_BIT_STRING *failure_info; +}; + +/* + * TimeStampResp ::= SEQUENCE { + * status PKIStatusInfo, + * timeStampToken TimeStampToken OPTIONAL } + */ + +struct TS_resp_st { + TS_STATUS_INFO *status_info; + PKCS7 *token; + TS_TST_INFO *tst_info; +}; + +/* The structure below would belong to the ESS component. */ + +/* + * IssuerSerial ::= SEQUENCE { + * issuer GeneralNames, + * serialNumber CertificateSerialNumber + * } + */ + +struct ESS_issuer_serial { + STACK_OF(GENERAL_NAME) *issuer; + ASN1_INTEGER *serial; +}; + +/* + * ESSCertID ::= SEQUENCE { + * certHash Hash, + * issuerSerial IssuerSerial OPTIONAL + * } + */ + +struct ESS_cert_id { + ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ + ESS_ISSUER_SERIAL *issuer_serial; +}; + +/* + * SigningCertificate ::= SEQUENCE { + * certs SEQUENCE OF ESSCertID, + * policies SEQUENCE OF PolicyInformation OPTIONAL + * } + */ + +struct ESS_signing_cert { + STACK_OF(ESS_CERT_ID) *cert_ids; + STACK_OF(POLICYINFO) *policy_info; +}; + +/* + * ESSCertIDv2 ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier + * DEFAULT {algorithm id-sha256}, + * certHash Hash, + * issuerSerial IssuerSerial OPTIONAL } + */ + +struct ESS_cert_id_v2 { + X509_ALGOR *hash_alg; /* Default SHA-256. */ + ASN1_OCTET_STRING *hash; + ESS_ISSUER_SERIAL *issuer_serial; +}; + +/* + * SigningCertificateV2 ::= SEQUENCE { + * certs SEQUENCE OF ESSCertIDv2, + * policies SEQUENCE OF PolicyInformation OPTIONAL } + */ + +struct ESS_signing_cert_v2 { + STACK_OF(ESS_CERT_ID_V2) *cert_ids; + STACK_OF(POLICYINFO) *policy_info; +}; + +struct TS_resp_ctx { + X509 *signer_cert; + EVP_PKEY *signer_key; + STACK_OF(X509) *certs; /* Certs to include in signed data. */ + STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ + ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ + STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ + ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ + unsigned clock_precision_digits; /* fraction of seconds in + time stamp token. */ + unsigned flags; /* Optional info, see values above. */ + + /* Callback functions. */ + TS_serial_cb serial_cb; + void *serial_cb_data; /* User data for serial_cb. */ + + TS_time_cb time_cb; + void *time_cb_data; /* User data for time_cb. */ + + TS_extension_cb extension_cb; + void *extension_cb_data; /* User data for extension_cb. */ + + /* These members are used only while creating the response. */ + TS_REQ *request; + TS_RESP *response; + TS_TST_INFO *tst_info; +}; + +/* Context structure for the generic verify method. */ + +struct TS_verify_ctx { + /* Set this to the union of TS_VFY_... flags you want to carry out. */ + unsigned flags; + + /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ + X509_STORE *store; + STACK_OF(X509) *certs; + + /* Must be set only with TS_VFY_POLICY. */ + ASN1_OBJECT *policy; + + /* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, + the algorithm from the response is used. */ + X509_ALGOR *md_alg; + unsigned char *imprint; + unsigned imprint_len; + + /* Must be set only with TS_VFY_DATA. */ + BIO *data; + + /* Must be set only with TS_VFY_TSA_NAME. */ + ASN1_INTEGER *nonce; + + /* Must be set only with TS_VFY_TSA_NAME. */ + GENERAL_NAME *tsa_name; +}; + +/* + * Public OpenSSL API that we do not currently want to expose. + */ + +ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new(void); +void ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a); +int i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 *a, unsigned char **pp); +ESS_CERT_ID_V2 *d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 **a, const unsigned char **pp, + long length); +ESS_CERT_ID_V2 *ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 *a); + +ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new(void); +void ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a); +int i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 *a, + unsigned char **pp); +ESS_SIGNING_CERT_V2 *d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 **a, + const unsigned char **pp, long length); +ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 *a); + +__END_HIDDEN_DECLS + +#endif /* HEADER_TS_LOCAL_H */ diff --git a/crypto/ts/ts_req_utils.c b/crypto/ts/ts_req_utils.c index 6b9c13f3..8d9d6f3e 100644 --- a/crypto/ts/ts_req_utils.c +++ b/crypto/ts/ts_req_utils.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_req_utils.c,v 1.6 2018/05/13 15:04:05 tb Exp $ */ +/* $OpenBSD: ts_req_utils.c,v 1.7 2022/07/24 08:16:47 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -63,6 +63,8 @@ #include #include +#include "ts_local.h" + int TS_REQ_set_version(TS_REQ *a, long version) { diff --git a/crypto/ts/ts_rsp_print.c b/crypto/ts/ts_rsp_print.c index c442b716..cfff955c 100644 --- a/crypto/ts/ts_rsp_print.c +++ b/crypto/ts/ts_rsp_print.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_rsp_print.c,v 1.5 2014/07/11 08:44:49 jsing Exp $ */ +/* $OpenBSD: ts_rsp_print.c,v 1.6 2022/07/24 08:16:47 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -63,6 +63,8 @@ #include #include +#include "ts_local.h" + struct status_map_st { int bit; const char *text; diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 6125fdd4..5e152954 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_rsp_sign.c,v 1.23 2019/07/03 03:24:04 deraadt Exp $ */ +/* $OpenBSD: ts_rsp_sign.c,v 1.29 2022/07/24 20:02:04 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -65,6 +65,10 @@ #include #include +#include "evp_locl.h" +#include "ts_local.h" +#include "x509_lcl.h" + /* Private function declarations. */ static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *); @@ -139,6 +143,13 @@ def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext, void *data) return 0; } +void +TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data) +{ + ctx->time_cb = cb; + ctx->time_cb_data = data; +} + /* TS_RESP_CTX management functions. */ TS_RESP_CTX * @@ -651,7 +662,7 @@ TS_RESP_create_tst_info(TS_RESP_CTX *ctx, ASN1_OBJECT *policy) goto end; tsa_name->type = GEN_DIRNAME; tsa_name->d.dirn = - X509_NAME_dup(ctx->signer_cert->cert_info->subject); + X509_NAME_dup(X509_get_subject_name(ctx->signer_cert)); if (!tsa_name->d.dirn) goto end; if (!TS_TST_INFO_set_tsa(tst_info, tsa_name)) @@ -847,14 +858,18 @@ ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) { ESS_CERT_ID *cid = NULL; GENERAL_NAME *name = NULL; + unsigned char cert_hash[TS_HASH_LEN]; /* Recompute SHA1 hash of certificate if necessary (side effect). */ X509_check_purpose(cert, -1, 0); if (!(cid = ESS_CERT_ID_new())) goto err; - if (!ASN1_OCTET_STRING_set(cid->hash, cert->sha1_hash, - sizeof(cert->sha1_hash))) + + if (!X509_digest(cert, TS_HASH_EVP, cert_hash, NULL)) + goto err; + + if (!ASN1_OCTET_STRING_set(cid->hash, cert_hash, sizeof(cert_hash))) goto err; /* Setting the issuer/serial if requested. */ @@ -867,7 +882,7 @@ ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) if (!(name = GENERAL_NAME_new())) goto err; name->type = GEN_DIRNAME; - if (!(name->d.dirn = X509_NAME_dup(cert->cert_info->issuer))) + if ((name->d.dirn = X509_NAME_dup(X509_get_issuer_name(cert))) == NULL) goto err; if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name)) goto err; @@ -875,7 +890,7 @@ ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) /* Setting the serial number. */ ASN1_INTEGER_free(cid->issuer_serial->serial); if (!(cid->issuer_serial->serial = - ASN1_INTEGER_dup(cert->cert_info->serialNumber))) + ASN1_INTEGER_dup(X509_get_serialNumber(cert)))) goto err; } diff --git a/crypto/ts/ts_rsp_utils.c b/crypto/ts/ts_rsp_utils.c index 233df867..2e37f26f 100644 --- a/crypto/ts/ts_rsp_utils.c +++ b/crypto/ts/ts_rsp_utils.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_rsp_utils.c,v 1.7 2018/05/13 15:35:46 tb Exp $ */ +/* $OpenBSD: ts_rsp_utils.c,v 1.9 2022/07/24 19:25:36 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -63,6 +63,8 @@ #include #include +#include "ts_local.h" + /* Function definitions. */ int @@ -89,6 +91,30 @@ TS_RESP_get_status_info(TS_RESP *a) return a->status_info; } +const ASN1_UTF8STRING * +TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *si) +{ + return si->failure_info; +} + +const STACK_OF(ASN1_UTF8STRING) * +TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *si) +{ + return si->text; +} + +const ASN1_INTEGER * +TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *si) +{ + return si->status; +} + +int +TS_STATUS_INFO_set_status(TS_STATUS_INFO *si, int i) +{ + return ASN1_INTEGER_set(si->status, i); +} + /* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info) diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 46704dfd..a5829b35 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_rsp_verify.c,v 1.21 2021/07/02 11:15:08 schwarze Exp $ */ +/* $OpenBSD: ts_rsp_verify.c,v 1.28 2022/07/24 08:16:47 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -64,6 +64,10 @@ #include #include +#include "evp_locl.h" +#include "ts_local.h" +#include "x509_lcl.h" + /* Private function declarations. */ static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, @@ -71,7 +75,9 @@ static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain); static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si); static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert); -static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo); +static ESS_SIGNING_CERT_V2 *ESS_get_signing_cert_v2(PKCS7_SIGNER_INFO *si); +static int TS_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert); +static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert); static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token, TS_TST_INFO *tst_info); static int TS_check_status_info(TS_RESP *response); @@ -269,36 +275,67 @@ TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, X509 *signer, static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain) { - ESS_SIGNING_CERT *ss = ESS_get_signing_cert(si); - STACK_OF(ESS_CERT_ID) *cert_ids = NULL; + ESS_SIGNING_CERT *ss = NULL; + STACK_OF(ESS_CERT_ID) *cert_ids; + ESS_SIGNING_CERT_V2 *ssv2 = NULL; + STACK_OF(ESS_CERT_ID_V2) *cert_ids_v2; X509 *cert; int i = 0; int ret = 0; - if (!ss) - goto err; - cert_ids = ss->cert_ids; - /* The signer certificate must be the first in cert_ids. */ - cert = sk_X509_value(chain, 0); - if (TS_find_cert(cert_ids, cert) != 0) - goto err; + if ((ss = ESS_get_signing_cert(si)) != NULL) { + cert_ids = ss->cert_ids; + /* The signer certificate must be the first in cert_ids. */ + cert = sk_X509_value(chain, 0); - /* Check the other certificates of the chain if there are more - than one certificate ids in cert_ids. */ - if (sk_ESS_CERT_ID_num(cert_ids) > 1) { - /* All the certificates of the chain must be in cert_ids. */ - for (i = 1; i < sk_X509_num(chain); ++i) { - cert = sk_X509_value(chain, i); - if (TS_find_cert(cert_ids, cert) < 0) - goto err; + if (TS_find_cert(cert_ids, cert) != 0) + goto err; + + /* + * Check the other certificates of the chain if there are more + * than one certificate ids in cert_ids. + */ + if (sk_ESS_CERT_ID_num(cert_ids) > 1) { + /* All the certificates of the chain must be in cert_ids. */ + for (i = 1; i < sk_X509_num(chain); i++) { + cert = sk_X509_value(chain, i); + + if (TS_find_cert(cert_ids, cert) < 0) + goto err; + } } } + + if ((ssv2 = ESS_get_signing_cert_v2(si)) != NULL) { + cert_ids_v2 = ssv2->cert_ids; + /* The signer certificate must be the first in cert_ids_v2. */ + cert = sk_X509_value(chain, 0); + + if (TS_find_cert_v2(cert_ids_v2, cert) != 0) + goto err; + + /* + * Check the other certificates of the chain if there are more + * than one certificate ids in cert_ids_v2. + */ + if (sk_ESS_CERT_ID_V2_num(cert_ids_v2) > 1) { + /* All the certificates of the chain must be in cert_ids_v2. */ + for (i = 1; i < sk_X509_num(chain); i++) { + cert = sk_X509_value(chain, i); + + if (TS_find_cert_v2(cert_ids_v2, cert) < 0) + goto err; + } + } + } + ret = 1; err: if (!ret) TSerror(TS_R_ESS_SIGNING_CERTIFICATE_ERROR); ESS_SIGNING_CERT_free(ss); + ESS_SIGNING_CERT_V2_free(ssv2); return ret; } @@ -318,29 +355,82 @@ ESS_get_signing_cert(PKCS7_SIGNER_INFO *si) return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); } +static ESS_SIGNING_CERT_V2 * +ESS_get_signing_cert_v2(PKCS7_SIGNER_INFO *si) +{ + ASN1_TYPE *attr; + const unsigned char *p; + + attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2); + if (attr == NULL) + return NULL; + p = attr->value.sequence->data; + return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length); +} + /* Returns < 0 if certificate is not found, certificate index otherwise. */ static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) { int i; + unsigned char cert_hash[TS_HASH_LEN]; if (!cert_ids || !cert) return -1; + if (!X509_digest(cert, TS_HASH_EVP, cert_hash, NULL)) + return -1; + /* Recompute SHA1 hash of certificate if necessary (side effect). */ - X509_check_purpose(cert, -1, 0); + if (X509_check_purpose(cert, -1, 0) == -1) + return -1; /* Look for cert in the cert_ids vector. */ for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) { ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i); /* Check the SHA-1 hash first. */ - if (cid->hash->length == sizeof(cert->sha1_hash) && - !memcmp(cid->hash->data, cert->sha1_hash, - sizeof(cert->sha1_hash))) { + if (cid->hash->length == TS_HASH_LEN && !memcmp(cid->hash->data, + cert_hash, TS_HASH_LEN)) { /* Check the issuer/serial as well if specified. */ ESS_ISSUER_SERIAL *is = cid->issuer_serial; - if (!is || !TS_issuer_serial_cmp(is, cert->cert_info)) + + if (is == NULL || TS_issuer_serial_cmp(is, cert) == 0) + return i; + } + } + + return -1; +} + +/* Returns < 0 if certificate is not found, certificate index otherwise. */ +static int +TS_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert) +{ + int i; + unsigned char cert_digest[EVP_MAX_MD_SIZE]; + unsigned int len; + + /* Look for cert in the cert_ids vector. */ + for (i = 0; i < sk_ESS_CERT_ID_V2_num(cert_ids); ++i) { + ESS_CERT_ID_V2 *cid = sk_ESS_CERT_ID_V2_value(cert_ids, i); + const EVP_MD *md = EVP_sha256(); + + if (cid->hash_alg != NULL) + md = EVP_get_digestbyobj(cid->hash_alg->algorithm); + if (md == NULL) + return -1; + + if (!X509_digest(cert, md, cert_digest, &len)) + return -1; + + if ((unsigned int)cid->hash->length != len) + return -1; + + if (memcmp(cid->hash->data, cert_digest, cid->hash->length) == 0) { + ESS_ISSUER_SERIAL *is = cid->issuer_serial; + + if (is == NULL || TS_issuer_serial_cmp(is, cert) == 0) return i; } } @@ -349,21 +439,21 @@ TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) } static int -TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo) +TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert) { GENERAL_NAME *issuer; - if (!is || !cinfo || sk_GENERAL_NAME_num(is->issuer) != 1) + if (is == NULL || cert == NULL || sk_GENERAL_NAME_num(is->issuer) != 1) return -1; /* Check the issuer first. It must be a directory name. */ issuer = sk_GENERAL_NAME_value(is->issuer, 0); if (issuer->type != GEN_DIRNAME || - X509_NAME_cmp(issuer->d.dirn, cinfo->issuer)) + X509_NAME_cmp(issuer->d.dirn, X509_get_issuer_name(cert))) return -1; /* Check the serial number, too. */ - if (ASN1_INTEGER_cmp(is->serial, cinfo->serialNumber)) + if (ASN1_INTEGER_cmp(is->serial, X509_get_serialNumber(cert))) return -1; return 0; @@ -720,7 +810,7 @@ TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) /* Check the subject name first. */ if (tsa_name->type == GEN_DIRNAME && - X509_NAME_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0) + X509_name_cmp(tsa_name->d.dirn, X509_get_subject_name(signer)) == 0) return 1; /* Check all the alternative names. */ diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index 7608a7d1..ef0ec6ca 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_verify_ctx.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ts_verify_ctx.c,v 1.11 2022/07/24 19:54:46 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2003. */ @@ -62,6 +62,8 @@ #include #include +#include "ts_local.h" + TS_VERIFY_CTX * TS_VERIFY_CTX_new(void) { @@ -112,6 +114,70 @@ TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx) TS_VERIFY_CTX_init(ctx); } +/* + * XXX: The following accessors demonstrate the amount of care and thought that + * went into OpenSSL 1.1 API design and the review thereof: for whatever reason + * these functions return what was passed in. Correct memory management is left + * as an exercise for the reader... Unfortunately, careful consumers like + * openssl-ruby assume this behavior, so we're stuck with this insanity. The + * cherry on top is the TS_VERIFY_CTS_set_certs() [sic!] function that made it + * into the public API. + * + * Outstanding job, R$ and tjh, A+. + */ + +int +TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int flags) +{ + ctx->flags |= flags; + + return ctx->flags; +} + +int +TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int flags) +{ + ctx->flags = flags; + + return ctx->flags; +} + +BIO * +TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *bio) +{ + ctx->data = bio; + + return ctx->data; +} + +X509_STORE * +TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *store) +{ + ctx->store = store; + + return ctx->store; +} + +STACK_OF(X509) * +TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs) +{ + ctx->certs = certs; + + return ctx->certs; +} + +unsigned char * +TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, unsigned char *imprint, + long imprint_len) +{ + free(ctx->imprint); + + ctx->imprint = imprint; + ctx->imprint_len = imprint_len; + + return ctx->imprint; +} + TS_VERIFY_CTX * TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) { diff --git a/crypto/ui/ui_err.c b/crypto/ui/ui_err.c index 8451d632..691403af 100644 --- a/crypto/ui/ui_err.c +++ b/crypto/ui/ui_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ui_err.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ui_err.c,v 1.10 2022/07/12 14:42:50 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -65,7 +60,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0) diff --git a/crypto/whrlpool/wp_block.c b/crypto/whrlpool/wp_block.c index 1e00a013..b2137d64 100644 --- a/crypto/whrlpool/wp_block.c +++ b/crypto/whrlpool/wp_block.c @@ -1,4 +1,4 @@ -/* $OpenBSD: wp_block.c,v 1.13 2016/11/04 17:30:30 miod Exp $ */ +/* $OpenBSD: wp_block.c,v 1.14 2021/11/09 18:40:21 bcook Exp $ */ /** * The Whirlpool hashing function. * @@ -36,9 +36,9 @@ * */ +#include #include #include -#include #include "wp_locl.h" diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 04eada8a..fa05f552 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -1,4 +1,4 @@ -/* $OpenBSD: by_dir.c,v 1.39 2018/08/05 14:17:12 bcook Exp $ */ +/* $OpenBSD: by_dir.c,v 1.41 2021/11/10 14:34:21 schwarze Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #include #include @@ -67,10 +68,9 @@ #include #include -#include #include -# include +#include "x509_lcl.h" typedef struct lookup_dir_hashes_st { unsigned long hash; @@ -115,7 +115,7 @@ static X509_LOOKUP_METHOD x509_dir_lookup = { X509_LOOKUP_METHOD * X509_LOOKUP_hash_dir(void) { - return (&x509_dir_lookup); + return &x509_dir_lookup; } static int @@ -139,7 +139,7 @@ dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, ret = add_cert_dir(ld, argp, (int)argl); break; } - return (ret); + return ret; } static int @@ -147,15 +147,18 @@ new_dir(X509_LOOKUP *lu) { BY_DIR *a; - if ((a = malloc(sizeof(BY_DIR))) == NULL) - return (0); + if ((a = malloc(sizeof(*a))) == NULL) { + X509error(ERR_R_MALLOC_FAILURE); + return 0; + } if ((a->buffer = BUF_MEM_new()) == NULL) { + X509error(ERR_R_MALLOC_FAILURE); free(a); - return (0); + return 0; } a->dirs = NULL; lu->method_data = (char *)a; - return (1); + return 1; } static void @@ -179,8 +182,7 @@ static void by_dir_entry_free(BY_DIR_ENTRY *ent) { free(ent->dir); - if (ent->hashes) - sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free); + sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free); free(ent); } @@ -190,10 +192,8 @@ free_dir(X509_LOOKUP *lu) BY_DIR *a; a = (BY_DIR *)lu->method_data; - if (a->dirs != NULL) - sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free); - if (a->buffer != NULL) - BUF_MEM_free(a->buffer); + sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free); + BUF_MEM_free(a->buffer); free(a); } @@ -214,6 +214,7 @@ add_cert_dir(BY_DIR *ctx, const char *dir, int type) do { if ((*p == ':') || (*p == '\0')) { BY_DIR_ENTRY *ent; + ss = s; s = p + 1; len = p - ss; @@ -229,20 +230,20 @@ add_cert_dir(BY_DIR *ctx, const char *dir, int type) continue; if (ctx->dirs == NULL) { ctx->dirs = sk_BY_DIR_ENTRY_new_null(); - if (!ctx->dirs) { + if (ctx->dirs == NULL) { X509error(ERR_R_MALLOC_FAILURE); return 0; } } - ent = malloc(sizeof(BY_DIR_ENTRY)); - if (!ent) { + ent = malloc(sizeof(*ent)); + if (ent == NULL) { X509error(ERR_R_MALLOC_FAILURE); return 0; } ent->dir_type = type; ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp); ent->dir = strndup(ss, (size_t)len); - if (!ent->dir || !ent->hashes) { + if (ent->dir == NULL || ent->hashes == NULL) { X509error(ERR_R_MALLOC_FAILURE); by_dir_entry_free(ent); return 0; @@ -280,7 +281,7 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, const char *postfix=""; if (name == NULL) - return (0); + return 0; stmp.type = type; if (type == X509_LU_X509) { @@ -310,6 +311,7 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, BY_DIR_ENTRY *ent; int idx; BY_DIR_HASH htmp, *hent; + ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i); j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1; if (!BUF_MEM_grow(b, j)) { @@ -358,10 +360,7 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, /* we have added it to the cache so now pull it out again */ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp); - if (j != -1) - tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j); - else - tmp = NULL; + tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j); CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); /* If a CRL, update the last file suffix added for this */ @@ -371,16 +370,14 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, * Look for entry again in case another thread added * an entry first. */ - if (!hent) { + if (hent == NULL) { htmp.hash = h; idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp); - if (idx >= 0) - hent = sk_BY_DIR_HASH_value( - ent->hashes, idx); + hent = sk_BY_DIR_HASH_value(ent->hashes, idx); } - if (!hent) { - hent = malloc(sizeof(BY_DIR_HASH)); - if (!hent) { + if (hent == NULL) { + hent = malloc(sizeof(*hent)); + if (hent == NULL) { X509error(ERR_R_MALLOC_FAILURE); CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); ok = 0; @@ -406,17 +403,10 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, ok = 1; ret->type = tmp->type; memcpy(&ret->data, &tmp->data, sizeof(ret->data)); - /* - * If we were going to up the reference count, - * we would need to do it on a perl 'type' basis - */ - /* CRYPTO_add(&tmp->data.x509->references,1, - CRYPTO_LOCK_X509);*/ goto finish; } } finish: - if (b != NULL) - BUF_MEM_free(b); - return (ok); + BUF_MEM_free(b); + return ok; } diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index b2c8ef6c..3116b7cf 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: by_file.c,v 1.21 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: by_file.c,v 1.25 2021/11/10 13:57:42 schwarze Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -64,9 +64,10 @@ #include #include #include -#include #include +#include "x509_lcl.h" + static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); @@ -86,7 +87,7 @@ static X509_LOOKUP_METHOD x509_file_lookup = { X509_LOOKUP_METHOD * X509_LOOKUP_file(void) { - return (&x509_file_lookup); + return &x509_file_lookup; } static int @@ -114,7 +115,7 @@ by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, } break; } - return (ok); + return ok; } int @@ -125,9 +126,7 @@ X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) int i, count = 0; X509 *x = NULL; - if (file == NULL) - return (1); - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { X509error(ERR_R_SYS_LIB); @@ -136,7 +135,7 @@ X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) if (type == X509_FILETYPE_PEM) { for (;;) { - x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL); + x = PEM_read_bio_X509_AUX(in, NULL, NULL, ""); if (x == NULL) { if ((ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) && (count > 0)) { @@ -172,7 +171,7 @@ X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) err: X509_free(x); BIO_free(in); - return (ret); + return ret; } int @@ -183,9 +182,7 @@ X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) int i, count = 0; X509_CRL *x = NULL; - if (file == NULL) - return (1); - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { X509error(ERR_R_SYS_LIB); @@ -194,7 +191,7 @@ X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) if (type == X509_FILETYPE_PEM) { for (;;) { - x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); + x = PEM_read_bio_X509_CRL(in, NULL, NULL, ""); if (x == NULL) { if ((ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) && (count > 0)) { @@ -228,10 +225,9 @@ X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) goto err; } err: - if (x != NULL) - X509_CRL_free(x); + X509_CRL_free(x); BIO_free(in); - return (ret); + return ret; } int @@ -241,6 +237,7 @@ X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) X509_INFO *itmp; BIO *in; int i, count = 0; + if (type != X509_FILETYPE_PEM) return X509_load_cert_file(ctx, file, type); in = BIO_new_file(file, "r"); @@ -248,7 +245,7 @@ X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) X509error(ERR_R_SYS_LIB); return 0; } - inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); + inf = PEM_X509_INFO_read_bio(in, NULL, NULL, ""); BIO_free(in); if (!inf) { X509error(ERR_R_PEM_LIB); @@ -265,6 +262,8 @@ X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) count++; } } + if (count == 0) + X509error(X509_R_NO_CERTIFICATE_OR_CRL_FOUND); sk_X509_INFO_pop_free(inf, X509_INFO_free); return count; } diff --git a/crypto/x509/by_mem.c b/crypto/x509/by_mem.c index 34d4040d..272877f8 100644 --- a/crypto/x509/by_mem.c +++ b/crypto/x509/by_mem.c @@ -1,4 +1,4 @@ -/* $OpenBSD: by_mem.c,v 1.4 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: by_mem.c,v 1.5 2021/11/01 20:53:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -68,6 +68,8 @@ #include #include +#include "x509_lcl.h" + static int by_mem_ctrl(X509_LOOKUP *, int, const char *, long, char **); static X509_LOOKUP_METHOD x509_mem_lookup = { diff --git a/crypto/x509/ext_dat.h b/crypto/x509/ext_dat.h index 18d60b76..59815c95 100644 --- a/crypto/x509/ext_dat.h +++ b/crypto/x509/ext_dat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ext_dat.h,v 1.3 2021/09/02 21:27:26 job Exp $ */ +/* $OpenBSD: ext_dat.h,v 1.4 2021/11/24 19:22:14 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -73,6 +73,7 @@ extern X509V3_EXT_METHOD v3_crl_hold, v3_pci; extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; extern const X509V3_EXT_METHOD v3_addr, v3_asid; +extern const X509V3_EXT_METHOD v3_ct_scts[3]; /* This table will be searched using OBJ_bsearch so it *must* kept in * order of the ext_nid values. @@ -129,6 +130,11 @@ static const X509V3_EXT_METHOD *standard_exts[] = { &v3_idp, &v3_alt[2], &v3_freshest_crl, +#ifndef OPENSSL_NO_CT + &v3_ct_scts[0], + &v3_ct_scts[1], + &v3_ct_scts[2], +#endif }; /* Number of standard extensions */ diff --git a/crypto/x509/pcy_cache.c b/crypto/x509/pcy_cache.c index 896ba7d5..debca302 100644 --- a/crypto/x509/pcy_cache.c +++ b/crypto/x509/pcy_cache.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pcy_cache.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ +/* $OpenBSD: pcy_cache.c,v 1.2 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -60,6 +60,7 @@ #include #include "pcy_int.h" +#include "x509_lcl.h" static int policy_data_cmp(const X509_POLICY_DATA * const *a, const X509_POLICY_DATA * const *b); diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c index 287a430c..f2e5d325 100644 --- a/crypto/x509/pcy_map.c +++ b/crypto/x509/pcy_map.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pcy_map.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ +/* $OpenBSD: pcy_map.c,v 1.2 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -60,6 +60,7 @@ #include #include "pcy_int.h" +#include "x509_lcl.h" /* Set policy mapping entries in cache. * Note: this modifies the passed POLICY_MAPPINGS structure diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c index d0f7cd1a..284c08e6 100644 --- a/crypto/x509/pcy_tree.c +++ b/crypto/x509/pcy_tree.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pcy_tree.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ +/* $OpenBSD: pcy_tree.c,v 1.2 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -60,6 +60,7 @@ #include #include "pcy_int.h" +#include "x509_lcl.h" /* Enable this to print out the complete policy tree at various point during * evaluation. diff --git a/crypto/x509/x509_addr.c b/crypto/x509/x509_addr.c index ccc06bb0..e15bf821 100644 --- a/crypto/x509/x509_addr.c +++ b/crypto/x509/x509_addr.c @@ -1,16 +1,66 @@ +/* $OpenBSD: x509_addr.c,v 1.83 2022/05/25 17:10:30 tb Exp $ */ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Contributed to the OpenSSL Project by the American Registry for + * Internet Numbers ("ARIN"). + */ +/* ==================================================================== + * Copyright (c) 2006-2016 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). */ /* * Implementation of RFC 3779 section 2.2. */ +#include #include #include #include @@ -23,7 +73,9 @@ #include #include -#include "ext_dat.h" +#include "asn1_locl.h" +#include "bytestring.h" +#include "x509_lcl.h" #ifndef OPENSSL_NO_RFC3779 @@ -147,7 +199,6 @@ static const ASN1_TEMPLATE IPAddrBlocks_item_tt = { .item = &IPAddressFamily_it, }; -/* XXX: maybe special? */ static const ASN1_ITEM IPAddrBlocks_it = { .itype = ASN1_ITYPE_PRIMITIVE, .utype = -1, @@ -258,6 +309,60 @@ IPAddressFamily_free(IPAddressFamily *a) ASN1_item_free((ASN1_VALUE *)a, &IPAddressFamily_it); } +/* + * Convenience accessors for IPAddressFamily. + */ + +static int +IPAddressFamily_type(IPAddressFamily *af) +{ + /* XXX - can af->ipAddressChoice == NULL actually happen? */ + if (af == NULL || af->ipAddressChoice == NULL) + return -1; + + switch (af->ipAddressChoice->type) { + case IPAddressChoice_inherit: + case IPAddressChoice_addressesOrRanges: + return af->ipAddressChoice->type; + default: + return -1; + } +} + +static IPAddressOrRanges * +IPAddressFamily_addressesOrRanges(IPAddressFamily *af) +{ + if (IPAddressFamily_type(af) == IPAddressChoice_addressesOrRanges) + return af->ipAddressChoice->u.addressesOrRanges; + + return NULL; +} + +static ASN1_NULL * +IPAddressFamily_inheritance(IPAddressFamily *af) +{ + if (IPAddressFamily_type(af) == IPAddressChoice_inherit) + return af->ipAddressChoice->u.inherit; + + return NULL; +} + +static int +IPAddressFamily_set_inheritance(IPAddressFamily *af) +{ + if (IPAddressFamily_addressesOrRanges(af) != NULL) + return 0; + + if (IPAddressFamily_inheritance(af) != NULL) + return 1; + + if ((af->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL) + return 0; + af->ipAddressChoice->type = IPAddressChoice_inherit; + + return 1; +} + /* * How much buffer space do we need for a raw address? */ @@ -279,48 +384,180 @@ length_from_afi(const unsigned afi) } } +/* + * Get AFI and optional SAFI from an IPAddressFamily. All three out arguments + * are optional; if |out_safi| is non-NULL, |safi_is_set| must be non-NULL. + */ +static int +IPAddressFamily_afi_safi(const IPAddressFamily *af, uint16_t *out_afi, + uint8_t *out_safi, int *safi_is_set) +{ + CBS cbs; + uint16_t afi; + uint8_t safi = 0; + int got_safi = 0; + + CBS_init(&cbs, af->addressFamily->data, af->addressFamily->length); + + if (!CBS_get_u16(&cbs, &afi)) + return 0; + + /* Fetch the optional SAFI. */ + if (CBS_len(&cbs) != 0) { + if (!CBS_get_u8(&cbs, &safi)) + return 0; + got_safi = 1; + } + + /* If there's anything left, it's garbage. */ + if (CBS_len(&cbs) != 0) + return 0; + + /* XXX - error on reserved AFI/SAFI? */ + + if (out_afi != NULL) + *out_afi = afi; + + if (out_safi != NULL) { + *out_safi = safi; + *safi_is_set = got_safi; + } + + return 1; +} + +static int +IPAddressFamily_afi(const IPAddressFamily *af, uint16_t *out_afi) +{ + return IPAddressFamily_afi_safi(af, out_afi, NULL, NULL); +} + +static int +IPAddressFamily_afi_is_valid(const IPAddressFamily *af) +{ + return IPAddressFamily_afi_safi(af, NULL, NULL, NULL); +} + +static int +IPAddressFamily_afi_length(const IPAddressFamily *af, int *out_length) +{ + uint16_t afi; + + *out_length = 0; + + if (!IPAddressFamily_afi(af, &afi)) + return 0; + + *out_length = length_from_afi(afi); + + return 1; +} + +#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) + +/* + * Sort comparison function for a sequence of IPAddressFamily. + * + * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about + * the ordering: I can read it as meaning that IPv6 without a SAFI + * comes before IPv4 with a SAFI, which seems pretty weird. The + * examples in appendix B suggest that the author intended the + * null-SAFI rule to apply only within a single AFI, which is what I + * would have expected and is what the following code implements. + */ +static int +IPAddressFamily_cmp(const IPAddressFamily *const *a_, + const IPAddressFamily *const *b_) +{ + const ASN1_OCTET_STRING *a = (*a_)->addressFamily; + const ASN1_OCTET_STRING *b = (*b_)->addressFamily; + int len, cmp; + + len = MINIMUM(a->length, b->length); + + if ((cmp = memcmp(a->data, b->data, len)) != 0) + return cmp; + + return a->length - b->length; +} + +static IPAddressFamily * +IPAddressFamily_find_in_parent(IPAddrBlocks *parent, IPAddressFamily *child_af) +{ + int index; + + (void)sk_IPAddressFamily_set_cmp_func(parent, IPAddressFamily_cmp); + + if ((index = sk_IPAddressFamily_find(parent, child_af)) < 0) + return NULL; + + return sk_IPAddressFamily_value(parent, index); +} + /* * Extract the AFI from an IPAddressFamily. + * + * This is public API. It uses the reserved AFI 0 as an in-band error + * while it doesn't care about the reserved AFI 65535... */ unsigned int -X509v3_addr_get_afi(const IPAddressFamily *f) +X509v3_addr_get_afi(const IPAddressFamily *af) { - if (f == NULL || - f->addressFamily == NULL || - f->addressFamily->data == NULL || - f->addressFamily->length < 2) + uint16_t afi; + + /* + * XXX are these NULL checks really sensible? If af is non-NULL, it + * should have both addressFamily and ipAddressChoice... + */ + if (af == NULL || af->addressFamily == NULL || + af->addressFamily->data == NULL) + return 0; + + if (!IPAddressFamily_afi(af, &afi)) return 0; - return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1]; + + return afi; } /* - * Expand the bitstring form of an address into a raw byte array. - * At the moment this is coded for simplicity, not speed. + * Expand the bitstring form (RFC 3779, section 2.1.2) of an address into + * a raw byte array. At the moment this is coded for simplicity, not speed. + * + * Unused bits in the last octet of |bs| and all bits in subsequent bytes + * of |addr| are set to 0 or 1 depending on whether |fill| is 0 or not. */ static int addr_expand(unsigned char *addr, const ASN1_BIT_STRING *bs, const int length, - const unsigned char fill) + uint8_t fill) { if (bs->length < 0 || bs->length > length) return 0; + + if (fill != 0) + fill = 0xff; + if (bs->length > 0) { + /* XXX - shouldn't this check ASN1_STRING_FLAG_BITS_LEFT? */ + uint8_t unused_bits = bs->flags & 7; + uint8_t mask = (1 << unused_bits) - 1; + memcpy(addr, bs->data, bs->length); - if ((bs->flags & 7) != 0) { - unsigned char mask = 0xFF >> (8 - (bs->flags & 7)); - if (fill == 0) - addr[bs->length - 1] &= ~mask; - else - addr[bs->length - 1] |= mask; - } + + if (fill == 0) + addr[bs->length - 1] &= ~mask; + else + addr[bs->length - 1] |= mask; } + memset(addr + bs->length, fill, length - bs->length); + return 1; } /* - * Extract the prefix length from a bitstring. + * Extract the prefix length from a bitstring: 8 * length - unused bits. */ -#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) +#define addr_prefix_len(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) /* * i2r handler for one address bitstring. @@ -372,29 +609,37 @@ static int i2r_IPAddressOrRanges(BIO *out, const int indent, const IPAddressOrRanges *aors, const unsigned afi) { + const IPAddressOrRange *aor; + const ASN1_BIT_STRING *prefix; + const IPAddressRange *range; int i; + for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) { - const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i); + aor = sk_IPAddressOrRange_value(aors, i); + BIO_printf(out, "%*s", indent, ""); + switch (aor->type) { case IPAddressOrRange_addressPrefix: - if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix)) + prefix = aor->u.addressPrefix; + + if (!i2r_address(out, afi, 0x00, prefix)) return 0; - BIO_printf(out, "/%d\n", - addr_prefixlen(aor->u.addressPrefix)); + BIO_printf(out, "/%d\n", addr_prefix_len(prefix)); continue; case IPAddressOrRange_addressRange: - if (!i2r_address(out, afi, 0x00, - aor->u.addressRange->min)) + range = aor->u.addressRange; + + if (!i2r_address(out, afi, 0x00, range->min)) return 0; BIO_puts(out, "-"); - if (!i2r_address(out, afi, 0xFF, - aor->u.addressRange->max)) + if (!i2r_address(out, afi, 0xff, range->max)) return 0; BIO_puts(out, "\n"); continue; } } + return 1; } @@ -406,10 +651,17 @@ i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method, void *ext, BIO *out, int indent) { const IPAddrBlocks *addr = ext; - int i; + IPAddressFamily *af; + uint16_t afi; + uint8_t safi; + int i, safi_is_set; + for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { - IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); - const unsigned int afi = X509v3_addr_get_afi(f); + af = sk_IPAddressFamily_value(addr, i); + + if (!IPAddressFamily_afi_safi(af, &afi, &safi, &safi_is_set)) + goto print_addresses; + switch (afi) { case IANA_AFI_IPV4: BIO_printf(out, "%*sIPv4", indent, ""); @@ -421,8 +673,8 @@ i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method, void *ext, BIO *out, BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi); break; } - if (f->addressFamily->length > 2) { - switch (f->addressFamily->data[2]) { + if (safi_is_set) { + switch (safi) { case 1: BIO_puts(out, " (Unicast)"); break; @@ -448,23 +700,23 @@ i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method, void *ext, BIO *out, BIO_puts(out, " (MPLS-labeled VPN)"); break; default: - BIO_printf(out, " (Unknown SAFI %u)", - (unsigned)f->addressFamily->data[2]); + BIO_printf(out, " (Unknown SAFI %u)", safi); break; } } - switch (f->ipAddressChoice->type) { + + print_addresses: + switch (IPAddressFamily_type(af)) { case IPAddressChoice_inherit: BIO_puts(out, ": inherit\n"); break; case IPAddressChoice_addressesOrRanges: BIO_puts(out, ":\n"); - if (!i2r_IPAddressOrRanges(out, - indent + 2, - f->ipAddressChoice-> - u.addressesOrRanges, afi)) + if (!i2r_IPAddressOrRanges(out, indent + 2, + IPAddressFamily_addressesOrRanges(af), afi)) return 0; break; + /* XXX - how should we handle -1 here? */ } } return 1; @@ -485,19 +737,19 @@ IPAddressOrRange_cmp(const IPAddressOrRange *a, const IPAddressOrRange *b, const int length) { unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN]; - int prefixlen_a = 0, prefixlen_b = 0; + int prefix_len_a = 0, prefix_len_b = 0; int r; switch (a->type) { case IPAddressOrRange_addressPrefix: if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00)) return -1; - prefixlen_a = addr_prefixlen(a->u.addressPrefix); + prefix_len_a = addr_prefix_len(a->u.addressPrefix); break; case IPAddressOrRange_addressRange: if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00)) return -1; - prefixlen_a = length * 8; + prefix_len_a = length * 8; break; } @@ -505,19 +757,19 @@ IPAddressOrRange_cmp(const IPAddressOrRange *a, const IPAddressOrRange *b, case IPAddressOrRange_addressPrefix: if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00)) return -1; - prefixlen_b = addr_prefixlen(b->u.addressPrefix); + prefix_len_b = addr_prefix_len(b->u.addressPrefix); break; case IPAddressOrRange_addressRange: if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00)) return -1; - prefixlen_b = length * 8; + prefix_len_b = length * 8; break; } if ((r = memcmp(addr_a, addr_b, length)) != 0) return r; else - return prefixlen_a - prefixlen_b; + return prefix_len_a - prefix_len_b; } /* @@ -545,6 +797,8 @@ v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a, /* * Calculate whether a range collapses to a prefix. * See last paragraph of RFC 3779 2.2.3.7. + * + * It's the caller's responsibility to ensure that min <= max. */ static int range_should_be_prefix(const unsigned char *min, const unsigned char *max, @@ -553,11 +807,9 @@ range_should_be_prefix(const unsigned char *min, const unsigned char *max, unsigned char mask; int i, j; - if (memcmp(min, max, length) <= 0) - return -1; for (i = 0; i < length && min[i] == max[i]; i++) continue; - for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) + for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xff; j--) continue; if (i < j) return -1; @@ -574,16 +826,16 @@ range_should_be_prefix(const unsigned char *min, const unsigned char *max, case 0x07: j = 5; break; - case 0x0F: + case 0x0f: j = 4; break; - case 0x1F: + case 0x1f: j = 3; break; - case 0x3F: + case 0x3f: j = 2; break; - case 0x7F: + case 0x7f: j = 1; break; default: @@ -596,31 +848,45 @@ range_should_be_prefix(const unsigned char *min, const unsigned char *max, } /* - * Construct a prefix. + * Fill IPAddressOrRange with bit string encoding of a prefix - RFC 3779, 2.1.1. */ static int -make_addressPrefix(IPAddressOrRange **result, unsigned char *addr, - const int prefixlen) +make_addressPrefix(IPAddressOrRange **out_aor, uint8_t *addr, uint32_t afi, + int prefix_len) { - int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8; - IPAddressOrRange *aor = IPAddressOrRange_new(); + IPAddressOrRange *aor = NULL; + int afi_len, max_len, num_bits, num_octets; + uint8_t unused_bits; + + if (prefix_len < 0) + goto err; + + max_len = 16; + if ((afi_len = length_from_afi(afi)) > 0) + max_len = afi_len; + if (prefix_len > 8 * max_len) + goto err; + + num_octets = (prefix_len + 7) / 8; + num_bits = prefix_len % 8; + + unused_bits = 0; + if (num_bits > 0) + unused_bits = 8 - num_bits; + + if ((aor = IPAddressOrRange_new()) == NULL) + goto err; - if (aor == NULL) - return 0; aor->type = IPAddressOrRange_addressPrefix; - if (aor->u.addressPrefix == NULL && - (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL) + + if ((aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL) goto err; - if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen)) + if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, num_octets)) + goto err; + if (!asn1_abs_set_unused_bits(aor->u.addressPrefix, unused_bits)) goto err; - aor->u.addressPrefix->flags &= ~7; - aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT; - if (bitlen > 0) { - aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen); - aor->u.addressPrefix->flags |= 8 - bitlen; - } - *result = aor; + *out_aor = aor; return 1; err: @@ -628,62 +894,126 @@ make_addressPrefix(IPAddressOrRange **result, unsigned char *addr, return 0; } +static uint8_t +count_trailing_zeroes(uint8_t octet) +{ + uint8_t count = 0; + + if (octet == 0) + return 8; + + while ((octet & (1 << count)) == 0) + count++; + + return count; +} + +static int +trim_end_u8(CBS *cbs, uint8_t trim) +{ + uint8_t octet; + + while (CBS_len(cbs) > 0) { + if (!CBS_peek_last_u8(cbs, &octet)) + return 0; + if (octet != trim) + return 1; + if (!CBS_get_last_u8(cbs, &octet)) + return 0; + } + + return 1; +} + /* - * Construct a range. If it can be expressed as a prefix, - * return a prefix instead. Doing this here simplifies - * the rest of the code considerably. + * Populate IPAddressOrRange with bit string encoding of a range, see + * RFC 3779, 2.1.2. */ static int -make_addressRange(IPAddressOrRange **result, unsigned char *min, - unsigned char *max, const int length) +make_addressRange(IPAddressOrRange **out_aor, uint8_t *min, uint8_t *max, + uint32_t afi, int length) { - IPAddressOrRange *aor; - int i, prefixlen; + IPAddressOrRange *aor = NULL; + IPAddressRange *range; + int prefix_len; + CBS cbs; + size_t max_len, min_len; + uint8_t unused_bits_min, unused_bits_max; + uint8_t octet; + + if (memcmp(min, max, length) > 0) + goto err; + + /* + * RFC 3779, 2.2.3.6 - a range that can be expressed as a prefix + * must be encoded as a prefix. + */ + + if ((prefix_len = range_should_be_prefix(min, max, length)) >= 0) + return make_addressPrefix(out_aor, min, afi, prefix_len); + + /* + * The bit string representing min is formed by removing all its + * trailing zero bits, so remove all trailing zero octets and count + * the trailing zero bits of the last octet. + */ + + CBS_init(&cbs, min, length); + + if (!trim_end_u8(&cbs, 0x00)) + goto err; + + unused_bits_min = 0; + if ((min_len = CBS_len(&cbs)) > 0) { + if (!CBS_peek_last_u8(&cbs, &octet)) + goto err; + + unused_bits_min = count_trailing_zeroes(octet); + } + + /* + * The bit string representing max is formed by removing all its + * trailing one bits, so remove all trailing 0xff octets and count + * the trailing ones of the last octet. + */ + + CBS_init(&cbs, max, length); + + if (!trim_end_u8(&cbs, 0xff)) + goto err; + + unused_bits_max = 0; + if ((max_len = CBS_len(&cbs)) > 0) { + if (!CBS_peek_last_u8(&cbs, &octet)) + goto err; - if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0) - return make_addressPrefix(result, min, prefixlen); + unused_bits_max = count_trailing_zeroes(octet + 1); + } + + /* + * Populate IPAddressOrRange. + */ if ((aor = IPAddressOrRange_new()) == NULL) - return 0; + goto err; + aor->type = IPAddressOrRange_addressRange; - if ((aor->u.addressRange = IPAddressRange_new()) == NULL) + + if ((range = aor->u.addressRange = IPAddressRange_new()) == NULL) goto err; - if (aor->u.addressRange->min == NULL && - (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL) + + if (!ASN1_BIT_STRING_set(range->min, min, min_len)) goto err; - if (aor->u.addressRange->max == NULL && - (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL) + if (!asn1_abs_set_unused_bits(range->min, unused_bits_min)) goto err; - for (i = length; i > 0 && min[i - 1] == 0x00; --i) - continue; - if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i)) + if (!ASN1_BIT_STRING_set(range->max, max, max_len)) goto err; - aor->u.addressRange->min->flags &= ~7; - aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT; - if (i > 0) { - unsigned char b = min[i - 1]; - int j = 1; - while ((b & (0xFFU >> j)) != 0) - ++j; - aor->u.addressRange->min->flags |= 8 - j; - } - - for (i = length; i > 0 && max[i - 1] == 0xFF; --i) - continue; - if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i)) + if (!asn1_abs_set_unused_bits(range->max, unused_bits_max)) goto err; - aor->u.addressRange->max->flags &= ~7; - aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT; - if (i > 0) { - unsigned char b = max[i - 1]; - int j = 1; - while ((b & (0xFFU >> j)) != (0xFFU >> j)) - ++j; - aor->u.addressRange->max->flags |= 8 - j; - } - *result = aor; + *out_aor = aor; + return 1; err: @@ -698,44 +1028,54 @@ static IPAddressFamily * make_IPAddressFamily(IPAddrBlocks *addr, const unsigned afi, const unsigned *safi) { - IPAddressFamily *f; - unsigned char key[3]; - int keylen; + IPAddressFamily *af = NULL; + CBB cbb; + CBS cbs; + uint8_t *key = NULL; + size_t keylen; int i; - key[0] = (afi >> 8) & 0xFF; - key[1] = afi & 0xFF; + if (!CBB_init(&cbb, 0)) + goto err; + + /* XXX - should afi <= 65535 and *safi <= 255 be checked here? */ + + if (!CBB_add_u16(&cbb, afi)) + goto err; if (safi != NULL) { - key[2] = *safi & 0xFF; - keylen = 3; - } else { - keylen = 2; + if (!CBB_add_u8(&cbb, *safi)) + goto err; } + if (!CBB_finish(&cbb, &key, &keylen)) + goto err; + for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { - f = sk_IPAddressFamily_value(addr, i); - if (f->addressFamily->length == keylen && - !memcmp(f->addressFamily->data, key, keylen)) - return f; + af = sk_IPAddressFamily_value(addr, i); + + CBS_init(&cbs, af->addressFamily->data, + af->addressFamily->length); + if (CBS_mem_equal(&cbs, key, keylen)) + goto done; } - if ((f = IPAddressFamily_new()) == NULL) - goto err; - if (f->ipAddressChoice == NULL && - (f->ipAddressChoice = IPAddressChoice_new()) == NULL) - goto err; - if (f->addressFamily == NULL && - (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL) + if ((af = IPAddressFamily_new()) == NULL) goto err; - if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen)) + if (!ASN1_OCTET_STRING_set(af->addressFamily, key, keylen)) goto err; - if (!sk_IPAddressFamily_push(addr, f)) + if (!sk_IPAddressFamily_push(addr, af)) goto err; - return f; + done: + free(key); + + return af; err: - IPAddressFamily_free(f); + CBB_cleanup(&cbb); + free(key); + IPAddressFamily_free(af); + return NULL; } @@ -746,20 +1086,12 @@ int X509v3_addr_add_inherit(IPAddrBlocks *addr, const unsigned afi, const unsigned *safi) { - IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); - if (f == NULL || - f->ipAddressChoice == NULL || - (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && - f->ipAddressChoice->u.addressesOrRanges != NULL)) - return 0; - if (f->ipAddressChoice->type == IPAddressChoice_inherit && - f->ipAddressChoice->u.inherit != NULL) - return 1; - if (f->ipAddressChoice->u.inherit == NULL && - (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL) + IPAddressFamily *af; + + if ((af = make_IPAddressFamily(addr, afi, safi)) == NULL) return 0; - f->ipAddressChoice->type = IPAddressChoice_inherit; - return 1; + + return IPAddressFamily_set_inheritance(af); } /* @@ -769,20 +1101,21 @@ static IPAddressOrRanges * make_prefix_or_range(IPAddrBlocks *addr, const unsigned afi, const unsigned *safi) { - IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); + IPAddressFamily *af; IPAddressOrRanges *aors = NULL; - if (f == NULL || - f->ipAddressChoice == NULL || - (f->ipAddressChoice->type == IPAddressChoice_inherit && - f->ipAddressChoice->u.inherit != NULL)) + if ((af = make_IPAddressFamily(addr, afi, safi)) == NULL) + return NULL; + + if (IPAddressFamily_inheritance(af) != NULL) return NULL; - if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) - aors = f->ipAddressChoice->u.addressesOrRanges; - if (aors != NULL) + + if ((aors = IPAddressFamily_addressesOrRanges(af)) != NULL) return aors; + if ((aors = sk_IPAddressOrRange_new_null()) == NULL) return NULL; + switch (afi) { case IANA_AFI_IPV4: (void)sk_IPAddressOrRange_set_cmp_func(aors, @@ -793,8 +1126,10 @@ make_prefix_or_range(IPAddrBlocks *addr, const unsigned afi, v6IPAddressOrRange_cmp); break; } - f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; - f->ipAddressChoice->u.addressesOrRanges = aors; + + af->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; + af->ipAddressChoice->u.addressesOrRanges = aors; + return aors; } @@ -803,16 +1138,23 @@ make_prefix_or_range(IPAddrBlocks *addr, const unsigned afi, */ int X509v3_addr_add_prefix(IPAddrBlocks *addr, const unsigned afi, - const unsigned *safi, unsigned char *a, const int prefixlen) + const unsigned *safi, unsigned char *a, const int prefix_len) { - IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); + IPAddressOrRanges *aors; IPAddressOrRange *aor; - if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen)) + + if ((aors = make_prefix_or_range(addr, afi, safi)) == NULL) return 0; - if (sk_IPAddressOrRange_push(aors, aor)) - return 1; - IPAddressOrRange_free(aor); - return 0; + + if (!make_addressPrefix(&aor, a, afi, prefix_len)) + return 0; + + if (sk_IPAddressOrRange_push(aors, aor) <= 0) { + IPAddressOrRange_free(aor); + return 0; + } + + return 1; } /* @@ -822,17 +1164,41 @@ int X509v3_addr_add_range(IPAddrBlocks *addr, const unsigned afi, const unsigned *safi, unsigned char *min, unsigned char *max) { - IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); + IPAddressOrRanges *aors; IPAddressOrRange *aor; - int length = length_from_afi(afi); - if (aors == NULL) + int length; + + if ((aors = make_prefix_or_range(addr, afi, safi)) == NULL) return 0; - if (!make_addressRange(&aor, min, max, length)) + + length = length_from_afi(afi); + + if (!make_addressRange(&aor, min, max, afi, length)) return 0; - if (sk_IPAddressOrRange_push(aors, aor)) + + if (sk_IPAddressOrRange_push(aors, aor) <= 0) { + IPAddressOrRange_free(aor); + return 0; + } + + return 1; +} + +static int +extract_min_max_bitstr(IPAddressOrRange *aor, ASN1_BIT_STRING **out_min, + ASN1_BIT_STRING **out_max) +{ + switch (aor->type) { + case IPAddressOrRange_addressPrefix: + *out_min = *out_max = aor->u.addressPrefix; return 1; - IPAddressOrRange_free(aor); - return 0; + case IPAddressOrRange_addressRange: + *out_min = aor->u.addressRange->min; + *out_max = aor->u.addressRange->max; + return 1; + default: + return 0; + } } /* @@ -842,18 +1208,18 @@ static int extract_min_max(IPAddressOrRange *aor, unsigned char *min, unsigned char *max, int length) { + ASN1_BIT_STRING *min_bitstr, *max_bitstr; + if (aor == NULL || min == NULL || max == NULL) return 0; - switch (aor->type) { - case IPAddressOrRange_addressPrefix: - return (addr_expand(min, aor->u.addressPrefix, length, 0x00) && - addr_expand(max, aor->u.addressPrefix, length, 0xFF)); - case IPAddressOrRange_addressRange: - return (addr_expand(min, aor->u.addressRange->min, length, - 0x00) && - addr_expand(max, aor->u.addressRange->max, length, 0xFF)); - } - return 0; + + if (!extract_min_max_bitstr(aor, &min_bitstr, &max_bitstr)) + return 0; + + if (!addr_expand(min, min_bitstr, length, 0)) + return 0; + + return addr_expand(max, max_bitstr, length, 1); } /* @@ -863,36 +1229,18 @@ int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, unsigned char *min, unsigned char *max, const int length) { - int afi_length = length_from_afi(afi); - if (aor == NULL || min == NULL || max == NULL || - afi_length == 0 || length < afi_length || - (aor->type != IPAddressOrRange_addressPrefix && - aor->type != IPAddressOrRange_addressRange) || - !extract_min_max(aor, min, max, afi_length)) + int afi_len; + + if ((afi_len = length_from_afi(afi)) == 0) return 0; - return afi_length; -} + if (length < afi_len) + return 0; -/* - * Sort comparison function for a sequence of IPAddressFamily. - * - * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about - * the ordering: I can read it as meaning that IPv6 without a SAFI - * comes before IPv4 with a SAFI, which seems pretty weird. The - * examples in appendix B suggest that the author intended the - * null-SAFI rule to apply only within a single AFI, which is what I - * would have expected and is what the following code implements. - */ -static int -IPAddressFamily_cmp(const IPAddressFamily *const *a_, - const IPAddressFamily *const *b_) -{ - const ASN1_OCTET_STRING *a = (*a_)->addressFamily; - const ASN1_OCTET_STRING *b = (*b_)->addressFamily; - int len = ((a->length <= b->length) ? a->length : b->length); - int cmp = memcmp(a->data, b->data, len); - return cmp ? cmp : a->length - b->length; + if (!extract_min_max(aor, min, max, afi_len)) + return 0; + + return afi_len; } /* @@ -903,8 +1251,10 @@ X509v3_addr_is_canonical(IPAddrBlocks *addr) { unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; + IPAddressFamily *af; IPAddressOrRanges *aors; - int i, j, k; + IPAddressOrRange *aor, *aor_a, *aor_b; + int i, j, k, length; /* * Empty extension is canonical. @@ -918,6 +1268,13 @@ X509v3_addr_is_canonical(IPAddrBlocks *addr) for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) { const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i); const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1); + + /* Check that both have valid AFIs before comparing them. */ + if (!IPAddressFamily_afi_is_valid(a)) + return 0; + if (!IPAddressFamily_afi_is_valid(b)) + return 0; + if (IPAddressFamily_cmp(&a, &b) >= 0) return 0; } @@ -926,38 +1283,33 @@ X509v3_addr_is_canonical(IPAddrBlocks *addr) * Top level's ok, now check each address family. */ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { - IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); - int length = length_from_afi(X509v3_addr_get_afi(f)); + af = sk_IPAddressFamily_value(addr, i); + + if (!IPAddressFamily_afi_length(af, &length)) + return 0; /* - * Inheritance is canonical. Anything other than inheritance - * or a SEQUENCE OF IPAddressOrRange is an ASN.1 error or - * something. + * If this family has an inheritance element, it is canonical. */ - if (f == NULL || f->ipAddressChoice == NULL) - return 0; - switch (f->ipAddressChoice->type) { - case IPAddressChoice_inherit: + if (IPAddressFamily_inheritance(af) != NULL) continue; - case IPAddressChoice_addressesOrRanges: - break; - default: - return 0; - } /* - * It's an IPAddressOrRanges sequence, check it. + * If this family has neither an inheritance element nor an + * addressesOrRanges, we don't know what this is. */ - aors = f->ipAddressChoice->u.addressesOrRanges; + if ((aors = IPAddressFamily_addressesOrRanges(af)) == NULL) + return 0; + if (sk_IPAddressOrRange_num(aors) == 0) return 0; + for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) { - IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); - IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, - j + 1); + aor_a = sk_IPAddressOrRange_value(aors, j); + aor_b = sk_IPAddressOrRange_value(aors, j + 1); - if (!extract_min_max(a, a_min, a_max, length) || - !extract_min_max(b, b_min, b_max, length)) + if (!extract_min_max(aor_a, a_min, a_max, length) || + !extract_min_max(aor_b, b_min, b_max, length)) return 0; /* @@ -970,8 +1322,8 @@ X509v3_addr_is_canonical(IPAddrBlocks *addr) return 0; /* - * Punt if adjacent or overlapping. Check for adjacency by - * subtracting one from b_min first. + * Punt if adjacent or overlapping. Check for adjacency + * by subtracting one from b_min first. */ for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--) continue; @@ -981,27 +1333,25 @@ X509v3_addr_is_canonical(IPAddrBlocks *addr) /* * Check for range that should be expressed as a prefix. */ - if (a->type == IPAddressOrRange_addressRange && - range_should_be_prefix(a_min, a_max, length) >= 0) + if (aor_a->type == IPAddressOrRange_addressPrefix) + continue; + + if (range_should_be_prefix(a_min, a_max, length) >= 0) return 0; } /* - * Check range to see if it's inverted or should be a + * Check final range to see if it's inverted or should be a * prefix. */ - j = sk_IPAddressOrRange_num(aors) - 1; - { - IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); - if (a != NULL && - a->type == IPAddressOrRange_addressRange) { - if (!extract_min_max(a, a_min, a_max, length)) - return 0; - if (memcmp(a_min, a_max, length) > 0 || - range_should_be_prefix(a_min, a_max, - length) >= 0) - return 0; - } + aor = sk_IPAddressOrRange_value(aors, j); + if (aor->type == IPAddressOrRange_addressRange) { + if (!extract_min_max(aor, a_min, a_max, length)) + return 0; + if (memcmp(a_min, a_max, length) > 0) + return 0; + if (range_should_be_prefix(a_min, a_max, length) >= 0) + return 0; } } @@ -1017,7 +1367,12 @@ X509v3_addr_is_canonical(IPAddrBlocks *addr) static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, const unsigned afi) { - int i, j, length = length_from_afi(afi); + IPAddressOrRange *a, *b, *merged; + unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; + unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; + int i, j, length; + + length = length_from_afi(afi); /* * Sort the IPAddressOrRanges sequence. @@ -1028,10 +1383,8 @@ IPAddressOrRanges_canonize(IPAddressOrRanges *aors, const unsigned afi) * Clean up representation issues, punt on duplicates or overlaps. */ for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) { - IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i); - IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1); - unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; - unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; + a = sk_IPAddressOrRange_value(aors, i); + b = sk_IPAddressOrRange_value(aors, i + 1); if (!extract_min_max(a, a_min, a_max, length) || !extract_min_max(b, b_min, b_max, length)) @@ -1056,33 +1409,28 @@ IPAddressOrRanges_canonize(IPAddressOrRanges *aors, const unsigned afi) */ for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--) continue; - if (memcmp(a_max, b_min, length) == 0) { - IPAddressOrRange *merged; - if (!make_addressRange(&merged, a_min, b_max, length)) - return 0; - (void)sk_IPAddressOrRange_set(aors, i, merged); - (void)sk_IPAddressOrRange_delete(aors, i + 1); - IPAddressOrRange_free(a); - IPAddressOrRange_free(b); - --i; + + if (memcmp(a_max, b_min, length) != 0) continue; - } + + if (!make_addressRange(&merged, a_min, b_max, afi, length)) + return 0; + sk_IPAddressOrRange_set(aors, i, merged); + (void)sk_IPAddressOrRange_delete(aors, i + 1); + IPAddressOrRange_free(a); + IPAddressOrRange_free(b); + i--; } /* * Check for inverted final range. */ - j = sk_IPAddressOrRange_num(aors) - 1; - { - IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); - if (a != NULL && a->type == IPAddressOrRange_addressRange) { - unsigned char a_min[ADDR_RAW_BUF_LEN], - a_max[ADDR_RAW_BUF_LEN]; - if (!extract_min_max(a, a_min, a_max, length)) - return 0; - if (memcmp(a_min, a_max, length) > 0) - return 0; - } + a = sk_IPAddressOrRange_value(aors, i); + if (a != NULL && a->type == IPAddressOrRange_addressRange) { + if (!extract_min_max(a, a_min, a_max, length)) + return 0; + if (memcmp(a_min, a_max, length) > 0) + return 0; } return 1; @@ -1094,19 +1442,29 @@ IPAddressOrRanges_canonize(IPAddressOrRanges *aors, const unsigned afi) int X509v3_addr_canonize(IPAddrBlocks *addr) { + IPAddressFamily *af; + IPAddressOrRanges *aors; + uint16_t afi; int i; + for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { - IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); - if (f->ipAddressChoice->type == - IPAddressChoice_addressesOrRanges && - !IPAddressOrRanges_canonize(f->ipAddressChoice->u.addressesOrRanges, - X509v3_addr_get_afi(f))) + af = sk_IPAddressFamily_value(addr, i); + + /* Check AFI/SAFI here - IPAddressFamily_cmp() can't error. */ + if (!IPAddressFamily_afi(af, &afi)) + return 0; + + if ((aors = IPAddressFamily_addressesOrRanges(af)) == NULL) + continue; + + if (!IPAddressOrRanges_canonize(aors, afi)) return 0; } + (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); sk_IPAddressFamily_sort(addr); - OPENSSL_assert(X509v3_addr_is_canonical(addr)); - return 1; + + return X509v3_addr_is_canonical(addr); } /* @@ -1132,7 +1490,8 @@ v2i_IPAddrBlocks(const struct v3_ext_method *method, struct v3_ext_ctx *ctx, unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN]; unsigned afi, *safi = NULL, safi_; const char *addr_chars = NULL; - int prefixlen, i1, i2, delim, length; + const char *errstr; + int prefix_len, i1, i2, delim, length; if (!name_cmp(val->name, "IPv4")) { afi = IANA_AFI_IPV4; @@ -1166,14 +1525,44 @@ v2i_IPAddrBlocks(const struct v3_ext_method *method, struct v3_ext_ctx *ctx, * the other input values. */ if (safi != NULL) { - *safi = strtoul(val->value, &t, 0); + unsigned long parsed_safi; + int saved_errno = errno; + + errno = 0; + parsed_safi = strtoul(val->value, &t, 0); + + /* Value must be present, then a tab, space or colon. */ + if (val->value[0] == '\0' || + (*t != '\t' && *t != ' ' && *t != ':')) { + X509V3error(X509V3_R_INVALID_SAFI); + X509V3_conf_err(val); + goto err; + } + /* Range and overflow check. */ + if ((errno == ERANGE && parsed_safi == ULONG_MAX) || + parsed_safi > 0xff) { + X509V3error(X509V3_R_INVALID_SAFI); + X509V3_conf_err(val); + goto err; + } + errno = saved_errno; + + *safi = parsed_safi; + + /* Check possible whitespace is followed by a colon. */ t += strspn(t, " \t"); - if (*safi > 0xFF || *t++ != ':') { + if (*t != ':') { X509V3error(X509V3_R_INVALID_SAFI); X509V3_conf_err(val); goto err; } + + /* Skip over colon. */ + t++; + + /* Then over any trailing whitespace. */ t += strspn(t, " \t"); + s = strdup(t); } else { s = strdup(val->value); @@ -1211,14 +1600,17 @@ v2i_IPAddrBlocks(const struct v3_ext_method *method, struct v3_ext_ctx *ctx, switch (delim) { case '/': - prefixlen = (int)strtoul(s + i2, &t, 10); - if (t == s + i2 || *t != '\0') { + /* length contains the size of the address in bytes. */ + if (length != 4 && length != 16) + goto err; + prefix_len = strtonum(s + i2, 0, 8 * length, &errstr); + if (errstr != NULL) { X509V3error(X509V3_R_EXTENSION_VALUE_ERROR); X509V3_conf_err(val); goto err; } if (!X509v3_addr_add_prefix(addr, afi, safi, min, - prefixlen)) { + prefix_len)) { X509V3error(ERR_R_MALLOC_FAILURE); goto err; } @@ -1280,44 +1672,55 @@ v2i_IPAddrBlocks(const struct v3_ext_method *method, struct v3_ext_ctx *ctx, * OpenSSL dispatch */ const X509V3_EXT_METHOD v3_addr = { - NID_sbgp_ipAddrBlock, /* nid */ - 0, /* flags */ - &IPAddrBlocks_it, - 0, 0, 0, 0, /* old functions, ignored */ - 0, /* i2s */ - 0, /* s2i */ - 0, /* i2v */ - v2i_IPAddrBlocks, /* v2i */ - i2r_IPAddrBlocks, /* i2r */ - 0, /* r2i */ - NULL /* extension-specific data */ + .ext_nid = NID_sbgp_ipAddrBlock, + .ext_flags = 0, + .it = &IPAddrBlocks_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = v2i_IPAddrBlocks, + .i2r = i2r_IPAddrBlocks, + .r2i = NULL, + .usr_data = NULL, }; /* - * Figure out whether extension sues inheritance. + * Figure out whether extension uses inheritance. */ int X509v3_addr_inherits(IPAddrBlocks *addr) { + IPAddressFamily *af; int i; + if (addr == NULL) return 0; + for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { - IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); - if (f->ipAddressChoice->type == IPAddressChoice_inherit) + af = sk_IPAddressFamily_value(addr, i); + + if (IPAddressFamily_inheritance(af) != NULL) return 1; } + return 0; } /* * Figure out whether parent contains child. + * + * This only works correctly if both parent and child are in canonical form. */ static int addr_contains(IPAddressOrRanges *parent, IPAddressOrRanges *child, int length) { - unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN]; - unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN]; + IPAddressOrRange *child_aor, *parent_aor; + uint8_t parent_min[ADDR_RAW_BUF_LEN], parent_max[ADDR_RAW_BUF_LEN]; + uint8_t child_min[ADDR_RAW_BUF_LEN], child_max[ADDR_RAW_BUF_LEN]; int p, c; if (child == NULL || parent == child) @@ -1327,18 +1730,24 @@ addr_contains(IPAddressOrRanges *parent, IPAddressOrRanges *child, int length) p = 0; for (c = 0; c < sk_IPAddressOrRange_num(child); c++) { - if (!extract_min_max(sk_IPAddressOrRange_value(child, c), - c_min, c_max, length)) - return -1; + child_aor = sk_IPAddressOrRange_value(child, c); + + if (!extract_min_max(child_aor, child_min, child_max, length)) + return 0; + for (;; p++) { if (p >= sk_IPAddressOrRange_num(parent)) return 0; - if (!extract_min_max(sk_IPAddressOrRange_value(parent, - p), p_min, p_max, length)) + + parent_aor = sk_IPAddressOrRange_value(parent, p); + + if (!extract_min_max(parent_aor, parent_min, parent_max, + length)) return 0; - if (memcmp(p_max, c_max, length) < 0) + + if (memcmp(parent_max, child_max, length) < 0) continue; - if (memcmp(p_min, c_min, length) > 0) + if (memcmp(parent_min, child_min, length) > 0) return 0; break; } @@ -1348,48 +1757,54 @@ addr_contains(IPAddressOrRanges *parent, IPAddressOrRanges *child, int length) } /* - * Test whether a is a subset of b. + * Test whether |child| is a subset of |parent|. */ int -X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) +X509v3_addr_subset(IPAddrBlocks *child, IPAddrBlocks *parent) { - int i; - if (a == NULL || a == b) + IPAddressFamily *child_af, *parent_af; + IPAddressOrRanges *child_aor, *parent_aor; + int i, length; + + if (child == NULL || child == parent) return 1; - if (b == NULL || X509v3_addr_inherits(a) || X509v3_addr_inherits(b)) + if (parent == NULL) + return 0; + + if (X509v3_addr_inherits(child) || X509v3_addr_inherits(parent)) return 0; - (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); - for (i = 0; i < sk_IPAddressFamily_num(a); i++) { - IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); - int j = sk_IPAddressFamily_find(b, fa); - IPAddressFamily *fb; - fb = sk_IPAddressFamily_value(b, j); - if (fb == NULL) + + for (i = 0; i < sk_IPAddressFamily_num(child); i++) { + child_af = sk_IPAddressFamily_value(child, i); + + parent_af = IPAddressFamily_find_in_parent(parent, child_af); + if (parent_af == NULL) return 0; - if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, - fa->ipAddressChoice->u.addressesOrRanges, - length_from_afi(X509v3_addr_get_afi(fb)))) + + if (!IPAddressFamily_afi_length(parent_af, &length)) + return 0; + + child_aor = IPAddressFamily_addressesOrRanges(child_af); + parent_aor = IPAddressFamily_addressesOrRanges(parent_af); + + if (!addr_contains(parent_aor, child_aor, length)) return 0; } return 1; } -/* - * Validation error handling via callback. - */ -#define validation_err(_err_) \ - do { \ - if (ctx != NULL) { \ - ctx->error = _err_; \ - ctx->error_depth = i; \ - ctx->current_cert = x; \ - ret = ctx->verify_cb(0, ctx); \ - } else { \ - ret = 0; \ - } \ - if (!ret) \ - goto done; \ - } while (0) +static int +verify_error(X509_STORE_CTX *ctx, X509 *cert, int error, int depth) +{ + if (ctx == NULL) + return 0; + + ctx->current_cert = cert; + ctx->error = error; + ctx->error_depth = depth; + + return ctx->verify_cb(0, ctx); +} /* * Core code for RFC 3779 2.3 path validation. @@ -1400,33 +1815,46 @@ X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) * X509_V_OK. */ static int -addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509)*chain, +addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, IPAddrBlocks *ext) { - IPAddrBlocks *child = NULL; - int i, j, ret = 1; - X509 *x; + IPAddrBlocks *child = NULL, *parent = NULL; + IPAddressFamily *child_af, *parent_af; + IPAddressOrRanges *child_aor, *parent_aor; + X509 *cert = NULL; + int depth = -1; + int i; + unsigned int length; + int ret = 1; - OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); - OPENSSL_assert(ctx != NULL || ext != NULL); - OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); + /* We need a non-empty chain to test against. */ + if (sk_X509_num(chain) <= 0) + goto err; + /* We need either a store ctx or an extension to work with. */ + if (ctx == NULL && ext == NULL) + goto err; + /* If there is a store ctx, it needs a verify_cb. */ + if (ctx != NULL && ctx->verify_cb == NULL) + goto err; /* * Figure out where to start. If we don't have an extension to check, - * we're done. Otherwise, check canonical form and set up for walking - * up the chain. + * (either extracted from the leaf or passed by the caller), we're done. + * Otherwise, check canonical form and set up for walking up the chain. */ - if (ext != NULL) { - i = -1; - x = NULL; - } else { - i = 0; - x = sk_X509_value(chain, i); - if ((ext = x->rfc3779_addr) == NULL) + if (ext == NULL) { + depth = 0; + cert = sk_X509_value(chain, depth); + if ((X509_get_extension_flags(cert) & EXFLAG_INVALID) != 0) + goto done; + if ((ext = cert->rfc3779_addr) == NULL) + goto done; + } else if (!X509v3_addr_is_canonical(ext)) { + if ((ret = verify_error(ctx, cert, + X509_V_ERR_INVALID_EXTENSION, depth)) == 0) goto done; } - if (!X509v3_addr_is_canonical(ext)) - validation_err(X509_V_ERR_INVALID_EXTENSION); + (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { X509V3error(ERR_R_MALLOC_FAILURE); @@ -1440,71 +1868,122 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509)*chain, * Now walk up the chain. No cert may list resources that its parent * doesn't list. */ - for (i++; i < sk_X509_num(chain); i++) { - x = sk_X509_value(chain, i); - if (!X509v3_addr_is_canonical(x->rfc3779_addr)) - validation_err(X509_V_ERR_INVALID_EXTENSION); - if (x->rfc3779_addr == NULL) { - for (j = 0; j < sk_IPAddressFamily_num(child); j++) { - IPAddressFamily *fc = sk_IPAddressFamily_value(child, - j); - if (fc->ipAddressChoice->type != - IPAddressChoice_inherit) { - validation_err(X509_V_ERR_UNNESTED_RESOURCE); - break; - } + for (depth++; depth < sk_X509_num(chain); depth++) { + cert = sk_X509_value(chain, depth); + + if ((X509_get_extension_flags(cert) & EXFLAG_INVALID) != 0) { + if ((ret = verify_error(ctx, cert, + X509_V_ERR_INVALID_EXTENSION, depth)) == 0) + goto done; + } + + if ((parent = cert->rfc3779_addr) == NULL) { + for (i = 0; i < sk_IPAddressFamily_num(child); i++) { + child_af = sk_IPAddressFamily_value(child, i); + + if (IPAddressFamily_inheritance(child_af) != + NULL) + continue; + + if ((ret = verify_error(ctx, cert, + X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0) + goto done; + break; } continue; } - (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, - IPAddressFamily_cmp); - for (j = 0; j < sk_IPAddressFamily_num(child); j++) { - IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); - int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); - IPAddressFamily *fp = - sk_IPAddressFamily_value(x->rfc3779_addr, k); - if (fp == NULL) { - if (fc->ipAddressChoice->type == - IPAddressChoice_addressesOrRanges) { - validation_err(X509_V_ERR_UNNESTED_RESOURCE); - break; - } + + /* + * Check that the child's resources are covered by the parent. + * Each covered resource is replaced with the parent's resource + * covering it, so the next iteration will check that the + * parent's resources are covered by the grandparent. + */ + for (i = 0; i < sk_IPAddressFamily_num(child); i++) { + child_af = sk_IPAddressFamily_value(child, i); + + if ((parent_af = IPAddressFamily_find_in_parent(parent, + child_af)) == NULL) { + /* + * If we have no match in the parent and the + * child inherits, that's fine. + */ + if (IPAddressFamily_inheritance(child_af) != + NULL) + continue; + + /* Otherwise the child isn't covered. */ + if ((ret = verify_error(ctx, cert, + X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0) + goto done; + break; + } + + /* Parent inherits, nothing to do. */ + if (IPAddressFamily_inheritance(parent_af) != NULL) + continue; + + /* Child inherits. Use parent's address family. */ + if (IPAddressFamily_inheritance(child_af) != NULL) { + sk_IPAddressFamily_set(child, i, parent_af); continue; } - if (fp->ipAddressChoice->type == - IPAddressChoice_addressesOrRanges) { - if (fc->ipAddressChoice->type == - IPAddressChoice_inherit || - addr_contains(fp->ipAddressChoice->u.addressesOrRanges, - fc->ipAddressChoice->u.addressesOrRanges, - length_from_afi(X509v3_addr_get_afi(fc)))) - sk_IPAddressFamily_set(child, j, fp); - else - validation_err(X509_V_ERR_UNNESTED_RESOURCE); + + child_aor = IPAddressFamily_addressesOrRanges(child_af); + parent_aor = + IPAddressFamily_addressesOrRanges(parent_af); + + /* + * Child and parent are canonical and neither inherits. + * If either addressesOrRanges is NULL, something's + * very wrong. + */ + if (child_aor == NULL || parent_aor == NULL) + goto err; + + if (!IPAddressFamily_afi_length(child_af, &length)) + goto err; + + /* Now check containment and replace or error. */ + if (addr_contains(parent_aor, child_aor, length)) { + sk_IPAddressFamily_set(child, i, parent_af); + continue; } + + if ((ret = verify_error(ctx, cert, + X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0) + goto done; } } /* * Trust anchor can't inherit. */ - if (x->rfc3779_addr != NULL) { - for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) { - IPAddressFamily *fp = - sk_IPAddressFamily_value(x->rfc3779_addr, j); - if (fp->ipAddressChoice->type == - IPAddressChoice_inherit && - sk_IPAddressFamily_find(child, fp) >= 0) - validation_err(X509_V_ERR_UNNESTED_RESOURCE); + if ((parent = cert->rfc3779_addr) != NULL) { + for (i = 0; i < sk_IPAddressFamily_num(parent); i++) { + parent_af = sk_IPAddressFamily_value(parent, i); + + if (IPAddressFamily_inheritance(parent_af) == NULL) + continue; + + if ((ret = verify_error(ctx, cert, + X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0) + goto done; } } done: sk_IPAddressFamily_free(child); return ret; -} -#undef validation_err + err: + sk_IPAddressFamily_free(child); + + if (ctx != NULL) + ctx->error = X509_V_ERR_UNSPECIFIED; + + return 0; +} /* * RFC 3779 2.3 path validation -- called from X509_verify_cert(). @@ -1512,9 +1991,7 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509)*chain, int X509v3_addr_validate_path(X509_STORE_CTX *ctx) { - if (ctx->chain == NULL || - sk_X509_num(ctx->chain) == 0 || - ctx->verify_cb == NULL) { + if (sk_X509_num(ctx->chain) <= 0 || ctx->verify_cb == NULL) { ctx->error = X509_V_ERR_UNSPECIFIED; return 0; } @@ -1526,16 +2003,16 @@ X509v3_addr_validate_path(X509_STORE_CTX *ctx) * Test whether chain covers extension. */ int -X509v3_addr_validate_resource_set(STACK_OF(X509)*chain, IPAddrBlocks *ext, +X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext, int allow_inheritance) { if (ext == NULL) return 1; - if (chain == NULL || sk_X509_num(chain) == 0) + if (sk_X509_num(chain) <= 0) return 0; if (!allow_inheritance && X509v3_addr_inherits(ext)) return 0; return addr_validate_path_internal(NULL, chain, ext); } -#endif /* OPENSSL_NO_RFC3779 */ +#endif /* OPENSSL_NO_RFC3779 */ diff --git a/crypto/x509/x509_alt.c b/crypto/x509/x509_alt.c index 5b9f490b..8656df82 100644 --- a/crypto/x509/x509_alt.c +++ b/crypto/x509/x509_alt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_alt.c,v 1.2 2021/08/24 15:23:03 tb Exp $ */ +/* $OpenBSD: x509_alt.c,v 1.12 2022/03/26 16:34:21 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -63,6 +63,8 @@ #include #include +#include "x509_internal.h" + static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, @@ -612,8 +614,11 @@ GENERAL_NAME * v2i_GENERAL_NAME_ex(GENERAL_NAME *out, const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc) { - int type; + uint8_t *bytes = NULL; char *name, *value; + GENERAL_NAME *ret; + size_t len = 0; + int type; name = cnf->name; value = cnf->value; @@ -643,7 +648,67 @@ v2i_GENERAL_NAME_ex(GENERAL_NAME *out, const X509V3_EXT_METHOD *method, return NULL; } - return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc); + ret = a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc); + if (ret == NULL) + return NULL; + + /* + * Validate what we have for sanity. + */ + + if (is_nc) { + struct x509_constraints_name *constraints_name = NULL; + + if (!x509_constraints_validate(ret, &constraints_name, NULL)) { + X509V3error(X509V3_R_BAD_OBJECT); + ERR_asprintf_error_data("name=%s", name); + goto err; + } + x509_constraints_name_free(constraints_name); + return ret; + } + + type = x509_constraints_general_to_bytes(ret, &bytes, &len); + switch (type) { + case GEN_DNS: + if (!x509_constraints_valid_sandns(bytes, len)) { + X509V3error(X509V3_R_BAD_OBJECT); + ERR_asprintf_error_data("name=%s value='%.*s'", name, + (int)len, bytes); + goto err; + } + break; + case GEN_URI: + if (!x509_constraints_uri_host(bytes, len, NULL)) { + X509V3error(X509V3_R_BAD_OBJECT); + ERR_asprintf_error_data("name=%s value='%.*s'", name, + (int)len, bytes); + goto err; + } + break; + case GEN_EMAIL: + if (!x509_constraints_parse_mailbox(bytes, len, NULL)) { + X509V3error(X509V3_R_BAD_OBJECT); + ERR_asprintf_error_data("name=%s value='%.*s'", name, + (int)len, bytes); + goto err; + } + break; + case GEN_IPADD: + if (len != 4 && len != 16) { + X509V3error(X509V3_R_BAD_IP_ADDRESS); + ERR_asprintf_error_data("name=%s len=%zu", name, len); + goto err; + } + break; + default: + break; + } + return ret; + err: + if (out == NULL) + GENERAL_NAME_free(ret); + return NULL; } static int diff --git a/crypto/x509/x509_asid.c b/crypto/x509/x509_asid.c index ed99ca7b..6c73018b 100644 --- a/crypto/x509/x509_asid.c +++ b/crypto/x509/x509_asid.c @@ -1,17 +1,65 @@ +/* $OpenBSD: x509_asid.c,v 1.35 2022/07/30 17:50:17 tb Exp $ */ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Contributed to the OpenSSL Project by the American Registry for + * Internet Numbers ("ARIN"). + */ +/* ==================================================================== + * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). */ /* * Implementation of RFC 3779 section 3.2. */ -#include #include #include #include @@ -25,7 +73,7 @@ #include #include -#include "ext_dat.h" +#include "x509_lcl.h" #ifndef OPENSSL_NO_RFC3779 @@ -312,7 +360,7 @@ ASIdOrRange_cmp(const ASIdOrRange *const *a_, const ASIdOrRange *const *b_) { const ASIdOrRange *a = *a_, *b = *b_; - /* XXX: these asserts need to be replaced */ + /* XXX: these asserts need to be replaced */ OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) || (a->type == ASIdOrRange_range && a->u.range != NULL && a->u.range->min != NULL && a->u.range->max != NULL)); @@ -425,8 +473,6 @@ X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, ASN1_INTEGER *min, static int extract_min_max(ASIdOrRange *aor, ASN1_INTEGER **min, ASN1_INTEGER **max) { - OPENSSL_assert(aor != NULL); - switch (aor->type) { case ASIdOrRange_id: *min = aor->u.id; @@ -602,7 +648,8 @@ ASIdentifierChoice_canonize(ASIdentifierChoice *choice) /* * Make sure we're properly sorted (paranoia). */ - OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0); + if (ASN1_INTEGER_cmp(a_min, b_min) > 0) + goto done; /* * Punt inverted ranges. @@ -689,7 +736,8 @@ ASIdentifierChoice_canonize(ASIdentifierChoice *choice) } /* Paranoia */ - OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); + if (!ASIdentifierChoice_is_canonical(choice)) + goto done; ret = 1; @@ -705,9 +753,13 @@ ASIdentifierChoice_canonize(ASIdentifierChoice *choice) int X509v3_asid_canonize(ASIdentifiers *asid) { - return (asid == NULL || - (ASIdentifierChoice_canonize(asid->asnum) && - ASIdentifierChoice_canonize(asid->rdi))); + if (asid == NULL) + return 1; + + if (!ASIdentifierChoice_canonize(asid->asnum)) + return 0; + + return ASIdentifierChoice_canonize(asid->rdi); } /* @@ -830,17 +882,20 @@ v2i_ASIdentifiers(const struct v3_ext_method *method, struct v3_ext_ctx *ctx, * OpenSSL dispatch. */ const X509V3_EXT_METHOD v3_asid = { - NID_sbgp_autonomousSysNum, /* nid */ - 0, /* flags */ - &ASIdentifiers_it, /* template */ - 0, 0, 0, 0, /* old functions, ignored */ - 0, /* i2s */ - 0, /* s2i */ - 0, /* i2v */ - v2i_ASIdentifiers, /* v2i */ - i2r_ASIdentifiers, /* i2r */ - 0, /* r2i */ - NULL /* extension-specific data */ + .ext_nid = NID_sbgp_autonomousSysNum, + .ext_flags = 0, + .it = &ASIdentifiers_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = v2i_ASIdentifiers, + .i2r = i2r_ASIdentifiers, + .r2i = NULL, + .usr_data = NULL, }; /* @@ -849,11 +904,20 @@ const X509V3_EXT_METHOD v3_asid = { int X509v3_asid_inherits(ASIdentifiers *asid) { - return (asid != NULL && - ((asid->asnum != NULL && - asid->asnum->type == ASIdentifierChoice_inherit) || - (asid->rdi != NULL && - asid->rdi->type == ASIdentifierChoice_inherit))); + if (asid == NULL) + return 0; + + if (asid->asnum != NULL) { + if (asid->asnum->type == ASIdentifierChoice_inherit) + return 1; + } + + if (asid->rdi != NULL) { + if (asid->rdi->type == ASIdentifierChoice_inherit) + return 1; + } + + return 0; } /* @@ -867,6 +931,7 @@ asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) if (child == NULL || parent == child) return 1; + if (parent == NULL) return 0; @@ -893,20 +958,39 @@ asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) } /* - * Test whether a is a subset of b. + * Test whether child is a subset of parent. */ int -X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) +X509v3_asid_subset(ASIdentifiers *child, ASIdentifiers *parent) { - return (a == NULL || - a == b || - (b != NULL && - !X509v3_asid_inherits(a) && - !X509v3_asid_inherits(b) && - asid_contains(b->asnum->u.asIdsOrRanges, - a->asnum->u.asIdsOrRanges) && - asid_contains(b->rdi->u.asIdsOrRanges, - a->rdi->u.asIdsOrRanges))); + if (child == NULL || child == parent) + return 1; + + if (parent == NULL) + return 0; + + if (X509v3_asid_inherits(child) || X509v3_asid_inherits(parent)) + return 0; + + if (child->asnum != NULL) { + if (parent->asnum == NULL) + return 0; + + if (!asid_contains(parent->asnum->u.asIdsOrRanges, + child->asnum->u.asIdsOrRanges)) + return 0; + } + + if (child->rdi != NULL) { + if (parent->rdi == NULL) + return 0; + + if (!asid_contains(parent->rdi->u.asIdsOrRanges, + child->rdi->u.asIdsOrRanges)) + return 0; + } + + return 1; } /* @@ -930,33 +1014,41 @@ X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) * Core code for RFC 3779 3.3 path validation. */ static int -asid_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509)*chain, +asid_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, ASIdentifiers *ext) { ASIdOrRanges *child_as = NULL, *child_rdi = NULL; int i, ret = 1, inherit_as = 0, inherit_rdi = 0; X509 *x; - OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); - OPENSSL_assert(ctx != NULL || ext != NULL); - OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); + /* We need a non-empty chain to test against. */ + if (sk_X509_num(chain) <= 0) + goto err; + /* We need either a store ctx or an extension to work with. */ + if (ctx == NULL && ext == NULL) + goto err; + /* If there is a store ctx, it needs a verify_cb. */ + if (ctx != NULL && ctx->verify_cb == NULL) + goto err; /* - * Figure out where to start. If we don't have an extension to - * check, we're done. Otherwise, check canonical form and - * set up for walking up the chain. + * Figure out where to start. If we don't have an extension to check, + * (either extracted from the leaf or passed by the caller), we're done. + * Otherwise, check canonical form and set up for walking up the chain. */ if (ext != NULL) { i = -1; x = NULL; + if (!X509v3_asid_is_canonical(ext)) + validation_err(X509_V_ERR_INVALID_EXTENSION); } else { i = 0; x = sk_X509_value(chain, i); + if ((X509_get_extension_flags(x) & EXFLAG_INVALID) != 0) + goto done; if ((ext = x->rfc3779_asid) == NULL) goto done; } - if (!X509v3_asid_is_canonical(ext)) - validation_err(X509_V_ERR_INVALID_EXTENSION); if (ext->asnum != NULL) { switch (ext->asnum->type) { case ASIdentifierChoice_inherit: @@ -984,15 +1076,14 @@ asid_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509)*chain, */ for (i++; i < sk_X509_num(chain); i++) { x = sk_X509_value(chain, i); - OPENSSL_assert(x != NULL); + if ((X509_get_extension_flags(x) & EXFLAG_INVALID) != 0) + validation_err(X509_V_ERR_INVALID_EXTENSION); if (x->rfc3779_asid == NULL) { if (child_as != NULL || child_rdi != NULL) validation_err(X509_V_ERR_UNNESTED_RESOURCE); continue; } - if (!X509v3_asid_is_canonical(x->rfc3779_asid)) - validation_err(X509_V_ERR_INVALID_EXTENSION); if (x->rfc3779_asid->asnum == NULL && child_as != NULL) { validation_err(X509_V_ERR_UNNESTED_RESOURCE); child_as = NULL; @@ -1031,7 +1122,9 @@ asid_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509)*chain, /* * Trust anchor can't inherit. */ - OPENSSL_assert(x != NULL); + + if (x == NULL) + goto err; if (x->rfc3779_asid != NULL) { if (x->rfc3779_asid->asnum != NULL && @@ -1044,6 +1137,12 @@ asid_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509)*chain, done: return ret; + + err: + if (ctx != NULL) + ctx->error = X509_V_ERR_UNSPECIFIED; + + return 0; } #undef validation_err @@ -1054,9 +1153,7 @@ asid_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509)*chain, int X509v3_asid_validate_path(X509_STORE_CTX *ctx) { - if (ctx->chain == NULL || - sk_X509_num(ctx->chain) == 0 || - ctx->verify_cb == NULL) { + if (sk_X509_num(ctx->chain) <= 0 || ctx->verify_cb == NULL) { ctx->error = X509_V_ERR_UNSPECIFIED; return 0; } @@ -1068,12 +1165,12 @@ X509v3_asid_validate_path(X509_STORE_CTX *ctx) * Test whether chain covers extension. */ int -X509v3_asid_validate_resource_set(STACK_OF(X509)*chain, ASIdentifiers *ext, +X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, ASIdentifiers *ext, int allow_inheritance) { if (ext == NULL) return 1; - if (chain == NULL || sk_X509_num(chain) == 0) + if (sk_X509_num(chain) <= 0) return 0; if (!allow_inheritance && X509v3_asid_inherits(ext)) return 0; diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c index 1479b918..8d369df9 100644 --- a/crypto/x509/x509_att.c +++ b/crypto/x509/x509_att.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_att.c,v 1.17 2018/05/18 19:21:33 tb Exp $ */ +/* $OpenBSD: x509_att.c,v 1.19 2022/05/09 19:19:33 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -66,6 +66,8 @@ #include #include +#include "x509_lcl.h" + int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) { @@ -322,10 +324,8 @@ X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, goto err; atype = attrtype; } - if (!(attr->value.set = sk_ASN1_TYPE_new_null())) - goto err; - attr->single = 0; - /* This is a bit naughty because the attribute should really have + /* + * This is a bit naughty because the attribute should really have * at least one value but some types use and zero length SET and * require this. */ @@ -341,7 +341,7 @@ X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, goto err; } else ASN1_TYPE_set(ttmp, atype, stmp); - if (!sk_ASN1_TYPE_push(attr->value.set, ttmp)) + if (!sk_ASN1_TYPE_push(attr->set, ttmp)) goto err; return 1; @@ -355,11 +355,10 @@ X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr) { - if (!attr->single) - return sk_ASN1_TYPE_num(attr->value.set); - if (attr->value.single) - return 1; - return 0; + if (attr == NULL) + return 0; + + return sk_ASN1_TYPE_num(attr->set); } ASN1_OBJECT * @@ -390,10 +389,6 @@ X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx) { if (attr == NULL) return (NULL); - if (idx >= X509_ATTRIBUTE_count(attr)) - return NULL; - if (!attr->single) - return sk_ASN1_TYPE_value(attr->value.set, idx); - else - return attr->value.single; + + return sk_ASN1_TYPE_value(attr->set, idx); } diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 6d6e8408..4fd8d78f 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_cmp.c,v 1.35 2019/03/13 20:34:00 tb Exp $ */ +/* $OpenBSD: x509_cmp.c,v 1.39 2022/02/24 22:05:06 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -68,6 +68,9 @@ #include #include +#include "evp_locl.h" +#include "x509_lcl.h" + int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) { @@ -140,7 +143,7 @@ X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) { - return memcmp(a->sha1_hash, b->sha1_hash, 20); + return memcmp(a->hash, b->hash, X509_CRL_HASH_LEN); } #endif @@ -213,7 +216,7 @@ X509_cmp(const X509 *a, const X509 *b) X509_check_purpose((X509 *)a, -1, 0); X509_check_purpose((X509 *)b, -1, 0); - return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); + return memcmp(a->hash, b->hash, X509_CERT_HASH_LEN); } #endif diff --git a/crypto/x509/x509_conf.c b/crypto/x509/x509_conf.c index 8bf2d10b..cd703fc1 100644 --- a/crypto/x509/x509_conf.c +++ b/crypto/x509/x509_conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_conf.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ +/* $OpenBSD: x509_conf.c,v 1.2 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -66,6 +66,8 @@ #include #include +#include "x509_lcl.h" + static int v3_check_critical(const char **value); static int v3_check_generic(const char **value); static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, diff --git a/crypto/x509/x509_constraints.c b/crypto/x509/x509_constraints.c index db33bf1a..8cd8413d 100644 --- a/crypto/x509/x509_constraints.c +++ b/crypto/x509/x509_constraints.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_constraints.c,v 1.17 2021/09/23 15:49:48 jsing Exp $ */ +/* $OpenBSD: x509_constraints.c,v 1.28 2022/06/27 15:03:11 beck Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -390,7 +390,7 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, } if (c == '@') { if (wi == 0) - goto bad;; + goto bad; if (candidate_local != NULL) goto bad; candidate_local = strdup(working); @@ -424,9 +424,14 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, strlen(candidate_domain))) goto bad; - name->local = candidate_local; - name->name = candidate_domain; - name->type = GEN_EMAIL; + if (name != NULL) { + name->local = candidate_local; + name->name = candidate_domain; + name->type = GEN_EMAIL; + } else { + free(candidate_local); + free(candidate_domain); + } return 1; bad: free(candidate_local); @@ -450,9 +455,15 @@ x509_constraints_valid_domain_constraint(uint8_t *constraint, size_t len) } /* - * Extract the host part of a URI, returns the host part as a c string - * the caller must free, or or NULL if it could not be found or is - * invalid. + * Extract the host part of a URI. On failure to parse a valid host part of the + * URI, 0 is returned indicating an invalid URI. If the host part parses as + * valid, or is not present, 1 is returned indicating a possibly valid URI. + * + * In the case of a valid URI, *hostpart will be set to a copy of the host part + * of the URI, or the empty string if no URI is present. If memory allocation + * fails *hostpart will be set to NULL, even though we returned 1. It is the + * caller's responsibility to indicate an error for memory allocation failure, + * and the callers responsibility to free *hostpart. * * RFC 3986: * the authority part of a uri starts with // and is terminated with @@ -484,8 +495,17 @@ x509_constraints_uri_host(uint8_t *uri, size_t len, char **hostpart) break; } } - if (authority == NULL) - return 0; + if (authority == NULL) { + /* + * There is no authority, so no host part in this + * URI. This might be ok or might not, but it must + * fail if we run into a name constraint later, so + * we indicate that we have a URI with an empty + * host part, and succeed. + */ + *hostpart = strdup(""); + return 1; + } for (i = authority - uri; i < len; i++) { if (!isascii(uri[i])) return 0; @@ -511,7 +531,8 @@ x509_constraints_uri_host(uint8_t *uri, size_t len, char **hostpart) host = authority; if (!x509_constraints_valid_host(host, hostlen)) return 0; - *hostpart = strndup(host, hostlen); + if (hostpart != NULL) + *hostpart = strndup(host, hostlen); return 1; } @@ -630,7 +651,11 @@ int x509_constraints_dirname(uint8_t *dirname, size_t dlen, uint8_t *constraint, size_t len) { - if (len != dlen) + /* + * The constraint must be a prefix in DER format, so it can't be + * longer than the name it is checked against. + */ + if (len > dlen) return 0; return (memcmp(constraint, dirname, len) == 0); } @@ -647,35 +672,45 @@ x509_constraints_general_to_bytes(GENERAL_NAME *name, uint8_t **bytes, if (name->type == GEN_DNS) { ASN1_IA5STRING *aname = name->d.dNSName; + *bytes = aname->data; - *len = strlen(aname->data); + *len = aname->length; + return name->type; } if (name->type == GEN_EMAIL) { ASN1_IA5STRING *aname = name->d.rfc822Name; + *bytes = aname->data; - *len = strlen(aname->data); + *len = aname->length; + return name->type; } if (name->type == GEN_URI) { ASN1_IA5STRING *aname = name->d.uniformResourceIdentifier; + *bytes = aname->data; - *len = strlen(aname->data); + *len = aname->length; + return name->type; } if (name->type == GEN_DIRNAME) { X509_NAME *dname = name->d.directoryName; + if (!dname->modified || i2d_X509_NAME(dname, NULL) >= 0) { *bytes = dname->canon_enc; *len = dname->canon_enclen; + return name->type; } } if (name->type == GEN_IPADD) { *bytes = name->d.ip->data; *len = name->d.ip->length; + return name->type; } + return 0; } @@ -713,7 +748,7 @@ x509_constraints_extract_names(struct x509_constraints_names *names, *error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; goto err; } - if ((vname->name = strdup(bytes)) == NULL) { + if ((vname->name = strndup(bytes, len)) == NULL) { *error = X509_V_ERR_OUT_OF_MEM; goto err; } @@ -741,15 +776,15 @@ x509_constraints_extract_names(struct x509_constraints_names *names, vname->type = GEN_URI; break; case GEN_DIRNAME: + if (len == 0) { + *error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + goto err; + } if (bytes == NULL || ((vname->der = malloc(len)) == NULL)) { *error = X509_V_ERR_OUT_OF_MEM; goto err; } - if (len == 0) { - *error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; - goto err; - } memcpy(vname->der, bytes, len); vname->der_len = len; vname->type = GEN_DIRNAME; @@ -759,8 +794,7 @@ x509_constraints_extract_names(struct x509_constraints_names *names, vname->af = AF_INET; if (len == 16) vname->af = AF_INET6; - if (vname->af != AF_INET && vname->af != - AF_INET6) { + if (vname->af != AF_INET && vname->af != AF_INET6) { *error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; goto err; } @@ -887,21 +921,34 @@ x509_constraints_extract_names(struct x509_constraints_names *names, */ int x509_constraints_validate(GENERAL_NAME *constraint, - struct x509_constraints_name *name, int *error) + struct x509_constraints_name **out_name, int *out_error) { uint8_t *bytes = NULL; size_t len = 0; + struct x509_constraints_name *name; + int error = X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX; int name_type; + if (out_name == NULL || *out_name != NULL) + return 0; + + if (out_error != NULL) + *out_error = 0; + + if ((name = x509_constraints_name_new()) == NULL) { + error = X509_V_ERR_OUT_OF_MEM; + goto err; + } + name_type = x509_constraints_general_to_bytes(constraint, &bytes, &len); switch (name_type) { case GEN_DIRNAME: - if (bytes == NULL || (name->der = malloc(len)) == NULL) { - *error = X509_V_ERR_OUT_OF_MEM; - return 0; - } if (len == 0) goto err; /* XXX The RFCs are delightfully vague */ + if (bytes == NULL || (name->der = malloc(len)) == NULL) { + error = X509_V_ERR_OUT_OF_MEM; + goto err; + } memcpy(name->der, bytes, len); name->der_len = len; name->type = GEN_DIRNAME; @@ -909,24 +956,31 @@ x509_constraints_validate(GENERAL_NAME *constraint, case GEN_DNS: if (!x509_constraints_valid_domain_constraint(bytes, len)) goto err; - if ((name->name = strdup(bytes)) == NULL) { - *error = X509_V_ERR_OUT_OF_MEM; - return 0; + if ((name->name = strndup(bytes, len)) == NULL) { + error = X509_V_ERR_OUT_OF_MEM; + goto err; } name->type = GEN_DNS; break; case GEN_EMAIL: - if (memchr(bytes, '@', len) != NULL) { + if (len > 0 && memchr(bytes + 1, '@', len - 1) != NULL) { if (!x509_constraints_parse_mailbox(bytes, len, name)) goto err; - } else { - if (!x509_constraints_valid_domain_constraint(bytes, - len)) - goto err; - if ((name->name = strdup(bytes)) == NULL) { - *error = X509_V_ERR_OUT_OF_MEM; - return 0; - } + break; + } + /* + * Mail constraints of the form @domain.com are accepted by + * OpenSSL and Microsoft. + */ + if (len > 0 && bytes[0] == '@') { + bytes++; + len--; + } + if (!x509_constraints_valid_domain_constraint(bytes, len)) + goto err; + if ((name->name = strndup(bytes, len)) == NULL) { + error = X509_V_ERR_OUT_OF_MEM; + goto err; } name->type = GEN_EMAIL; break; @@ -944,15 +998,25 @@ x509_constraints_validate(GENERAL_NAME *constraint, case GEN_URI: if (!x509_constraints_valid_domain_constraint(bytes, len)) goto err; - name->name = strdup(bytes); + if ((name->name = strndup(bytes, len)) == NULL) { + error = X509_V_ERR_OUT_OF_MEM; + goto err; + } name->type = GEN_URI; break; default: break; } + + *out_name = name; + return 1; + err: - *error = X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX; + x509_constraints_name_free(name); + if (out_error != NULL) + *out_error = error; + return 0; } @@ -962,7 +1026,7 @@ x509_constraints_extract_constraints(X509 *cert, struct x509_constraints_names *excluded, int *error) { - struct x509_constraints_name *vname; + struct x509_constraints_name *vname = NULL; NAME_CONSTRAINTS *nc = cert->nc; GENERAL_SUBTREE *subtree; int i; @@ -977,24 +1041,20 @@ x509_constraints_extract_constraints(X509 *cert, *error = X509_V_ERR_SUBTREE_MINMAX; return 0; } - if ((vname = x509_constraints_name_new()) == NULL) { - *error = X509_V_ERR_OUT_OF_MEM; - return 0; - } - if (x509_constraints_validate(subtree->base, vname, error) == - 0) { - x509_constraints_name_free(vname); + if (!x509_constraints_validate(subtree->base, &vname, error)) return 0; - } if (vname->type == 0) { x509_constraints_name_free(vname); + vname = NULL; continue; } if (!x509_constraints_names_add(permitted, vname)) { x509_constraints_name_free(vname); + vname = NULL; *error = X509_V_ERR_OUT_OF_MEM; return 0; } + vname = NULL; } for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) { @@ -1003,24 +1063,20 @@ x509_constraints_extract_constraints(X509 *cert, *error = X509_V_ERR_SUBTREE_MINMAX; return 0; } - if ((vname = x509_constraints_name_new()) == NULL) { - *error = X509_V_ERR_OUT_OF_MEM; - return 0; - } - if (x509_constraints_validate(subtree->base, vname, error) == - 0) { - x509_constraints_name_free(vname); + if (!x509_constraints_validate(subtree->base, &vname, error)) return 0; - } if (vname->type == 0) { x509_constraints_name_free(vname); + vname = NULL; continue; } if (!x509_constraints_names_add(excluded, vname)) { x509_constraints_name_free(vname); + vname = NULL; *error = X509_V_ERR_OUT_OF_MEM; return 0; } + vname = NULL; } return 1; diff --git a/crypto/x509/x509_cpols.c b/crypto/x509/x509_cpols.c index 2ace607b..93527a43 100644 --- a/crypto/x509/x509_cpols.c +++ b/crypto/x509/x509_cpols.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_cpols.c,v 1.2 2021/08/24 15:23:03 tb Exp $ */ +/* $OpenBSD: x509_cpols.c,v 1.4 2022/01/14 08:16:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -66,6 +66,7 @@ #include #include "pcy_int.h" +#include "x509_lcl.h" /* Certificate policies extension support: this one is a bit complex... */ @@ -232,7 +233,6 @@ static const ASN1_ADB_TABLE POLICYQUALINFO_adbtbl[] = { static const ASN1_ADB POLICYQUALINFO_adb = { .flags = 0, .offset = offsetof(POLICYQUALINFO, pqualid), - .app_items = 0, .tbl = POLICYQUALINFO_adbtbl, .tblcount = sizeof(POLICYQUALINFO_adbtbl) / sizeof(ASN1_ADB_TABLE), .default_tt = &policydefault_tt, diff --git a/crypto/x509/x509_crld.c b/crypto/x509/x509_crld.c index ff60a880..6b6f7953 100644 --- a/crypto/x509/x509_crld.c +++ b/crypto/x509/x509_crld.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_crld.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ +/* $OpenBSD: x509_crld.c,v 1.2 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -65,6 +65,8 @@ #include #include +#include "x509_lcl.h" + static void *v2i_crld(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index cac734dd..588ed854 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_err.c,v 1.15 2020/06/05 16:51:12 jsing Exp $ */ +/* $OpenBSD: x509_err.c,v 1.17 2022/07/12 14:42:50 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -66,7 +61,6 @@ #include #include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0) @@ -96,6 +90,7 @@ static ERR_STRING_DATA X509_str_reasons[] = { {ERR_REASON(X509_R_LOADING_CERT_DIR) , "loading cert dir"}, {ERR_REASON(X509_R_LOADING_DEFAULTS) , "loading defaults"}, {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) , "method not supported"}, + {ERR_REASON(X509_R_NO_CERTIFICATE_OR_CRL_FOUND), "no certificate or crl found"}, {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), "no cert set for us to verify"}, {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"}, {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"}, diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c index 21374a26..14459511 100644 --- a/crypto/x509/x509_ext.c +++ b/crypto/x509/x509_ext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_ext.c,v 1.12 2018/05/18 19:28:27 tb Exp $ */ +/* $OpenBSD: x509_ext.c,v 1.13 2021/11/01 20:53:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,6 +65,8 @@ #include #include +#include "x509_lcl.h" + int X509_CRL_get_ext_count(const X509_CRL *x) { diff --git a/crypto/x509/x509_internal.h b/crypto/x509/x509_internal.h index 9878b6fe..030f24c4 100644 --- a/crypto/x509/x509_internal.h +++ b/crypto/x509/x509_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_internal.h,v 1.12.2.1 2021/11/24 09:28:55 tb Exp $ */ +/* $OpenBSD: x509_internal.h,v 1.19 2022/06/27 14:10:22 tb Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -22,6 +22,8 @@ #include +#include "x509_lcl.h" + /* Hard limits on structure size and number of signature checks. */ #define X509_VERIFY_MAX_CHAINS 8 /* Max validated chains */ #define X509_VERIFY_MAX_CHAIN_CERTS 32 /* Max depth of a chain */ @@ -94,18 +96,20 @@ int x509_vfy_callback_indicate_completion(X509_STORE_CTX *ctx); void x509v3_cache_extensions(X509 *x); X509 *x509_vfy_lookup_cert_match(X509_STORE_CTX *ctx, X509 *x); -int x509_verify_asn1_time_to_tm(const ASN1_TIME *atime, struct tm *tm, - int notafter); +time_t x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notafter); struct x509_verify_ctx *x509_verify_ctx_new_from_xsc(X509_STORE_CTX *xsc); void x509_constraints_name_clear(struct x509_constraints_name *name); +void x509_constraints_name_free(struct x509_constraints_name *name); int x509_constraints_names_add(struct x509_constraints_names *names, struct x509_constraints_name *name); struct x509_constraints_names *x509_constraints_names_dup( struct x509_constraints_names *names); void x509_constraints_names_clear(struct x509_constraints_names *names); struct x509_constraints_names *x509_constraints_names_new(size_t names_max); +int x509_constraints_general_to_bytes(GENERAL_NAME *name, uint8_t **bytes, + size_t *len); void x509_constraints_names_free(struct x509_constraints_names *names); int x509_constraints_valid_host(uint8_t *name, size_t len); int x509_constraints_valid_sandns(uint8_t *name, size_t len); @@ -123,11 +127,15 @@ int x509_constraints_extract_names(struct x509_constraints_names *names, int x509_constraints_extract_constraints(X509 *cert, struct x509_constraints_names *permitted, struct x509_constraints_names *excluded, int *error); +int x509_constraints_validate(GENERAL_NAME *constraint, + struct x509_constraints_name **out_name, int *error); int x509_constraints_check(struct x509_constraints_names *names, struct x509_constraints_names *permitted, struct x509_constraints_names *excluded, int *error); int x509_constraints_chain(STACK_OF(X509) *chain, int *error, int *depth); +void x509_verify_cert_info_populate(X509 *cert); +int x509_vfy_check_security_level(X509_STORE_CTX *ctx); __END_HIDDEN_DECLS diff --git a/crypto/x509/x509_issuer_cache.c b/crypto/x509/x509_issuer_cache.c index 26cde172..4f78e1e6 100644 --- a/crypto/x509/x509_issuer_cache.c +++ b/crypto/x509/x509_issuer_cache.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_issuer_cache.c,v 1.2 2020/11/18 17:00:59 tb Exp $ */ +/* $OpenBSD: x509_issuer_cache.c,v 1.3 2022/06/27 14:23:40 beck Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -73,6 +73,40 @@ x509_issuer_cache_set_max(size_t max) return 1; } +/* + * Free the oldest entry in the issuer cache. Returns 1 + * if an entry was successfuly freed, 0 otherwise. Must + * be called with x509_issuer_tree_mutex held. + */ +void +x509_issuer_cache_free_oldest() +{ + struct x509_issuer *old; + + if (x509_issuer_cache_count == 0) + return; + old = TAILQ_LAST(&x509_issuer_lru, lruqueue); + TAILQ_REMOVE(&x509_issuer_lru, old, queue); + RB_REMOVE(x509_issuer_tree, &x509_issuer_cache, old); + free(old->parent_md); + free(old->child_md); + free(old); + x509_issuer_cache_count--; +} + +/* + * Free the entire issuer cache, discarding all entries. + */ +void +x509_issuer_cache_free() +{ + if (pthread_mutex_lock(&x509_issuer_tree_mutex) != 0) + return; + while (x509_issuer_cache_count > 0) + x509_issuer_cache_free_oldest(); + (void) pthread_mutex_unlock(&x509_issuer_tree_mutex); +} + /* * Find a previous result of checking if parent signed child * @@ -140,24 +174,16 @@ x509_issuer_cache_add(unsigned char *parent_md, unsigned char *child_md, if (pthread_mutex_lock(&x509_issuer_tree_mutex) != 0) goto err; - while (x509_issuer_cache_count >= x509_issuer_cache_max) { - struct x509_issuer *old; - if ((old = TAILQ_LAST(&x509_issuer_lru, lruqueue)) == NULL) - goto err; - TAILQ_REMOVE(&x509_issuer_lru, old, queue); - RB_REMOVE(x509_issuer_tree, &x509_issuer_cache, old); - free(old->parent_md); - free(old->child_md); - free(old); - x509_issuer_cache_count--; - } + while (x509_issuer_cache_count >= x509_issuer_cache_max) + x509_issuer_cache_free_oldest(); if (RB_INSERT(x509_issuer_tree, &x509_issuer_cache, new) == NULL) { TAILQ_INSERT_HEAD(&x509_issuer_lru, new, queue); x509_issuer_cache_count++; new = NULL; } - err: (void) pthread_mutex_unlock(&x509_issuer_tree_mutex); + + err: if (new != NULL) { free(new->parent_md); free(new->child_md); diff --git a/crypto/x509/x509_issuer_cache.h b/crypto/x509/x509_issuer_cache.h index 6dedde75..3afe65bd 100644 --- a/crypto/x509/x509_issuer_cache.h +++ b/crypto/x509/x509_issuer_cache.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_issuer_cache.h,v 1.1 2020/09/11 14:30:51 beck Exp $ */ +/* $OpenBSD: x509_issuer_cache.h,v 1.2 2022/09/03 17:47:47 jsing Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -41,6 +41,7 @@ int x509_issuer_cache_set_max(size_t max); int x509_issuer_cache_find(unsigned char *parent_md, unsigned char *child_md); void x509_issuer_cache_add(unsigned char *parent_md, unsigned char *child_md, int valid); +void x509_issuer_cache_free(); __END_HIDDEN_DECLS diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h index 3e83b66d..8aa2db59 100644 --- a/crypto/x509/x509_lcl.h +++ b/crypto/x509/x509_lcl.h @@ -1,4 +1,4 @@ -/* x509_lcl.h */ +/* $OpenBSD: x509_lcl.h,v 1.16 2022/08/15 11:52:37 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2013. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,8 +56,325 @@ * */ +#ifndef HEADER_X509_LCL_H +#define HEADER_X509_LCL_H + __BEGIN_HIDDEN_DECLS +#define TS_HASH_EVP EVP_sha1() +#define TS_HASH_LEN SHA_DIGEST_LENGTH + +#define X509_CERT_HASH_EVP EVP_sha512() +#define X509_CERT_HASH_LEN SHA512_DIGEST_LENGTH +#define X509_CRL_HASH_EVP EVP_sha512() +#define X509_CRL_HASH_LEN SHA512_DIGEST_LENGTH + +struct X509_pubkey_st { + X509_ALGOR *algor; + ASN1_BIT_STRING *public_key; + EVP_PKEY *pkey; +}; + +struct X509_sig_st { + X509_ALGOR *algor; + ASN1_OCTET_STRING *digest; +} /* X509_SIG */; + +struct X509_name_entry_st { + ASN1_OBJECT *object; + ASN1_STRING *value; + int set; + int size; /* temp variable */ +} /* X509_NAME_ENTRY */; + +/* we always keep X509_NAMEs in 2 forms. */ +struct X509_name_st { + STACK_OF(X509_NAME_ENTRY) *entries; + int modified; /* true if 'bytes' needs to be built */ +#ifndef OPENSSL_NO_BUFFER + BUF_MEM *bytes; +#else + char *bytes; +#endif +/* unsigned long hash; Keep the hash around for lookups */ + unsigned char *canon_enc; + int canon_enclen; +} /* X509_NAME */; + +struct X509_extension_st { + ASN1_OBJECT *object; + ASN1_BOOLEAN critical; + ASN1_OCTET_STRING *value; +} /* X509_EXTENSION */; + +struct x509_attributes_st { + ASN1_OBJECT *object; + STACK_OF(ASN1_TYPE) *set; +} /* X509_ATTRIBUTE */; + +struct X509_req_info_st { + ASN1_ENCODING enc; + ASN1_INTEGER *version; + X509_NAME *subject; + X509_PUBKEY *pubkey; + /* d=2 hl=2 l= 0 cons: cont: 00 */ + STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ +} /* X509_REQ_INFO */; + +struct X509_req_st { + X509_REQ_INFO *req_info; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + int references; +} /* X509_REQ */; + +/* + * This stuff is certificate "auxiliary info" it contains details which are + * useful in certificate stores and databases. When used this is tagged onto + * the end of the certificate itself. + */ +struct x509_cert_aux_st { + STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ + STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ + ASN1_UTF8STRING *alias; /* "friendly name" */ + ASN1_OCTET_STRING *keyid; /* key id of private key */ + STACK_OF(X509_ALGOR) *other; /* other unspecified info */ +} /* X509_CERT_AUX */; + +struct x509_cinf_st { + ASN1_INTEGER *version; /* [ 0 ] default of v1 */ + ASN1_INTEGER *serialNumber; + X509_ALGOR *signature; + X509_NAME *issuer; + X509_VAL *validity; + X509_NAME *subject; + X509_PUBKEY *key; + ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ + ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ + STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ + ASN1_ENCODING enc; +} /* X509_CINF */; + +struct x509_st { + X509_CINF *cert_info; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + int valid; + int references; + char *name; + CRYPTO_EX_DATA ex_data; + /* These contain copies of various extension values */ + long ex_pathlen; + long ex_pcpathlen; + unsigned long ex_flags; + unsigned long ex_kusage; + unsigned long ex_xkusage; + unsigned long ex_nscert; + ASN1_OCTET_STRING *skid; + AUTHORITY_KEYID *akid; + X509_POLICY_CACHE *policy_cache; + STACK_OF(DIST_POINT) *crldp; + STACK_OF(GENERAL_NAME) *altname; + NAME_CONSTRAINTS *nc; +#ifndef OPENSSL_NO_RFC3779 + STACK_OF(IPAddressFamily) *rfc3779_addr; + struct ASIdentifiers_st *rfc3779_asid; +#endif + unsigned char hash[X509_CERT_HASH_LEN]; + time_t not_before; + time_t not_after; + X509_CERT_AUX *aux; +} /* X509 */; + +struct x509_revoked_st { + ASN1_INTEGER *serialNumber; + ASN1_TIME *revocationDate; + STACK_OF(X509_EXTENSION) /* optional */ *extensions; + /* Set up if indirect CRL */ + STACK_OF(GENERAL_NAME) *issuer; + /* Revocation reason */ + int reason; + int sequence; /* load sequence */ +}; + +struct X509_crl_info_st { + ASN1_INTEGER *version; + X509_ALGOR *sig_alg; + X509_NAME *issuer; + ASN1_TIME *lastUpdate; + ASN1_TIME *nextUpdate; + STACK_OF(X509_REVOKED) *revoked; + STACK_OF(X509_EXTENSION) /* [0] */ *extensions; + ASN1_ENCODING enc; +} /* X509_CRL_INFO */; + +struct X509_crl_st { + /* actual signature */ + X509_CRL_INFO *crl; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + int references; + int flags; + /* Copies of various extensions */ + AUTHORITY_KEYID *akid; + ISSUING_DIST_POINT *idp; + /* Convenient breakdown of IDP */ + int idp_flags; + int idp_reasons; + /* CRL and base CRL numbers for delta processing */ + ASN1_INTEGER *crl_number; + ASN1_INTEGER *base_crl_number; + unsigned char hash[X509_CRL_HASH_LEN]; + STACK_OF(GENERAL_NAMES) *issuers; + const X509_CRL_METHOD *meth; + void *meth_data; +} /* X509_CRL */; + +struct pkcs8_priv_key_info_st { + ASN1_INTEGER *version; + X509_ALGOR *pkeyalg; + ASN1_OCTET_STRING *pkey; + STACK_OF(X509_ATTRIBUTE) *attributes; +}; + +struct x509_object_st { + /* one of the above types */ + int type; + union { + X509 *x509; + X509_CRL *crl; + } data; +} /* X509_OBJECT */; + +struct x509_lookup_method_st { + const char *name; + int (*new_item)(X509_LOOKUP *ctx); + void (*free)(X509_LOOKUP *ctx); + int (*init)(X509_LOOKUP *ctx); + int (*shutdown)(X509_LOOKUP *ctx); + int (*ctrl)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, + char **ret); + int (*get_by_subject)(X509_LOOKUP *ctx, int type, X509_NAME *name, + X509_OBJECT *ret); + int (*get_by_issuer_serial)(X509_LOOKUP *ctx, int type, X509_NAME *name, + ASN1_INTEGER *serial,X509_OBJECT *ret); + int (*get_by_fingerprint)(X509_LOOKUP *ctx, int type, + const unsigned char *bytes, int len, X509_OBJECT *ret); + int (*get_by_alias)(X509_LOOKUP *ctx, int type, const char *str, + int len, X509_OBJECT *ret); +} /* X509_LOOKUP_METHOD */; + +struct X509_VERIFY_PARAM_st { + char *name; + time_t check_time; /* Time to use */ + unsigned long inh_flags; /* Inheritance flags */ + unsigned long flags; /* Various verify flags */ + int purpose; /* purpose to check untrusted certificates */ + int trust; /* trust setting to check */ + int depth; /* Verify depth */ + int security_level; /* 'Security level', see SP800-57. */ + STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ + X509_VERIFY_PARAM_ID *id; /* opaque ID data */ +} /* X509_VERIFY_PARAM */; + +/* + * This is used to hold everything. It is used for all certificate + * validation. Once we have a certificate chain, the 'verify' + * function is then called to actually check the cert chain. + */ +struct x509_store_st { + /* The following is a cache of trusted certs */ + STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ + + /* These are external lookup methods */ + STACK_OF(X509_LOOKUP) *get_cert_methods; + + X509_VERIFY_PARAM *param; + + /* Callbacks for various operations */ + int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ + int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ + int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ + int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ + int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ + int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ + int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ + int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ + STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); + int (*cleanup)(X509_STORE_CTX *ctx); + + CRYPTO_EX_DATA ex_data; + int references; +} /* X509_STORE */; + +/* This is the functions plus an instance of the local variables. */ +struct x509_lookup_st { + int init; /* have we been started */ + X509_LOOKUP_METHOD *method; /* the functions */ + char *method_data; /* method data */ + + X509_STORE *store_ctx; /* who owns us */ +} /* X509_LOOKUP */; + +/* + * This is used when verifying cert chains. Since the gathering of the cert + * chain can take some time (and has to be 'retried'), this needs to be kept + * and passed around. + */ +struct x509_store_ctx_st { + X509_STORE *store; + int current_method; /* used when looking up certs */ + + /* The following are set by the caller */ + X509 *cert; /* The cert to check */ + STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ + STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */ + + X509_VERIFY_PARAM *param; + void *other_ctx; /* Other info for use with get_issuer() */ + + /* Callbacks for various operations */ + int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ + int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ + int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ + int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ + int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ + int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ + int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ + int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ + int (*check_policy)(X509_STORE_CTX *ctx); + STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); + int (*cleanup)(X509_STORE_CTX *ctx); + + /* The following is built up */ + int valid; /* if 0, rebuild chain */ + int num_untrusted; /* number of untrusted certs in chain */ + STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */ + X509_POLICY_TREE *tree; /* Valid policy tree */ + + int explicit_policy; /* Require explicit policy value */ + + /* When something goes wrong, this is why */ + int error_depth; + int error; + X509 *current_cert; + X509 *current_issuer; /* cert currently being tested as valid issuer */ + X509_CRL *current_crl; /* current CRL */ + + int current_crl_score; /* score of current CRL */ + unsigned int current_reasons; /* Reason mask */ + + X509_STORE_CTX *parent; /* For CRL path validation: parent context */ + + CRYPTO_EX_DATA ex_data; +} /* X509_STORE_CTX */; + int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet); +int name_cmp(const char *name, const char *cmp); + __END_HIDDEN_DECLS + +#endif /* !HEADER_X509_LCL_H */ diff --git a/crypto/x509/x509_lib.c b/crypto/x509/x509_lib.c index 211d0adf..e265d30f 100644 --- a/crypto/x509/x509_lib.c +++ b/crypto/x509/x509_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_lib.c,v 1.2 2020/09/14 11:35:32 beck Exp $ */ +/* $OpenBSD: x509_lib.c,v 1.4 2022/07/24 21:41:29 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -64,6 +64,7 @@ #include #include "ext_dat.h" +#include "x509_lcl.h" static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL; @@ -313,8 +314,9 @@ X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, } /* If delete, just delete it */ if (ext_op == X509V3_ADD_DELETE) { - if (!sk_X509_EXTENSION_delete(*x, extidx)) + if ((extmp = sk_X509_EXTENSION_delete(*x, extidx)) == NULL) return -1; + X509_EXTENSION_free(extmp); return 1; } } else { diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 315eddf6..90d75497 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_lu.c,v 1.31 2021/10/06 08:29:41 claudio Exp $ */ +/* $OpenBSD: x509_lu.c,v 1.55 2022/01/14 07:53:45 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,6 +57,7 @@ */ #include +#include #include #include @@ -64,27 +65,24 @@ #include #include "x509_lcl.h" -static void X509_OBJECT_dec_ref_count(X509_OBJECT *a); - X509_LOOKUP * X509_LOOKUP_new(X509_LOOKUP_METHOD *method) { - X509_LOOKUP *ret; + X509_LOOKUP *lu; - ret = malloc(sizeof(X509_LOOKUP)); - if (ret == NULL) + if ((lu = calloc(1, sizeof(*lu))) == NULL) { + X509error(ERR_R_MALLOC_FAILURE); return NULL; + } - ret->init = 0; - ret->skip = 0; - ret->method = method; - ret->method_data = NULL; - ret->store_ctx = NULL; - if ((method->new_item != NULL) && !method->new_item(ret)) { - free(ret); + lu->method = method; + + if (method->new_item != NULL && !method->new_item(lu)) { + free(lu); return NULL; } - return ret; + + return lu; } void @@ -92,8 +90,8 @@ X509_LOOKUP_free(X509_LOOKUP *ctx) { if (ctx == NULL) return; - if ((ctx->method != NULL) && (ctx->method->free != NULL)) - (*ctx->method->free)(ctx); + if (ctx->method != NULL && ctx->method->free != NULL) + ctx->method->free(ctx); free(ctx); } @@ -102,10 +100,9 @@ X509_LOOKUP_init(X509_LOOKUP *ctx) { if (ctx->method == NULL) return 0; - if (ctx->method->init != NULL) - return ctx->method->init(ctx); - else + if (ctx->method->init == NULL) return 1; + return ctx->method->init(ctx); } int @@ -113,10 +110,9 @@ X509_LOOKUP_shutdown(X509_LOOKUP *ctx) { if (ctx->method == NULL) return 0; - if (ctx->method->shutdown != NULL) - return ctx->method->shutdown(ctx); - else + if (ctx->method->shutdown == NULL) return 1; + return ctx->method->shutdown(ctx); } int @@ -125,48 +121,44 @@ X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, { if (ctx->method == NULL) return -1; - if (ctx->method->ctrl != NULL) - return ctx->method->ctrl(ctx, cmd, argc, argl, ret); - else + if (ctx->method->ctrl == NULL) return 1; + return ctx->method->ctrl(ctx, cmd, argc, argl, ret); } int -X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, +X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, X509_NAME *name, X509_OBJECT *ret) { - if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) - return X509_LU_FAIL; - if (ctx->skip) + if (ctx->method == NULL || ctx->method->get_by_subject == NULL) return 0; return ctx->method->get_by_subject(ctx, type, name, ret); } int -X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, - ASN1_INTEGER *serial, X509_OBJECT *ret) +X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, ASN1_INTEGER *serial, X509_OBJECT *ret) { - if ((ctx->method == NULL) || - (ctx->method->get_by_issuer_serial == NULL)) - return X509_LU_FAIL; + if (ctx->method == NULL || ctx->method->get_by_issuer_serial == NULL) + return 0; return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret); } int -X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, +X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const unsigned char *bytes, int len, X509_OBJECT *ret) { - if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) - return X509_LU_FAIL; + if (ctx->method == NULL || ctx->method->get_by_fingerprint == NULL) + return 0; return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret); } int -X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, const char *str, int len, - X509_OBJECT *ret) +X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const char *str, + int len, X509_OBJECT *ret) { - if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) - return X509_LU_FAIL; + if (ctx->method == NULL || ctx->method->get_by_alias == NULL) + return 0; return ctx->method->get_by_alias(ctx, type, str, len, ret); } @@ -175,276 +167,267 @@ x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) { int ret; - ret = ((*a)->type - (*b)->type); - if (ret) + if ((ret = (*a)->type - (*b)->type) != 0) return ret; + switch ((*a)->type) { case X509_LU_X509: - ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509); - break; + return X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509); case X509_LU_CRL: - ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl); - break; - default: - /* abort(); */ - return 0; + return X509_CRL_cmp((*a)->data.crl, (*b)->data.crl); } - return ret; + return 0; } X509_STORE * X509_STORE_new(void) { - X509_STORE *ret; + X509_STORE *store; - if ((ret = malloc(sizeof(X509_STORE))) == NULL) - return NULL; - ret->objs = sk_X509_OBJECT_new(x509_object_cmp); - ret->cache = 1; - ret->get_cert_methods = sk_X509_LOOKUP_new_null(); - ret->verify = 0; - ret->verify_cb = 0; + if ((store = calloc(1, sizeof(*store))) == NULL) + goto err; - if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) + if ((store->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) + goto err; + if ((store->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) + goto err; + if ((store->param = X509_VERIFY_PARAM_new()) == NULL) goto err; - ret->get_issuer = 0; - ret->check_issued = 0; - ret->check_revocation = 0; - ret->get_crl = 0; - ret->check_crl = 0; - ret->cert_crl = 0; - ret->lookup_certs = 0; - ret->lookup_crls = 0; - ret->cleanup = 0; - - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, store, + &store->ex_data)) goto err; - ret->references = 1; - return ret; + store->references = 1; + + return store; + + err: + X509error(ERR_R_MALLOC_FAILURE); + X509_STORE_free(store); -err: - X509_VERIFY_PARAM_free(ret->param); - sk_X509_LOOKUP_free(ret->get_cert_methods); - sk_X509_OBJECT_free(ret->objs); - free(ret); return NULL; } -static void +X509_OBJECT * +X509_OBJECT_new(void) +{ + X509_OBJECT *obj; + + if ((obj = calloc(1, sizeof(*obj))) == NULL) { + X509error(ERR_R_MALLOC_FAILURE); + return NULL; + } + + obj->type = X509_LU_NONE; + + return obj; +} + +void X509_OBJECT_free(X509_OBJECT *a) { - X509_OBJECT_free_contents(a); + if (a == NULL) + return; + + switch (a->type) { + case X509_LU_X509: + X509_free(a->data.x509); + break; + case X509_LU_CRL: + X509_CRL_free(a->data.crl); + break; + } + free(a); } void -X509_STORE_free(X509_STORE *vfy) +X509_STORE_free(X509_STORE *store) { - int i; STACK_OF(X509_LOOKUP) *sk; X509_LOOKUP *lu; + int i; - if (vfy == NULL) + if (store == NULL) return; - i = CRYPTO_add(&vfy->references, -1, CRYPTO_LOCK_X509_STORE); - if (i > 0) + if (CRYPTO_add(&store->references, -1, CRYPTO_LOCK_X509_STORE) > 0) return; - sk = vfy->get_cert_methods; + sk = store->get_cert_methods; for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { lu = sk_X509_LOOKUP_value(sk, i); X509_LOOKUP_shutdown(lu); X509_LOOKUP_free(lu); } sk_X509_LOOKUP_free(sk); - sk_X509_OBJECT_pop_free(vfy->objs, X509_OBJECT_free); + sk_X509_OBJECT_pop_free(store->objs, X509_OBJECT_free); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); - X509_VERIFY_PARAM_free(vfy->param); - free(vfy); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, store, &store->ex_data); + X509_VERIFY_PARAM_free(store->param); + free(store); } int -X509_STORE_up_ref(X509_STORE *x) +X509_STORE_up_ref(X509_STORE *store) { - int refs = CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_STORE); - return (refs > 1) ? 1 : 0; + return CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE) > 1; } X509_LOOKUP * -X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) +X509_STORE_add_lookup(X509_STORE *store, X509_LOOKUP_METHOD *method) { - int i; STACK_OF(X509_LOOKUP) *sk; X509_LOOKUP *lu; + int i; - sk = v->get_cert_methods; + sk = store->get_cert_methods; for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { lu = sk_X509_LOOKUP_value(sk, i); - if (m == lu->method) { + if (method == lu->method) { return lu; } } - /* a new one */ - lu = X509_LOOKUP_new(m); - if (lu == NULL) + + if ((lu = X509_LOOKUP_new(method)) == NULL) + return NULL; + + lu->store_ctx = store; + if (sk_X509_LOOKUP_push(store->get_cert_methods, lu) <= 0) { + X509error(ERR_R_MALLOC_FAILURE); + X509_LOOKUP_free(lu); return NULL; - else { - lu->store_ctx = v; - if (sk_X509_LOOKUP_push(v->get_cert_methods, lu)) - return lu; - else { - X509_LOOKUP_free(lu); - return NULL; - } } + + return lu; +} + +X509_OBJECT * +X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, + X509_NAME *name) +{ + X509_OBJECT *obj; + + if ((obj = X509_OBJECT_new()) == NULL) + return NULL; + if (!X509_STORE_CTX_get_by_subject(vs, type, name, obj)) { + X509_OBJECT_free(obj); + return NULL; + } + + return obj; } int -X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, - X509_OBJECT *ret) +X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret) { - X509_STORE *ctx = vs->ctx; + X509_STORE *ctx = vs->store; X509_LOOKUP *lu; X509_OBJECT stmp, *tmp; - int i, j; + int i; if (ctx == NULL) return 0; + memset(&stmp, 0, sizeof(stmp)); + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); if (tmp == NULL || type == X509_LU_CRL) { - for (i = vs->current_method; - i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { + for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i); - j = X509_LOOKUP_by_subject(lu, type, name, &stmp); - if (j < 0) { - vs->current_method = j; - return j; - } else if (j) { + if (X509_LOOKUP_by_subject(lu, type, name, &stmp) != 0) { tmp = &stmp; break; } } - vs->current_method = 0; if (tmp == NULL) return 0; } -/* if (ret->data.ptr != NULL) - X509_OBJECT_free_contents(ret); */ - - ret->type = tmp->type; - ret->data.ptr = tmp->data.ptr; + if (!X509_OBJECT_up_ref_count(tmp)) + return 0; - X509_OBJECT_up_ref_count(ret); + *ret = *tmp; return 1; } -int -X509_STORE_add_cert(X509_STORE *ctx, X509 *x) +/* Add obj to the store. Takes ownership of obj. */ +static int +X509_STORE_add_object(X509_STORE *store, X509_OBJECT *obj) { - X509_OBJECT *obj; - int ret = 1; - - if (x == NULL) - return 0; - obj = malloc(sizeof(X509_OBJECT)); - if (obj == NULL) { - X509error(ERR_R_MALLOC_FAILURE); - return 0; - } - obj->type = X509_LU_X509; - obj->data.x509 = x; + int ret = 0; CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - X509_OBJECT_up_ref_count(obj); + if (X509_OBJECT_retrieve_match(store->objs, obj) != NULL) { + /* Object is already present in the store. That's fine. */ + ret = 1; + goto out; + } - if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { - X509error(X509_R_CERT_ALREADY_IN_HASH_TABLE); - ret = 0; - } else { - if (sk_X509_OBJECT_push(ctx->objs, obj) == 0) { - X509error(ERR_R_MALLOC_FAILURE); - ret = 0; - } + if (sk_X509_OBJECT_push(store->objs, obj) <= 0) { + X509error(ERR_R_MALLOC_FAILURE); + goto out; } - if (ret == 0) - X509_OBJECT_dec_ref_count(obj); + obj = NULL; + ret = 1; + out: CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - - if (ret == 0) { - obj->data.x509 = NULL; /* owned by the caller */ - X509_OBJECT_free(obj); - } + X509_OBJECT_free(obj); return ret; } int -X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) +X509_STORE_add_cert(X509_STORE *store, X509 *x) { X509_OBJECT *obj; - int ret = 1; if (x == NULL) return 0; - obj = malloc(sizeof(X509_OBJECT)); - if (obj == NULL) { - X509error(ERR_R_MALLOC_FAILURE); + + if ((obj = X509_OBJECT_new()) == NULL) + return 0; + + if (!X509_up_ref(x)) { + X509_OBJECT_free(obj); return 0; } - obj->type = X509_LU_CRL; - obj->data.crl = x; - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + obj->type = X509_LU_X509; + obj->data.x509 = x; - X509_OBJECT_up_ref_count(obj); + return X509_STORE_add_object(store, obj); +} - if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { - X509error(X509_R_CERT_ALREADY_IN_HASH_TABLE); - ret = 0; - } else { - if (sk_X509_OBJECT_push(ctx->objs, obj) == 0) { - X509error(ERR_R_MALLOC_FAILURE); - ret = 0; - } - } +int +X509_STORE_add_crl(X509_STORE *store, X509_CRL *x) +{ + X509_OBJECT *obj; - if (ret == 0) - X509_OBJECT_dec_ref_count(obj); + if (x == NULL) + return 0; - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + if ((obj = X509_OBJECT_new()) == NULL) + return 0; - if (ret == 0) { - obj->data.crl = NULL; /* owned by the caller */ + if (!X509_CRL_up_ref(x)) { X509_OBJECT_free(obj); + return 0; } - return ret; -} + obj->type = X509_LU_CRL; + obj->data.crl = x; -static void -X509_OBJECT_dec_ref_count(X509_OBJECT *a) -{ - switch (a->type) { - case X509_LU_X509: - CRYPTO_add(&a->data.x509->references, -1, CRYPTO_LOCK_X509); - break; - case X509_LU_CRL: - CRYPTO_add(&a->data.crl->references, -1, CRYPTO_LOCK_X509_CRL); - break; - } + return X509_STORE_add_object(store, obj); } int @@ -459,28 +442,15 @@ X509_OBJECT_up_ref_count(X509_OBJECT *a) return 1; } -int +X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a) { return a->type; } -void -X509_OBJECT_free_contents(X509_OBJECT *a) -{ - switch (a->type) { - case X509_LU_X509: - X509_free(a->data.x509); - break; - case X509_LU_CRL: - X509_CRL_free(a->data.crl); - break; - } -} - static int -x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name, - int *pnmatch) +x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, + X509_NAME *name, int *pnmatch) { X509_OBJECT stmp; X509 x509_s; @@ -502,7 +472,6 @@ x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name, crl_info_s.issuer = name; break; default: - /* abort(); */ return -1; } @@ -510,6 +479,7 @@ x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name, if (idx >= 0 && pnmatch) { int tidx; const X509_OBJECT *tobj, *pstmp; + *pnmatch = 1; pstmp = &stmp; for (tidx = idx + 1; tidx < sk_X509_OBJECT_num(h); tidx++) { @@ -523,13 +493,14 @@ x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name, } int -X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name) +X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, + X509_NAME *name) { return x509_object_idx_cnt(h, type, name, NULL); } X509_OBJECT * -X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type, +X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, X509_NAME *name) { int idx; @@ -556,103 +527,117 @@ X509_OBJECT_get0_X509_CRL(X509_OBJECT *xo) return NULL; } -STACK_OF(X509) * -X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) +static STACK_OF(X509) * +X509_get1_certs_from_cache(X509_STORE *store, X509_NAME *name) { - int i, idx, cnt; - STACK_OF(X509) *sk; - X509 *x; + STACK_OF(X509) *sk = NULL; + X509 *x = NULL; X509_OBJECT *obj; + int i, idx, cnt; - if (ctx->ctx == NULL) - return NULL; - sk = sk_X509_new_null(); - if (sk == NULL) - return NULL; CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); - if (idx < 0) { - /* Nothing found in cache: do lookup to possibly add new - * objects to cache - */ - X509_OBJECT xobj; - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) { - sk_X509_free(sk); - return NULL; - } - X509_OBJECT_free_contents(&xobj); - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - idx = x509_object_idx_cnt(ctx->ctx->objs, - X509_LU_X509, nm, &cnt); - if (idx < 0) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - sk_X509_free(sk); - return NULL; - } - } + + idx = x509_object_idx_cnt(store->objs, X509_LU_X509, name, &cnt); + if (idx < 0) + goto err; + + if ((sk = sk_X509_new_null()) == NULL) + goto err; + for (i = 0; i < cnt; i++, idx++) { - obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + obj = sk_X509_OBJECT_value(store->objs, idx); + x = obj->data.x509; - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - if (!sk_X509_push(sk, x)) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - X509_free(x); - sk_X509_pop_free(sk, X509_free); - return NULL; + if (!X509_up_ref(x)) { + x = NULL; + goto err; } + if (!sk_X509_push(sk, x)) + goto err; } + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + return sk; + err: + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + sk_X509_pop_free(sk, X509_free); + X509_free(x); + + return NULL; +} + +STACK_OF(X509) * +X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *name) +{ + X509_STORE *store = ctx->store; + STACK_OF(X509) *sk; + X509_OBJECT *obj; + + if (store == NULL) + return NULL; + + if ((sk = X509_get1_certs_from_cache(store, name)) != NULL) + return sk; + + /* Nothing found: do lookup to possibly add new objects to cache. */ + obj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509, name); + if (obj == NULL) + return NULL; + X509_OBJECT_free(obj); + + return X509_get1_certs_from_cache(store, name); } STACK_OF(X509_CRL) * -X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) +X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *name) { + X509_STORE *store = ctx->store; + STACK_OF(X509_CRL) *sk = NULL; + X509_CRL *x = NULL; + X509_OBJECT *obj = NULL; int i, idx, cnt; - STACK_OF(X509_CRL) *sk; - X509_CRL *x; - X509_OBJECT *obj, xobj; - if (ctx->ctx == NULL) + if (store == NULL) return NULL; - sk = sk_X509_CRL_new_null(); - if (sk == NULL) - return NULL; - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - /* Check cache first */ - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); - /* Always do lookup to possibly add new CRLs to cache - */ - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) { - sk_X509_CRL_free(sk); + /* Always do lookup to possibly add new CRLs to cache */ + obj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_CRL, name); + if (obj == NULL) return NULL; - } - X509_OBJECT_free_contents(&xobj); + + X509_OBJECT_free(obj); + obj = NULL; + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); - if (idx < 0) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - sk_X509_CRL_free(sk); - return NULL; - } + idx = x509_object_idx_cnt(store->objs, X509_LU_CRL, name, &cnt); + if (idx < 0) + goto err; + + if ((sk = sk_X509_CRL_new_null()) == NULL) + goto err; for (i = 0; i < cnt; i++, idx++) { - obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + obj = sk_X509_OBJECT_value(store->objs, idx); + x = obj->data.crl; - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); - if (!sk_X509_CRL_push(sk, x)) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - X509_CRL_free(x); - sk_X509_CRL_pop_free(sk, X509_CRL_free); - return NULL; + if (!X509_CRL_up_ref(x)) { + x = NULL; + goto err; } + if (!sk_X509_CRL_push(sk, x)) + goto err; } + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); return sk; + + err: + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + X509_CRL_free(x); + sk_X509_CRL_pop_free(sk, X509_CRL_free); + return NULL; } X509_OBJECT * @@ -695,47 +680,52 @@ X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) * -1 some other error. */ int -X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) +X509_STORE_CTX_get1_issuer(X509 **out_issuer, X509_STORE_CTX *ctx, X509 *x) { X509_NAME *xn; - X509_OBJECT obj, *pobj; - int i, ok, idx, ret; + X509_OBJECT *obj, *pobj; + X509 *issuer = NULL; + int i, idx, ret; + + *out_issuer = NULL; - *issuer = NULL; xn = X509_get_issuer_name(x); - ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj); - if (ok != X509_LU_X509) { - if (ok == X509_LU_RETRY) { - X509_OBJECT_free_contents(&obj); - X509error(X509_R_SHOULD_RETRY); - return -1; - } else if (ok != X509_LU_FAIL) { - X509_OBJECT_free_contents(&obj); - /* not good :-(, break anyway */ - return -1; - } + obj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509, xn); + if (obj == NULL) + return 0; + + if ((issuer = X509_OBJECT_get0_X509(obj)) == NULL) { + X509_OBJECT_free(obj); return 0; } + if (!X509_up_ref(issuer)) { + X509_OBJECT_free(obj); + return -1; + } + /* If certificate matches all OK */ - if (ctx->check_issued(ctx, x, obj.data.x509)) { - if (x509_check_cert_time(ctx, obj.data.x509, 1)) { - *issuer = obj.data.x509; + if (ctx->check_issued(ctx, x, issuer)) { + if (x509_check_cert_time(ctx, issuer, -1)) { + *out_issuer = issuer; + X509_OBJECT_free(obj); return 1; } } - X509_OBJECT_free_contents(&obj); + X509_free(issuer); + issuer = NULL; + X509_OBJECT_free(obj); + obj = NULL; - if (ctx->ctx == NULL) + if (ctx->store == NULL) return 0; /* Else find index of first cert accepted by 'check_issued' */ - ret = 0; CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); + idx = X509_OBJECT_idx_by_subject(ctx->store->objs, X509_LU_X509, xn); if (idx != -1) /* should be true as we've had at least one match */ { /* Look through all matching certs for suitable issuer */ - for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) { - pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); + for (i = idx; i < sk_X509_OBJECT_num(ctx->store->objs); i++) { + pobj = sk_X509_OBJECT_value(ctx->store->objs, i); /* See if we've run past the matches */ if (pobj->type != X509_LU_X509) break; @@ -743,22 +733,28 @@ X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) X509_get_subject_name(pobj->data.x509))) break; if (ctx->check_issued(ctx, x, pobj->data.x509)) { - *issuer = pobj->data.x509; - ret = 1; + issuer = pobj->data.x509; /* * If times check, exit with match, * otherwise keep looking. Leave last * match in issuer so we return nearest * match if no certificate time is OK. */ - if (x509_check_cert_time(ctx, *issuer, 1)) + if (x509_check_cert_time(ctx, issuer, -1)) break; } } } + ret = 0; + if (issuer != NULL) { + if (!X509_up_ref(issuer)) { + ret = -1; + } else { + *out_issuer = issuer; + ret = 1; + } + } CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - if (*issuer) - CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); return ret; } @@ -818,8 +814,25 @@ X509_STORE_get0_param(X509_STORE *ctx) } void -X509_STORE_set_verify_cb(X509_STORE *ctx, - int (*verify_cb)(int, X509_STORE_CTX *)) +X509_STORE_set_verify(X509_STORE *store, X509_STORE_CTX_verify_fn verify) +{ + store->verify = verify; +} + +X509_STORE_CTX_verify_fn +X509_STORE_get_verify(X509_STORE *store) +{ + return store->verify; +} + +void +X509_STORE_set_verify_cb(X509_STORE *store, X509_STORE_CTX_verify_cb verify_cb) +{ + store->verify_cb = verify_cb; +} + +X509_STORE_CTX_verify_cb +X509_STORE_get_verify_cb(X509_STORE *store) { - ctx->verify_cb = verify_cb; + return store->verify_cb; } diff --git a/crypto/x509/x509_ncons.c b/crypto/x509/x509_ncons.c index 1621f986..61352700 100644 --- a/crypto/x509/x509_ncons.c +++ b/crypto/x509/x509_ncons.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_ncons.c,v 1.4 2020/09/16 18:12:06 beck Exp $ */ +/* $OpenBSD: x509_ncons.c,v 1.5 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -64,6 +64,8 @@ #include #include +#include "x509_lcl.h" + static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c index 5c537990..58ffa3a2 100644 --- a/crypto/x509/x509_obj.c +++ b/crypto/x509/x509_obj.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_obj.c,v 1.18 2018/05/18 18:19:31 tb Exp $ */ +/* $OpenBSD: x509_obj.c,v 1.19 2021/11/01 20:53:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,6 +65,8 @@ #include #include +#include "x509_lcl.h" + char * X509_NAME_oneline(const X509_NAME *a, char *buf, int len) { diff --git a/crypto/x509/x509_ocsp.c b/crypto/x509/x509_ocsp.c index 59a2e972..cc55d939 100644 --- a/crypto/x509/x509_ocsp.c +++ b/crypto/x509/x509_ocsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_ocsp.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ +/* $OpenBSD: x509_ocsp.c,v 1.2 2022/01/07 09:45:52 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -69,6 +69,8 @@ #include #include +#include "ocsp_local.h" + /* OCSP extensions and a couple of CRL entry extensions */ diff --git a/crypto/x509/x509_prn.c b/crypto/x509/x509_prn.c index 5c15cc39..4977051d 100644 --- a/crypto/x509/x509_prn.c +++ b/crypto/x509/x509_prn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_prn.c,v 1.1 2020/06/04 15:19:32 jsing Exp $ */ +/* $OpenBSD: x509_prn.c,v 1.2 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -62,6 +62,8 @@ #include #include +#include "x509_lcl.h" + /* Extension printing routines */ static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, diff --git a/crypto/x509/x509_purp.c b/crypto/x509/x509_purp.c index 86ee2740..ab5e7cb3 100644 --- a/crypto/x509/x509_purp.c +++ b/crypto/x509/x509_purp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_purp.c,v 1.7 2021/09/13 15:26:53 claudio Exp $ */ +/* $OpenBSD: x509_purp.c,v 1.16 2022/05/10 19:42:52 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -65,6 +65,9 @@ #include #include +#include "x509_internal.h" +#include "x509_lcl.h" + #define V1_ROOT (EXFLAG_V1|EXFLAG_SS) #define ku_reject(x, usage) \ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) @@ -133,7 +136,7 @@ X509_check_purpose(X509 *x, int id, int ca) x509v3_cache_extensions(x); CRYPTO_w_unlock(CRYPTO_LOCK_X509); if (x->ex_flags & EXFLAG_INVALID) - return X509_V_ERR_UNSPECIFIED; + return -1; } if (id == -1) return 1; @@ -447,9 +450,7 @@ x509v3_cache_extensions(X509 *x) if (x->ex_flags & EXFLAG_SET) return; -#ifndef OPENSSL_NO_SHA - X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); -#endif + X509_digest(x, X509_CERT_HASH_EVP, x->hash, NULL); /* V1 should mean no extensions ... */ if (!X509_get_version(x)) @@ -549,6 +550,10 @@ x509v3_cache_extensions(X509 *x) case NID_dvcs: x->ex_xkusage |= XKU_DVCS; break; + + case NID_anyExtendedKeyUsage: + x->ex_xkusage |= XKU_ANYEKU; + break; } } sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); @@ -595,9 +600,13 @@ x509v3_cache_extensions(X509 *x) x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, &i, NULL); if (x->rfc3779_addr == NULL && i != -1) x->ex_flags |= EXFLAG_INVALID; + if (!X509v3_addr_is_canonical(x->rfc3779_addr)) + x->ex_flags |= EXFLAG_INVALID; x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, &i, NULL); if (x->rfc3779_asid == NULL && i != -1) x->ex_flags |= EXFLAG_INVALID; + if (!X509v3_asid_is_canonical(x->rfc3779_asid)) + x->ex_flags |= EXFLAG_INVALID; #endif for (i = 0; i < X509_get_ext_count(x); i++) { @@ -612,6 +621,9 @@ x509v3_cache_extensions(X509 *x) break; } } + + x509_verify_cert_info_populate(x); + x->ex_flags |= EXFLAG_SET; } @@ -659,8 +671,6 @@ X509_check_ca(X509 *x) CRYPTO_w_lock(CRYPTO_LOCK_X509); x509v3_cache_extensions(x); CRYPTO_w_unlock(CRYPTO_LOCK_X509); - if (x->ex_flags & EXFLAG_INVALID) - return X509_V_ERR_UNSPECIFIED; } return check_ca(x); @@ -938,3 +948,39 @@ X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) } return X509_V_OK; } + +uint32_t +X509_get_extension_flags(X509 *x) +{ + /* Call for side-effect of computing hash and caching extensions */ + if (X509_check_purpose(x, -1, -1) != 1) + return EXFLAG_INVALID; + + return x->ex_flags; +} + +uint32_t +X509_get_key_usage(X509 *x) +{ + /* Call for side-effect of computing hash and caching extensions */ + if (X509_check_purpose(x, -1, -1) != 1) + return 0; + + if (x->ex_flags & EXFLAG_KUSAGE) + return x->ex_kusage; + + return UINT32_MAX; +} + +uint32_t +X509_get_extended_key_usage(X509 *x) +{ + /* Call for side-effect of computing hash and caching extensions */ + if (X509_check_purpose(x, -1, -1) != 1) + return 0; + + if (x->ex_flags & EXFLAG_XKUSAGE) + return x->ex_xkusage; + + return UINT32_MAX; +} diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c index 525163bc..b3b8aa75 100644 --- a/crypto/x509/x509_r2x.c +++ b/crypto/x509/x509_r2x.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_r2x.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: x509_r2x.c,v 1.13 2021/11/03 14:36:21 schwarze Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -66,12 +66,15 @@ #include #include +#include "x509_lcl.h" + X509 * X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) { X509 *ret = NULL; X509_CINF *xi = NULL; X509_NAME *xn; + EVP_PKEY *pubkey; if ((ret = X509_new()) == NULL) { X509error(ERR_R_MALLOC_FAILURE); @@ -86,14 +89,12 @@ X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) goto err; if (!ASN1_INTEGER_set(xi->version, 2)) goto err; -/* xi->extensions=ri->attributes; <- bad, should not ever be done - ri->attributes=NULL; */ } xn = X509_REQ_get_subject_name(r); - if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0) + if (X509_set_subject_name(ret, xn) == 0) goto err; - if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0) + if (X509_set_issuer_name(ret, xn) == 0) goto err; if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL) @@ -102,14 +103,16 @@ X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) (long)60 * 60 * 24 * days) == NULL) goto err; - X509_set_pubkey(ret, X509_REQ_get_pubkey(r)); + if ((pubkey = X509_REQ_get0_pubkey(r)) == NULL) + goto err; + if (!X509_set_pubkey(ret, pubkey)) + goto err; if (!X509_sign(ret, pkey, EVP_md5())) goto err; - if (0) { + return ret; + err: - X509_free(ret); - ret = NULL; - } - return (ret); + X509_free(ret); + return NULL; } diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index b44306b0..c0a2a64a 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_req.c,v 1.21 2018/05/13 06:48:00 tb Exp $ */ +/* $OpenBSD: x509_req.c,v 1.29 2022/08/18 16:26:33 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -70,6 +70,9 @@ #include #include +#include "evp_locl.h" +#include "x509_lcl.h" + X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) { @@ -121,13 +124,23 @@ X509_REQ_get_pubkey(X509_REQ *req) return (X509_PUBKEY_get(req->req_info->pubkey)); } +EVP_PKEY * +X509_REQ_get0_pubkey(X509_REQ *req) +{ + if (req == NULL || req->req_info == NULL) + return NULL; + return X509_PUBKEY_get0(req->req_info->pubkey); +} + int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) { EVP_PKEY *xk = NULL; int ok = 0; - xk = X509_REQ_get_pubkey(x); + if ((xk = X509_REQ_get0_pubkey(x)) == NULL) + return 0; + switch (EVP_PKEY_cmp(xk, k)) { case 1: ok = 1; @@ -155,7 +168,6 @@ X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) X509error(X509_R_UNKNOWN_KEY_TYPE); } - EVP_PKEY_free(xk); return (ok); } @@ -202,66 +214,45 @@ X509_REQ_get_extensions(X509_REQ *req) int idx, *pnid; const unsigned char *p; - if ((req == NULL) || (req->req_info == NULL) || !ext_nids) - return (NULL); + if (req == NULL || req->req_info == NULL || ext_nids == NULL) + return NULL; for (pnid = ext_nids; *pnid != NID_undef; pnid++) { idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); if (idx == -1) continue; attr = X509_REQ_get_attr(req, idx); - if (attr->single) - ext = attr->value.single; - else if (sk_ASN1_TYPE_num(attr->value.set)) - ext = sk_ASN1_TYPE_value(attr->value.set, 0); + ext = X509_ATTRIBUTE_get0_type(attr, 0); break; } - if (!ext || (ext->type != V_ASN1_SEQUENCE)) + if (ext == NULL) + return sk_X509_EXTENSION_new_null(); + if (ext->type != V_ASN1_SEQUENCE) return NULL; p = ext->value.sequence->data; - return (STACK_OF(X509_EXTENSION) *)ASN1_item_d2i(NULL, &p, - ext->value.sequence->length, &X509_EXTENSIONS_it); + return d2i_X509_EXTENSIONS(NULL, &p, ext->value.sequence->length); } -/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs - * in case we want to create a non standard one. +/* + * Add a STACK_OF extensions to a certificate request: allow alternative OIDs + * in case we want to create a non-standard one. */ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, int nid) { - ASN1_TYPE *at = NULL; - X509_ATTRIBUTE *attr = NULL; + unsigned char *ext = NULL; + int extlen; + int rv; - if (!(at = ASN1_TYPE_new()) || - !(at->value.sequence = ASN1_STRING_new())) - goto err; + extlen = i2d_X509_EXTENSIONS(exts, &ext); + if (extlen <= 0) + return 0; - at->type = V_ASN1_SEQUENCE; - /* Generate encoding of extensions */ - at->value.sequence->length = ASN1_item_i2d((ASN1_VALUE *)exts, - &at->value.sequence->data, &X509_EXTENSIONS_it); - if (!(attr = X509_ATTRIBUTE_new())) - goto err; - if (!(attr->value.set = sk_ASN1_TYPE_new_null())) - goto err; - if (!sk_ASN1_TYPE_push(attr->value.set, at)) - goto err; - at = NULL; - attr->single = 0; - attr->object = OBJ_nid2obj(nid); - if (!req->req_info->attributes) { - if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null())) - goto err; - } - if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) - goto err; - return 1; + rv = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext, extlen); + free(ext); -err: - X509_ATTRIBUTE_free(attr); - ASN1_TYPE_free(at); - return 0; + return rv; } /* This is the normal usage: use the "official" OID */ @@ -341,3 +332,10 @@ X509_REQ_add1_attr_by_txt(X509_REQ *req, const char *attrname, int type, return 1; return 0; } + +int +i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) +{ + req->req_info->enc.modified = 1; + return i2d_X509_REQ_INFO(req->req_info, pp); +} diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 1a4b583a..5784f220 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_set.c,v 1.17 2018/08/24 19:55:58 tb Exp $ */ +/* $OpenBSD: x509_set.c,v 1.20 2021/11/01 20:53:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,6 +63,8 @@ #include #include +#include "x509_lcl.h" + const STACK_OF(X509_EXTENSION) * X509_get0_extensions(const X509 *x) { @@ -216,3 +218,9 @@ X509_get_signature_type(const X509 *x) { return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg->algorithm)); } + +X509_PUBKEY * +X509_get_X509_PUBKEY(const X509 *x) +{ + return x->cert_info->key; +} diff --git a/crypto/x509/x509_skey.c b/crypto/x509/x509_skey.c index a9064273..58bb66bc 100644 --- a/crypto/x509/x509_skey.c +++ b/crypto/x509/x509_skey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_skey.c,v 1.1 2020/06/04 15:19:32 jsing Exp $ */ +/* $OpenBSD: x509_skey.c,v 1.2 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -62,6 +62,8 @@ #include #include +#include "x509_lcl.h" + static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 1a60e5a3..72d616a1 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_trs.c,v 1.24 2021/07/23 20:50:28 schwarze Exp $ */ +/* $OpenBSD: x509_trs.c,v 1.25 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -62,6 +62,8 @@ #include #include +#include "x509_lcl.h" + static int tr_cmp(const X509_TRUST * const *a, const X509_TRUST * const *b); static void trtable_free(X509_TRUST *p); diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index 14fa2378..2dfadf6b 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_txt.c,v 1.19 2014/07/11 08:44:49 jsing Exp $ */ +/* $OpenBSD: x509_txt.c,v 1.20 2022/07/05 20:31:46 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -181,6 +181,22 @@ X509_verify_cert_error_string(long n) return("unsupported or invalid name syntax"); case X509_V_ERR_CRL_PATH_VALIDATION_ERROR: return("CRL path validation error"); + case X509_V_ERR_HOSTNAME_MISMATCH: + return("Hostname mismatch"); + case X509_V_ERR_EMAIL_MISMATCH: + return("Email address mismatch"); + case X509_V_ERR_IP_ADDRESS_MISMATCH: + return("IP address mismatch"); + case X509_V_ERR_INVALID_CALL: + return("Invalid certificate verification context"); + case X509_V_ERR_STORE_LOOKUP: + return("Issuer certificate lookup error"); + case X509_V_ERR_EE_KEY_TOO_SMALL: + return("EE certificate key too weak"); + case X509_V_ERR_CA_KEY_TOO_SMALL: + return("CA certificate key too weak"); + case X509_V_ERR_CA_MD_TOO_WEAK: + return("CA signature digest algorithm too weak"); default: (void) snprintf(buf, sizeof buf, "error number %ld", n); diff --git a/crypto/x509/x509_utl.c b/crypto/x509/x509_utl.c index 0fa6ea6d..47b25fe6 100644 --- a/crypto/x509/x509_utl.c +++ b/crypto/x509/x509_utl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_utl.c,v 1.2 2020/09/13 15:06:17 beck Exp $ */ +/* $OpenBSD: x509_utl.c,v 1.3 2022/05/20 07:58:54 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -954,7 +954,7 @@ do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, rv = -1; } else { int astrlen; - unsigned char *astr; + unsigned char *astr = NULL; astrlen = ASN1_STRING_to_UTF8(&astr, a); if (astrlen < 0) return -1; diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c index 524d5511..9aefb8d9 100644 --- a/crypto/x509/x509_v3.c +++ b/crypto/x509/x509_v3.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_v3.c,v 1.17 2018/05/19 10:54:40 tb Exp $ */ +/* $OpenBSD: x509_v3.c,v 1.18 2021/11/01 20:53:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -66,6 +66,8 @@ #include #include +#include "x509_lcl.h" + int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) { diff --git a/crypto/x509/x509_verify.c b/crypto/x509/x509_verify.c index 5ff7c506..c212ab4e 100644 --- a/crypto/x509/x509_verify.c +++ b/crypto/x509/x509_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_verify.c,v 1.49.2.1 2021/11/24 09:28:56 tb Exp $ */ +/* $OpenBSD: x509_verify.c,v 1.60.2.1 2022/10/20 09:45:18 tb Exp $ */ /* * Copyright (c) 2020-2021 Bob Beck * @@ -32,13 +32,66 @@ static int x509_verify_cert_valid(struct x509_verify_ctx *ctx, X509 *cert, struct x509_verify_chain *current_chain); +static int x509_verify_cert_hostname(struct x509_verify_ctx *ctx, X509 *cert, + char *name); static void x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert, - struct x509_verify_chain *current_chain, int full_chain); + struct x509_verify_chain *current_chain, int full_chain, char *name); static int x509_verify_cert_error(struct x509_verify_ctx *ctx, X509 *cert, size_t depth, int error, int ok); static void x509_verify_chain_free(struct x509_verify_chain *chain); -#define X509_VERIFY_CERT_HASH (EVP_sha512()) +/* + * Parse an asn1 to a representable time_t as per RFC 5280 rules. + * Returns -1 if that can't be done for any reason. + */ +time_t +x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notAfter) +{ + struct tm tm = { 0 }; + int type; + + type = ASN1_time_parse(atime->data, atime->length, &tm, atime->type); + if (type == -1) + return -1; + + /* RFC 5280 section 4.1.2.5 */ + if (tm.tm_year < 150 && type != V_ASN1_UTCTIME) + return -1; + if (tm.tm_year >= 150 && type != V_ASN1_GENERALIZEDTIME) + return -1; + + if (notAfter) { + /* + * If we are a completely broken operating system with a + * 32 bit time_t, and we have been told this is a notAfter + * date, limit the date to a 32 bit representable value. + */ + if (!ASN1_time_tm_clamp_notafter(&tm)) + return -1; + } + + /* + * Defensively fail if the time string is not representable as + * a time_t. A time_t must be sane if you care about times after + * Jan 19 2038. + */ + return timegm(&tm); +} + +/* + * Cache certificate hash, and values parsed out of an X509. + * called from cache_extensions() + */ +void +x509_verify_cert_info_populate(X509 *cert) +{ + /* + * Parse and save the cert times, or remember that they + * are unacceptable/unparsable. + */ + cert->not_before = x509_verify_asn1_time_to_time_t(X509_get_notBefore(cert), 0); + cert->not_after = x509_verify_asn1_time_to_time_t(X509_get_notAfter(cert), 1); +} struct x509_verify_chain * x509_verify_chain_new(void) @@ -182,11 +235,12 @@ x509_verify_ctx_clear(struct x509_verify_ctx *ctx) x509_verify_ctx_reset(ctx); sk_X509_pop_free(ctx->intermediates, X509_free); free(ctx->chains); - memset(ctx, 0, sizeof(*ctx)); + } static int -x509_verify_cert_cache_extensions(X509 *cert) { +x509_verify_cert_cache_extensions(X509 *cert) +{ if (!(cert->ex_flags & EXFLAG_SET)) { CRYPTO_w_lock(CRYPTO_LOCK_X509); x509v3_cache_extensions(cert); @@ -194,6 +248,7 @@ x509_verify_cert_cache_extensions(X509 *cert) { } if (cert->ex_flags & EXFLAG_INVALID) return 0; + return (cert->ex_flags & EXFLAG_SET); } @@ -203,6 +258,15 @@ x509_verify_cert_self_signed(X509 *cert) return (cert->ex_flags & EXFLAG_SS) ? 1 : 0; } +/* XXX beck - clean up this mess of is_root */ +static int +x509_verify_check_chain_end(X509 *cert, int full_chain) +{ + if (full_chain) + return x509_verify_cert_self_signed(cert); + return 1; +} + static int x509_verify_ctx_cert_is_root(struct x509_verify_ctx *ctx, X509 *cert, int full_chain) @@ -218,15 +282,15 @@ x509_verify_ctx_cert_is_root(struct x509_verify_ctx *ctx, X509 *cert, if ((match = x509_vfy_lookup_cert_match(ctx->xsc, cert)) != NULL) { X509_free(match); - return !full_chain || - x509_verify_cert_self_signed(cert); + return x509_verify_check_chain_end(cert, full_chain); + } } else { /* Check the provided roots */ for (i = 0; i < sk_X509_num(ctx->roots); i++) { if (X509_cmp(sk_X509_value(ctx->roots, i), cert) == 0) - return !full_chain || - x509_verify_cert_self_signed(cert); + return x509_verify_check_chain_end(cert, + full_chain); } } @@ -244,7 +308,7 @@ x509_verify_ctx_set_xsc_chain(struct x509_verify_ctx *ctx, return 1; /* - * XXX last_untrusted is actually the number of untrusted certs at the + * XXX num_untrusted is the number of untrusted certs at the * bottom of the chain. This works now since we stop at the first * trusted cert. This will need fixing once we allow more than one * trusted certificate. @@ -252,7 +316,7 @@ x509_verify_ctx_set_xsc_chain(struct x509_verify_ctx *ctx, num_untrusted = sk_X509_num(chain->certs); if (is_trusted && num_untrusted > 0) num_untrusted--; - ctx->xsc->last_untrusted = num_untrusted; + ctx->xsc->num_untrusted = num_untrusted; sk_X509_pop_free(ctx->xsc->chain, X509_free); ctx->xsc->chain = X509_chain_up_ref(chain->certs); @@ -338,13 +402,22 @@ x509_verify_ctx_validate_legacy_chain(struct x509_verify_ctx *ctx, ctx->xsc->error = X509_V_OK; ctx->xsc->error_depth = 0; - trust = x509_vfy_check_trust(ctx->xsc); - if (trust == X509_TRUST_REJECTED) - goto err; - if (!x509_verify_ctx_set_xsc_chain(ctx, chain, 0, 1)) goto err; + /* + * Call the legacy code to walk the chain and check trust + * in the legacy way to handle partial chains and get the + * callback fired correctly. + */ + trust = x509_vfy_check_trust(ctx->xsc); + if (trust == X509_TRUST_REJECTED) + goto err; /* callback was called in x509_vfy_check_trust */ + if (trust != X509_TRUST_TRUSTED) { + /* NOTREACHED */ + goto err; /* should not happen if we get in here - abort? */ + } + /* * XXX currently this duplicates some work done in chain * build, but we keep it here until we have feature parity @@ -352,6 +425,17 @@ x509_verify_ctx_validate_legacy_chain(struct x509_verify_ctx *ctx, if (!x509_vfy_check_chain_extensions(ctx->xsc)) goto err; +#ifndef OPENSSL_NO_RFC3779 + if (!X509v3_asid_validate_path(ctx->xsc)) + goto err; + + if (!X509v3_addr_validate_path(ctx->xsc)) + goto err; +#endif + + if (!x509_vfy_check_security_level(ctx->xsc)) + goto err; + if (!x509_constraints_chain(ctx->xsc->chain, &ctx->xsc->error, &ctx->xsc->error_depth)) { X509 *cert = sk_X509_value(ctx->xsc->chain, depth); @@ -366,10 +450,6 @@ x509_verify_ctx_validate_legacy_chain(struct x509_verify_ctx *ctx, if (!x509_vfy_check_policy(ctx->xsc)) goto err; - if ((!(ctx->xsc->param->flags & X509_V_FLAG_PARTIAL_CHAIN)) && - trust != X509_TRUST_TRUSTED) - goto err; - ret = 1; err: @@ -392,10 +472,11 @@ x509_verify_ctx_validate_legacy_chain(struct x509_verify_ctx *ctx, /* Add a validated chain to our list of valid chains */ static int x509_verify_ctx_add_chain(struct x509_verify_ctx *ctx, - struct x509_verify_chain *chain) + struct x509_verify_chain *chain, char *name) { size_t depth; X509 *last = x509_verify_chain_last(chain); + X509 *leaf = x509_verify_chain_leaf(chain); depth = sk_X509_num(chain->certs); if (depth > 0) @@ -413,6 +494,15 @@ x509_verify_ctx_add_chain(struct x509_verify_ctx *ctx, if (!x509_verify_ctx_validate_legacy_chain(ctx, chain, depth)) return 0; + /* Verify the leaf certificate and store any resulting error. */ + if (!x509_verify_cert_valid(ctx, leaf, NULL)) + return 0; + if (!x509_verify_cert_hostname(ctx, leaf, name)) + return 0; + if (ctx->error_depth == 0 && + ctx->error != X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) + chain->cert_errors[0] = ctx->error; + /* * In the non-legacy code, extensions and purpose are dealt * with as the chain is built. @@ -428,8 +518,10 @@ x509_verify_ctx_add_chain(struct x509_verify_ctx *ctx, X509_V_ERR_OUT_OF_MEM, 0); } ctx->chains_count++; + ctx->error = X509_V_OK; ctx->error_depth = depth; + return 1; } @@ -447,22 +539,15 @@ x509_verify_potential_parent(struct x509_verify_ctx *ctx, X509 *parent, } static int -x509_verify_parent_signature(X509 *parent, X509 *child, - unsigned char *child_md, int *error) +x509_verify_parent_signature(X509 *parent, X509 *child, int *error) { - unsigned char parent_md[EVP_MAX_MD_SIZE] = { 0 }; EVP_PKEY *pkey; int cached; int ret = 0; /* Use cached value if we have it */ - if (child_md != NULL) { - if (!X509_digest(parent, X509_VERIFY_CERT_HASH, parent_md, - NULL)) - return 0; - if ((cached = x509_issuer_cache_find(parent_md, child_md)) >= 0) - return cached; - } + if ((cached = x509_issuer_cache_find(parent->hash, child->hash)) >= 0) + return cached; /* Check signature. Did parent sign child? */ if ((pkey = X509_get_pubkey(parent)) == NULL) { @@ -475,8 +560,7 @@ x509_verify_parent_signature(X509 *parent, X509 *child, ret = 1; /* Add result to cache */ - if (child_md != NULL) - x509_issuer_cache_add(parent_md, child_md, ret); + x509_issuer_cache_add(parent->hash, child->hash, ret); EVP_PKEY_free(pkey); @@ -485,8 +569,8 @@ x509_verify_parent_signature(X509 *parent, X509 *child, static int x509_verify_consider_candidate(struct x509_verify_ctx *ctx, X509 *cert, - unsigned char *cert_md, int is_root_cert, X509 *candidate, - struct x509_verify_chain *current_chain, int full_chain) + int is_root_cert, X509 *candidate, struct x509_verify_chain *current_chain, + int full_chain, char *name) { int depth = sk_X509_num(current_chain->certs); struct x509_verify_chain *new_chain; @@ -506,8 +590,7 @@ x509_verify_consider_candidate(struct x509_verify_ctx *ctx, X509 *cert, return 0; } - if (!x509_verify_parent_signature(candidate, cert, cert_md, - &ctx->error)) { + if (!x509_verify_parent_signature(candidate, cert, &ctx->error)) { if (!x509_verify_cert_error(ctx, candidate, depth, ctx->error, 0)) return 0; @@ -538,14 +621,14 @@ x509_verify_consider_candidate(struct x509_verify_ctx *ctx, X509 *cert, x509_verify_chain_free(new_chain); return 0; } - if (!x509_verify_ctx_add_chain(ctx, new_chain)) { + if (!x509_verify_ctx_add_chain(ctx, new_chain, name)) { x509_verify_chain_free(new_chain); return 0; } goto done; } - x509_verify_build_chains(ctx, candidate, new_chain, full_chain); + x509_verify_build_chains(ctx, candidate, new_chain, full_chain, name); done: x509_verify_chain_free(new_chain); @@ -569,9 +652,8 @@ x509_verify_cert_error(struct x509_verify_ctx *ctx, X509 *cert, size_t depth, static void x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert, - struct x509_verify_chain *current_chain, int full_chain) + struct x509_verify_chain *current_chain, int full_chain, char *name) { - unsigned char cert_md[EVP_MAX_MD_SIZE] = { 0 }; X509 *candidate; int i, depth, count, ret, is_root; @@ -592,11 +674,6 @@ x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert, X509_V_ERR_CERT_CHAIN_TOO_LONG, 0)) return; - if (!X509_digest(cert, X509_VERIFY_CERT_HASH, cert_md, NULL) && - !x509_verify_cert_error(ctx, cert, depth, - X509_V_ERR_UNSPECIFIED, 0)) - return; - count = ctx->chains_count; ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; @@ -629,11 +706,11 @@ x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert, } if (ret > 0) { if (x509_verify_potential_parent(ctx, candidate, cert)) { - is_root = !full_chain || - x509_verify_cert_self_signed(candidate); - x509_verify_consider_candidate(ctx, cert, - cert_md, is_root, candidate, current_chain, + is_root = x509_verify_check_chain_end(candidate, full_chain); + x509_verify_consider_candidate(ctx, cert, + is_root, candidate, current_chain, + full_chain, name); } X509_free(candidate); } @@ -642,11 +719,11 @@ x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert, for (i = 0; i < sk_X509_num(ctx->roots); i++) { candidate = sk_X509_value(ctx->roots, i); if (x509_verify_potential_parent(ctx, candidate, cert)) { - is_root = !full_chain || - x509_verify_cert_self_signed(candidate); - x509_verify_consider_candidate(ctx, cert, - cert_md, is_root, candidate, current_chain, + is_root = x509_verify_check_chain_end(candidate, full_chain); + x509_verify_consider_candidate(ctx, cert, + is_root, candidate, current_chain, + full_chain, name); } } } @@ -657,8 +734,8 @@ x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert, candidate = sk_X509_value(ctx->intermediates, i); if (x509_verify_potential_parent(ctx, candidate, cert)) { x509_verify_consider_candidate(ctx, cert, - cert_md, 0, candidate, current_chain, - full_chain); + 0, candidate, current_chain, + full_chain, name); } } } @@ -726,7 +803,8 @@ x509_verify_cert_hostname(struct x509_verify_ctx *ctx, X509 *cert, char *name) } static int -x509_verify_set_check_time(struct x509_verify_ctx *ctx) { +x509_verify_set_check_time(struct x509_verify_ctx *ctx) +{ if (ctx->xsc != NULL) { if (ctx->xsc->param->flags & X509_V_FLAG_USE_CHECK_TIME) { ctx->check_time = &ctx->xsc->param->check_time; @@ -740,47 +818,9 @@ x509_verify_set_check_time(struct x509_verify_ctx *ctx) { return 1; } -int -x509_verify_asn1_time_to_tm(const ASN1_TIME *atime, struct tm *tm, int notafter) -{ - int type; - - type = ASN1_time_parse(atime->data, atime->length, tm, atime->type); - if (type == -1) - return 0; - - /* RFC 5280 section 4.1.2.5 */ - if (tm->tm_year < 150 && type != V_ASN1_UTCTIME) - return 0; - if (tm->tm_year >= 150 && type != V_ASN1_GENERALIZEDTIME) - return 0; - - if (notafter) { - /* - * If we are a completely broken operating system with a - * 32 bit time_t, and we have been told this is a notafter - * date, limit the date to a 32 bit representable value. - */ - if (!ASN1_time_tm_clamp_notafter(tm)) - return 0; - } - - /* - * Defensively fail if the time string is not representable as - * a time_t. A time_t must be sane if you care about times after - * Jan 19 2038. - */ - if (timegm(tm) == -1) - return 0; - - return 1; -} - static int -x509_verify_cert_time(int is_notafter, const ASN1_TIME *cert_asn1, - time_t *cmp_time, int *error) +x509_verify_cert_times(X509 *cert, time_t *cmp_time, int *error) { - struct tm cert_tm, when_tm; time_t when; if (cmp_time == NULL) @@ -788,29 +828,21 @@ x509_verify_cert_time(int is_notafter, const ASN1_TIME *cert_asn1, else when = *cmp_time; - if (!x509_verify_asn1_time_to_tm(cert_asn1, &cert_tm, - is_notafter)) { - *error = is_notafter ? - X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD : - X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; + if (cert->not_before == -1) { + *error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; return 0; } - - if (gmtime_r(&when, &when_tm) == NULL) { - *error = X509_V_ERR_UNSPECIFIED; + if (when < cert->not_before) { + *error = X509_V_ERR_CERT_NOT_YET_VALID; return 0; } - - if (is_notafter) { - if (ASN1_time_tm_cmp(&cert_tm, &when_tm) == -1) { - *error = X509_V_ERR_CERT_HAS_EXPIRED; - return 0; - } - } else { - if (ASN1_time_tm_cmp(&cert_tm, &when_tm) == 1) { - *error = X509_V_ERR_CERT_NOT_YET_VALID; - return 0; - } + if (cert->not_after == -1) { + *error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; + return 0; + } + if (when > cert->not_after) { + *error = X509_V_ERR_CERT_HAS_EXPIRED; + return 0; } return 1; @@ -916,15 +948,8 @@ x509_verify_cert_valid(struct x509_verify_ctx *ctx, X509 *cert, } if (x509_verify_set_check_time(ctx)) { - if (!x509_verify_cert_time(0, X509_get_notBefore(cert), - ctx->check_time, &ctx->error)) { - if (!x509_verify_cert_error(ctx, cert, depth, - ctx->error, 0)) - return 0; - } - - if (!x509_verify_cert_time(1, X509_get_notAfter(cert), - ctx->check_time, &ctx->error)) { + if (!x509_verify_cert_times(cert, ctx->check_time, + &ctx->error)) { if (!x509_verify_cert_error(ctx, cert, depth, ctx->error, 0)) return 0; @@ -1122,16 +1147,18 @@ x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name) ctx->xsc->current_cert = leaf; } - if (!x509_verify_cert_valid(ctx, leaf, NULL)) - goto err; - - if (!x509_verify_cert_hostname(ctx, leaf, name)) - goto err; - if ((current_chain = x509_verify_chain_new()) == NULL) { ctx->error = X509_V_ERR_OUT_OF_MEM; goto err; } + + /* + * Add the leaf to the chain and try to build chains from it. + * Note that unlike Go's verifier, we have not yet checked + * anything about the leaf, This is intentional, so that we + * report failures in chain building before we report problems + * with the leaf. + */ if (!x509_verify_chain_append(current_chain, leaf, &ctx->error)) { x509_verify_chain_free(current_chain); goto err; @@ -1139,13 +1166,14 @@ x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name) do { retry_chain_build = 0; if (x509_verify_ctx_cert_is_root(ctx, leaf, full_chain)) { - if (!x509_verify_ctx_add_chain(ctx, current_chain)) { + if (!x509_verify_ctx_add_chain(ctx, current_chain, + name)) { x509_verify_chain_free(current_chain); goto err; } } else { x509_verify_build_chains(ctx, leaf, current_chain, - full_chain); + full_chain, name); if (full_chain && ctx->chains_count == 0) { /* * Save the error state from the xsc @@ -1158,6 +1186,7 @@ x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name) * on failure and will be needed for * that. */ + ctx->xsc->error_depth = ctx->error_depth; if (!x509_verify_ctx_save_xsc_error(ctx)) { x509_verify_chain_free(current_chain); goto err; @@ -1266,4 +1295,3 @@ x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name) return 0; } - diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 1f527799..fb87877e 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.c,v 1.89.2.1 2021/11/24 09:28:56 tb Exp $ */ +/* $OpenBSD: x509_vfy.c,v 1.103 2022/08/31 07:15:31 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -76,8 +76,6 @@ #include "asn1_locl.h" #include "vpm_int.h" #include "x509_internal.h" -#include "x509_lcl.h" -#include "x509_internal.h" /* CRL score values */ @@ -146,6 +144,8 @@ static int X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, static int internal_verify(X509_STORE_CTX *ctx); static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); +static int check_key_level(X509_STORE_CTX *ctx, X509 *cert); +static int verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err); int ASN1_time_tm_clamp_notafter(struct tm *tm); @@ -186,7 +186,7 @@ check_id_error(X509_STORE_CTX *ctx, int errcode) static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) { - size_t i, n; + int i, n; char *name; n = sk_OPENSSL_STRING_num(id->hosts); @@ -264,7 +264,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok) goto end; } X509_up_ref(ctx->cert); - ctx->last_untrusted = 1; + ctx->num_untrusted = 1; /* We use a temporary STACK so we can chop and hack at it */ if (ctx->untrusted != NULL && @@ -338,7 +338,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok) } X509_up_ref(xtmp); (void)sk_X509_delete_ptr(sktmp, xtmp); - ctx->last_untrusted++; + ctx->num_untrusted++; x = xtmp; num++; /* @@ -396,7 +396,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok) X509_free(x); x = xtmp; (void)sk_X509_set(ctx->chain, i - 1, x); - ctx->last_untrusted = 0; + ctx->num_untrusted = 0; } } else { /* @@ -404,7 +404,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok) * certificate for later use */ chain_ss = sk_X509_pop(ctx->chain); - ctx->last_untrusted--; + ctx->num_untrusted--; num--; j--; x = sk_X509_value(ctx->chain, num - 1); @@ -478,7 +478,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok) X509_free(xtmp); num--; } - ctx->last_untrusted = sk_X509_num(ctx->chain); + ctx->num_untrusted = sk_X509_num(ctx->chain); retry = 1; break; } @@ -493,7 +493,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok) */ if (trust != X509_TRUST_TRUSTED && !bad_chain) { if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { - if (ctx->last_untrusted >= num) + if (ctx->num_untrusted >= num) ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; else ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; @@ -506,7 +506,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok) goto end; } num++; - ctx->last_untrusted = num; + ctx->num_untrusted = num; ctx->current_cert = chain_ss; ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; chain_ss = NULL; @@ -544,11 +544,26 @@ X509_verify_cert_legacy(X509_STORE_CTX *ctx) if (!ok) goto end; + /* Check that the chain satisfies the security level. */ + ok = x509_vfy_check_security_level(ctx); + if (!ok) + goto end; + /* Check name constraints */ ok = check_name_constraints(ctx); if (!ok) goto end; +#ifndef OPENSSL_NO_RFC3779 + ok = X509v3_asid_validate_path(ctx); + if (!ok) + goto end; + + ok = X509v3_addr_validate_path(ctx); + if (!ok) + goto end; +#endif + ok = check_id(ctx); if (!ok) goto end; @@ -620,6 +635,14 @@ X509_verify_cert(X509_STORE_CTX *ctx) return -1; } + /* + * If the certificate's public key is too weak, don't bother + * continuing. + */ + if (!check_key_level(ctx, ctx->cert) && + !verify_cb_cert(ctx, ctx->cert, 0, X509_V_ERR_EE_KEY_TOO_SMALL)) + return 0; + /* * If flags request legacy, use the legacy verifier. If we * requested "no alt chains" from the age of hammer pants, use @@ -741,7 +764,7 @@ x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx) } /* Check all untrusted certificates */ - for (i = 0; i < ctx->last_untrusted; i++) { + for (i = 0; i < ctx->num_untrusted; i++) { int ret; x = sk_X509_value(ctx->chain, i); if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && @@ -898,8 +921,8 @@ lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) X509 * x509_vfy_lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) { - if (ctx->lookup_certs == NULL || ctx->ctx == NULL || - ctx->ctx->objs == NULL) + if (ctx->lookup_certs == NULL || ctx->store == NULL || + ctx->store->objs == NULL) return NULL; return lookup_cert_match(ctx, x); } @@ -914,7 +937,7 @@ check_trust(X509_STORE_CTX *ctx) cb = ctx->verify_cb; /* Check all trusted certificates in chain */ - for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) { + for (i = ctx->num_untrusted; i < sk_X509_num(ctx->chain); i++) { x = sk_X509_value(ctx->chain, i); ok = X509_check_trust(x, ctx->param->trust, 0); @@ -940,14 +963,14 @@ check_trust(X509_STORE_CTX *ctx) */ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { X509 *mx; - if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain)) + if (ctx->num_untrusted < (int)sk_X509_num(ctx->chain)) return X509_TRUST_TRUSTED; x = sk_X509_value(ctx->chain, 0); mx = lookup_cert_match(ctx, x); if (mx) { (void)sk_X509_set(ctx->chain, 0, mx); X509_free(x); - ctx->last_untrusted = 0; + ctx->num_untrusted = 0; return X509_TRUST_TRUSTED; } } @@ -1072,17 +1095,17 @@ check_cert(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, int depth) static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) { - time_t *ptime = NULL; + time_t *ptime; int i; - if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) - return (1); - - if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) - ptime = &ctx->param->check_time; - if (notify) ctx->current_crl = crl; + if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) + ptime = &ctx->param->check_time; + else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) + return (1); + else + ptime = NULL; i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); if (i == 0) { @@ -1407,7 +1430,7 @@ check_crl_path(X509_STORE_CTX *ctx, X509 *x) /* Don't allow recursive CRL path validation */ if (ctx->parent) return 0; - if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) { + if (!X509_STORE_CTX_init(&crl_ctx, ctx->store, x, ctx->untrusted)) { ret = -1; goto err; } @@ -1835,6 +1858,18 @@ verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err) return ctx->verify_cb(0, ctx); } + +/* Mimic OpenSSL '0 for failure' ick */ +static int +time_t_bogocmp(time_t a, time_t b) +{ + if (a == -1 || b == -1) + return 0; + if (a <= b) + return -1; + return 1; +} + /* * Check certificate validity times. * @@ -1846,17 +1881,21 @@ verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err) int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) { - time_t *ptime; + time_t ptime; int i; if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) - ptime = &ctx->param->check_time; + ptime = ctx->param->check_time; else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) return 1; else - ptime = NULL; + ptime = time(NULL); + + if (x->ex_flags & EXFLAG_SET) + i = time_t_bogocmp(x->not_before, ptime); + else + i = X509_cmp_time(X509_get_notBefore(x), &ptime); - i = X509_cmp_time(X509_get_notBefore(x), ptime); if (i >= 0 && depth < 0) return 0; if (i == 0 && !verify_cb_cert(ctx, x, depth, @@ -1866,7 +1905,11 @@ x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) X509_V_ERR_CERT_NOT_YET_VALID)) return 0; - i = X509_cmp_time_internal(X509_get_notAfter(x), ptime, 1); + if (x->ex_flags & EXFLAG_SET) + i = time_t_bogocmp(x->not_after, ptime); + else + i = X509_cmp_time_internal(X509_get_notAfter(x), &ptime, 1); + if (i <= 0 && depth < 0) return 0; if (i == 0 && !verify_cb_cert(ctx, x, depth, @@ -1875,6 +1918,7 @@ x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) if (i < 0 && !verify_cb_cert(ctx, x, depth, X509_V_ERR_CERT_HAS_EXPIRED)) return 0; + return 1; } @@ -1990,30 +2034,23 @@ X509_cmp_current_time(const ASN1_TIME *ctm) * 0 on error. */ static int -X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, int clamp_notafter) +X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, int is_notafter) { - time_t compare; - struct tm tm1, tm2; - int ret = 0; + time_t compare, cert_time; if (cmp_time == NULL) compare = time(NULL); else compare = *cmp_time; - memset(&tm1, 0, sizeof(tm1)); - - if (!x509_verify_asn1_time_to_tm(ctm, &tm1, clamp_notafter)) - goto out; /* invalid time */ + if ((cert_time = x509_verify_asn1_time_to_time_t(ctm, is_notafter)) == + -1) + return 0; /* invalid time */ - if (gmtime_r(&compare, &tm2) == NULL) - goto out; + if (cert_time <= compare) + return -1; /* 0 is used for error, so map same to less than */ - ret = ASN1_time_tm_cmp(&tm1, &tm2); - if (ret == 0) - ret = -1; /* 0 is used for error, so map same to less than */ - out: - return (ret); + return 1; } int @@ -2057,17 +2094,15 @@ X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) return 1; for (i = 0; i < sk_X509_num(chain); i++) { - ktmp = X509_get_pubkey(sk_X509_value(chain, i)); + ktmp = X509_get0_pubkey(sk_X509_value(chain, i)); if (ktmp == NULL) { X509error(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); return 0; } if (!EVP_PKEY_missing_parameters(ktmp)) break; - else { - EVP_PKEY_free(ktmp); + else ktmp = NULL; - } } if (ktmp == NULL) { X509error(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); @@ -2076,14 +2111,15 @@ X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) /* first, populate the other certs */ for (j = i - 1; j >= 0; j--) { - ktmp2 = X509_get_pubkey(sk_X509_value(chain, j)); - EVP_PKEY_copy_parameters(ktmp2, ktmp); - EVP_PKEY_free(ktmp2); + if ((ktmp2 = X509_get0_pubkey(sk_X509_value(chain, j))) == NULL) + return 0; + if (!EVP_PKEY_copy_parameters(ktmp2, ktmp)) + return 0; } if (pkey != NULL) - EVP_PKEY_copy_parameters(pkey, ktmp); - EVP_PKEY_free(ktmp); + if (!EVP_PKEY_copy_parameters(pkey, ktmp)) + return 0; return 1; } @@ -2127,12 +2163,24 @@ X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) return ctx->error_depth; } +void +X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth) +{ + ctx->error_depth = depth; +} + X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) { return ctx->current_cert; } +void +X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x) +{ + ctx->current_cert = x; +} + STACK_OF(X509) * X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) { @@ -2182,7 +2230,7 @@ X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) X509_STORE * X509_STORE_CTX_get0_store(X509_STORE_CTX *xs) { - return xs->ctx; + return xs->store; } void @@ -2322,7 +2370,7 @@ X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, * may fail should go last to make sure 'ctx' is as consistent as * possible even on early exits. */ - ctx->ctx = store; + ctx->store = store; ctx->cert = x509; ctx->untrusted = chain; @@ -2472,6 +2520,12 @@ X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t) X509_VERIFY_PARAM_set_time(ctx->param, t); } +int +(*X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx))(int, X509_STORE_CTX *) +{ + return ctx->verify_cb; +} + void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, int (*verify_cb)(int, X509_STORE_CTX *)) @@ -2479,6 +2533,18 @@ X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, ctx->verify_cb = verify_cb; } +int +(*X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx))(X509_STORE_CTX *) +{ + return ctx->verify; +} + +void +X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, int (*verify)(X509_STORE_CTX *)) +{ + ctx->verify = verify; +} + X509 * X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) { @@ -2497,6 +2563,13 @@ X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) ctx->untrusted = sk; } +void +X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) +{ + sk_X509_pop_free(ctx->chain, X509_free); + ctx->chain = sk; +} + X509_POLICY_TREE * X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) { @@ -2509,6 +2582,12 @@ X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) return ctx->explicit_policy; } +int +X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx) +{ + return ctx->num_untrusted; +} + int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) { @@ -2532,3 +2611,129 @@ X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) X509_VERIFY_PARAM_free(ctx->param); ctx->param = param; } + +/* + * Check if |bits| are adequate for |security level|. + * Returns 1 if ok, 0 otherwise. + */ +static int +enough_bits_for_security_level(int bits, int level) +{ + /* + * Sigh. OpenSSL does this silly squashing, so we will + * too. Derp for Derp compatibility being important. + */ + if (level < 0) + level = 0; + if (level > 5) + level = 5; + + switch (level) { + case 0: + return 1; + case 1: + return bits >= 80; + case 2: + return bits >= 112; + case 3: + return bits >= 128; + case 4: + return bits >= 192; + case 5: + return bits >= 256; + default: + return 0; + } +} + +/* + * Check whether the public key of |cert| meets the security level of |ctx|. + * + * Returns 1 on success, 0 otherwise. + */ +static int +check_key_level(X509_STORE_CTX *ctx, X509 *cert) +{ + EVP_PKEY *pkey; + int bits; + + /* Unsupported or malformed keys are not secure */ + if ((pkey = X509_get0_pubkey(cert)) == NULL) + return 0; + + if ((bits = EVP_PKEY_security_bits(pkey)) <= 0) + return 0; + + return enough_bits_for_security_level(bits, ctx->param->security_level); +} + +/* + * Check whether the signature digest algorithm of |cert| meets the security + * level of |ctx|. Do not check trust anchors (self-signed or not). + * + * Returns 1 on success, 0 otherwise. + */ +static int +check_sig_level(X509_STORE_CTX *ctx, X509 *cert) +{ + const EVP_MD *md; + int bits, nid, md_nid; + + if ((nid = X509_get_signature_nid(cert)) == NID_undef) + return 0; + + /* + * Look up signature algorithm digest. + */ + + if (!OBJ_find_sigid_algs(nid, &md_nid, NULL)) + return 0; + + if (md_nid == NID_undef) + return 0; + + if ((md = EVP_get_digestbynid(md_nid)) == NULL) + return 0; + + /* Assume 4 bits of collision resistance for each hash octet. */ + bits = EVP_MD_size(md) * 4; + + return enough_bits_for_security_level(bits, ctx->param->security_level); +} + +int +x509_vfy_check_security_level(X509_STORE_CTX *ctx) +{ + int num = sk_X509_num(ctx->chain); + int i; + + if (ctx->param->security_level <= 0) + return 1; + + for (i = 0; i < num; i++) { + X509 *cert = sk_X509_value(ctx->chain, i); + + /* + * We've already checked the security of the leaf key, so here + * we only check the security of issuer keys. + */ + if (i > 0) { + if (!check_key_level(ctx, cert) && + !verify_cb_cert(ctx, cert, i, + X509_V_ERR_CA_KEY_TOO_SMALL)) + return 0; + } + + /* + * We also check the signature algorithm security of all certs + * except those of the trust anchor at index num - 1. + */ + if (i == num - 1) + break; + + if (!check_sig_level(ctx, cert) && + !verify_cb_cert(ctx, cert, i, X509_V_ERR_CA_MD_TOO_WEAK)) + return 0; + } + return 1; +} diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 42ea6e72..e14d7a36 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vpm.c,v 1.27 2021/09/30 18:23:46 jsing Exp $ */ +/* $OpenBSD: x509_vpm.c,v 1.30 2022/07/04 12:17:32 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -67,6 +67,7 @@ #include #include "vpm_int.h" +#include "x509_lcl.h" /* X509_VERIFY_PARAM functions */ @@ -452,6 +453,18 @@ X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth) param->depth = depth; } +void +X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level) +{ + param->security_level = auth_level; +} + +time_t +X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param) +{ + return param->check_time; +} + void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t) { diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index 182dd8a9..b3af77d9 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509cset.c,v 1.14 2018/02/22 17:01:44 jsing Exp $ */ +/* $OpenBSD: x509cset.c,v 1.16 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -63,8 +63,10 @@ #include #include +#include "x509_lcl.h" + int -X509_CRL_up_ref(X509_CRL *x) +X509_CRL_up_ref(X509_CRL *x) { int refs = CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); return (refs > 1) ? 1 : 0; @@ -208,3 +210,10 @@ X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) } return (in != NULL); } + +int +i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) +{ + crl->crl->enc.modified = 1; + return i2d_X509_CRL_INFO(crl->crl, pp); +} diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c index 3649d6ab..878d7878 100644 --- a/crypto/x509/x509name.c +++ b/crypto/x509/x509name.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509name.c,v 1.26 2018/05/30 15:35:45 tb Exp $ */ +/* $OpenBSD: x509name.c,v 1.27 2021/11/01 20:53:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -66,6 +66,8 @@ #include #include +#include "x509_lcl.h" + int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) { diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c index de02a400..a2dd9e4c 100644 --- a/crypto/x509/x509rset.c +++ b/crypto/x509/x509rset.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509rset.c,v 1.7 2018/08/24 19:55:58 tb Exp $ */ +/* $OpenBSD: x509rset.c,v 1.9 2021/11/01 20:53:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,11 +63,14 @@ #include #include +#include "x509_lcl.h" + int X509_REQ_set_version(X509_REQ *x, long version) { if (x == NULL) return (0); + x->req_info->enc.modified = 1; return (ASN1_INTEGER_set(x->req_info->version, version)); } @@ -82,6 +85,7 @@ X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name) { if ((x == NULL) || (x->req_info == NULL)) return (0); + x->req_info->enc.modified = 1; return (X509_NAME_set(&x->req_info->subject, name)); } @@ -96,5 +100,6 @@ X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) { if ((x == NULL) || (x->req_info == NULL)) return (0); + x->req_info->enc.modified = 1; return (X509_PUBKEY_set(&x->req_info->pubkey, pkey)); } diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 315a5c23..7495b9ef 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509type.c,v 1.13 2018/05/30 15:59:33 tb Exp $ */ +/* $OpenBSD: x509type.c,v 1.15 2021/12/12 21:30:14 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,9 @@ #include #include +#include "evp_locl.h" +#include "x509_lcl.h" + int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) { diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 36c12b80..0af130f3 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_all.c,v 1.23 2016/12/30 15:24:51 jsing Exp $ */ +/* $OpenBSD: x_all.c,v 1.26 2022/06/26 04:14:43 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -73,6 +73,8 @@ #include #endif +#include "x509_lcl.h" + X509 * d2i_X509_bio(BIO *bp, X509 **x509) { @@ -217,31 +219,6 @@ i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) { return ASN1_item_i2d_fp(&RSAPublicKey_it, fp, rsa); } - -RSA * -d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) -{ - return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa); -} - -int -i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) -{ - return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa); -} - -int -i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) -{ - return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa); -} - -RSA * -d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) -{ - return ASN1_d2i_fp((void *(*)(void))RSA_new, - (D2I_OF(void))d2i_RSA_PUBKEY, fp, (void **)rsa); -} #endif #ifndef OPENSSL_NO_DSA @@ -268,30 +245,6 @@ i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa) { return ASN1_item_i2d_fp(&DSAPrivateKey_it, fp, dsa); } - -DSA * -d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) -{ - return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa); -} - -int -i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) -{ - return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa); -} - -DSA * -d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) -{ - return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa); -} - -int -i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa) -{ - return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa); -} #endif #ifndef OPENSSL_NO_EC @@ -318,29 +271,6 @@ i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey) { return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey); } - -EC_KEY * -d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey) -{ - return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey); -} - -int -i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa) -{ - return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa); -} -EC_KEY * -d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) -{ - return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey); -} - -int -i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey) -{ - return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey); -} #endif X509_SIG * @@ -421,30 +351,6 @@ i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey) return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey); } -EVP_PKEY * -d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a) -{ - return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a); -} - -int -i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey) -{ - return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey); -} - -int -i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey) -{ - return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey); -} - -EVP_PKEY * -d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) -{ - return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a); -} - int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key) { @@ -477,7 +383,7 @@ X509_verify(X509 *a, EVP_PKEY *r) { if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) return 0; - return(ASN1_item_verify(&X509_CINF_it, a->sig_alg, + return (ASN1_item_verify(&X509_CINF_it, a->sig_alg, a->signature, a->cert_info, r)); } diff --git a/depcomp b/depcomp index 6b391623..715e3431 100644 --- a/depcomp +++ b/depcomp @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2020 Free Software Foundation, Inc. +# Copyright (C) 1999-2021 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/include/Makefile.am b/include/Makefile.am index 4184cf88..aed67211 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -7,6 +7,7 @@ SUBDIRS = openssl noinst_HEADERS = pqueue.h noinst_HEADERS += compat/dirent.h noinst_HEADERS += compat/dirent_msvc.h +noinst_HEADERS += compat/endian.h noinst_HEADERS += compat/err.h noinst_HEADERS += compat/fcntl.h noinst_HEADERS += compat/limits.h @@ -26,8 +27,6 @@ noinst_HEADERS += compat/win32netcompat.h noinst_HEADERS += compat/arpa/inet.h noinst_HEADERS += compat/arpa/nameser.h -noinst_HEADERS += compat/machine/endian.h - noinst_HEADERS += compat/netinet/in.h noinst_HEADERS += compat/netinet/ip.h noinst_HEADERS += compat/netinet/tcp.h diff --git a/include/Makefile.in b/include/Makefile.in index c13e3f8e..7834ca8d 100644 --- a/include/Makefile.in +++ b/include/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.3 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2020 Free Software Foundation, Inc. +# Copyright (C) 1994-2021 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -187,8 +187,6 @@ am__define_uniq_tagged_files = \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) am__DIST_COMMON = $(srcdir)/Makefile.in \ $(top_srcdir)/Makefile.am.common @@ -234,6 +232,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ @@ -244,6 +244,7 @@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ +ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ @@ -349,17 +350,17 @@ AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \ EXTRA_DIST = CMakeLists.txt SUBDIRS = openssl noinst_HEADERS = pqueue.h compat/dirent.h compat/dirent_msvc.h \ - compat/err.h compat/fcntl.h compat/limits.h compat/netdb.h \ - compat/poll.h compat/pthread.h compat/readpassphrase.h \ - compat/resolv.h compat/stdio.h compat/stdlib.h compat/string.h \ - compat/syslog.h compat/time.h compat/unistd.h \ - compat/win32netcompat.h compat/arpa/inet.h \ - compat/arpa/nameser.h compat/machine/endian.h \ - compat/netinet/in.h compat/netinet/ip.h compat/netinet/tcp.h \ - compat/sys/_null.h compat/sys/ioctl.h compat/sys/mman.h \ - compat/sys/param.h compat/sys/queue.h compat/sys/select.h \ - compat/sys/socket.h compat/sys/stat.h compat/sys/tree.h \ - compat/sys/time.h compat/sys/types.h compat/sys/uio.h + compat/endian.h compat/err.h compat/fcntl.h compat/limits.h \ + compat/netdb.h compat/poll.h compat/pthread.h \ + compat/readpassphrase.h compat/resolv.h compat/stdio.h \ + compat/stdlib.h compat/string.h compat/syslog.h compat/time.h \ + compat/unistd.h compat/win32netcompat.h compat/arpa/inet.h \ + compat/arpa/nameser.h compat/netinet/in.h compat/netinet/ip.h \ + compat/netinet/tcp.h compat/sys/_null.h compat/sys/ioctl.h \ + compat/sys/mman.h compat/sys/param.h compat/sys/queue.h \ + compat/sys/select.h compat/sys/socket.h compat/sys/stat.h \ + compat/sys/tree.h compat/sys/time.h compat/sys/types.h \ + compat/sys/uio.h include_HEADERS = tls.h all: all-recursive @@ -520,7 +521,6 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am diff --git a/include/compat/arpa/nameser.h b/include/compat/arpa/nameser.h index 0126a604..eff3b0d9 100644 --- a/include/compat/arpa/nameser.h +++ b/include/compat/arpa/nameser.h @@ -4,7 +4,9 @@ */ #ifndef _WIN32 +#ifdef HAVE_ARPA_NAMESER_H #include_next +#endif #else #include diff --git a/include/compat/endian.h b/include/compat/endian.h new file mode 100644 index 00000000..cd85f5c4 --- /dev/null +++ b/include/compat/endian.h @@ -0,0 +1,51 @@ +/* + * Public domain + * endian.h compatibility shim + */ + +#ifndef LIBCRYPTOCOMPAT_BYTE_ORDER_H_ +#define LIBCRYPTOCOMPAT_BYTE_ORDER_H_ + +#if defined(_WIN32) + +#define LITTLE_ENDIAN 1234 +#define BIG_ENDIAN 4321 +#define PDP_ENDIAN 3412 + +/* + * Use GCC and Visual Studio compiler defines to determine endian. + */ +#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +#define BYTE_ORDER LITTLE_ENDIAN +#else +#define BYTE_ORDER BIG_ENDIAN +#endif + +#elif defined(HAVE_ENDIAN_H) +#include_next + +#elif defined(HAVE_MACHINE_ENDIAN_H) +#include_next + +#elif defined(__sun) || defined(_AIX) || defined(__hpux) +#include +#include + +#elif defined(__sgi) +#include +#include + +#endif + +#ifndef __STRICT_ALIGNMENT +#define __STRICT_ALIGNMENT +#if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(__s390__) || defined(__s390x__) || \ + defined(__aarch64__) || \ + ((defined(__arm__) || defined(__arm)) && __ARM_ARCH >= 6) +#undef __STRICT_ALIGNMENT +#endif +#endif + +#endif diff --git a/include/compat/err.h b/include/compat/err.h index 8b5b6357..945a75d6 100644 --- a/include/compat/err.h +++ b/include/compat/err.h @@ -72,16 +72,22 @@ warn(const char *fmt, ...) fprintf(stderr, "%s\n", strerror(sverrno)); } +static inline void +vwarnx(const char *fmt, va_list args) +{ + if (fmt != NULL) + vfprintf(stderr, fmt, args); + fprintf(stderr, "\n"); +} + static inline void warnx(const char *fmt, ...) { va_list ap; va_start(ap, fmt); - if (fmt != NULL) - vfprintf(stderr, fmt, ap); + vwarnx(fmt, ap); va_end(ap); - fprintf(stderr, "\n"); } #endif diff --git a/include/compat/netinet/ip.h b/include/compat/netinet/ip.h index 6019f7dc..29f17f3f 100644 --- a/include/compat/netinet/ip.h +++ b/include/compat/netinet/ip.h @@ -8,7 +8,9 @@ #endif #ifndef _WIN32 +#ifdef HAVE_NETINET_IP_H #include_next +#endif #else #include #endif diff --git a/include/compat/resolv.h b/include/compat/resolv.h index 42dec07b..b8044605 100644 --- a/include/compat/resolv.h +++ b/include/compat/resolv.h @@ -12,7 +12,7 @@ #else #include <../include/resolv.h> #endif -#else +#elif defined(HAVE_RESOLV_H) #include_next #endif diff --git a/include/compat/sys/socket.h b/include/compat/sys/socket.h index 10eb05f6..2f0b197b 100644 --- a/include/compat/sys/socket.h +++ b/include/compat/sys/socket.h @@ -10,6 +10,7 @@ #endif #if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC) +#define NEED_SOCKET_FLAGS #define SOCK_CLOEXEC 0x8000 /* set FD_CLOEXEC */ #define SOCK_NONBLOCK 0x4000 /* set O_NONBLOCK */ int bsd_socketpair(int domain, int type, int protocol, int socket_vector[2]); diff --git a/include/openssl/Makefile.am b/include/openssl/Makefile.am index 3e307acf..7e73fd0e 100644 --- a/include/openssl/Makefile.am +++ b/include/openssl/Makefile.am @@ -20,6 +20,7 @@ opensslinclude_HEADERS += comp.h opensslinclude_HEADERS += conf.h opensslinclude_HEADERS += conf_api.h opensslinclude_HEADERS += crypto.h +opensslinclude_HEADERS += ct.h opensslinclude_HEADERS += curve25519.h opensslinclude_HEADERS += des.h opensslinclude_HEADERS += dh.h @@ -36,6 +37,7 @@ opensslinclude_HEADERS += gost.h opensslinclude_HEADERS += hkdf.h opensslinclude_HEADERS += hmac.h opensslinclude_HEADERS += idea.h +opensslinclude_HEADERS += kdf.h opensslinclude_HEADERS += lhash.h opensslinclude_HEADERS += md4.h opensslinclude_HEADERS += md5.h diff --git a/include/openssl/Makefile.in b/include/openssl/Makefile.in index 6b2d9cc7..679bfe06 100644 --- a/include/openssl/Makefile.in +++ b/include/openssl/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.3 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2020 Free Software Foundation, Inc. +# Copyright (C) 1994-2021 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -127,15 +127,15 @@ am__can_run_installinfo = \ esac am__opensslinclude_HEADERS_DIST = aes.h asn1.h asn1t.h bio.h \ blowfish.h bn.h buffer.h camellia.h cast.h chacha.h cmac.h \ - cms.h comp.h conf.h conf_api.h crypto.h curve25519.h des.h \ - dh.h dsa.h dso.h dtls1.h ec.h ecdh.h ecdsa.h engine.h err.h \ - evp.h gost.h hkdf.h hmac.h idea.h lhash.h md4.h md5.h modes.h \ - obj_mac.h objects.h ocsp.h opensslconf.h opensslfeatures.h \ - opensslv.h ossl_typ.h pem.h pem2.h pkcs12.h pkcs7.h poly1305.h \ - rand.h rc2.h rc4.h ripemd.h rsa.h safestack.h sha.h sm3.h \ - sm4.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h stack.h tls1.h ts.h \ - txt_db.h ui.h ui_compat.h whrlpool.h x509.h x509_verify.h \ - x509_vfy.h x509v3.h + cms.h comp.h conf.h conf_api.h crypto.h ct.h curve25519.h \ + des.h dh.h dsa.h dso.h dtls1.h ec.h ecdh.h ecdsa.h engine.h \ + err.h evp.h gost.h hkdf.h hmac.h idea.h kdf.h lhash.h md4.h \ + md5.h modes.h obj_mac.h objects.h ocsp.h opensslconf.h \ + opensslfeatures.h opensslv.h ossl_typ.h pem.h pem2.h pkcs12.h \ + pkcs7.h poly1305.h rand.h rc2.h rc4.h ripemd.h rsa.h \ + safestack.h sha.h sm3.h sm4.h srtp.h ssl.h ssl2.h ssl23.h \ + ssl3.h stack.h tls1.h ts.h txt_db.h ui.h ui_compat.h \ + whrlpool.h x509.h x509_verify.h x509_vfy.h x509v3.h am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ @@ -182,8 +182,6 @@ am__define_uniq_tagged_files = \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags am__DIST_COMMON = $(srcdir)/Makefile.in \ $(top_srcdir)/Makefile.am.common DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -203,6 +201,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ @@ -213,6 +213,7 @@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ +ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ @@ -320,21 +321,21 @@ AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \ @ENABLE_LIBTLS_ONLY_FALSE@ asn1t.h bio.h blowfish.h bn.h \ @ENABLE_LIBTLS_ONLY_FALSE@ buffer.h camellia.h cast.h chacha.h \ @ENABLE_LIBTLS_ONLY_FALSE@ cmac.h cms.h comp.h conf.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ conf_api.h crypto.h curve25519.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ des.h dh.h dsa.h dso.h dtls1.h ec.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ ecdh.h ecdsa.h engine.h err.h evp.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ gost.h hkdf.h hmac.h idea.h lhash.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ md4.h md5.h modes.h obj_mac.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ objects.h ocsp.h opensslconf.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ opensslfeatures.h opensslv.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ ossl_typ.h pem.h pem2.h pkcs12.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ pkcs7.h poly1305.h rand.h rc2.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ rc4.h ripemd.h rsa.h safestack.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ sha.h sm3.h sm4.h srtp.h ssl.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ ssl2.h ssl23.h ssl3.h stack.h tls1.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ ts.h txt_db.h ui.h ui_compat.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ whrlpool.h x509.h x509_verify.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ x509_vfy.h x509v3.h +@ENABLE_LIBTLS_ONLY_FALSE@ conf_api.h crypto.h ct.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ curve25519.h des.h dh.h dsa.h dso.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ dtls1.h ec.h ecdh.h ecdsa.h engine.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ err.h evp.h gost.h hkdf.h hmac.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ idea.h kdf.h lhash.h md4.h md5.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ modes.h obj_mac.h objects.h ocsp.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ opensslconf.h opensslfeatures.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ opensslv.h ossl_typ.h pem.h pem2.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ pkcs12.h pkcs7.h poly1305.h rand.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ rc2.h rc4.h ripemd.h rsa.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ safestack.h sha.h sm3.h sm4.h srtp.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ ssl.h ssl2.h ssl23.h ssl3.h stack.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ tls1.h ts.h txt_db.h ui.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ ui_compat.h whrlpool.h x509.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ x509_verify.h x509_vfy.h x509v3.h all: all-am .SUFFIXES: @@ -447,7 +448,6 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 76c294ad..ff42e456 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1.h,v 1.54 2020/12/08 15:06:42 tb Exp $ */ +/* $OpenBSD: asn1.h,v 1.70 2022/09/11 17:22:52 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -162,52 +162,6 @@ DECLARE_STACK_OF(X509_ALGOR) #define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */ #define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */ -/* We MUST make sure that, except for constness, asn1_ctx_st and - asn1_const_ctx are exactly the same. Fortunately, as soon as - the old ASN1 parsing macros are gone, we can throw this away - as well... */ -typedef struct asn1_ctx_st { - unsigned char *p;/* work char pointer */ - int eos; /* end of sequence read for indefinite encoding */ - int error; /* error code to use when returning an error */ - int inf; /* constructed if 0x20, indefinite is 0x21 */ - int tag; /* tag from last 'get object' */ - int xclass; /* class from last 'get object' */ - long slen; /* length of last 'get object' */ - unsigned char *max; /* largest value of p allowed */ - unsigned char *q;/* temporary variable */ - unsigned char **pp;/* variable */ - int line; /* used in error processing */ -} ASN1_CTX; - -typedef struct asn1_const_ctx_st { - const unsigned char *p;/* work char pointer */ - int eos; /* end of sequence read for indefinite encoding */ - int error; /* error code to use when returning an error */ - int inf; /* constructed if 0x20, indefinite is 0x21 */ - int tag; /* tag from last 'get object' */ - int xclass; /* class from last 'get object' */ - long slen; /* length of last 'get object' */ - const unsigned char *max; /* largest value of p allowed */ - const unsigned char *q;/* temporary variable */ - const unsigned char **pp;/* variable */ - int line; /* used in error processing */ -} ASN1_const_CTX; - -/* These are used internally in the ASN1_OBJECT to keep track of - * whether the names and data need to be free()ed */ -#define ASN1_OBJECT_FLAG_DYNAMIC 0x01 /* internal use */ -#define ASN1_OBJECT_FLAG_CRITICAL 0x02 /* critical x509v3 object id */ -#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04 /* internal use */ -#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08 /* internal use */ -typedef struct asn1_object_st { - const char *sn, *ln; - int nid; - int length; - const unsigned char *data; /* data remains const after init */ - int flags; /* Should we free this one */ -} ASN1_OBJECT; - #define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ /* This indicates that the ASN1_STRING is not a real value but just a place * holder for the location where indefinite length constructed data should @@ -530,11 +484,6 @@ ASN1_SEQUENCE_ANY *d2i_ASN1_SET_ANY(ASN1_SEQUENCE_ANY **a, const unsigned char * int i2d_ASN1_SET_ANY(const ASN1_SEQUENCE_ANY *a, unsigned char **out); extern const ASN1_ITEM ASN1_SET_ANY_it; -typedef struct NETSCAPE_X509_st { - ASN1_OCTET_STRING *header; - X509 *cert; -} NETSCAPE_X509; - /* This is used to contain a list of bit names */ typedef struct BIT_STRING_BITNAME_st { int bitnum; @@ -598,8 +547,6 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); ASN1_OBJECT *ASN1_OBJECT_new(void); void ASN1_OBJECT_free(ASN1_OBJECT *a); int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp); -ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - long length); ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long length); @@ -628,9 +575,6 @@ void ASN1_BIT_STRING_free(ASN1_BIT_STRING *a); ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char **in, long len); int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **out); extern const ASN1_ITEM ASN1_BIT_STRING_it; -int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp); -ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, - const unsigned char **pp, long length); int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); @@ -645,17 +589,11 @@ int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl); int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, BIT_STRING_BITNAME *tbl); -int i2d_ASN1_BOOLEAN(int a, unsigned char **pp); -int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length); - ASN1_INTEGER *ASN1_INTEGER_new(void); void ASN1_INTEGER_free(ASN1_INTEGER *a); ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **in, long len); int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **out); extern const ASN1_ITEM ASN1_INTEGER_it; -int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp); -ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long length); ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, long length); ASN1_INTEGER * ASN1_INTEGER_dup(const ASN1_INTEGER *x); @@ -773,6 +711,14 @@ ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, const unsigned char **in, long len); int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **out); extern const ASN1_ITEM ASN1_TIME_it; +int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); +int ASN1_TIME_compare(const ASN1_TIME *t1, const ASN1_TIME *t2); +int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t2); +int ASN1_TIME_normalize(ASN1_TIME *t); +int ASN1_TIME_set_string_X509(ASN1_TIME *time, const char *str); +int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, + const ASN1_TIME *to); + extern const ASN1_ITEM ASN1_OCTET_STRING_NDEF_it; ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); @@ -799,11 +745,17 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, const char *sn, const char *ln); +int ASN1_INTEGER_get_uint64(uint64_t *out_val, const ASN1_INTEGER *aint); +int ASN1_INTEGER_set_uint64(ASN1_INTEGER *aint, uint64_t val); +int ASN1_INTEGER_get_int64(int64_t *out_val, const ASN1_INTEGER *aint); +int ASN1_INTEGER_set_int64(ASN1_INTEGER *aint, int64_t val); int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); long ASN1_INTEGER_get(const ASN1_INTEGER *a); ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); +int ASN1_ENUMERATED_get_int64(int64_t *out_val, const ASN1_ENUMERATED *aenum); +int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *aenum, int64_t val); int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); @@ -816,8 +768,6 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int max); /* SPECIALS */ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, int *pclass, long omax); -int ASN1_check_infinite_end(unsigned char **p, long len); -int ASN1_const_check_infinite_end(const unsigned char **p, long len); void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, int xclass); int ASN1_put_eoc(unsigned char **pp); @@ -895,14 +845,6 @@ int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int unsigned long ASN1_tag2bit(int tag); const char *ASN1_tag2str(int tag); -/* Used to load and write netscape format cert */ - -NETSCAPE_X509 *NETSCAPE_X509_new(void); -void NETSCAPE_X509_free(NETSCAPE_X509 *a); -NETSCAPE_X509 *d2i_NETSCAPE_X509(NETSCAPE_X509 **a, const unsigned char **in, long len); -int i2d_NETSCAPE_X509(NETSCAPE_X509 *a, unsigned char **out); -extern const ASN1_ITEM NETSCAPE_X509_it; - int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, const unsigned char *data, int len); @@ -997,10 +939,6 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); int SMIME_crlf_copy(BIO *in, BIO *out, int flags); int SMIME_text(BIO *in, BIO *out); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_ASN1_strings(void); /* Error codes for the ASN1 functions. */ @@ -1170,6 +1108,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_ILLEGAL_HEX 178 #define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 #define ASN1_R_ILLEGAL_INTEGER 180 +#define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226 #define ASN1_R_ILLEGAL_NESTED_TAGGING 181 #define ASN1_R_ILLEGAL_NULL 125 #define ASN1_R_ILLEGAL_NULL_VALUE 182 @@ -1229,8 +1168,11 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_TAG_VALUE_TOO_HIGH 153 #define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 #define ASN1_R_TIME_NOT_ASCII_FORMAT 193 +#define ASN1_R_TOO_LARGE 223 #define ASN1_R_TOO_LONG 155 +#define ASN1_R_TOO_SMALL 224 #define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +#define ASN1_R_TYPE_NOT_PRIMITIVE 231 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 #define ASN1_R_UNEXPECTED_EOC 159 @@ -1247,11 +1189,11 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 #define ASN1_R_UNSUPPORTED_TYPE 196 +#define ASN1_R_WRONG_INTEGER_TYPE 225 #define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 #define ASN1_R_WRONG_TAG 168 #define ASN1_R_WRONG_TYPE 169 - int ASN1_time_parse(const char *_bytes, size_t _len, struct tm *_tm, int _mode); int ASN1_time_tm_cmp(struct tm *_tm1, struct tm *_tm2); #ifdef __cplusplus diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h index d6168b65..bb49be28 100644 --- a/include/openssl/asn1t.h +++ b/include/openssl/asn1t.h @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1t.h,v 1.15 2019/08/20 13:10:09 inoguchi Exp $ */ +/* $OpenBSD: asn1t.h,v 1.22 2022/09/03 16:01:23 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -92,7 +92,7 @@ extern "C" { /* Macros to aid ASN1 template writing */ #define ASN1_ITEM_TEMPLATE(tname) \ - static const ASN1_TEMPLATE tname##_item_tt + static const ASN1_TEMPLATE tname##_item_tt #define ASN1_ITEM_TEMPLATE_END(tname) \ ;\ @@ -120,29 +120,30 @@ extern "C" { /* This is a ASN1 type which just embeds a template */ - -/* This pair helps declare a SEQUENCE. We can do: + +/* + * This pair helps declare a SEQUENCE. We can do: * - * ASN1_SEQUENCE(stname) = { - * ... SEQUENCE components ... - * } ASN1_SEQUENCE_END(stname) + * ASN1_SEQUENCE(stname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END(stname) * - * This will produce an ASN1_ITEM called stname_it + * This will produce an ASN1_ITEM called stname_it * for a structure called stname. * - * If you want the same structure but a different + * If you want the same structure but a different * name then use: * - * ASN1_SEQUENCE(itname) = { - * ... SEQUENCE components ... - * } ASN1_SEQUENCE_END_name(stname, itname) + * ASN1_SEQUENCE(itname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END_name(stname, itname) * * This will create an item called itname_it using * a structure called stname. */ #define ASN1_SEQUENCE(tname) \ - static const ASN1_TEMPLATE tname##_seq_tt[] + static const ASN1_TEMPLATE tname##_seq_tt[] #define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) @@ -182,10 +183,6 @@ extern "C" { static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ ASN1_SEQUENCE(tname) -#define ASN1_BROKEN_SEQUENCE(tname) \ - static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ - ASN1_SEQUENCE(tname) - #define ASN1_SEQUENCE_ref(tname, cb, lck) \ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ ASN1_SEQUENCE(tname) @@ -218,8 +215,6 @@ extern "C" { #tname \ ASN1_ITEM_end(tname) -#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) - #define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) #define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) @@ -263,13 +258,14 @@ extern "C" { ASN1_ITEM_end(tname) -/* This pair helps declare a CHOICE type. We can do: +/* + * This pair helps declare a CHOICE type. We can do: * - * ASN1_CHOICE(chname) = { - * ... CHOICE options ... - * ASN1_CHOICE_END(chname) + * ASN1_CHOICE(chname) = { + * ... CHOICE options ... + * ASN1_CHOICE_END(chname) * - * This will produce an ASN1_ITEM called chname_it + * This will produce an ASN1_ITEM called chname_it * for a structure called chname. The structure * definition must look like this: * typedef struct { @@ -279,14 +275,14 @@ extern "C" { * ASN1_SOMEOTHER *opt2; * } value; * } chname; - * + * * the name of the selector must be 'type'. - * to use an alternative selector name use the + * to use an alternative selector name use the * ASN1_CHOICE_END_selector() version. */ #define ASN1_CHOICE(tname) \ - static const ASN1_TEMPLATE tname##_ch_tt[] + static const ASN1_TEMPLATE tname##_ch_tt[] #define ASN1_CHOICE_cb(tname, cb) \ static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ @@ -350,11 +346,6 @@ extern "C" { (flags), (tag), offsetof(stname, field),\ #field, ASN1_ITEM_ref(type) } -/* used when the structure is combined with the parent */ - -#define ASN1_EX_COMBINE(flags, tag, type) { \ - (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) } - /* implicit and explicit helper macros */ #define ASN1_IMP_EX(stname, field, type, tag, ex) \ @@ -437,7 +428,7 @@ extern "C" { /* Macros for the ASN1_ADB structure */ #define ASN1_ADB(name) \ - static const ASN1_ADB_TABLE name##_adbtbl[] + static const ASN1_ADB_TABLE name##_adbtbl[] #define ASN1_ADB_END(name, flags, field, app_table, def, none) \ @@ -456,7 +447,7 @@ extern "C" { #define ADB_ENTRY(val, template) {val, template} #define ASN1_ADB_TEMPLATE(name) \ - static const ASN1_TEMPLATE name##_tt + static const ASN1_TEMPLATE name##_tt #endif /* !LIBRESSL_INTERNAL */ @@ -467,13 +458,11 @@ extern "C" { */ struct ASN1_TEMPLATE_st { -unsigned long flags; /* Various flags */ -long tag; /* tag, not used if no tagging */ -unsigned long offset; /* Offset of this field in structure */ -#ifndef NO_ASN1_FIELD_NAMES -const char *field_name; /* Field name */ -#endif -ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ + unsigned long flags; /* Various flags */ + long tag; /* tag, not used if no tagging */ + unsigned long offset; /* Offset of this field in structure */ + const char *field_name; /* Field name */ + ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ }; /* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */ @@ -487,7 +476,6 @@ typedef struct ASN1_ADB_st ASN1_ADB; struct ASN1_ADB_st { unsigned long flags; /* Various flags */ unsigned long offset; /* Offset of selector field */ - STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */ const ASN1_ADB_TABLE *tbl; /* Table of possible types */ long tblcount; /* Number of entries in tbl */ const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ @@ -540,24 +528,25 @@ struct ASN1_ADB_TABLE_st { /* context specific EXPLICIT */ #define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT -/* If tagging is in force these determine the - * type of tag to use. Otherwise the tag is - * determined by the underlying type. These - * values reflect the actual octet format. +/* + * If tagging is in force these determine the type of tag to use. Otherwiser + * the tag is determined by the underlying type. These values reflect the + * actual octet format. */ -/* Universal tag */ +/* Universal tag */ #define ASN1_TFLG_UNIVERSAL (0x0<<6) -/* Application tag */ +/* Application tag */ #define ASN1_TFLG_APPLICATION (0x1<<6) -/* Context specific tag */ +/* Context specific tag */ #define ASN1_TFLG_CONTEXT (0x2<<6) -/* Private tag */ +/* Private tag */ #define ASN1_TFLG_PRIVATE (0x3<<6) #define ASN1_TFLG_TAG_CLASS (0x3<<6) -/* These are for ANY DEFINED BY type. In this case +/* + * These are for ANY DEFINED BY type. In this case * the 'item' field points to an ASN1_ADB structure * which contains a table of values to decode the * relevant type @@ -569,17 +558,8 @@ struct ASN1_ADB_TABLE_st { #define ASN1_TFLG_ADB_INT (0x1<<9) -/* This flag means a parent structure is passed - * instead of the field: this is useful is a - * SEQUENCE is being combined with a CHOICE for - * example. Since this means the structure and - * item name will differ we need to use the - * ASN1_CHOICE_END_name() macro for example. - */ - -#define ASN1_TFLG_COMBINE (0x1<<10) - -/* This flag when present in a SEQUENCE OF, SET OF +/* + * This flag when present in a SEQUENCE OF, SET OF * or EXPLICIT causes indefinite length constructed * encoding to be used if required. */ @@ -589,15 +569,13 @@ struct ASN1_ADB_TABLE_st { /* This is the actual ASN1 item itself */ struct ASN1_ITEM_st { -char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */ -long utype; /* underlying type */ -const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */ -long tcount; /* Number of templates if SEQUENCE or CHOICE */ -const void *funcs; /* functions that handle this type */ -long size; /* Structure size (usually)*/ -#ifndef NO_ASN1_FIELD_NAMES -const char *sname; /* Structure name */ -#endif + char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */ + long utype; /* underlying type */ + const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */ + long tcount; /* Number of templates if SEQUENCE or CHOICE */ + const void *funcs; /* functions that handle this type */ + long size; /* Structure size (usually)*/ + const char *sname; /* Structure name */ }; /* These are values for the itype field and @@ -606,7 +584,7 @@ const char *sname; /* Structure name */ * For PRIMITIVE types the underlying type * determines the behaviour if items is NULL. * - * Otherwise templates must contain a single + * Otherwise templates must contain a single * template and the type is treated in the * same way as the type specified in the template. * @@ -620,7 +598,7 @@ const char *sname; /* Structure name */ * selector. * * The 'funcs' field is used for application - * specific functions. + * specific functions. * * The EXTERN type uses a new style d2i/i2d. * The new style should be used where possible @@ -657,7 +635,7 @@ const char *sname; /* Structure name */ * like CHOICE */ -struct ASN1_TLC_st{ +struct ASN1_TLC_st { char valid; /* Values below are valid */ int ret; /* return value */ long plen; /* length */ @@ -680,8 +658,8 @@ typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); -typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, - int indent, const char *fname, +typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, + int indent, const char *fname, const ASN1_PCTX *pctx); typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); @@ -719,7 +697,7 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st { * used. This is most useful where the supplied routines * *almost* do the right thing but need some extra help * at a few points. If the callback returns zero then - * it is assumed a fatal error has occurred and the + * it is assumed a fatal error has occurred and the * main operation should be abandoned. * * If major changes in the default behaviour are required @@ -761,8 +739,6 @@ typedef struct ASN1_STREAM_ARG_st { #define ASN1_AFLG_REFCOUNT 1 /* Save the encoding of structure (useful for signatures) */ #define ASN1_AFLG_ENCODING 2 -/* The Sequence length is invalid */ -#define ASN1_AFLG_BROKEN 4 /* operation values for asn1_cb */ @@ -853,13 +829,13 @@ typedef struct ASN1_STREAM_ARG_st { int i2d_##fname(stname *a, unsigned char **out) \ { \ return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ - } + } #define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ int i2d_##stname##_NDEF(stname *a, unsigned char **out) \ { \ return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ - } + } /* This includes evil casts to remove const: they will go away when full * ASN1 constification is done. @@ -872,7 +848,7 @@ typedef struct ASN1_STREAM_ARG_st { int i2d_##fname(const stname *a, unsigned char **out) \ { \ return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ - } + } #define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ stname * stname##_dup(stname *x) \ @@ -889,7 +865,7 @@ typedef struct ASN1_STREAM_ARG_st { { \ return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \ ASN1_ITEM_rptr(itname), pctx); \ - } + } #define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) @@ -906,11 +882,14 @@ extern const ASN1_ITEM ASN1_BOOLEAN_it; extern const ASN1_ITEM ASN1_TBOOLEAN_it; extern const ASN1_ITEM ASN1_FBOOLEAN_it; extern const ASN1_ITEM ASN1_SEQUENCE_it; -extern const ASN1_ITEM CBIGNUM_it; extern const ASN1_ITEM BIGNUM_it; extern const ASN1_ITEM LONG_it; extern const ASN1_ITEM ZLONG_it; +#ifndef LIBRESSL_INTERNAL +extern const ASN1_ITEM CBIGNUM_it; +#endif + DECLARE_STACK_OF(ASN1_VALUE) /* Functions used internally by the ASN1 code */ @@ -929,22 +908,6 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt); void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); - -int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it); - -ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); - -const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr); - -int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); - -void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); -void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it); - #ifdef __cplusplus } #endif diff --git a/include/openssl/bio.h b/include/openssl/bio.h index 9fbf3bce..53217f80 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bio.h,v 1.45 2018/06/02 04:41:12 tb Exp $ */ +/* $OpenBSD: bio.h,v 1.56 2022/09/11 17:26:03 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -205,8 +205,6 @@ extern "C" { */ #define BIO_FLAGS_MEM_RDONLY 0x200 -typedef struct bio_st BIO; - void BIO_set_flags(BIO *b, int flags); int BIO_test_flags(const BIO *b, int flags); void BIO_clear_flags(BIO *b, int flags); @@ -252,85 +250,40 @@ void BIO_clear_flags(BIO *b, int flags); #define BIO_CB_GETS 0x05 #define BIO_CB_CTRL 0x06 -/* The callback is called before and after the underling operation, - * The BIO_CB_RETURN flag indicates if it is after the call */ +/* + * The callback is called before and after the underling operation, + * the BIO_CB_RETURN flag indicates if it is after the call. + */ #define BIO_CB_RETURN 0x80 #define BIO_CB_return(a) ((a)|BIO_CB_RETURN)) #define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) #define BIO_cb_post(a) ((a)&BIO_CB_RETURN) -long (*BIO_get_callback(const BIO *b))(struct bio_st *, int, const char *, - int, long, long); -void BIO_set_callback(BIO *b, - long (*callback)(struct bio_st *, int, const char *, int, long, long)); +typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, + long argl, long ret); +typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, + size_t len, int argi, long argl, int ret, size_t *processed); + +BIO_callback_fn BIO_get_callback(const BIO *b); +void BIO_set_callback(BIO *b, BIO_callback_fn callback); + +BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); +void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); + char *BIO_get_callback_arg(const BIO *b); void BIO_set_callback_arg(BIO *b, char *arg); -const char * BIO_method_name(const BIO *b); +const char *BIO_method_name(const BIO *b); int BIO_method_type(const BIO *b); -typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long); typedef int BIO_info_cb(BIO *, int, int); +/* Compatibility with OpenSSL's backward compatibility. */ +typedef BIO_info_cb bio_info_cb; -typedef struct bio_method_st { - int type; - const char *name; - int (*bwrite)(BIO *, const char *, int); - int (*bread)(BIO *, char *, int); - int (*bputs)(BIO *, const char *); - int (*bgets)(BIO *, char *, int); - long (*ctrl)(BIO *, int, long, void *); - int (*create)(BIO *); - int (*destroy)(BIO *); - long (*callback_ctrl)(BIO *, int, bio_info_cb *); -} BIO_METHOD; - -struct bio_st { - const BIO_METHOD *method; - /* bio, mode, argp, argi, argl, ret */ - long (*callback)(struct bio_st *, int, const char *, int, long, long); - char *cb_arg; /* first argument for the callback */ - - int init; - int shutdown; - int flags; /* extra storage */ - int retry_reason; - int num; - void *ptr; - struct bio_st *next_bio; /* used by filter BIOs */ - struct bio_st *prev_bio; /* used by filter BIOs */ - int references; - unsigned long num_read; - unsigned long num_write; - - CRYPTO_EX_DATA ex_data; -}; +typedef struct bio_method_st BIO_METHOD; DECLARE_STACK_OF(BIO) -typedef struct bio_f_buffer_ctx_struct { - /* Buffers are setup like this: - * - * <---------------------- size -----------------------> - * +---------------------------------------------------+ - * | consumed | remaining | free space | - * +---------------------------------------------------+ - * <-- off --><------- len -------> - */ - - /* BIO *bio; */ /* this is now in the BIO struct */ - int ibuf_size; /* how big is the input buffer */ - int obuf_size; /* how big is the output buffer */ - - char *ibuf; /* the char array */ - int ibuf_len; /* how many bytes are in it */ - int ibuf_off; /* write/read offset */ - - char *obuf; /* the char array */ - int obuf_len; /* how many bytes are in it */ - int obuf_off; /* write/read offset */ -} BIO_F_BUFFER_CTX; - /* Prefix and suffix callback in ASN1 BIO */ typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, void *parg); @@ -600,14 +553,14 @@ int BIO_get_new_index(void); const BIO_METHOD *BIO_s_file(void); BIO *BIO_new_file(const char *filename, const char *mode); BIO *BIO_new_fp(FILE *stream, int close_flag); -# define BIO_s_file_internal BIO_s_file BIO *BIO_new(const BIO_METHOD *type); int BIO_set(BIO *a, const BIO_METHOD *type); int BIO_free(BIO *a); int BIO_up_ref(BIO *bio); -void *BIO_get_data(BIO *a); -void BIO_set_data(BIO *a, void *ptr); -void BIO_set_init(BIO *a, int init); +void *BIO_get_data(BIO *a); +void BIO_set_data(BIO *a, void *ptr); +int BIO_get_init(BIO *a); +void BIO_set_init(BIO *a, int init); int BIO_get_shutdown(BIO *a); void BIO_set_shutdown(BIO *a, int shut); void BIO_vfree(BIO *a); @@ -620,8 +573,7 @@ int BIO_write(BIO *b, const void *data, int len) int BIO_puts(BIO *bp, const char *buf); int BIO_indent(BIO *b, int indent, int max); long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); -long BIO_callback_ctrl(BIO *b, int cmd, - void (*fp)(struct bio_st *, int, const char *, int, long, long)); +long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); char * BIO_ptr_ctrl(BIO *bp, int cmd, long larg); long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); BIO * BIO_push(BIO *b, BIO *append); @@ -629,8 +581,10 @@ BIO * BIO_pop(BIO *b); void BIO_free_all(BIO *a); BIO * BIO_find_type(BIO *b, int bio_type); BIO * BIO_next(BIO *b); +void BIO_set_next(BIO *b, BIO *next); BIO * BIO_get_retry_BIO(BIO *bio, int *reason); int BIO_get_retry_reason(BIO *bio); +void BIO_set_retry_reason(BIO *bio, int reason); BIO * BIO_dup_chain(BIO *in); int BIO_nread0(BIO *bio, char **buf); @@ -745,11 +699,6 @@ BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) __nonnull__(3))); #endif - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_BIO_strings(void); /* Error codes for the BIO functions. */ @@ -805,6 +754,7 @@ void ERR_load_BIO_strings(void); #define BIO_R_INVALID_PORT_NUMBER 129 #define BIO_R_IN_USE 123 #define BIO_R_KEEPALIVE 109 +#define BIO_R_LENGTH_TOO_LONG 130 #define BIO_R_NBIO_CONNECT_ERROR 110 #define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111 #define BIO_R_NO_HOSTNAME_SPECIFIED 112 diff --git a/include/openssl/blowfish.h b/include/openssl/blowfish.h index 4d2db805..260545e6 100644 --- a/include/openssl/blowfish.h +++ b/include/openssl/blowfish.h @@ -1,4 +1,4 @@ -/* $OpenBSD: blowfish.h,v 1.14 2014/07/10 09:01:04 miod Exp $ */ +/* $OpenBSD: blowfish.h,v 1.15 2021/11/30 18:31:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -84,11 +84,10 @@ extern "C" { #define BF_ROUNDS 16 #define BF_BLOCK 8 -typedef struct bf_key_st - { +typedef struct bf_key_st { BF_LONG P[BF_ROUNDS+2]; BF_LONG S[4*256]; - } BF_KEY; +} BF_KEY; void BF_set_key(BF_KEY *key, int len, const unsigned char *data); diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 16751116..5ac41438 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn.h,v 1.43 2021/09/10 14:33:44 tb Exp $ */ +/* $OpenBSD: bn.h,v 1.55 2022/07/12 14:42:48 kn Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -226,10 +226,11 @@ extern "C" { #endif #ifndef OPENSSL_NO_DEPRECATED -#define BN_FLG_FREE 0x8000 /* used for debuging */ +#define BN_FLG_FREE 0x8000 /* used for debugging */ #endif -#define BN_set_flags(b,n) ((b)->flags|=(n)) -#define BN_get_flags(b,n) ((b)->flags&(n)) +void BN_set_flags(BIGNUM *b, int n); +int BN_get_flags(const BIGNUM *b, int n); +void BN_with_flags(BIGNUM *dest, const BIGNUM *src, int flags); /* Values for |top| in BN_rand() */ #define BN_RAND_TOP_ANY -1 @@ -240,79 +241,21 @@ extern "C" { #define BN_RAND_BOTTOM_ANY 0 #define BN_RAND_BOTTOM_ODD 1 -/* get a clone of a BIGNUM with changed flags, for *temporary* use only - * (the two BIGNUMs cannot not be used in parallel!) */ -#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ - (dest)->top=(b)->top, \ - (dest)->dmax=(b)->dmax, \ - (dest)->neg=(b)->neg, \ - (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \ - | ((b)->flags & ~BN_FLG_MALLOCED) \ - | BN_FLG_STATIC_DATA \ - | (n))) - -struct bignum_st { - BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ - int top; /* Index of last used d +1. */ - /* The next are internal book keeping for bn_expand. */ - int dmax; /* Size of the d array. */ - int neg; /* one if the number is negative */ - int flags; -}; - -/* Used for montgomery multiplication */ -struct bn_mont_ctx_st { - int ri; /* number of bits in R */ - BIGNUM RR; /* used to convert to montgomery form */ - BIGNUM N; /* The modulus */ - BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 - * (Ni is only stored for bignum algorithm) */ - BN_ULONG n0[2];/* least significant word(s) of Ni; - (type changed with 0.9.9, was "BN_ULONG n0;" before) */ - int flags; -}; - -/* Used for reciprocal division/mod functions - * It cannot be shared between threads - */ -struct bn_recp_ctx_st { - BIGNUM N; /* the divisor */ - BIGNUM Nr; /* the reciprocal */ - int num_bits; - int shift; - int flags; -}; - -/* Used for slow "generation" functions. */ -struct bn_gencb_st { - unsigned int ver; /* To handle binary (in)compatibility */ - void *arg; /* callback-specific data */ - union { - /* if(ver==1) - handles old style callbacks */ - void (*cb_1)(int, int, void *); - /* if(ver==2) - new callback style */ - int (*cb_2)(int, int, BN_GENCB *); - } cb; -}; - BN_GENCB *BN_GENCB_new(void); void BN_GENCB_free(BN_GENCB *cb); -void *BN_GENCB_get_arg(BN_GENCB *cb); /* Wrapper function to make using BN_GENCB easier, */ int BN_GENCB_call(BN_GENCB *cb, int a, int b); -/* Macro to populate a BN_GENCB structure with an "old"-style callback */ -#define BN_GENCB_set_old(gencb, callback, cb_arg) { \ - BN_GENCB *tmp_gencb = (gencb); \ - tmp_gencb->ver = 1; \ - tmp_gencb->arg = (cb_arg); \ - tmp_gencb->cb.cb_1 = (callback); } -/* Macro to populate a BN_GENCB structure with a "new"-style callback */ -#define BN_GENCB_set(gencb, callback, cb_arg) { \ - BN_GENCB *tmp_gencb = (gencb); \ - tmp_gencb->ver = 2; \ - tmp_gencb->arg = (cb_arg); \ - tmp_gencb->cb.cb_2 = (callback); } + +/* Populate a BN_GENCB structure with an "old"-style callback */ +void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback)(int, int, void *), + void *cb_arg); + +/* Populate a BN_GENCB structure with a "new"-style callback */ +void BN_GENCB_set(BN_GENCB *gencb, int (*callback)(int, int, BN_GENCB *), + void *cb_arg); + +void *BN_GENCB_get_arg(BN_GENCB *cb); #define BN_prime_checks 0 /* default: select number of iterations based on the size of the number */ @@ -389,24 +332,18 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b); (b) >= 308 ? 8 : \ (b) >= 55 ? 27 : \ /* b >= 6 */ 34) - + #define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) -/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ -#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ - (((w) == 0) && ((a)->top == 0))) -#define BN_is_zero(a) ((a)->top == 0) -#define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) -#define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) -#define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) - -#define BN_one(a) (BN_set_word((a),1)) -#define BN_zero_ex(a) \ - do { \ - BIGNUM *_tmp_bn = (a); \ - _tmp_bn->top = 0; \ - _tmp_bn->neg = 0; \ - } while(0) +int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_zero(const BIGNUM *a); +int BN_is_one(const BIGNUM *a); +int BN_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_odd(const BIGNUM *a); + +#define BN_one(a) BN_set_word((a), 1) + +void BN_zero_ex(BIGNUM *a); #ifdef OPENSSL_NO_DEPRECATED #define BN_zero(a) BN_zero_ex(a) @@ -453,11 +390,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise */ void BN_set_negative(BIGNUM *b, int n); -/** BN_is_negative returns 1 if the BIGNUM is negative - * \param a pointer to the BIGNUM object - * \return 1 if a < 0 and 0 otherwise - */ -#define BN_is_negative(a) ((a)->neg != 0) + +int BN_is_negative(const BIGNUM *b); #ifndef LIBRESSL_INTERNAL int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, @@ -537,6 +471,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *ret, void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); +int BN_security_bits(int L, int N); + /* Deprecated versions */ #ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, @@ -572,8 +508,8 @@ BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx); -#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ - (r),(a),&((mont)->RR),(mont),(ctx)) +int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx); void BN_MONT_CTX_free(BN_MONT_CTX *mont); @@ -717,10 +653,6 @@ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_BN_strings(void); /* Error codes for the BN functions. */ diff --git a/include/openssl/buffer.h b/include/openssl/buffer.h index ed6dac0e..c210bfd1 100644 --- a/include/openssl/buffer.h +++ b/include/openssl/buffer.h @@ -1,4 +1,4 @@ -/* $OpenBSD: buffer.h,v 1.15 2015/06/24 10:05:14 jsing Exp $ */ +/* $OpenBSD: buffer.h,v 1.16 2022/07/12 14:42:48 kn Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -98,10 +98,6 @@ size_t BUF_strlcat(char *dst, const char *src, size_t siz) __attribute__ ((__bounded__(__string__,1,3))); #endif -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_BUF_strings(void); /* Error codes for the BUF functions. */ diff --git a/include/openssl/comp.h b/include/openssl/comp.h index fe7397f8..7c99ead3 100644 --- a/include/openssl/comp.h +++ b/include/openssl/comp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: comp.h,v 1.8 2014/11/03 16:58:28 tedu Exp $ */ +/* $OpenBSD: comp.h,v 1.9 2022/01/14 08:21:12 tb Exp $ */ #ifndef HEADER_COMP_H #define HEADER_COMP_H @@ -9,33 +9,6 @@ extern "C" { #endif -typedef struct comp_ctx_st COMP_CTX; - -typedef struct comp_method_st { - int type; /* NID for compression library */ - const char *name; /* A text string to identify the library */ - int (*init)(COMP_CTX *ctx); - void (*finish)(COMP_CTX *ctx); - int (*compress)(COMP_CTX *ctx, unsigned char *out, unsigned int olen, - unsigned char *in, unsigned int ilen); - int (*expand)(COMP_CTX *ctx, unsigned char *out, unsigned int olen, - unsigned char *in, unsigned int ilen); - /* The following two do NOTHING, but are kept for backward compatibility */ - long (*ctrl)(void); - long (*callback_ctrl)(void); -} COMP_METHOD; - -struct comp_ctx_st { - COMP_METHOD *meth; - unsigned long compress_in; - unsigned long compress_out; - unsigned long expand_in; - unsigned long expand_out; - - CRYPTO_EX_DATA ex_data; -}; - - COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); void COMP_CTX_free(COMP_CTX *ctx); int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, diff --git a/include/openssl/conf.h b/include/openssl/conf.h index bea6a871..5d10163b 100644 --- a/include/openssl/conf.h +++ b/include/openssl/conf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.h,v 1.15 2020/02/17 12:51:48 inoguchi Exp $ */ +/* $OpenBSD: conf.h,v 1.16 2022/07/12 14:42:48 kn Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -193,10 +193,6 @@ int CONF_parse_list(const char *list, int sep, int nospc, void OPENSSL_load_builtin_modules(void); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_CONF_strings(void); /* Error codes for the CONF functions. */ diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 7de8abb4..3b00f039 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.h,v 1.50 2019/01/19 01:07:00 tb Exp $ */ +/* $OpenBSD: crypto.h,v 1.57 2022/09/11 17:26:51 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * @@ -143,15 +143,6 @@ extern "C" { #define SSLEAY_PLATFORM 4 #define SSLEAY_DIR 5 -/* A generic structure to pass assorted data in a expandable way */ -typedef struct openssl_item_st { - int code; - void *value; /* Not used for flag attributes */ - size_t value_size; /* Max size of value for output, length for input */ - size_t *value_length; /* Returned length of value for output */ -} OPENSSL_ITEM; - - /* When changing the CRYPTO_LOCK_* list, be sure to maintain the text lock * names in cryptlib.c */ @@ -205,15 +196,15 @@ typedef struct openssl_item_st { #ifndef CRYPTO_w_lock #define CRYPTO_w_lock(type) \ - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0) #define CRYPTO_w_unlock(type) \ - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0) #define CRYPTO_r_lock(type) \ - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0) #define CRYPTO_r_unlock(type) \ - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0) #define CRYPTO_add(addr,amount,type) \ - CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) + CRYPTO_add_lock(addr,amount,type,NULL,0) #endif /* Some applications as well as some parts of OpenSSL need to allocate @@ -309,19 +300,19 @@ int CRYPTO_is_mem_check_on(void); #define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) #define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) -#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) -#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) +#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0) +#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0) #define OPENSSL_realloc(addr,num) \ - CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) + CRYPTO_realloc((char *)addr,(int)num,NULL,0) #define OPENSSL_realloc_clean(addr,old_num,num) \ - CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) + CRYPTO_realloc_clean(addr,old_num,num,NULL,0) #define OPENSSL_remalloc(addr,num) \ - CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) + CRYPTO_remalloc((char **)addr,(int)num,NULL,0) #define OPENSSL_freeFunc CRYPTO_free #define OPENSSL_free(addr) CRYPTO_free(addr) #define OPENSSL_malloc_locked(num) \ - CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) + CRYPTO_malloc_locked((int)num,NULL,0) #define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) #endif @@ -457,7 +448,7 @@ void CRYPTO_set_mem_debug_options(long bits); long CRYPTO_get_mem_debug_options(void); #define CRYPTO_push_info(info) \ - CRYPTO_push_info_(info, __FILE__, __LINE__); + CRYPTO_push_info_(info, NULL, 0); int CRYPTO_push_info_(const char *info, const char *file, int line); int CRYPTO_pop_info(void); int CRYPTO_remove_all_info(void); @@ -505,6 +496,9 @@ uint64_t OPENSSL_cpu_caps(void); int OPENSSL_isservice(void); #ifndef LIBRESSL_INTERNAL +int FIPS_mode(void); +int FIPS_mode_set(int r); + void OPENSSL_init(void); /* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It @@ -515,10 +509,6 @@ void OPENSSL_init(void); int CRYPTO_memcmp(const void *a, const void *b, size_t len); #endif -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_CRYPTO_strings(void); /* Error codes for the CRYPTO functions. */ @@ -572,6 +562,7 @@ void ERR_load_CRYPTO_strings(void); #define OPENSSL_INIT_ENGINE_ALL_BUILTIN _OPENSSL_INIT_FLAG_NOOP int OPENSSL_init_crypto(uint64_t opts, const void *settings); +void OPENSSL_cleanup(void); #ifdef __cplusplus } diff --git a/include/openssl/ct.h b/include/openssl/ct.h new file mode 100644 index 00000000..895046e0 --- /dev/null +++ b/include/openssl/ct.h @@ -0,0 +1,567 @@ +/* $OpenBSD: ct.h,v 1.7 2022/05/08 20:59:32 tb Exp $ */ +/* + * Public API for Certificate Transparency (CT). + * Written by Rob Percival (robpercival@google.com) for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 2016 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_CT_H +#define HEADER_CT_H + +#include + +#ifndef OPENSSL_NO_CT +#include +#include +#include +#ifdef __cplusplus +extern "C" { +#endif + +/* Minimum RSA key size, from RFC6962 */ +#define SCT_MIN_RSA_BITS 2048 + +/* All hashes are SHA256 in v1 of Certificate Transparency */ +#define CT_V1_HASHLEN SHA256_DIGEST_LENGTH + +typedef enum { + CT_LOG_ENTRY_TYPE_NOT_SET = -1, + CT_LOG_ENTRY_TYPE_X509 = 0, + CT_LOG_ENTRY_TYPE_PRECERT = 1 +} ct_log_entry_type_t; + +typedef enum { + SCT_VERSION_NOT_SET = -1, + SCT_VERSION_V1 = 0 +} sct_version_t; + +typedef enum { + SCT_SOURCE_UNKNOWN, + SCT_SOURCE_TLS_EXTENSION, + SCT_SOURCE_X509V3_EXTENSION, + SCT_SOURCE_OCSP_STAPLED_RESPONSE +} sct_source_t; + +typedef enum { + SCT_VALIDATION_STATUS_NOT_SET, + SCT_VALIDATION_STATUS_UNKNOWN_LOG, + SCT_VALIDATION_STATUS_VALID, + SCT_VALIDATION_STATUS_INVALID, + SCT_VALIDATION_STATUS_UNVERIFIED, + SCT_VALIDATION_STATUS_UNKNOWN_VERSION +} sct_validation_status_t; + +DECLARE_STACK_OF(SCT) +DECLARE_STACK_OF(CTLOG) + +/****************************************** + * CT policy evaluation context functions * + ******************************************/ + +/* + * Creates a new, empty policy evaluation context. + * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished + * with the CT_POLICY_EVAL_CTX. + */ +CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); + +/* Deletes a policy evaluation context and anything it owns. */ +void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); + +/* Gets the peer certificate that the SCTs are for */ +X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the certificate associated with the received SCTs. + * Increments the reference count of cert. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); + +/* Gets the issuer of the aforementioned certificate */ +X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the issuer of the certificate associated with the received SCTs. + * Increments the reference count of issuer. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); + +/* Gets the CT logs that are trusted sources of SCTs */ +const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); + +/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */ +void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, + CTLOG_STORE *log_store); + +/* + * Gets the time, in milliseconds since the Unix epoch, that will be used as the + * current time when checking whether an SCT was issued in the future. + * Such SCTs will fail validation, as required by RFC6962. + */ +uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch. + * If an SCT's timestamp is after this time, it will be interpreted as having + * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs + * whose timestamp is in the future", so an SCT will not validate in this case. + */ +void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); + +/***************** + * SCT functions * + *****************/ + +/* + * Creates a new, blank SCT. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new(void); + +/* + * Creates a new SCT from some base64-encoded strings. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64, + ct_log_entry_type_t entry_type, uint64_t timestamp, + const char *extensions_base64, const char *signature_base64); + +/* + * Frees the SCT and the underlying data structures. + */ +void SCT_free(SCT *sct); + +/* + * Free a stack of SCTs, and the underlying SCTs themselves. + * Intended to be compatible with X509V3_EXT_FREE. + */ +void SCT_LIST_free(STACK_OF(SCT) *a); + +/* + * Returns the version of the SCT. + */ +sct_version_t SCT_get_version(const SCT *sct); + +/* + * Set the version of an SCT. + * Returns 1 on success, 0 if the version is unrecognized. + */ +int SCT_set_version(SCT *sct, sct_version_t version); + +/* + * Returns the log entry type of the SCT. + */ +ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); + +/* + * Set the log entry type of an SCT. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); + +/* + * Gets the ID of the log that an SCT came from. + * Ownership of the log ID remains with the SCT. + * Returns the length of the log ID. + */ +size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); + +/* + * Set the log ID of an SCT to point directly to the *log_id specified. + * The SCT takes ownership of the specified pointer. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); + +/* + * Set the log ID of an SCT. + * This makes a copy of the log_id. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, + size_t log_id_len); + +/* + * Returns the timestamp for the SCT (epoch time in milliseconds). + */ +uint64_t SCT_get_timestamp(const SCT *sct); + +/* + * Set the timestamp of an SCT (epoch time in milliseconds). + */ +void SCT_set_timestamp(SCT *sct, uint64_t timestamp); + +/* + * Return the NID for the signature used by the SCT. + * For CT v1, this will be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset). + */ +int SCT_get_signature_nid(const SCT *sct); + +/* + * Set the signature type of an SCT + * For CT v1, this should be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set_signature_nid(SCT *sct, int nid); + +/* + * Set *ext to point to the extension data for the SCT. ext must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); + +/* + * Set the extensions of an SCT to point directly to the *ext specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); + +/* + * Set the extensions of an SCT. + * This takes a copy of the ext. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set1_extensions(SCT *sct, const unsigned char *ext, + size_t ext_len); + +/* + * Set *sig to point to the signature for the SCT. sig must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); + +/* + * Set the signature of an SCT to point directly to the *sig specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); + +/* + * Set the signature of an SCT to be a copy of the *sig specified. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set1_signature(SCT *sct, const unsigned char *sig, + size_t sig_len); + +/* + * The origin of this SCT, e.g. TLS extension, OCSP response, etc. + */ +sct_source_t SCT_get_source(const SCT *sct); + +/* + * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set_source(SCT *sct, sct_source_t source); + +/* + * Returns a text string describing the validation status of |sct|. + */ +const char *SCT_validation_status_string(const SCT *sct); + +/* + * Pretty-prints an |sct| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came + * from, so that the log name can be printed. + */ +void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); + +/* + * Pretty-prints an |sct_list| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * SCTs will be delimited by |separator|. + * If |logs| is not NULL, it will be used to lookup the CT log that each SCT + * came from, so that the log names can be printed. + */ +void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, + const char *separator, const CTLOG_STORE *logs); + +/* + * Gets the last result of validating this SCT. + * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET. + */ +sct_validation_status_t SCT_get_validation_status(const SCT *sct); + +/* + * Validates the given SCT with the provided context. + * Sets the "validation_status" field of the SCT. + * Returns 1 if the SCT is valid and the signature verifies. + * Returns 0 if the SCT is invalid or could not be verified. + * Returns -1 if an error occurs. + */ +int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); + +/* + * Validates the given list of SCTs with the provided context. + * Sets the "validation_status" field of each SCT. + * Returns 1 if there are no invalid SCTs and all signatures verify. + * Returns 0 if at least one SCT is invalid or could not be verified. + * Returns a negative integer if an error occurs. + */ +int SCT_LIST_validate(const STACK_OF(SCT) *scts, + CT_POLICY_EVAL_CTX *ctx); + + +/********************************* + * SCT parsing and serialisation * + *********************************/ + +/* + * Serialize (to TLS format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just return the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Convert TLS format SCT list to a stack of SCTs. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + size_t len); + +/* + * Serialize (to DER format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just returns the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Parses an SCT list in DER format and returns it. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + long len); + +/* + * Serialize (to TLS format) an |sct| and write it to |out|. + * If |out| is null, no SCT will be output but the length will still be returned. + * If |out| points to a null pointer, a string will be allocated to hold the + * TLS-format SCT. It is the responsibility of the caller to free it. + * If |out| points to an allocated string, the TLS-format SCT will be written + * to it. + * The length of the SCT in TLS format will be returned. + */ +int i2o_SCT(const SCT *sct, unsigned char **out); + +/* + * Parses an SCT in TLS format and returns it. + * If |psct| is not null, it will end up pointing to the parsed SCT. If it + * already points to a non-null pointer, the pointer will be free'd. + * |in| should be a pointer to a string containing the TLS-format SCT. + * |in| will be advanced to the end of the SCT if parsing succeeds. + * |len| should be the length of the SCT in |in|. + * Returns NULL if an error occurs. + * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len' + * fields will be populated (with |in| and |len| respectively). + */ +SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); + +/******************** + * CT log functions * + ********************/ + +/* + * Creates a new CT log instance with the given |public_key| and |name|. + * Takes ownership of |public_key| but copies |name|. + * Returns NULL if malloc fails or if |public_key| cannot be converted to DER. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); + +/* + * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER + * in |pkey_base64|. The |name| is a string to help users identify this log. + * Returns 1 on success, 0 on failure. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, + const char *name); + +/* + * Deletes a CT log instance and its fields. + */ +void CTLOG_free(CTLOG *log); + +/* Gets the name of the CT log */ +const char *CTLOG_get0_name(const CTLOG *log); +/* Gets the ID of the CT log */ +void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, + size_t *log_id_len); +/* Gets the public key of the CT log */ +EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); + +/************************** + * CT log store functions * + **************************/ + +/* + * Creates a new CT log store. + * Should be deleted by the caller using CTLOG_STORE_free when no longer needed. + */ +CTLOG_STORE *CTLOG_STORE_new(void); + +/* + * Deletes a CT log store and all of the CT log instances held within. + */ +void CTLOG_STORE_free(CTLOG_STORE *store); + +/* + * Finds a CT log in the store based on its log ID. + * Returns the CT log, or NULL if no match is found. + */ +const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, + const uint8_t *log_id, size_t log_id_len); + +/* + * Loads a CT log list into a |store| from a |file|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); + +/* + * Loads the default CT log list into a |store|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +int CTLOG_STORE_load_default_file(CTLOG_STORE *store); + +int ERR_load_CT_strings(void); + +/* + * CT function codes. + */ +# define CT_F_CTLOG_NEW 117 +# define CT_F_CTLOG_NEW_FROM_BASE64 118 +# define CT_F_CTLOG_NEW_FROM_CONF 119 +# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122 +# define CT_F_CTLOG_STORE_LOAD_FILE 123 +# define CT_F_CTLOG_STORE_LOAD_LOG 130 +# define CT_F_CTLOG_STORE_NEW 131 +# define CT_F_CT_BASE64_DECODE 124 +# define CT_F_CT_POLICY_EVAL_CTX_NEW 133 +# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125 +# define CT_F_I2O_SCT 107 +# define CT_F_I2O_SCT_LIST 108 +# define CT_F_I2O_SCT_SIGNATURE 109 +# define CT_F_O2I_SCT 110 +# define CT_F_O2I_SCT_LIST 111 +# define CT_F_O2I_SCT_SIGNATURE 112 +# define CT_F_SCT_CTX_NEW 126 +# define CT_F_SCT_CTX_VERIFY 128 +# define CT_F_SCT_NEW 100 +# define CT_F_SCT_NEW_FROM_BASE64 127 +# define CT_F_SCT_SET0_LOG_ID 101 +# define CT_F_SCT_SET1_EXTENSIONS 114 +# define CT_F_SCT_SET1_LOG_ID 115 +# define CT_F_SCT_SET1_SIGNATURE 116 +# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102 +# define CT_F_SCT_SET_SIGNATURE_NID 103 +# define CT_F_SCT_SET_VERSION 104 + +/* + * CT reason codes. + */ +# define CT_R_BASE64_DECODE_ERROR 108 +# define CT_R_INVALID_LOG_ID_LENGTH 100 +# define CT_R_LOG_CONF_INVALID 109 +# define CT_R_LOG_CONF_INVALID_KEY 110 +# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 +# define CT_R_LOG_CONF_MISSING_KEY 112 +# define CT_R_LOG_KEY_INVALID 113 +# define CT_R_SCT_FUTURE_TIMESTAMP 116 +# define CT_R_SCT_INVALID 104 +# define CT_R_SCT_INVALID_SIGNATURE 107 +# define CT_R_SCT_LIST_INVALID 105 +# define CT_R_SCT_LOG_ID_MISMATCH 114 +# define CT_R_SCT_NOT_SET 106 +# define CT_R_SCT_UNSUPPORTED_VERSION 115 +# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 +# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 +# define CT_R_UNSUPPORTED_VERSION 103 + +#ifdef __cplusplus +} +#endif +#endif +#endif diff --git a/include/openssl/dh.h b/include/openssl/dh.h index 082b5025..7b226a70 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -1,25 +1,25 @@ -/* $OpenBSD: dh.h,v 1.25 2018/02/22 16:41:04 jsing Exp $ */ +/* $OpenBSD: dh.h,v 1.35 2022/07/12 14:42:49 kn Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -72,7 +72,7 @@ #ifndef OPENSSL_NO_DEPRECATED #include #endif - + #ifndef OPENSSL_DH_MAX_MODULUS_BITS # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif @@ -98,55 +98,6 @@ extern "C" { #endif -/* Already defined in ossl_typ.h */ -/* typedef struct dh_st DH; */ -/* typedef struct dh_method DH_METHOD; */ - -struct dh_method - { - const char *name; - /* Methods here */ - int (*generate_key)(DH *dh); - int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh); - int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); /* Can be null */ - - int (*init)(DH *dh); - int (*finish)(DH *dh); - int flags; - char *app_data; - /* If this is non-NULL, it will be used to generate parameters */ - int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb); - }; - -struct dh_st - { - /* This first argument is used to pick up errors when - * a DH is passed instead of a EVP_PKEY */ - int pad; - int version; - BIGNUM *p; - BIGNUM *g; - long length; /* optional */ - BIGNUM *pub_key; /* g^x */ - BIGNUM *priv_key; /* x */ - - int flags; - BN_MONT_CTX *method_mont_p; - /* Place holders if we want to do X9.42 DH */ - BIGNUM *q; - BIGNUM *j; - unsigned char *seed; - int seedlen; - BIGNUM *counter; - - int references; - CRYPTO_EX_DATA ex_data; - const DH_METHOD *meth; - ENGINE *engine; - }; - #define DH_GENERATOR_2 2 /* #define DH_GENERATOR_3 3 */ #define DH_GENERATOR_5 5 @@ -156,10 +107,14 @@ struct dh_st #define DH_CHECK_P_NOT_SAFE_PRIME 0x02 #define DH_UNABLE_TO_CHECK_GENERATOR 0x04 #define DH_NOT_SUITABLE_GENERATOR 0x08 +#define DH_CHECK_Q_NOT_PRIME 0x10 +#define DH_CHECK_INVALID_Q_VALUE 0x20 +#define DH_CHECK_INVALID_J_VALUE 0x40 /* DH_check_pub_key error codes */ #define DH_CHECK_PUBKEY_TOO_SMALL 0x01 #define DH_CHECK_PUBKEY_TOO_LARGE 0x02 +#define DH_CHECK_PUBKEY_INVALID 0x04 /* primes p where (p-1)/2 is prime too are called "safe"; we define this for backward compatibility: */ @@ -188,6 +143,7 @@ int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int DH_set_ex_data(DH *d, int idx, void *arg); void *DH_get_ex_data(DH *d, int idx); +int DH_security_bits(const DH *dh); ENGINE *DH_get0_engine(DH *d); void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, @@ -195,9 +151,15 @@ void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DH_get0_p(const DH *dh); +const BIGNUM *DH_get0_q(const DH *dh); +const BIGNUM *DH_get0_g(const DH *dh); +const BIGNUM *DH_get0_priv_key(const DH *dh); +const BIGNUM *DH_get0_pub_key(const DH *dh); void DH_clear_flags(DH *dh, int flags); int DH_test_flags(const DH *dh, int flags); void DH_set_flags(DH *dh, int flags); +long DH_get_length(const DH *dh); int DH_set_length(DH *dh, long length); /* Deprecated version */ @@ -232,12 +194,8 @@ int DHparams_print(char *bp, const DH *x); #define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) #define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ + void ERR_load_DH_strings(void); /* Error codes for the DH functions. */ @@ -274,6 +232,17 @@ void ERR_load_DH_strings(void); #define DH_R_NO_PARAMETERS_SET 107 #define DH_R_NO_PRIVATE_VALUE 100 #define DH_R_PARAMETER_ENCODING_ERROR 105 +#define DH_R_CHECK_INVALID_J_VALUE 115 +#define DH_R_CHECK_INVALID_Q_VALUE 116 +#define DH_R_CHECK_PUBKEY_INVALID 122 +#define DH_R_CHECK_PUBKEY_TOO_LARGE 123 +#define DH_R_CHECK_PUBKEY_TOO_SMALL 124 +#define DH_R_CHECK_P_NOT_PRIME 117 +#define DH_R_CHECK_P_NOT_SAFE_PRIME 118 +#define DH_R_CHECK_Q_NOT_PRIME 119 +#define DH_R_MISSING_PUBKEY 125 +#define DH_R_NOT_SUITABLE_GENERATOR 120 +#define DH_R_UNABLE_TO_CHECK_GENERATOR 121 #ifdef __cplusplus } diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index 61bfc2b4..eab35a6f 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa.h,v 1.30 2018/03/17 15:19:12 tb Exp $ */ +/* $OpenBSD: dsa.h,v 1.39 2022/07/12 14:42:49 kn Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -109,69 +109,7 @@ extern "C" { #endif -/* Already defined in ossl_typ.h */ -/* typedef struct dsa_st DSA; */ -/* typedef struct dsa_method DSA_METHOD; */ - -typedef struct DSA_SIG_st - { - BIGNUM *r; - BIGNUM *s; - } DSA_SIG; - -struct dsa_method - { - const char *name; - DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); - int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); - int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); - int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, - BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont); - int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); /* Can be null */ - int (*init)(DSA *dsa); - int (*finish)(DSA *dsa); - int flags; - char *app_data; - /* If this is non-NULL, it is used to generate DSA parameters */ - int (*dsa_paramgen)(DSA *dsa, int bits, - const unsigned char *seed, int seed_len, - int *counter_ret, unsigned long *h_ret, - BN_GENCB *cb); - /* If this is non-NULL, it is used to generate DSA keys */ - int (*dsa_keygen)(DSA *dsa); - }; - -struct dsa_st - { - /* This first variable is used to pick up errors where - * a DSA is passed instead of of a EVP_PKEY */ - int pad; - long version; - int write_params; - BIGNUM *p; - BIGNUM *q; /* == 20 */ - BIGNUM *g; - - BIGNUM *pub_key; /* y public key */ - BIGNUM *priv_key; /* x private key */ - - BIGNUM *kinv; /* Signing pre-calc */ - BIGNUM *r; /* Signing pre-calc */ - - int flags; - /* Normally used to cache montgomery values */ - BN_MONT_CTX *method_mont_p; - int references; - CRYPTO_EX_DATA ex_data; - const DSA_METHOD *meth; - /* functional reference if 'meth' is ENGINE-provided */ - ENGINE *engine; - }; +typedef struct DSA_SIG_st DSA_SIG; DSA *d2i_DSAparams_bio(BIO *bp, DSA **a); int i2d_DSAparams_bio(BIO *bp, DSA *a); @@ -202,6 +140,7 @@ void DSA_free(DSA *r); /* "up" the DSA object's reference count */ int DSA_up_ref(DSA *r); int DSA_size(const DSA *); +int DSA_bits(const DSA *d); /* next 4 return -1 on error */ int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp); int DSA_sign(int type,const unsigned char *dgst,int dlen, @@ -212,6 +151,7 @@ int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int DSA_set_ex_data(DSA *d, int idx, void *arg); void *DSA_get_ex_data(DSA *d, int idx); +int DSA_security_bits(const DSA *d); DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); @@ -247,9 +187,12 @@ int DSA_print(BIO *bp, const DSA *x, int off); int DSAparams_print_fp(FILE *fp, const DSA *x); int DSA_print_fp(FILE *bp, const DSA *x, int off); -#define DSS_prime_checks 50 -/* Primality test according to FIPS PUB 186[-1], Appendix 2.1: - * 50 rounds of Rabin-Miller */ +/* + * Primality test according to FIPS PUB 186-4, Appendix C.3. Set the number + * to 64 rounds of Miller-Rabin, which corresponds to 128 bits of security. + * This is necessary for keys of size >= 3072. + */ +#define DSS_prime_checks 64 #define DSA_is_prime(n, callback, cb_arg) \ BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) @@ -264,6 +207,11 @@ void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key); int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DSA_get0_p(const DSA *d); +const BIGNUM *DSA_get0_q(const DSA *d); +const BIGNUM *DSA_get0_g(const DSA *d); +const BIGNUM *DSA_get0_pub_key(const DSA *d); +const BIGNUM *DSA_get0_priv_key(const DSA *d); void DSA_clear_flags(DSA *d, int flags); int DSA_test_flags(const DSA *d, int flags); void DSA_set_flags(DSA *d, int flags); @@ -272,6 +220,8 @@ ENGINE *DSA_get0_engine(DSA *d); DSA_METHOD *DSA_meth_new(const char *name, int flags); void DSA_meth_free(DSA_METHOD *meth); DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth); +const char *DSA_meth_get0_name(const DSA_METHOD *meth); +int DSA_meth_set1_name(DSA_METHOD *meth, const char *name); int DSA_meth_set_sign(DSA_METHOD *meth, DSA_SIG *(*sign)(const unsigned char *, int, DSA *)); int DSA_meth_set_finish(DSA_METHOD *meth, int (*finish)(DSA *)); @@ -284,10 +234,6 @@ int DSA_meth_set_finish(DSA_METHOD *meth, int (*finish)(DSA *)); #define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) #define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_DSA_strings(void); /* Error codes for the DSA functions. */ diff --git a/include/openssl/dso.h b/include/openssl/dso.h index 6c982c9f..ae07b0a5 100644 --- a/include/openssl/dso.h +++ b/include/openssl/dso.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dso.h,v 1.12 2016/03/15 20:50:22 krw Exp $ */ +/* $OpenBSD: dso.h,v 1.13 2022/07/12 14:42:49 kn Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -302,10 +302,6 @@ int DSO_pathbyaddr(void *addr, char *path, int sz); * itself or libsocket. */ void *DSO_global_lookup(const char *name); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_DSO_strings(void); /* Error codes for the DSO functions. */ diff --git a/include/openssl/ec.h b/include/openssl/ec.h index d8ff42c0..52c8f2f3 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ec.h,v 1.27 2021/09/12 16:23:19 tb Exp $ */ +/* $OpenBSD: ec.h,v 1.28 2022/07/12 14:42:49 kn Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -1116,10 +1116,6 @@ EC_KEY *ECParameters_dup(EC_KEY *key); #define EVP_PKEY_ECDH_KDF_NONE 1 #define EVP_PKEY_ECDH_KDF_X9_63 2 -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_EC_strings(void); /* Error codes for the EC functions. */ diff --git a/include/openssl/ecdh.h b/include/openssl/ecdh.h index ccc1312f..b39a90f1 100644 --- a/include/openssl/ecdh.h +++ b/include/openssl/ecdh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdh.h,v 1.5 2015/09/13 12:03:07 jsing Exp $ */ +/* $OpenBSD: ecdh.h,v 1.6 2022/07/12 14:42:49 kn Exp $ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -102,10 +102,6 @@ int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg); void *ECDH_get_ex_data(EC_KEY *d, int idx); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_ECDH_strings(void); /* Error codes for the ECDH functions. */ diff --git a/include/openssl/ecdsa.h b/include/openssl/ecdsa.h index c4e107ee..29ee8729 100644 --- a/include/openssl/ecdsa.h +++ b/include/openssl/ecdsa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdsa.h,v 1.8 2019/01/19 01:17:41 tb Exp $ */ +/* $OpenBSD: ecdsa.h,v 1.12 2022/07/12 14:42:49 kn Exp $ */ /** * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions * \author Written by Nils Larsch for the OpenSSL project @@ -85,10 +85,6 @@ struct ecdsa_method { BIGNUM **r); int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey); -#if 0 - int (*init)(EC_KEY *eckey); - int (*finish)(EC_KEY *eckey); -#endif int flags; char *app_data; }; @@ -101,11 +97,6 @@ struct ecdsa_method { #define ECDSA_FLAG_FIPS_METHOD 0x1 -struct ECDSA_SIG_st { - BIGNUM *r; - BIGNUM *s; -}; - /** Allocates and initialize a ECDSA_SIG structure * \return pointer to a ECDSA_SIG structure or NULL if an error occurred */ @@ -140,6 +131,9 @@ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); */ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); +const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); + /** Setter for r and s fields of ECDSA_SIG * \param sig pointer to ECDSA_SIG pointer * \param r pointer to BIGNUM for r (may be NULL) @@ -299,11 +293,6 @@ void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, int (**pverify_sig)(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey)); - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_ECDSA_strings(void); /* Error codes for the ECDSA functions. */ diff --git a/include/openssl/engine.h b/include/openssl/engine.h index dc14be8e..5c21647f 100644 --- a/include/openssl/engine.h +++ b/include/openssl/engine.h @@ -1,4 +1,4 @@ -/* $OpenBSD: engine.h,v 1.33 2019/01/19 01:07:00 tb Exp $ */ +/* $OpenBSD: engine.h,v 1.34 2022/07/12 14:42:49 kn Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -716,10 +716,6 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, * values. */ void *ENGINE_get_static_state(void); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_ENGINE_strings(void); /* Error codes for the ENGINE functions. */ diff --git a/include/openssl/err.h b/include/openssl/err.h index 22cdb298..24708c5b 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -1,4 +1,4 @@ -/* $OpenBSD: err.h,v 1.25 2017/02/20 23:21:19 beck Exp $ */ +/* $OpenBSD: err.h,v 1.28 2022/08/29 06:49:24 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -196,6 +196,8 @@ typedef struct err_state_st { #define ERR_LIB_HMAC 48 #define ERR_LIB_JPAKE 49 #define ERR_LIB_GOST 50 +#define ERR_LIB_CT 51 +#define ERR_LIB_KDF 52 #define ERR_LIB_USER 128 @@ -234,6 +236,8 @@ typedef struct err_state_st { #define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) #define GOSTerr(f,r) ERR_PUT_error(ERR_LIB_GOST,(f),(r),__FILE__,__LINE__) #define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__) +#define CTerr(f, r) ERR_PUT_error(ERR_LIB_CT,(f),(r),__FILE__,__LINE__) +#define KDFerr(f, r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),__FILE__,__LINE__) #endif #ifdef LIBRESSL_INTERNAL @@ -270,6 +274,8 @@ typedef struct err_state_st { #define HMACerror(r) ERR_PUT_error(ERR_LIB_HMAC,(0xfff),(r),__FILE__,__LINE__) #define JPAKEerror(r) ERR_PUT_error(ERR_LIB_JPAKE,(0xfff),(r),__FILE__,__LINE__) #define GOSTerror(r) ERR_PUT_error(ERR_LIB_GOST,(0xfff),(r),__FILE__,__LINE__) +#define CTerror(r) ERR_PUT_error(ERR_LIB_CT,(0xfff),(r),__FILE__,__LINE__) +#define KDFerror(r) ERR_PUT_error(ERR_LIB_KDF,(0xfff),(r),__FILE__,__LINE__) #endif #define ERR_PACK(l,f,r) (((((unsigned long)l)&0xffL)<<24L)| \ @@ -340,11 +346,11 @@ typedef struct err_state_st { #define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) #define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) #define ERR_R_DISABLED (5|ERR_R_FATAL) +#define ERR_R_INIT_FAIL (6|ERR_R_FATAL) /* 99 is the maximum possible ERR_R_... code, higher values * are reserved for the individual libraries */ - typedef struct ERR_string_data_st { unsigned long error; const char *string; diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 06c529ef..d2bb376c 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp.h,v 1.83 2021/05/10 17:00:32 tb Exp $ */ +/* $OpenBSD: evp.h,v 1.107 2022/09/11 17:29:24 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -112,6 +112,7 @@ #define EVP_PKEY_GOSTIMIT NID_id_Gost28147_89_MAC #define EVP_PKEY_HMAC NID_hmac #define EVP_PKEY_CMAC NID_cmac +#define EVP_PKEY_HKDF NID_hkdf #define EVP_PKEY_GOSTR12_256 NID_id_tc26_gost3410_2012_256 #define EVP_PKEY_GOSTR12_512 NID_id_tc26_gost3410_2012_512 @@ -119,82 +120,15 @@ extern "C" { #endif -/* Type needs to be a bit field - * Sub-type needs to be for variations on the method, as in, can it do - * arbitrary encryption.... */ -struct evp_pkey_st { - int type; - int save_type; - int references; - const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE *engine; - union { - char *ptr; -#ifndef OPENSSL_NO_RSA - struct rsa_st *rsa; /* RSA */ -#endif -#ifndef OPENSSL_NO_DSA - struct dsa_st *dsa; /* DSA */ -#endif -#ifndef OPENSSL_NO_DH - struct dh_st *dh; /* DH */ -#endif -#ifndef OPENSSL_NO_EC - struct ec_key_st *ec; /* ECC */ -#endif -#ifndef OPENSSL_NO_GOST - struct gost_key_st *gost; /* GOST */ -#endif - } pkey; - int save_parameters; - STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ -} /* EVP_PKEY */; - #define EVP_PKEY_MO_SIGN 0x0001 #define EVP_PKEY_MO_VERIFY 0x0002 #define EVP_PKEY_MO_ENCRYPT 0x0004 #define EVP_PKEY_MO_DECRYPT 0x0008 -typedef int evp_sign_method(int type, const unsigned char *m, - unsigned int m_length, unsigned char *sigret, unsigned int *siglen, - void *key); -typedef int evp_verify_method(int type, const unsigned char *m, - unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, - void *key); - #ifndef EVP_MD -struct env_md_st { - int type; - int pkey_type; - int md_size; - unsigned long flags; - int (*init)(EVP_MD_CTX *ctx); - int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); - int (*final)(EVP_MD_CTX *ctx, unsigned char *md); - int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from); - int (*cleanup)(EVP_MD_CTX *ctx); - - evp_sign_method *sign; - evp_verify_method *verify; - int required_pkey_type[5]; /*EVP_PKEY_xxx */ - int block_size; - int ctx_size; /* how big does the ctx->md_data need to be */ - /* control function */ - int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); -} /* EVP_MD */; - #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single * block */ -#define EVP_MD_FLAG_PKEY_DIGEST 0x0002 /* digest is a "clone" digest used - * which is a copy of an existing - * one for a specific public key type. - * EVP_dss1() etc */ - -/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */ - -#define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004 - /* DigestAlgorithmIdentifier flags... */ #define EVP_MD_FLAG_DIGALGID_MASK 0x0018 @@ -224,51 +158,8 @@ struct env_md_st { #define EVP_MD_CTRL_ALG_CTRL 0x1000 -#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} - -#ifndef OPENSSL_NO_DSA -#define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ - (evp_verify_method *)DSA_verify, \ - {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ - EVP_PKEY_DSA4,0} -#else -#define EVP_PKEY_DSA_method EVP_PKEY_NULL_method -#endif - -#ifndef OPENSSL_NO_ECDSA -#define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ - (evp_verify_method *)ECDSA_verify, \ - {EVP_PKEY_EC,0,0,0} -#else -#define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method -#endif - -#ifndef OPENSSL_NO_RSA -#define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ - (evp_verify_method *)RSA_verify, \ - {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ - (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ - (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ - {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -#else -#define EVP_PKEY_RSA_method EVP_PKEY_NULL_method -#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method -#endif - #endif /* !EVP_MD */ -struct env_md_ctx_st { - const EVP_MD *digest; - ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ - unsigned long flags; - void *md_data; - /* Public key context for sign/verify */ - EVP_PKEY_CTX *pctx; - /* Update function: usually copied from EVP_MD */ - int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); -} /* EVP_MD_CTX */; - /* values for EVP_MD_CTX flags */ #define EVP_MD_CTX_FLAG_ONESHOT 0x0001 /* digest update will be called @@ -295,24 +186,6 @@ struct env_md_ctx_st { #define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */ -struct evp_cipher_st { - int nid; - int block_size; - int key_len; /* Default value for variable length ciphers */ - int iv_len; - unsigned long flags; /* Various flags */ - int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); /* init key */ - int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl);/* encrypt/decrypt data */ - int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ - int ctx_size; /* how big ctx->cipher_data needs to be */ - int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ - int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */ - int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */ - void *app_data; /* Application data */ -} /* EVP_CIPHER */; - /* Values for cipher flags */ /* Modes for ciphers */ @@ -327,23 +200,23 @@ struct evp_cipher_st { #define EVP_CIPH_CCM_MODE 0x7 #define EVP_CIPH_XTS_MODE 0x10001 #define EVP_CIPH_WRAP_MODE 0x10002 -#define EVP_CIPH_MODE 0xF0007 +#define EVP_CIPH_MODE 0xF0007 /* Set if variable length cipher */ -#define EVP_CIPH_VARIABLE_LENGTH 0x8 +#define EVP_CIPH_VARIABLE_LENGTH 0x8 /* Set if the iv handling should be done by the cipher itself */ -#define EVP_CIPH_CUSTOM_IV 0x10 +#define EVP_CIPH_CUSTOM_IV 0x10 /* Set if the cipher's init() function should be called if key is NULL */ -#define EVP_CIPH_ALWAYS_CALL_INIT 0x20 +#define EVP_CIPH_ALWAYS_CALL_INIT 0x20 /* Call ctrl() to init cipher parameters */ -#define EVP_CIPH_CTRL_INIT 0x40 +#define EVP_CIPH_CTRL_INIT 0x40 /* Don't use standard key length function */ -#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 +#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 /* Don't use standard block padding */ -#define EVP_CIPH_NO_PADDING 0x100 +#define EVP_CIPH_NO_PADDING 0x100 /* cipher handles random key generation */ -#define EVP_CIPH_RAND_KEY 0x200 +#define EVP_CIPH_RAND_KEY 0x200 /* cipher has its own additional copying logic */ -#define EVP_CIPH_CUSTOM_COPY 0x400 +#define EVP_CIPH_CUSTOM_COPY 0x400 /* Allow use default ASN1 get/set iv */ #define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 /* Buffer length in bits not bytes: CFB1 mode only */ @@ -355,7 +228,7 @@ struct evp_cipher_st { /* Cipher handles any and all padding logic as well * as finalisation. */ -#define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 +#define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 #define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 /* @@ -367,22 +240,26 @@ struct evp_cipher_st { /* ctrl() values */ #define EVP_CTRL_INIT 0x0 -#define EVP_CTRL_SET_KEY_LENGTH 0x1 -#define EVP_CTRL_GET_RC2_KEY_BITS 0x2 -#define EVP_CTRL_SET_RC2_KEY_BITS 0x3 -#define EVP_CTRL_GET_RC5_ROUNDS 0x4 -#define EVP_CTRL_SET_RC5_ROUNDS 0x5 -#define EVP_CTRL_RAND_KEY 0x6 -#define EVP_CTRL_PBE_PRF_NID 0x7 -#define EVP_CTRL_COPY 0x8 -#define EVP_CTRL_GCM_SET_IVLEN 0x9 -#define EVP_CTRL_GCM_GET_TAG 0x10 -#define EVP_CTRL_GCM_SET_TAG 0x11 -#define EVP_CTRL_GCM_SET_IV_FIXED 0x12 +#define EVP_CTRL_SET_KEY_LENGTH 0x1 +#define EVP_CTRL_GET_RC2_KEY_BITS 0x2 +#define EVP_CTRL_SET_RC2_KEY_BITS 0x3 +#define EVP_CTRL_GET_RC5_ROUNDS 0x4 +#define EVP_CTRL_SET_RC5_ROUNDS 0x5 +#define EVP_CTRL_RAND_KEY 0x6 +#define EVP_CTRL_PBE_PRF_NID 0x7 +#define EVP_CTRL_COPY 0x8 +#define EVP_CTRL_AEAD_SET_IVLEN 0x9 +#define EVP_CTRL_AEAD_GET_TAG 0x10 +#define EVP_CTRL_AEAD_SET_TAG 0x11 +#define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 +#define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +#define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +#define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +#define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED #define EVP_CTRL_GCM_IV_GEN 0x13 -#define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN -#define EVP_CTRL_CCM_GET_TAG EVP_CTRL_GCM_GET_TAG -#define EVP_CTRL_CCM_SET_TAG EVP_CTRL_GCM_SET_TAG +#define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +#define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +#define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG #define EVP_CTRL_CCM_SET_L 0x14 #define EVP_CTRL_CCM_SET_MSGLEN 0x15 /* AEAD cipher deduces payload length and returns number of bytes @@ -405,43 +282,26 @@ struct evp_cipher_st { /* Length of tag for TLS */ #define EVP_GCM_TLS_TAG_LEN 16 +/* CCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +#define EVP_CCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +#define EVP_CCM_TLS_EXPLICIT_IV_LEN 8 +/* Total length of CCM IV length for TLS */ +#define EVP_CCM_TLS_IV_LEN 12 +/* Length of tag for TLS */ +#define EVP_CCM_TLS_TAG_LEN 16 +/* Length of CCM8 tag for TLS */ +#define EVP_CCM8_TLS_TAG_LEN 8 + +/* Length of tag for TLS */ +#define EVP_CHACHAPOLY_TLS_TAG_LEN 16 + typedef struct evp_cipher_info_st { const EVP_CIPHER *cipher; unsigned char iv[EVP_MAX_IV_LENGTH]; } EVP_CIPHER_INFO; -struct evp_cipher_ctx_st { - const EVP_CIPHER *cipher; - ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ - int encrypt; /* encrypt or decrypt */ - int buf_len; /* number we have left */ - - unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ - unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ - unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */ - int num; /* used by cfb/ofb/ctr mode */ - - void *app_data; /* application stuff */ - int key_len; /* May change for variable length cipher */ - unsigned long flags; /* Various flags */ - void *cipher_data; /* per EVP data */ - int final_used; - int block_mask; - unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */ -} /* EVP_CIPHER_CTX */; - -typedef struct evp_Encode_Ctx_st { - int num; /* number saved in a partial encode/decode */ - int length; /* The length is either the output line length - * (in input bytes) or the shortest input line - * length that is ok. Once decoding begins, - * the length is adjusted up each time a longer - * line is decoded */ - unsigned char enc_data[80]; /* data to encode */ - int line_num; /* number read on current line */ - int expect_nl; -} EVP_ENCODE_CTX; - /* Password based encryption function */ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); @@ -485,7 +345,28 @@ int EVP_MD_size(const EVP_MD *md); int EVP_MD_block_size(const EVP_MD *md); unsigned long EVP_MD_flags(const EVP_MD *md); +EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); +void EVP_MD_meth_free(EVP_MD *md); +EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); +int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); +int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); +int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); +int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); +int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_update(EVP_MD *md, + int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count)); +int EVP_MD_meth_set_final(EVP_MD *md, + int (*final)(EVP_MD_CTX *ctx, unsigned char *md)); +int EVP_MD_meth_set_copy(EVP_MD *md, + int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from)); +int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_ctrl(EVP_MD *md, + int (*ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)); + const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); +EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); #define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) #define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) #define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) @@ -509,8 +390,11 @@ int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len); int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); -void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); +void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); +void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); +unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); #define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) @@ -690,9 +574,6 @@ const EVP_MD *EVP_md5_sha1(void); #endif #ifndef OPENSSL_NO_SHA const EVP_MD *EVP_sha1(void); -const EVP_MD *EVP_dss(void); -const EVP_MD *EVP_dss1(void); -const EVP_MD *EVP_ecdsa(void); #endif #ifndef OPENSSL_NO_SHA256 const EVP_MD *EVP_sha224(void); @@ -815,6 +696,9 @@ const EVP_CIPHER *EVP_aes_256_ccm(void); const EVP_CIPHER *EVP_aes_256_gcm(void); const EVP_CIPHER *EVP_aes_256_wrap(void); const EVP_CIPHER *EVP_aes_256_xts(void); +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +const EVP_CIPHER *EVP_chacha20_poly1305(void); +#endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); @@ -904,6 +788,7 @@ int EVP_PKEY_type(int type); int EVP_PKEY_id(const EVP_PKEY *pkey); int EVP_PKEY_base_id(const EVP_PKEY *pkey); int EVP_PKEY_bits(const EVP_PKEY *pkey); +int EVP_PKEY_security_bits(const EVP_PKEY *pkey); int EVP_PKEY_size(const EVP_PKEY *pkey); int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); @@ -1066,6 +951,15 @@ void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, void (*pkey_free)(EVP_PKEY *pkey)); void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2)); +void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_security_bits)(const EVP_PKEY *pkey)); + +void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_check)(const EVP_PKEY *pk)); +void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_public_check)(const EVP_PKEY *pk)); +void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_check)(const EVP_PKEY *pk)); #define EVP_PKEY_OP_UNDEFINED 0 #define EVP_PKEY_OP_PARAMGEN (1<<1) @@ -1113,7 +1007,7 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, #define EVP_PKEY_CTRL_DIGESTINIT 7 /* Used by GOST key encryption in TLS */ -#define EVP_PKEY_CTRL_SET_IV 8 +#define EVP_PKEY_CTRL_SET_IV 8 #define EVP_PKEY_CTRL_CMS_ENCRYPT 9 #define EVP_PKEY_CTRL_CMS_DECRYPT 10 @@ -1193,6 +1087,9 @@ int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); @@ -1259,6 +1156,13 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2), int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value)); +void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, + int (*check)(EVP_PKEY *pkey)); +void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, + int (*public_check)(EVP_PKEY *pkey)); +void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, + int (*param_check)(EVP_PKEY *pkey)); + /* Authenticated Encryption with Additional Data. * * AEAD couples confidentiality and integrity in a single primtive. AEAD @@ -1266,7 +1170,6 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, * message has a unique, per-message nonce and, optionally, additional data * which is authenticated but not included in the output. */ -struct evp_aead_st; typedef struct evp_aead_st EVP_AEAD; #ifndef OPENSSL_NO_AES @@ -1300,11 +1203,7 @@ size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead); /* An EVP_AEAD_CTX represents an AEAD algorithm configured with a specific key * and message-independent IV. */ -typedef struct evp_aead_ctx_st { - const EVP_AEAD *aead; - /* aead_state is an opaque pointer to the AEAD specific state. */ - void *aead_state; -} EVP_AEAD_CTX; +typedef struct evp_aead_ctx_st EVP_AEAD_CTX; /* EVP_AEAD_MAX_TAG_LENGTH is the maximum tag length used by any AEAD * defined in this header. */ @@ -1315,7 +1214,15 @@ typedef struct evp_aead_ctx_st { * should be used. */ #define EVP_AEAD_DEFAULT_TAG_LENGTH 0 -/* EVP_AEAD_init initializes the context for the given AEAD algorithm. +/* EVP_AEAD_CTX_new allocates a new context for use with EVP_AEAD_CTX_init. + * It can be cleaned up for reuse with EVP_AEAD_CTX_cleanup and must be freed + * with EVP_AEAD_CTX_free. */ +EVP_AEAD_CTX *EVP_AEAD_CTX_new(void); + +/* EVP_AEAD_CTX_free releases all memory owned by the context. */ +void EVP_AEAD_CTX_free(EVP_AEAD_CTX *ctx); + +/* EVP_AEAD_CTX_init initializes the context for the given AEAD algorithm. * The implementation argument may be NULL to choose the default implementation. * Authentication tags may be truncated by passing a tag length. A tag length * of zero indicates the default tag length should be used. */ @@ -1374,10 +1281,6 @@ int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, unsigned char *out, void EVP_add_alg_module(void); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_EVP_strings(void); /* Error codes for the EVP functions. */ diff --git a/include/openssl/gost.h b/include/openssl/gost.h index 092f96fb..c7d9d25b 100644 --- a/include/openssl/gost.h +++ b/include/openssl/gost.h @@ -1,4 +1,4 @@ -/* $OpenBSD: gost.h,v 1.3 2016/09/04 17:02:31 jsing Exp $ */ +/* $OpenBSD: gost.h,v 1.4 2022/07/12 14:42:49 kn Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -199,10 +199,6 @@ size_t GOST_KEY_get_size(const GOST_KEY * r); #define GOST_SIG_FORMAT_SR_BE 0 #define GOST_SIG_FORMAT_RS_LE 1 -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_GOST_strings(void); /* Error codes for the GOST functions. */ diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h index e787c62a..ff01ae26 100644 --- a/include/openssl/hmac.h +++ b/include/openssl/hmac.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hmac.h,v 1.13 2018/02/17 14:53:59 jsing Exp $ */ +/* $OpenBSD: hmac.h,v 1.16 2022/01/14 08:06:03 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -72,24 +72,11 @@ extern "C" { #endif -typedef struct hmac_ctx_st { - const EVP_MD *md; - EVP_MD_CTX md_ctx; - EVP_MD_CTX i_ctx; - EVP_MD_CTX o_ctx; - unsigned int key_length; - unsigned char key[HMAC_MAX_MD_CBLOCK]; -} HMAC_CTX; - -#define HMAC_size(e) (EVP_MD_size((e)->md)) +#define HMAC_size(e) (EVP_MD_size(HMAC_CTX_get_md((e)))) HMAC_CTX *HMAC_CTX_new(void); void HMAC_CTX_free(HMAC_CTX *ctx); -void HMAC_CTX_init(HMAC_CTX *ctx); int HMAC_CTX_reset(HMAC_CTX *ctx); -void HMAC_CTX_cleanup(HMAC_CTX *ctx); - -#define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */ int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md); /* deprecated */ diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h new file mode 100644 index 00000000..f823bf99 --- /dev/null +++ b/include/openssl/kdf.h @@ -0,0 +1,111 @@ +/* $OpenBSD: kdf.h,v 1.8 2022/07/12 14:42:49 kn Exp $ */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2016-2018 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_KDF_H +# define HEADER_KDF_H + +#ifdef __cplusplus +extern "C" { +#endif + +# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_HKDF_MODE (EVP_PKEY_ALG_CTRL + 7) + +# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0 +# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1 +# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2 + +# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)(salt)) + +# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)(key)) + +# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)(info)) + +# define EVP_PKEY_CTX_hkdf_mode(pctx, mode) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MODE, mode, NULL) + +int ERR_load_KDF_strings(void); + +/* + * KDF function codes. + */ +# define KDF_F_PKEY_HKDF_CTRL_STR 103 +# define KDF_F_PKEY_HKDF_DERIVE 102 +# define KDF_F_PKEY_HKDF_INIT 108 + +/* + * KDF reason codes. + */ +# define KDF_R_MISSING_KEY 104 +# define KDF_R_MISSING_MESSAGE_DIGEST 105 +# define KDF_R_UNKNOWN_PARAMETER_TYPE 103 + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index d86324c5..8c731439 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -881,6 +881,14 @@ #define NID_id_ct_signedChecklist 1014 #define OBJ_id_ct_signedChecklist OBJ_id_smime_ct,48L +#define SN_id_ct_ASPA "id-ct-ASPA" +#define NID_id_ct_ASPA 1017 +#define OBJ_id_ct_ASPA OBJ_id_smime_ct,49L + +#define SN_id_ct_signedTAL "id-ct-signedTAL" +#define NID_id_ct_signedTAL 1024 +#define OBJ_id_ct_signedTAL OBJ_id_smime_ct,50L + #define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" #define NID_id_smime_aa_receiptRequest 212 #define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L @@ -997,6 +1005,10 @@ #define NID_id_smime_aa_dvcs_dvc 240 #define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L +#define SN_id_smime_aa_signingCertificateV2 "id-smime-aa-signingCertificateV2" +#define NID_id_smime_aa_signingCertificateV2 1023 +#define OBJ_id_smime_aa_signingCertificateV2 OBJ_id_smime_aa,47L + #define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" #define NID_id_smime_alg_ESDHwith3DES 241 #define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L @@ -1518,6 +1530,11 @@ #define NID_proxyCertInfo 663 #define OBJ_proxyCertInfo OBJ_id_pe,14L +#define SN_tlsfeature "tlsfeature" +#define LN_tlsfeature "TLS Feature" +#define NID_tlsfeature 1016 +#define OBJ_tlsfeature OBJ_id_pe,24L + #define SN_sbgp_ipAddrBlockv2 "sbgp-ipAddrBlockv2" #define NID_sbgp_ipAddrBlockv2 1006 #define OBJ_sbgp_ipAddrBlockv2 OBJ_id_pe,28L @@ -4221,6 +4238,30 @@ #define SN_dh_cofactor_kdf "dh-cofactor-kdf" #define NID_dh_cofactor_kdf 991 +#define SN_ct_precert_scts "ct_precert_scts" +#define LN_ct_precert_scts "CT Precertificate SCTs" +#define NID_ct_precert_scts 1018 +#define OBJ_ct_precert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L + +#define SN_ct_precert_poison "ct_precert_poison" +#define LN_ct_precert_poison "CT Precertificate Poison" +#define NID_ct_precert_poison 1019 +#define OBJ_ct_precert_poison 1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L + +#define SN_ct_precert_signer "ct_precert_signer" +#define LN_ct_precert_signer "CT Precertificate Signer" +#define NID_ct_precert_signer 1020 +#define OBJ_ct_precert_signer 1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L + +#define SN_ct_cert_scts "ct_cert_scts" +#define LN_ct_cert_scts "CT Certificate SCTs" +#define NID_ct_cert_scts 1021 +#define OBJ_ct_cert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L + +#define SN_hkdf "HKDF" +#define LN_hkdf "hkdf" +#define NID_hkdf 1022 + #define SN_teletrust "teletrust" #define NID_teletrust 920 #define OBJ_teletrust OBJ_identified_organization,36L diff --git a/include/openssl/objects.h b/include/openssl/objects.h index c40991b5..fe3d7774 100644 --- a/include/openssl/objects.h +++ b/include/openssl/objects.h @@ -1,4 +1,4 @@ -/* $OpenBSD: objects.h,v 1.12 2017/01/21 04:53:22 jsing Exp $ */ +/* $OpenBSD: objects.h,v 1.18 2022/07/12 14:42:49 kn Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1010,113 +1010,34 @@ int OBJ_txt2nid(const char *s); int OBJ_ln2nid(const char *s); int OBJ_sn2nid(const char *s); int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); + +#if defined(LIBRESSL_INTERNAL) const void * OBJ_bsearch_(const void *key, const void *base, int num, int size, int (*cmp)(const void *, const void *)); const void * OBJ_bsearch_ex_(const void *key, const void *base, int num, int size, int (*cmp)(const void *, const void *), int flags); - -#ifndef LIBRESSL_INTERNAL - -#define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \ - static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \ - static int nm##_cmp(type1 const *, type2 const *); \ - scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) - -#define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ - _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) -#define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ - type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) - -/* - * Unsolved problem: if a type is actually a pointer type, like - * nid_triple is, then its impossible to get a const where you need - * it. Consider: - * - * typedef int nid_triple[3]; - * const void *a_; - * const nid_triple const *a = a_; - * - * The assignement discards a const because what you really want is: - * - * const int const * const *a = a_; - * - * But if you do that, you lose the fact that a is an array of 3 ints, - * which breaks comparison functions. - * - * Thus we end up having to cast, sadly, or unpack the - * declarations. Or, as I finally did in this case, delcare nid_triple - * to be a struct, which it should have been in the first place. - * - * Ben, August 2008. - * - * Also, strictly speaking not all types need be const, but handling - * the non-constness means a lot of complication, and in practice - * comparison routines do always not touch their arguments. - */ - -#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \ - static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ - { \ - type1 const *a = a_; \ - type2 const *b = b_; \ - return nm##_cmp(a,b); \ - } \ - static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ - { \ - return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ - nm##_cmp_BSEARCH_CMP_FN); \ - } \ - extern void dummy_prototype(void) - -#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ - static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ - { \ - type1 const *a = a_; \ - type2 const *b = b_; \ - return nm##_cmp(a,b); \ - } \ - type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ - { \ - return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ - nm##_cmp_BSEARCH_CMP_FN); \ - } \ - extern void dummy_prototype(void) - -#define OBJ_bsearch(type1,key,type2,base,num,cmp) \ - ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ - num,sizeof(type2), \ - ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ - (void)CHECKED_PTR_OF(type2,cmp##_type_2), \ - cmp##_BSEARCH_CMP_FN))) - -#define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags) \ - ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ - num,sizeof(type2), \ - ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ - (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \ - cmp##_BSEARCH_CMP_FN)),flags) - -#endif /* !LIBRESSL_INTERNAL */ +#endif int OBJ_new_nid(int num); int OBJ_add_object(const ASN1_OBJECT *obj); int OBJ_create(const char *oid, const char *sn, const char *ln); -void OBJ_cleanup(void ); +void OBJ_cleanup(void); int OBJ_create_objects(BIO *in); +size_t OBJ_length(const ASN1_OBJECT *obj); +const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); + int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); int OBJ_add_sigid(int signid, int dig_id, int pkey_id); void OBJ_sigid_free(void); +#if defined(LIBRESSL_CRYPTO_INTERNAL) extern int obj_cleanup_defer; void check_defer(int nid); +#endif -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_OBJ_strings(void); /* Error codes for the OBJ functions. */ diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h index 316fb8ed..691ee4a3 100644 --- a/include/openssl/ocsp.h +++ b/include/openssl/ocsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp.h,v 1.16 2018/08/24 20:03:21 tb Exp $ */ +/* $OpenBSD: ocsp.h,v 1.20 2022/07/12 14:42:49 kn Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -73,6 +73,28 @@ extern "C" { #endif +/* + * CRLReason ::= ENUMERATED { + * unspecified (0), + * keyCompromise (1), + * cACompromise (2), + * affiliationChanged (3), + * superseded (4), + * cessationOfOperation (5), + * certificateHold (6), + * removeFromCRL (8) } + */ +#define OCSP_REVOKED_STATUS_NOSTATUS -1 +#define OCSP_REVOKED_STATUS_UNSPECIFIED 0 +#define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 +#define OCSP_REVOKED_STATUS_CACOMPROMISE 2 +#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 +#define OCSP_REVOKED_STATUS_SUPERSEDED 4 +#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 +#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 +#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 + + /* Various flags and values */ #define OCSP_DEFAULT_NONCE_LENGTH 16 @@ -90,76 +112,18 @@ extern "C" { #define OCSP_RESPID_KEY 0x400 #define OCSP_NOTIME 0x800 -/* CertID ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * issuerNameHash OCTET STRING, -- Hash of Issuer's DN - * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) - * serialNumber CertificateSerialNumber } - */ -typedef struct ocsp_cert_id_st { - X509_ALGOR *hashAlgorithm; - ASN1_OCTET_STRING *issuerNameHash; - ASN1_OCTET_STRING *issuerKeyHash; - ASN1_INTEGER *serialNumber; -} OCSP_CERTID; +typedef struct ocsp_cert_id_st OCSP_CERTID; DECLARE_STACK_OF(OCSP_CERTID) -/* Request ::= SEQUENCE { - * reqCert CertID, - * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } - */ -typedef struct ocsp_one_request_st { - OCSP_CERTID *reqCert; - STACK_OF(X509_EXTENSION) *singleRequestExtensions; -} OCSP_ONEREQ; +typedef struct ocsp_one_request_st OCSP_ONEREQ; DECLARE_STACK_OF(OCSP_ONEREQ) +typedef struct ocsp_req_info_st OCSP_REQINFO; +typedef struct ocsp_signature_st OCSP_SIGNATURE; +typedef struct ocsp_request_st OCSP_REQUEST; -/* TBSRequest ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * requestorName [1] EXPLICIT GeneralName OPTIONAL, - * requestList SEQUENCE OF Request, - * requestExtensions [2] EXPLICIT Extensions OPTIONAL } - */ -typedef struct ocsp_req_info_st { - ASN1_INTEGER *version; - GENERAL_NAME *requestorName; - STACK_OF(OCSP_ONEREQ) *requestList; - STACK_OF(X509_EXTENSION) *requestExtensions; -} OCSP_REQINFO; - -/* Signature ::= SEQUENCE { - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - */ -typedef struct ocsp_signature_st { - X509_ALGOR *signatureAlgorithm; - ASN1_BIT_STRING *signature; - STACK_OF(X509) *certs; -} OCSP_SIGNATURE; - -/* OCSPRequest ::= SEQUENCE { - * tbsRequest TBSRequest, - * optionalSignature [0] EXPLICIT Signature OPTIONAL } - */ -typedef struct ocsp_request_st { - OCSP_REQINFO *tbsRequest; - OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ -} OCSP_REQUEST; - -/* OCSPResponseStatus ::= ENUMERATED { - * successful (0), --Response has valid confirmations - * malformedRequest (1), --Illegal confirmation request - * internalError (2), --Internal error in issuer - * tryLater (3), --Try again later - * --(4) is not used - * sigRequired (5), --Must sign the request - * unauthorized (6) --Request unauthorized - * } - */ #define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 #define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 #define OCSP_RESPONSE_STATUS_INTERNALERROR 2 @@ -167,176 +131,36 @@ typedef struct ocsp_request_st { #define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 #define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 -/* ResponseBytes ::= SEQUENCE { - * responseType OBJECT IDENTIFIER, - * response OCTET STRING } - */ -typedef struct ocsp_resp_bytes_st { - ASN1_OBJECT *responseType; - ASN1_OCTET_STRING *response; -} OCSP_RESPBYTES; - -/* OCSPResponse ::= SEQUENCE { - * responseStatus OCSPResponseStatus, - * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } - */ -struct ocsp_response_st { - ASN1_ENUMERATED *responseStatus; - OCSP_RESPBYTES *responseBytes; -}; - -/* ResponderID ::= CHOICE { - * byName [1] Name, - * byKey [2] KeyHash } - */ +typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; + #define V_OCSP_RESPID_NAME 0 #define V_OCSP_RESPID_KEY 1 -struct ocsp_responder_id_st { - int type; - union { - X509_NAME* byName; - ASN1_OCTET_STRING *byKey; - } value; -}; DECLARE_STACK_OF(OCSP_RESPID) + OCSP_RESPID *OCSP_RESPID_new(void); void OCSP_RESPID_free(OCSP_RESPID *a); OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a, const unsigned char **in, long len); int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **out); extern const ASN1_ITEM OCSP_RESPID_it; -/* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key - * --(excluding the tag and length fields) - */ +typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; -/* RevokedInfo ::= SEQUENCE { - * revocationTime GeneralizedTime, - * revocationReason [0] EXPLICIT CRLReason OPTIONAL } - */ -typedef struct ocsp_revoked_info_st { - ASN1_GENERALIZEDTIME *revocationTime; - ASN1_ENUMERATED *revocationReason; -} OCSP_REVOKEDINFO; - -/* CertStatus ::= CHOICE { - * good [0] IMPLICIT NULL, - * revoked [1] IMPLICIT RevokedInfo, - * unknown [2] IMPLICIT UnknownInfo } - */ #define V_OCSP_CERTSTATUS_GOOD 0 #define V_OCSP_CERTSTATUS_REVOKED 1 #define V_OCSP_CERTSTATUS_UNKNOWN 2 -typedef struct ocsp_cert_status_st { - int type; - union { - ASN1_NULL *good; - OCSP_REVOKEDINFO *revoked; - ASN1_NULL *unknown; - } value; -} OCSP_CERTSTATUS; - -/* SingleResponse ::= SEQUENCE { - * certID CertID, - * certStatus CertStatus, - * thisUpdate GeneralizedTime, - * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, - * singleExtensions [1] EXPLICIT Extensions OPTIONAL } - */ -typedef struct ocsp_single_response_st { - OCSP_CERTID *certId; - OCSP_CERTSTATUS *certStatus; - ASN1_GENERALIZEDTIME *thisUpdate; - ASN1_GENERALIZEDTIME *nextUpdate; - STACK_OF(X509_EXTENSION) *singleExtensions; -} OCSP_SINGLERESP; + +typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; +typedef struct ocsp_single_response_st OCSP_SINGLERESP; DECLARE_STACK_OF(OCSP_SINGLERESP) -/* ResponseData ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * responderID ResponderID, - * producedAt GeneralizedTime, - * responses SEQUENCE OF SingleResponse, - * responseExtensions [1] EXPLICIT Extensions OPTIONAL } - */ -typedef struct ocsp_response_data_st { - ASN1_INTEGER *version; - OCSP_RESPID *responderId; - ASN1_GENERALIZEDTIME *producedAt; - STACK_OF(OCSP_SINGLERESP) *responses; - STACK_OF(X509_EXTENSION) *responseExtensions; -} OCSP_RESPDATA; - -/* BasicOCSPResponse ::= SEQUENCE { - * tbsResponseData ResponseData, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - */ - /* Note 1: - The value for "signature" is specified in the OCSP rfc2560 as follows: - "The value for the signature SHALL be computed on the hash of the DER - encoding ResponseData." This means that you must hash the DER-encoded - tbsResponseData, and then run it through a crypto-signing function, which - will (at least w/RSA) do a hash-'n'-private-encrypt operation. This seems - a bit odd, but that's the spec. Also note that the data structures do not - leave anywhere to independently specify the algorithm used for the initial - hash. So, we look at the signature-specification algorithm, and try to do - something intelligent. -- Kathy Weinhold, CertCo */ - /* Note 2: - It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open - for interpretation. I've done tests against another responder, and found - that it doesn't do the double hashing that the RFC seems to say one - should. Therefore, all relevant functions take a flag saying which - variant should be used. -- Richard Levitte, OpenSSL team and CeloCom */ -typedef struct ocsp_basic_response_st { - OCSP_RESPDATA *tbsResponseData; - X509_ALGOR *signatureAlgorithm; - ASN1_BIT_STRING *signature; - STACK_OF(X509) *certs; -} OCSP_BASICRESP; +typedef struct ocsp_response_data_st OCSP_RESPDATA; -/* - * CRLReason ::= ENUMERATED { - * unspecified (0), - * keyCompromise (1), - * cACompromise (2), - * affiliationChanged (3), - * superseded (4), - * cessationOfOperation (5), - * certificateHold (6), - * removeFromCRL (8) } - */ -#define OCSP_REVOKED_STATUS_NOSTATUS -1 -#define OCSP_REVOKED_STATUS_UNSPECIFIED 0 -#define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 -#define OCSP_REVOKED_STATUS_CACOMPROMISE 2 -#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 -#define OCSP_REVOKED_STATUS_SUPERSEDED 4 -#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 -#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 -#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 +typedef struct ocsp_basic_response_st OCSP_BASICRESP; -/* CrlID ::= SEQUENCE { - * crlUrl [0] EXPLICIT IA5String OPTIONAL, - * crlNum [1] EXPLICIT INTEGER OPTIONAL, - * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } - */ -typedef struct ocsp_crl_id_st { - ASN1_IA5STRING *crlUrl; - ASN1_INTEGER *crlNum; - ASN1_GENERALIZEDTIME *crlTime; -} OCSP_CRLID; - -/* ServiceLocator ::= SEQUENCE { - * issuer Name, - * locator AuthorityInfoAccessSyntax OPTIONAL } - */ -typedef struct ocsp_service_locator_st { - X509_NAME* issuer; - STACK_OF(ACCESS_DESCRIPTION) *locator; -} OCSP_SERVICELOC; +typedef struct ocsp_crl_id_st OCSP_CRLID; +typedef struct ocsp_service_locator_st OCSP_SERVICELOC; #define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" @@ -357,24 +181,6 @@ typedef struct ocsp_service_locator_st { PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ bp,(char *)o, NULL,NULL,0,NULL,NULL) -#define OCSP_REQUEST_sign(o,pkey,md) \ - ASN1_item_sign(&OCSP_REQINFO_it, \ - o->optionalSignature->signatureAlgorithm,NULL, \ - o->optionalSignature->signature,o->tbsRequest,pkey,md) - -#define OCSP_BASICRESP_sign(o,pkey,md,d) \ - ASN1_item_sign(&OCSP_RESPDATA_it,o->signatureAlgorithm,NULL, \ - o->signature,o->tbsResponseData,pkey,md) - -#define OCSP_REQUEST_verify(a,r) \ - ASN1_item_verify(&OCSP_REQINFO_it, \ - a->optionalSignature->signatureAlgorithm, \ - a->optionalSignature->signature,a->tbsRequest,r) - -#define OCSP_BASICRESP_verify(a,r,d) \ - ASN1_item_verify(&OCSP_RESPDATA_it, \ - a->signatureAlgorithm,a->signature,a->tbsResponseData,r) - #define ASN1_BIT_STRING_digest(data,type,md,len) \ ASN1_item_digest(&ASN1_BIT_STRING_it,type,data,md,len) @@ -414,8 +220,19 @@ int OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key, int OCSP_response_status(OCSP_RESPONSE *resp); OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); +const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); +const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs); + int OCSP_resp_count(OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs); +const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, + const ASN1_OCTET_STRING **pid, const X509_NAME **pname); + int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, ASN1_GENERALIZEDTIME **revtime, ASN1_GENERALIZEDTIME **thisupd, @@ -604,10 +421,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags); int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_OCSP_strings(void); /* Error codes for the OCSP functions. */ diff --git a/include/openssl/opensslconf.h b/include/openssl/opensslconf.h index bb717689..6e88a6e0 100644 --- a/include/openssl/opensslconf.h +++ b/include/openssl/opensslconf.h @@ -1,7 +1,7 @@ #include /* crypto/opensslconf.h.in */ -#if defined(_MSC_VER) && !defined(__attribute__) +#if defined(_MSC_VER) && !defined(__clang__) && !defined(__attribute__) #define __attribute__(a) #endif diff --git a/include/openssl/opensslfeatures.h b/include/openssl/opensslfeatures.h index ba80520c..48fcf40b 100644 --- a/include/openssl/opensslfeatures.h +++ b/include/openssl/opensslfeatures.h @@ -3,6 +3,7 @@ * are enabled, rather than not being able to tell when things are * enabled (or possibly not yet not implemented, or removed!). */ +#define LIBRESSL_HAS_QUIC #define LIBRESSL_HAS_TLS1_3 #define LIBRESSL_HAS_DTLS1_2 @@ -84,7 +85,7 @@ /* #define OPENSSL_NO_RC4 */ #define OPENSSL_NO_RC5 /* #define OPENSSL_NO_RDRAND */ -#define OPENSSL_NO_RFC3779 +/* #define OPENSSL_NO_RFC3779 */ /* #define OPENSSL_NO_RMD160 */ /* #define OPENSSL_NO_RSA */ /* #define OPENSSL_NO_SCRYPT */ diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index f30c40de..8810842e 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -1,11 +1,11 @@ -/* $OpenBSD$ */ +/* $OpenBSD: opensslv.h,v 1.70 2022/07/04 12:31:55 tb Exp $ */ #ifndef HEADER_OPENSSLV_H #define HEADER_OPENSSLV_H /* These will change with each release of LibreSSL-portable */ -#define LIBRESSL_VERSION_NUMBER 0x3040300fL +#define LIBRESSL_VERSION_NUMBER 0x3060100fL /* ^ Patch starts here */ -#define LIBRESSL_VERSION_TEXT "LibreSSL 3.4.3" +#define LIBRESSL_VERSION_TEXT "LibreSSL 3.6.1" /* These will never change */ #define OPENSSL_VERSION_NUMBER 0x20000000L diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h index b1a9e0e3..f4796ba8 100644 --- a/include/openssl/ossl_typ.h +++ b/include/openssl/ossl_typ.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ossl_typ.h,v 1.13 2015/09/30 04:10:07 doug Exp $ */ +/* $OpenBSD: ossl_typ.h,v 1.21 2022/01/14 08:59:30 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * @@ -77,6 +77,8 @@ typedef struct asn1_string_st ASN1_STRING; typedef int ASN1_BOOLEAN; typedef int ASN1_NULL; +typedef struct asn1_object_st ASN1_OBJECT; + typedef struct ASN1_ITEM_st ASN1_ITEM; typedef struct asn1_pctx_st ASN1_PCTX; @@ -106,8 +108,12 @@ typedef struct bn_mont_ctx_st BN_MONT_CTX; typedef struct bn_recp_ctx_st BN_RECP_CTX; typedef struct bn_gencb_st BN_GENCB; +typedef struct bio_st BIO; typedef struct buf_mem_st BUF_MEM; +typedef struct comp_ctx_st COMP_CTX; +typedef struct comp_method_st COMP_METHOD; + typedef struct evp_cipher_st EVP_CIPHER; typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; typedef struct env_md_st EVP_MD; @@ -119,6 +125,10 @@ typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; typedef struct evp_pkey_method_st EVP_PKEY_METHOD; typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; +typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; + +typedef struct hmac_ctx_st HMAC_CTX; + typedef struct dh_st DH; typedef struct dh_method DH_METHOD; @@ -127,6 +137,7 @@ typedef struct dsa_method DSA_METHOD; typedef struct rsa_st RSA; typedef struct rsa_meth_st RSA_METHOD; +typedef struct rsa_pss_params_st RSA_PSS_PARAMS; typedef struct rand_meth_st RAND_METHOD; @@ -143,6 +154,11 @@ typedef struct X509_pubkey_st X509_PUBKEY; typedef struct x509_store_st X509_STORE; typedef struct x509_store_ctx_st X509_STORE_CTX; +typedef struct x509_object_st X509_OBJECT; +typedef struct x509_lookup_st X509_LOOKUP; +typedef struct x509_lookup_method_st X509_LOOKUP_METHOD; +typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; + typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; typedef struct v3_ext_ctx X509V3_CTX; @@ -187,4 +203,10 @@ typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; typedef struct ocsp_response_st OCSP_RESPONSE; typedef struct ocsp_responder_id_st OCSP_RESPID; +typedef struct sct_st SCT; +typedef struct sct_ctx_st SCT_CTX; +typedef struct ctlog_st CTLOG; +typedef struct ctlog_store_st CTLOG_STORE; +typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX; + #endif /* def HEADER_OPENSSL_TYPES_H */ diff --git a/include/openssl/pem.h b/include/openssl/pem.h index adc85226..a0f7d78c 100644 --- a/include/openssl/pem.h +++ b/include/openssl/pem.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pem.h,v 1.19 2018/08/24 19:51:31 tb Exp $ */ +/* $OpenBSD: pem.h,v 1.24 2022/07/12 14:42:50 kn Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -114,7 +114,6 @@ extern "C" { #define PEM_STRING_X509_OLD "X509 CERTIFICATE" #define PEM_STRING_X509 "CERTIFICATE" -#define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" #define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" #define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" #define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" @@ -138,14 +137,6 @@ extern "C" { #define PEM_STRING_PARAMETERS "PARAMETERS" #define PEM_STRING_CMS "CMS" - /* Note that this structure is initialised by PEM_SealInit and cleaned up - by PEM_SealFinal (at least for now) */ -typedef struct PEM_Encode_Seal_st { - EVP_ENCODE_CTX encode; - EVP_MD_CTX md; - EVP_CIPHER_CTX cipher; -} PEM_ENCODE_SEAL_CTX; - /* enc_type is one off */ #define PEM_TYPE_ENCRYPTED 10 #define PEM_TYPE_MIC_ONLY 20 @@ -413,14 +404,6 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); -int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, - EVP_MD *md_type, unsigned char **ek, int *ekl, - unsigned char *iv, EVP_PKEY **pubk, int npubk); -void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, - unsigned char *in, int inl); -int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, - unsigned char *out, int *outl, EVP_PKEY *priv); - int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, @@ -435,8 +418,6 @@ DECLARE_PEM_rw(X509, X509) DECLARE_PEM_rw(X509_AUX, X509) -DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) - DECLARE_PEM_rw(X509_REQ, X509_REQ) DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) @@ -485,6 +466,9 @@ DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) DECLARE_PEM_rw(PUBKEY, EVP_PKEY) +int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, + const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb, + void *u); int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, char *kstr, int klen, pem_password_cb *cb, void *u); @@ -532,10 +516,6 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, pem_password_cb *cb, #endif -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_PEM_strings(void); /* Error codes for the PEM functions. */ diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h index 56635f9d..44dbb381 100644 --- a/include/openssl/pkcs12.h +++ b/include/openssl/pkcs12.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs12.h,v 1.24 2018/05/30 15:32:11 tb Exp $ */ +/* $OpenBSD: pkcs12.h,v 1.27 2022/09/11 17:30:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -96,43 +96,16 @@ extern "C" { #define KEY_EX 0x10 #define KEY_SIG 0x80 -typedef struct { - X509_SIG *dinfo; - ASN1_OCTET_STRING *salt; - ASN1_INTEGER *iter; /* defaults to 1 */ -} PKCS12_MAC_DATA; - -typedef struct { - ASN1_INTEGER *version; - PKCS12_MAC_DATA *mac; - PKCS7 *authsafes; -} PKCS12; - -typedef struct { - ASN1_OBJECT *type; - union { - struct pkcs12_bag_st *bag; /* secret, crl and certbag */ - struct pkcs8_priv_key_info_st *keybag; /* keybag */ - X509_SIG *shkeybag; /* shrouded key bag */ - STACK_OF(PKCS12_SAFEBAG) *safes; - ASN1_TYPE *other; - } value; - STACK_OF(X509_ATTRIBUTE) *attrib; -} PKCS12_SAFEBAG; +typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA; + +typedef struct PKCS12_st PKCS12; + +typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG; DECLARE_STACK_OF(PKCS12_SAFEBAG) DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) -typedef struct pkcs12_bag_st { - ASN1_OBJECT *type; - union { - ASN1_OCTET_STRING *x509cert; - ASN1_OCTET_STRING *x509crl; - ASN1_OCTET_STRING *octet; - ASN1_IA5STRING *sdsicert; - ASN1_TYPE *other; /* Secret or other bag */ - } value; -} PKCS12_BAGS; +typedef struct pkcs12_bag_st PKCS12_BAGS; #define PKCS12_ERROR 0 #define PKCS12_OK 1 @@ -155,29 +128,55 @@ typedef struct pkcs12_bag_st { #define M_PKCS12_decrypt_skey PKCS12_decrypt_skey #define M_PKCS8_decrypt PKCS8_decrypt -#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type) -#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type) -#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type - #endif /* !LIBRESSL_INTERNAL */ -#define PKCS12_get_attr(bag, attr_nid) \ - PKCS12_get_attr_gen(bag->attrib, attr_nid) +#define M_PKCS12_bag_type PKCS12_bag_type +#define M_PKCS12_cert_bag_type PKCS12_cert_bag_type +#define M_PKCS12_crl_bag_type PKCS12_cert_bag_type -#define PKCS8_get_attr(p8, attr_nid) \ - PKCS12_get_attr_gen(p8->attributes, attr_nid) +#define PKCS12_bag_type PKCS12_SAFEBAG_get_nid +#define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid -#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0) +#define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert +#define PKCS12_certbag2x509crl PKCS12_SAFEBAG_get1_crl +#define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert +#define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl +#define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf +#define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt -PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509); -PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl); -X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag); -X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag); +const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, + int attr_nid); +const STACK_OF(X509_ATTRIBUTE) * + PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); + +X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); +X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); + +ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); +int PKCS12_mac_present(const PKCS12 *p12); +void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, const X509_ALGOR **pmacalg, + const ASN1_OCTET_STRING **psalt, const ASN1_INTEGER **piter, + const PKCS12 *p12); + +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, + const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8); + +const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); +const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); +const STACK_OF(PKCS12_SAFEBAG) * + PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); +const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2); -PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, int passlen); PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, @@ -185,9 +184,6 @@ PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); -PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, - int passlen, unsigned char *salt, int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8); PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, @@ -283,10 +279,6 @@ PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_PKCS12_strings(void); /* Error codes for the PKCS12 functions. */ diff --git a/include/openssl/pkcs7.h b/include/openssl/pkcs7.h index cff7c966..9ba3141c 100644 --- a/include/openssl/pkcs7.h +++ b/include/openssl/pkcs7.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs7.h,v 1.18 2016/12/27 16:12:47 jsing Exp $ */ +/* $OpenBSD: pkcs7.h,v 1.19 2022/07/12 14:42:50 kn Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -417,10 +417,6 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_PKCS7_strings(void); /* Error codes for the PKCS7 functions. */ diff --git a/include/openssl/rand.h b/include/openssl/rand.h index fcb2e921..a0e9b479 100644 --- a/include/openssl/rand.h +++ b/include/openssl/rand.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rand.h,v 1.22 2014/10/22 14:02:52 jsing Exp $ */ +/* $OpenBSD: rand.h,v 1.23 2022/07/12 14:42:50 kn Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -101,10 +101,6 @@ int RAND_status(void); int RAND_poll(void); #endif -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. (no longer used) */ diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 78ac04cf..73ec9d5a 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa.h,v 1.51 2019/11/04 12:30:56 jsing Exp $ */ +/* $OpenBSD: rsa.h,v 1.58 2022/07/12 14:42:50 kn Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -80,11 +80,7 @@ extern "C" { #endif -/* Declared already in ossl_typ.h */ -/* typedef struct rsa_st RSA; */ -/* typedef struct rsa_meth_st RSA_METHOD; */ - -typedef struct rsa_pss_params_st { +struct rsa_pss_params_st { X509_ALGOR *hashAlgorithm; X509_ALGOR *maskGenAlgorithm; ASN1_INTEGER *saltLength; @@ -92,7 +88,7 @@ typedef struct rsa_pss_params_st { /* Hash algorithm decoded from maskGenAlgorithm. */ X509_ALGOR *maskHash; -} RSA_PSS_PARAMS; +} /* RSA_PSS_PARAMS */; typedef struct rsa_oaep_params_st { X509_ALGOR *hashFunc; @@ -103,80 +99,6 @@ typedef struct rsa_oaep_params_st { X509_ALGOR *maskHash; } RSA_OAEP_PARAMS; -struct rsa_meth_st { - const char *name; - int (*rsa_pub_enc)(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - int (*rsa_pub_dec)(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - int (*rsa_priv_enc)(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - int (*rsa_priv_dec)(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - int (*rsa_mod_exp)(BIGNUM *r0, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx); /* Can be null */ - int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* Can be null */ - int (*init)(RSA *rsa); /* called at new */ - int (*finish)(RSA *rsa); /* called at free */ - int flags; /* RSA_METHOD_FLAG_* things */ - char *app_data; /* may be needed! */ -/* New sign and verify functions: some libraries don't allow arbitrary data - * to be signed/verified: this allows them to be used. Note: for this to work - * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used - * RSA_sign(), RSA_verify() should be used instead. Note: for backwards - * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER - * option is set in 'flags'. - */ - int (*rsa_sign)(int type, const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa); - int (*rsa_verify)(int dtype, const unsigned char *m, - unsigned int m_length, const unsigned char *sigbuf, - unsigned int siglen, const RSA *rsa); -/* If this callback is NULL, the builtin software RSA key-gen will be used. This - * is for behavioural compatibility whilst the code gets rewired, but one day - * it would be nice to assume there are no such things as "builtin software" - * implementations. */ - int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); -}; - -struct rsa_st { - /* The first parameter is used to pickup errors where - * this is passed instead of aEVP_PKEY, it is set to 0 */ - int pad; - long version; - const RSA_METHOD *meth; - - /* functional reference if 'meth' is ENGINE-provided */ - ENGINE *engine; - BIGNUM *n; - BIGNUM *e; - BIGNUM *d; - BIGNUM *p; - BIGNUM *q; - BIGNUM *dmp1; - BIGNUM *dmq1; - BIGNUM *iqmp; - - /* Parameter restrictions for PSS only keys. */ - RSA_PSS_PARAMS *pss; - - /* be careful using this if the RSA structure is shared */ - CRYPTO_EX_DATA ex_data; - int references; - int flags; - - /* Used to cache montgomery values */ - BN_MONT_CTX *_method_mod_n; - BN_MONT_CTX *_method_mod_p; - BN_MONT_CTX *_method_mod_q; - - /* all BIGNUM values are actually in the following data, if it is not - * NULL */ - BN_BLINDING *blinding; - BN_BLINDING *mt_blinding; -}; - #ifndef OPENSSL_RSA_MAX_MODULUS_BITS # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 #endif @@ -380,18 +302,6 @@ int RSA_print_fp(FILE *fp, const RSA *r, int offset); int RSA_print(BIO *bp, const RSA *r, int offset); #endif -#ifndef OPENSSL_NO_RC4 -int i2d_RSA_NET(const RSA *a, unsigned char **pp, - int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey); -RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, - int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey); - -int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, - int (*cb)(char *buf, int len, const char *prompt, int verify)); -RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, - int (*cb)(char *buf, int len, const char *prompt, int verify)); -#endif - /* The following 2 functions sign and verify a X509_SIG ASN1 object * inside PKCS#1 padded RSA encryption */ int RSA_sign(int type, const unsigned char *m, unsigned int m_length, @@ -462,6 +372,8 @@ int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, int RSA_set_ex_data(RSA *r, int idx, void *arg); void *RSA_get_ex_data(const RSA *r, int idx); +int RSA_security_bits(const RSA *rsa); + void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); @@ -470,6 +382,15 @@ void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +const BIGNUM *RSA_get0_n(const RSA *r); +const BIGNUM *RSA_get0_e(const RSA *r); +const BIGNUM *RSA_get0_d(const RSA *r); +const BIGNUM *RSA_get0_p(const RSA *r); +const BIGNUM *RSA_get0_q(const RSA *r); +const BIGNUM *RSA_get0_dmp1(const RSA *r); +const BIGNUM *RSA_get0_dmq1(const RSA *r); +const BIGNUM *RSA_get0_iqmp(const RSA *r); +const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r); void RSA_clear_flags(RSA *r, int flags); int RSA_test_flags(const RSA *r, int flags); void RSA_set_flags(RSA *r, int flags); @@ -554,10 +475,6 @@ int RSA_meth_set_verify(RSA_METHOD *rsa, int (*verify)(int dtype, unsigned int siglen, const RSA *rsa)); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_RSA_strings(void); /* Error codes for the RSA functions. */ diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h index 690912b3..84853efc 100644 --- a/include/openssl/safestack.h +++ b/include/openssl/safestack.h @@ -1,4 +1,4 @@ -/* $OpenBSD: safestack.h,v 1.18 2019/08/11 14:14:14 jsing Exp $ */ +/* $OpenBSD: safestack.h,v 1.22 2022/07/16 19:11:51 kn Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -663,6 +663,28 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) #define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) #define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st)) +#define sk_CTLOG_new(cmp) SKM_sk_new(CTLOG, (cmp)) +#define sk_CTLOG_new_null() SKM_sk_new_null(CTLOG) +#define sk_CTLOG_free(st) SKM_sk_free(CTLOG, (st)) +#define sk_CTLOG_num(st) SKM_sk_num(CTLOG, (st)) +#define sk_CTLOG_value(st, i) SKM_sk_value(CTLOG, (st), (i)) +#define sk_CTLOG_set(st, i, val) SKM_sk_set(CTLOG, (st), (i), (val)) +#define sk_CTLOG_zero(st) SKM_sk_zero(CTLOG, (st)) +#define sk_CTLOG_push(st, val) SKM_sk_push(CTLOG, (st), (val)) +#define sk_CTLOG_unshift(st, val) SKM_sk_unshift(CTLOG, (st), (val)) +#define sk_CTLOG_find(st, val) SKM_sk_find(CTLOG, (st), (val)) +#define sk_CTLOG_find_ex(st, val) SKM_sk_find_ex(CTLOG, (st), (val)) +#define sk_CTLOG_delete(st, i) SKM_sk_delete(CTLOG, (st), (i)) +#define sk_CTLOG_delete_ptr(st, ptr) SKM_sk_delete_ptr(CTLOG, (st), (ptr)) +#define sk_CTLOG_insert(st, val, i) SKM_sk_insert(CTLOG, (st), (val), (i)) +#define sk_CTLOG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CTLOG, (st), (cmp)) +#define sk_CTLOG_dup(st) SKM_sk_dup(CTLOG, st) +#define sk_CTLOG_pop_free(st, free_func) SKM_sk_pop_free(CTLOG, (st), (free_func)) +#define sk_CTLOG_shift(st) SKM_sk_shift(CTLOG, (st)) +#define sk_CTLOG_pop(st) SKM_sk_pop(CTLOG, (st)) +#define sk_CTLOG_sort(st) SKM_sk_sort(CTLOG, (st)) +#define sk_CTLOG_is_sorted(st) SKM_sk_is_sorted(CTLOG, (st)) + #define sk_DIST_POINT_new(cmp) SKM_sk_new(DIST_POINT, (cmp)) #define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) #define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st)) @@ -751,6 +773,30 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) #define sk_ESS_CERT_ID_sort(st) SKM_sk_sort(ESS_CERT_ID, (st)) #define sk_ESS_CERT_ID_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID, (st)) +#ifdef LIBRESSL_INTERNAL +#define sk_ESS_CERT_ID_V2_new(cmp) SKM_sk_new(ESS_CERT_ID_V2, (cmp)) +#define sk_ESS_CERT_ID_V2_new_null() SKM_sk_new_null(ESS_CERT_ID_V2) +#define sk_ESS_CERT_ID_V2_free(st) SKM_sk_free(ESS_CERT_ID_V2, (st)) +#define sk_ESS_CERT_ID_V2_num(st) SKM_sk_num(ESS_CERT_ID_V2, (st)) +#define sk_ESS_CERT_ID_V2_value(st, i) SKM_sk_value(ESS_CERT_ID_V2, (st), (i)) +#define sk_ESS_CERT_ID_V2_set(st, i, val) SKM_sk_set(ESS_CERT_ID_V2, (st), (i), (val)) +#define sk_ESS_CERT_ID_V2_zero(st) SKM_sk_zero(ESS_CERT_ID_V2, (st)) +#define sk_ESS_CERT_ID_V2_push(st, val) SKM_sk_push(ESS_CERT_ID_V2, (st), (val)) +#define sk_ESS_CERT_ID_V2_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID_V2, (st), (val)) +#define sk_ESS_CERT_ID_V2_find(st, val) SKM_sk_find(ESS_CERT_ID_V2, (st), (val)) +#define sk_ESS_CERT_ID_V2_find_ex(st, val) SKM_sk_find_ex(ESS_CERT_ID_V2, (st), (val)) +#define sk_ESS_CERT_ID_V2_delete(st, i) SKM_sk_delete(ESS_CERT_ID_V2, (st), (i)) +#define sk_ESS_CERT_ID_V2_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID_V2, (st), (ptr)) +#define sk_ESS_CERT_ID_V2_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID_V2, (st), (val), (i)) +#define sk_ESS_CERT_ID_V2_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ESS_CERT_ID_V2, (st), (cmp)) +#define sk_ESS_CERT_ID_V2_dup(st) SKM_sk_dup(ESS_CERT_ID_V2, st) +#define sk_ESS_CERT_ID_V2_pop_free(st, free_func) SKM_sk_pop_free(ESS_CERT_ID_V2, (st), (free_func)) +#define sk_ESS_CERT_ID_V2_shift(st) SKM_sk_shift(ESS_CERT_ID_V2, (st)) +#define sk_ESS_CERT_ID_V2_pop(st) SKM_sk_pop(ESS_CERT_ID_V2, (st)) +#define sk_ESS_CERT_ID_V2_sort(st) SKM_sk_sort(ESS_CERT_ID_V2, (st)) +#define sk_ESS_CERT_ID_V2_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID_V2, (st)) +#endif /* LIBRESSL_INTERNAL */ + #define sk_EVP_MD_new(cmp) SKM_sk_new(EVP_MD, (cmp)) #define sk_EVP_MD_new_null() SKM_sk_new_null(EVP_MD) #define sk_EVP_MD_free(st) SKM_sk_free(EVP_MD, (st)) @@ -1279,6 +1325,28 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) #define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) #define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st)) +#define sk_SCT_new(cmp) SKM_sk_new(SCT, (cmp)) +#define sk_SCT_new_null() SKM_sk_new_null(SCT) +#define sk_SCT_free(st) SKM_sk_free(SCT, (st)) +#define sk_SCT_num(st) SKM_sk_num(SCT, (st)) +#define sk_SCT_value(st, i) SKM_sk_value(SCT, (st), (i)) +#define sk_SCT_set(st, i, val) SKM_sk_set(SCT, (st), (i), (val)) +#define sk_SCT_zero(st) SKM_sk_zero(SCT, (st)) +#define sk_SCT_push(st, val) SKM_sk_push(SCT, (st), (val)) +#define sk_SCT_unshift(st, val) SKM_sk_unshift(SCT, (st), (val)) +#define sk_SCT_find(st, val) SKM_sk_find(SCT, (st), (val)) +#define sk_SCT_find_ex(st, val) SKM_sk_find_ex(SCT, (st), (val)) +#define sk_SCT_delete(st, i) SKM_sk_delete(SCT, (st), (i)) +#define sk_SCT_delete_ptr(st, ptr) SKM_sk_delete_ptr(SCT, (st), (ptr)) +#define sk_SCT_insert(st, val, i) SKM_sk_insert(SCT, (st), (val), (i)) +#define sk_SCT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SCT, (st), (cmp)) +#define sk_SCT_dup(st) SKM_sk_dup(SCT, st) +#define sk_SCT_pop_free(st, free_func) SKM_sk_pop_free(SCT, (st), (free_func)) +#define sk_SCT_shift(st) SKM_sk_shift(SCT, (st)) +#define sk_SCT_pop(st) SKM_sk_pop(SCT, (st)) +#define sk_SCT_sort(st) SKM_sk_sort(SCT, (st)) +#define sk_SCT_is_sorted(st) SKM_sk_is_sorted(SCT, (st)) + #define sk_SRTP_PROTECTION_PROFILE_new(cmp) SKM_sk_new(SRTP_PROTECTION_PROFILE, (cmp)) #define sk_SRTP_PROTECTION_PROFILE_new_null() SKM_sk_new_null(SRTP_PROTECTION_PROFILE) #define sk_SRTP_PROTECTION_PROFILE_free(st) SKM_sk_free(SRTP_PROTECTION_PROFILE, (st)) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 2c208b09..4a89bfd8 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.209 2021/09/14 23:07:18 inoguchi Exp $ */ +/* $OpenBSD: ssl.h,v 1.229 2022/09/11 17:39:46 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -357,13 +357,14 @@ extern "C" { * in SSL_CTX. */ typedef struct ssl_st *ssl_crock_st; -#if defined(LIBRESSL_INTERNAL) -typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; -#endif typedef struct ssl_method_st SSL_METHOD; typedef struct ssl_cipher_st SSL_CIPHER; typedef struct ssl_session_st SSL_SESSION; +#if defined(LIBRESSL_HAS_QUIC) || defined(LIBRESSL_INTERNAL) +typedef struct ssl_quic_method_st SSL_QUIC_METHOD; +#endif + DECLARE_STACK_OF(SSL_CIPHER) /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ @@ -508,6 +509,14 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); +void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); +SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); +int SSL_set_num_tickets(SSL *s, size_t num_tickets); +size_t SSL_get_num_tickets(const SSL *s); +int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); +size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); +STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); #ifndef LIBRESSL_INTERNAL struct ssl_aead_ctx_st; @@ -537,57 +546,10 @@ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, typedef struct ssl_comp_st SSL_COMP; #ifdef LIBRESSL_INTERNAL - -struct ssl_comp_st { - int id; - const char *name; -}; - DECLARE_STACK_OF(SSL_COMP) struct lhash_st_SSL_SESSION { int dummy; }; - -struct ssl_ctx_internal_st; - -struct ssl_ctx_st { - const SSL_METHOD *method; - - STACK_OF(SSL_CIPHER) *cipher_list; - - struct x509_store_st /* X509_STORE */ *cert_store; - - /* If timeout is not 0, it is the default timeout value set - * when SSL_new() is called. This has been put in to make - * life easier to set things up */ - long session_timeout; - - int references; - - /* Default values to use in SSL structures follow (these are copied by SSL_new) */ - - STACK_OF(X509) *extra_certs; - - int verify_mode; - unsigned int sid_ctx_length; - unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - - X509_VERIFY_PARAM *param; - - /* - * XXX - * default_passwd_cb used by python and openvpn, need to keep it until we - * add an accessor - */ - /* Default password callback. */ - pem_password_cb *default_passwd_callback; - - /* Default password callback user data. */ - void *default_passwd_callback_userdata; - - struct ssl_ctx_internal_st *internal; -}; - #endif #define SSL_SESS_CACHE_OFF 0x0000 @@ -703,85 +665,6 @@ void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); #define SSL_MAC_FLAG_READ_MAC_STREAM 1 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 -#if defined(LIBRESSL_INTERNAL) -struct ssl_internal_st; - -struct ssl_st { - /* protocol version - * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) - */ - int version; - - const SSL_METHOD *method; /* SSLv3 */ - - /* There are 2 BIO's even though they are normally both the - * same. This is so data can be read and written to different - * handlers */ - - BIO *rbio; /* used by SSL_read */ - BIO *wbio; /* used by SSL_write */ - BIO *bbio; /* used during session-id reuse to concatenate - * messages */ - int server; /* are we the server side? - mostly used by SSL_clear*/ - - struct ssl3_state_st *s3; /* SSLv3 variables */ - struct dtls1_state_st *d1; /* DTLSv1 variables */ - - X509_VERIFY_PARAM *param; - - /* crypto */ - STACK_OF(SSL_CIPHER) *cipher_list; - - /* This is used to hold the server certificate used */ - struct cert_st /* CERT */ *cert; - - /* the session_id_context is used to ensure sessions are only reused - * in the appropriate context */ - unsigned int sid_ctx_length; - unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - - /* This can also be in the session once a session is established */ - SSL_SESSION *session; - - /* Used in SSL2 and SSL3 */ - int verify_mode; /* 0 don't care about verify failure. - * 1 fail if verify fails */ - int error; /* error bytes to be written */ - int error_code; /* actual code */ - - SSL_CTX *ctx; - - long verify_result; - - int references; - - int client_version; /* what was passed, used for - * SSLv3/TLS rollback check */ - - unsigned int max_send_fragment; - - char *tlsext_hostname; - - /* certificate status request info */ - /* Status type or -1 if no status type */ - int tlsext_status_type; - - SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ -#define session_ctx initial_ctx - - /* - * XXX really should be internal, but is - * touched unnaturally by wpa-supplicant - * and freeradius and other perversions - */ - EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ - EVP_MD_CTX *read_hash; /* used for mac generation */ - - struct ssl_internal_st *internal; -}; - -#endif - #ifdef __cplusplus } #endif @@ -944,15 +827,18 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x); /* Offset to get an SSL_R_... value from an SSL_AD_... value. */ #define SSL_AD_REASON_OFFSET 1000 -#define SSL_ERROR_NONE 0 -#define SSL_ERROR_SSL 1 -#define SSL_ERROR_WANT_READ 2 -#define SSL_ERROR_WANT_WRITE 3 -#define SSL_ERROR_WANT_X509_LOOKUP 4 -#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */ -#define SSL_ERROR_ZERO_RETURN 6 -#define SSL_ERROR_WANT_CONNECT 7 -#define SSL_ERROR_WANT_ACCEPT 8 +#define SSL_ERROR_NONE 0 +#define SSL_ERROR_SSL 1 +#define SSL_ERROR_WANT_READ 2 +#define SSL_ERROR_WANT_WRITE 3 +#define SSL_ERROR_WANT_X509_LOOKUP 4 +#define SSL_ERROR_SYSCALL 5 +#define SSL_ERROR_ZERO_RETURN 6 +#define SSL_ERROR_WANT_CONNECT 7 +#define SSL_ERROR_WANT_ACCEPT 8 +#define SSL_ERROR_WANT_ASYNC 9 +#define SSL_ERROR_WANT_ASYNC_JOB 10 +#define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 #define SSL_CTRL_NEED_TMP_RSA 1 #define SSL_CTRL_SET_TMP_RSA 2 @@ -1051,8 +937,8 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x); #define SSL_CTRL_SET_GROUPS 91 #define SSL_CTRL_SET_GROUPS_LIST 92 - -#define SSL_CTRL_SET_ECDH_AUTO 94 +#define SSL_CTRL_GET_SHARED_GROUP 93 +#define SSL_CTRL_SET_ECDH_AUTO 94 #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) #define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 @@ -1168,6 +1054,10 @@ const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); #define SSL_CTX_clear_extra_chain_certs(ctx) \ SSL_CTX_ctrl(ctx, SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS, 0, NULL) +#define SSL_get_shared_group(s, n) \ + SSL_ctrl((s), SSL_CTRL_GET_SHARED_GROUP, (n), NULL) +#define SSL_get_shared_curve SSL_get_shared_group + #define SSL_get_server_tmp_key(s, pk) \ SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) @@ -1413,6 +1303,9 @@ int SSL_is_server(const SSL *s); int SSL_read(SSL *ssl, void *buf, int num); int SSL_peek(SSL *ssl, void *buf, int num); int SSL_write(SSL *ssl, const void *buf, int num); +int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_read); +int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_peeked); +int SSL_write_ex(SSL *ssl, const void *buf, size_t num, size_t *bytes_written); #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); @@ -1625,10 +1518,289 @@ int SSL_set_session_secret_cb(SSL *s, void SSL_set_debug(SSL *s, int debug); int SSL_cache_hit(SSL *s); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. +/* What the "other" parameter contains in security callback */ +/* Mask for type */ +#define SSL_SECOP_OTHER_TYPE 0xffff0000 +#define SSL_SECOP_OTHER_NONE 0 +#define SSL_SECOP_OTHER_CIPHER (1 << 16) +#define SSL_SECOP_OTHER_CURVE (2 << 16) +#define SSL_SECOP_OTHER_DH (3 << 16) +#define SSL_SECOP_OTHER_PKEY (4 << 16) +#define SSL_SECOP_OTHER_SIGALG (5 << 16) +#define SSL_SECOP_OTHER_CERT (6 << 16) + +/* Indicated operation refers to peer key or certificate */ +#define SSL_SECOP_PEER 0x1000 + +/* Values for "op" parameter in security callback */ + +/* Called to filter ciphers */ +/* Ciphers client supports */ +#define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) +/* Cipher shared by client/server */ +#define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) +/* Sanity check of cipher server selects */ +#define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) +/* Curves supported by client */ +#define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) +/* Curves shared by client/server */ +#define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) +/* Sanity check of curve server selects */ +#define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) +/* Temporary DH key */ +/* + * XXX: changed in OpenSSL e2b420fdd70 to (7 | SSL_SECOP_OTHER_PKEY) + * Needs switching internal use of DH to EVP_PKEY. The code is not reachable + * from outside the library as long as we do not expose the callback in the API. + */ +#define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_DH) +/* SSL/TLS version */ +#define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) +/* Session tickets */ +#define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) +/* Supported signature algorithms sent to peer */ +#define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) +/* Shared signature algorithm */ +#define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) +/* Sanity check signature algorithm allowed */ +#define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) +/* Used to get mask of supported public key signature algorithms */ +#define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) +/* Use to see if compression is allowed */ +#define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) +/* EE key in certificate */ +#define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) +/* CA key in certificate */ +#define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) +/* CA digest algorithm in certificate */ +#define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) +/* Peer EE key in certificate */ +#define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) +/* Peer CA key in certificate */ +#define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) +/* Peer CA digest algorithm in certificate */ +#define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) + +void SSL_set_security_level(SSL *ssl, int level); +int SSL_get_security_level(const SSL *ssl); + +void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); +int SSL_CTX_get_security_level(const SSL_CTX *ctx); + +#if defined(LIBRESSL_HAS_QUIC) || defined(LIBRESSL_INTERNAL) +/* + * QUIC integration. + * + * QUIC acts as an underlying transport for the TLS 1.3 handshake. The following + * functions allow a QUIC implementation to serve as the underlying transport as + * described in RFC 9001. + * + * When configured for QUIC, |SSL_do_handshake| will drive the handshake as + * before, but it will not use the configured |BIO|. It will call functions on + * |SSL_QUIC_METHOD| to configure secrets and send data. If data is needed from + * the peer, it will return |SSL_ERROR_WANT_READ|. As the caller receives data + * it can decrypt, it calls |SSL_provide_quic_data|. Subsequent + * |SSL_do_handshake| calls will then consume that data and progress the + * handshake. After the handshake is complete, the caller should continue to + * call |SSL_provide_quic_data| for any post-handshake data, followed by + * |SSL_process_quic_post_handshake| to process it. It is an error to call + * |SSL_peek|, |SSL_read| and |SSL_write| in QUIC. + * + * To avoid DoS attacks, the QUIC implementation must limit the amount of data + * being queued up. The implementation can call + * |SSL_quic_max_handshake_flight_len| to get the maximum buffer length at each + * encryption level. + * + * QUIC implementations must additionally configure transport parameters with + * |SSL_set_quic_transport_params|. |SSL_get_peer_quic_transport_params| may be + * used to query the value received from the peer. This extension is handled + * as an opaque byte string, which the caller is responsible for serializing + * and parsing. See RFC 9000 section 7.4 for further details. */ + +/* + * ssl_encryption_level_t specifies the QUIC encryption level used to transmit + * handshake messages. + */ +typedef enum ssl_encryption_level_t { + ssl_encryption_initial = 0, + ssl_encryption_early_data, + ssl_encryption_handshake, + ssl_encryption_application, +} OSSL_ENCRYPTION_LEVEL; + +/* + * ssl_quic_method_st (aka |SSL_QUIC_METHOD|) describes custom QUIC hooks. + * + * Note that we provide both the new (BoringSSL) secrets interface + * (set_read_secret/set_write_secret) along with the old interface + * (set_encryption_secrets), which quictls is still using. + * + * Since some consumers fail to use named initialisers, the order of these + * functions is important. Hopefully all of these consumers use the old version. + */ +struct ssl_quic_method_st { + /* + * set_encryption_secrets configures the read and write secrets for the + * given encryption level. This function will always be called before an + * encryption level other than |ssl_encryption_initial| is used. + * + * When reading packets at a given level, the QUIC implementation must + * send ACKs at the same level, so this function provides read and write + * secrets together. The exception is |ssl_encryption_early_data|, where + * secrets are only available in the client to server direction. The + * other secret will be NULL. The server acknowledges such data at + * |ssl_encryption_application|, which will be configured in the same + * |SSL_do_handshake| call. + * + * This function should use |SSL_get_current_cipher| to determine the TLS + * cipher suite. + */ + int (*set_encryption_secrets)(SSL *ssl, enum ssl_encryption_level_t level, + const uint8_t *read_secret, const uint8_t *write_secret, + size_t secret_len); + + /* + * add_handshake_data adds handshake data to the current flight at the + * given encryption level. It returns one on success and zero on error. + * Callers should defer writing data to the network until |flush_flight| + * to better pack QUIC packets into transport datagrams. + * + * If |level| is not |ssl_encryption_initial|, this function will not be + * called before |level| is initialized with |set_write_secret|. + */ + int (*add_handshake_data)(SSL *ssl, enum ssl_encryption_level_t level, + const uint8_t *data, size_t len); + + /* + * flush_flight is called when the current flight is complete and should + * be written to the transport. Note a flight may contain data at + * several encryption levels. It returns one on success and zero on + * error. + */ + int (*flush_flight)(SSL *ssl); + + /* + * send_alert sends a fatal alert at the specified encryption level. It + * returns one on success and zero on error. + * + * If |level| is not |ssl_encryption_initial|, this function will not be + * called before |level| is initialized with |set_write_secret|. + */ + int (*send_alert)(SSL *ssl, enum ssl_encryption_level_t level, + uint8_t alert); + + /* + * set_read_secret configures the read secret and cipher suite for the + * given encryption level. It returns one on success and zero to + * terminate the handshake with an error. It will be called at most once + * per encryption level. + * + * Read keys will not be released before QUIC may use them. Once a level + * has been initialized, QUIC may begin processing data from it. + * Handshake data should be passed to |SSL_provide_quic_data| and + * application data (if |level| is |ssl_encryption_early_data| or + * |ssl_encryption_application|) may be processed according to the rules + * of the QUIC protocol. + */ + int (*set_read_secret)(SSL *ssl, enum ssl_encryption_level_t level, + const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len); + + /* + * set_write_secret behaves like |set_read_secret| but configures the + * write secret and cipher suite for the given encryption level. It will + * be called at most once per encryption level. + * + * Write keys will not be released before QUIC may use them. If |level| + * is |ssl_encryption_early_data| or |ssl_encryption_application|, QUIC + * may begin sending application data at |level|. + */ + int (*set_write_secret)(SSL *ssl, enum ssl_encryption_level_t level, + const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len); +}; + +/* + * SSL_CTX_set_quic_method configures the QUIC hooks. This should only be + * configured with a minimum version of TLS 1.3. |quic_method| must remain valid + * for the lifetime of |ctx|. It returns one on success and zero on error. + */ +int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method); + +/* + * SSL_set_quic_method configures the QUIC hooks. This should only be + * configured with a minimum version of TLS 1.3. |quic_method| must remain valid + * for the lifetime of |ssl|. It returns one on success and zero on error. + */ +int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method); + +/* SSL_is_quic returns true if an SSL has been configured for use with QUIC. */ +int SSL_is_quic(const SSL *ssl); + +/* + * SSL_quic_max_handshake_flight_len returns returns the maximum number of bytes + * that may be received at the given encryption level. This function should be + * used to limit buffering in the QUIC implementation. See RFC 9000 section 7.5. + */ +size_t SSL_quic_max_handshake_flight_len(const SSL *ssl, + enum ssl_encryption_level_t level); + +/* + * SSL_quic_read_level returns the current read encryption level. + */ +enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl); + +/* + * SSL_quic_write_level returns the current write encryption level. + */ +enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl); + +/* + * SSL_provide_quic_data provides data from QUIC at a particular encryption + * level |level|. It returns one on success and zero on error. Note this + * function will return zero if the handshake is not expecting data from |level| + * at this time. The QUIC implementation should then close the connection with + * an error. + */ +int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level, + const uint8_t *data, size_t len); + +/* + * SSL_process_quic_post_handshake processes any data that QUIC has provided + * after the handshake has completed. This includes NewSessionTicket messages + * sent by the server. It returns one on success and zero on error. + */ +int SSL_process_quic_post_handshake(SSL *ssl); + +/* + * SSL_set_quic_transport_params configures |ssl| to send |params| (of length + * |params_len|) in the quic_transport_parameters extension in either the + * ClientHello or EncryptedExtensions handshake message. It is an error to set + * transport parameters if |ssl| is not configured for QUIC. The buffer pointed + * to by |params| only need be valid for the duration of the call to this + * function. This function returns 1 on success and 0 on failure. + */ +int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, + size_t params_len); + +/* + * SSL_get_peer_quic_transport_params provides the caller with the value of the + * quic_transport_parameters extension sent by the peer. A pointer to the buffer + * containing the TransportParameters will be put in |*out_params|, and its + * length in |*params_len|. This buffer will be valid for the lifetime of the + * |SSL|. If no params were received from the peer, |*out_params_len| will be 0. + */ +void SSL_get_peer_quic_transport_params(const SSL *ssl, + const uint8_t **out_params, size_t *out_params_len); + +/* + * SSL_set_quic_use_legacy_codepoint configures whether to use the legacy QUIC + * extension codepoint 0xffa5 as opposed to the official value 57. This is + * unsupported in LibreSSL. + */ +void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy); + +#endif + void ERR_load_SSL_strings(void); /* Error codes for the SSL functions. */ @@ -1905,6 +2077,8 @@ void ERR_load_SSL_strings(void); #define SSL_R_BN_LIB 130 #define SSL_R_CA_DN_LENGTH_MISMATCH 131 #define SSL_R_CA_DN_TOO_LONG 132 +#define SSL_R_CA_KEY_TOO_SMALL 397 +#define SSL_R_CA_MD_TOO_WEAK 398 #define SSL_R_CCS_RECEIVED_EARLY 133 #define SSL_R_CERTIFICATE_VERIFY_FAILED 134 #define SSL_R_CERT_LENGTH_MISMATCH 135 @@ -1926,6 +2100,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_DATA_LENGTH_TOO_LONG 146 #define SSL_R_DECRYPTION_FAILED 147 #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +#define SSL_R_DH_KEY_TOO_SMALL 394 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 #define SSL_R_DIGEST_CHECK_FAILED 149 #define SSL_R_DTLS_MESSAGE_TOO_BIG 334 @@ -1935,6 +2110,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 #define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 +#define SSL_R_EE_KEY_TOO_SMALL 399 #define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 @@ -2149,6 +2325,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_UNSUPPORTED_SSL_VERSION 259 #define SSL_R_UNSUPPORTED_STATUS_TYPE 329 #define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 +#define SSL_R_VERSION_TOO_LOW 396 #define SSL_R_WRITE_BIO_NOT_SET 260 #define SSL_R_WRONG_CIPHER_RETURNED 261 #define SSL_R_WRONG_CURVE 378 @@ -2162,6 +2339,8 @@ void ERR_load_SSL_strings(void); #define SSL_R_X509_LIB 268 #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 #define SSL_R_PEER_BEHAVING_BADLY 666 +#define SSL_R_QUIC_INTERNAL_ERROR 667 +#define SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED 668 #define SSL_R_UNKNOWN 999 /* diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index cb06a539..2bdbd3c1 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls1.h,v 1.49 2021/09/10 14:57:31 tb Exp $ */ +/* $OpenBSD: tls1.h,v 1.56 2022/07/17 14:39:09 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -159,6 +159,8 @@ extern "C" { #endif +#define OPENSSL_TLS_SECURITY_LEVEL 1 + #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) @@ -270,6 +272,11 @@ extern "C" { #define TLSEXT_TYPE_key_share 51 #endif +/* ExtensionType value from RFC 9001 section 8.2 */ +#if defined(LIBRESSL_HAS_QUIC) || defined(LIBRESSL_INTERNAL) +#define TLSEXT_TYPE_quic_transport_parameters 57 +#endif + /* * TLS 1.3 extension names from OpenSSL, where they decided to use a different * name from that given in RFC 8446. @@ -722,6 +729,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS1_3_TXT_CHACHA20_POLY1305_SHA256 "AEAD-CHACHA20-POLY1305-SHA256" #define TLS1_3_TXT_AES_128_CCM_SHA256 "AEAD-AES128-CCM-SHA256" #define TLS1_3_TXT_AES_128_CCM_8_SHA256 "AEAD-AES128-CCM-8-SHA256" + +#define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" +#define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" +#define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" +#define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" +#define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" #endif #define TLS_CT_RSA_SIGN 1 @@ -761,14 +774,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS_MD_MASTER_SECRET_CONST "master secret" #define TLS_MD_MASTER_SECRET_CONST_SIZE 13 -#if defined(LIBRESSL_INTERNAL) -/* TLS Session Ticket extension struct. */ -struct tls_session_ticket_ext_st { - unsigned short length; - void *data; -}; -#endif - #ifdef __cplusplus } #endif diff --git a/include/openssl/ts.h b/include/openssl/ts.h index fa8eb949..cb372e66 100644 --- a/include/openssl/ts.h +++ b/include/openssl/ts.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ts.h,v 1.10 2018/05/13 15:35:46 tb Exp $ */ +/* $OpenBSD: ts.h,v 1.19 2022/09/11 17:31:19 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL * project 2002, 2003, 2004. */ @@ -93,99 +93,12 @@ extern "C" { #include #include -/* -MessageImprint ::= SEQUENCE { - hashAlgorithm AlgorithmIdentifier, - hashedMessage OCTET STRING } -*/ - -typedef struct TS_msg_imprint_st { - X509_ALGOR *hash_algo; - ASN1_OCTET_STRING *hashed_msg; -} TS_MSG_IMPRINT; - -/* -TimeStampReq ::= SEQUENCE { - version INTEGER { v1(1) }, - messageImprint MessageImprint, - --a hash algorithm OID and the hash value of the data to be - --time-stamped - reqPolicy TSAPolicyId OPTIONAL, - nonce INTEGER OPTIONAL, - certReq BOOLEAN DEFAULT FALSE, - extensions [0] IMPLICIT Extensions OPTIONAL } -*/ - -typedef struct TS_req_st { - ASN1_INTEGER *version; - TS_MSG_IMPRINT *msg_imprint; - ASN1_OBJECT *policy_id; /* OPTIONAL */ - ASN1_INTEGER *nonce; /* OPTIONAL */ - ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */ - STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */ -} TS_REQ; - -/* -Accuracy ::= SEQUENCE { - seconds INTEGER OPTIONAL, - millis [0] INTEGER (1..999) OPTIONAL, - micros [1] INTEGER (1..999) OPTIONAL } -*/ - -typedef struct TS_accuracy_st { - ASN1_INTEGER *seconds; - ASN1_INTEGER *millis; - ASN1_INTEGER *micros; -} TS_ACCURACY; - -/* -TSTInfo ::= SEQUENCE { - version INTEGER { v1(1) }, - policy TSAPolicyId, - messageImprint MessageImprint, - -- MUST have the same value as the similar field in - -- TimeStampReq - serialNumber INTEGER, - -- Time-Stamping users MUST be ready to accommodate integers - -- up to 160 bits. - genTime GeneralizedTime, - accuracy Accuracy OPTIONAL, - ordering BOOLEAN DEFAULT FALSE, - nonce INTEGER OPTIONAL, - -- MUST be present if the similar field was present - -- in TimeStampReq. In that case it MUST have the same value. - tsa [0] GeneralName OPTIONAL, - extensions [1] IMPLICIT Extensions OPTIONAL } -*/ - -typedef struct TS_tst_info_st { - ASN1_INTEGER *version; - ASN1_OBJECT *policy_id; - TS_MSG_IMPRINT *msg_imprint; - ASN1_INTEGER *serial; - ASN1_GENERALIZEDTIME *time; - TS_ACCURACY *accuracy; - ASN1_BOOLEAN ordering; - ASN1_INTEGER *nonce; - GENERAL_NAME *tsa; - STACK_OF(X509_EXTENSION) *extensions; -} TS_TST_INFO; - -/* -PKIStatusInfo ::= SEQUENCE { - status PKIStatus, - statusString PKIFreeText OPTIONAL, - failInfo PKIFailureInfo OPTIONAL } - -From RFC 1510 - section 3.1.1: -PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String - -- text encoded as UTF-8 String (note: each UTF8String SHOULD - -- include an RFC 1766 language tag to indicate the language - -- of the contained text) -*/ - -/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */ +typedef struct TS_msg_imprint_st TS_MSG_IMPRINT; +typedef struct TS_req_st TS_REQ; +typedef struct TS_accuracy_st TS_ACCURACY; +typedef struct TS_tst_info_st TS_TST_INFO; +/* Possible values for status. */ #define TS_STATUS_GRANTED 0 #define TS_STATUS_GRANTED_WITH_MODS 1 #define TS_STATUS_REJECTION 2 @@ -193,8 +106,7 @@ PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String #define TS_STATUS_REVOCATION_WARNING 4 #define TS_STATUS_REVOCATION_NOTIFICATION 5 -/* Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c */ - +/* Possible values for failure_info. */ #define TS_INFO_BAD_ALG 0 #define TS_INFO_BAD_REQUEST 2 #define TS_INFO_BAD_DATA_FORMAT 5 @@ -204,66 +116,21 @@ PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String #define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 #define TS_INFO_SYSTEM_FAILURE 25 -typedef struct TS_status_info_st { - ASN1_INTEGER *status; - STACK_OF(ASN1_UTF8STRING) *text; - ASN1_BIT_STRING *failure_info; -} TS_STATUS_INFO; +typedef struct TS_status_info_st TS_STATUS_INFO; DECLARE_STACK_OF(ASN1_UTF8STRING) -/* -TimeStampResp ::= SEQUENCE { - status PKIStatusInfo, - timeStampToken TimeStampToken OPTIONAL } -*/ - -typedef struct TS_resp_st { - TS_STATUS_INFO *status_info; - PKCS7 *token; - TS_TST_INFO *tst_info; -} TS_RESP; - -/* The structure below would belong to the ESS component. */ - -/* -IssuerSerial ::= SEQUENCE { - issuer GeneralNames, - serialNumber CertificateSerialNumber - } -*/ - -typedef struct ESS_issuer_serial { - STACK_OF(GENERAL_NAME) *issuer; - ASN1_INTEGER *serial; -} ESS_ISSUER_SERIAL; - -/* -ESSCertID ::= SEQUENCE { - certHash Hash, - issuerSerial IssuerSerial OPTIONAL -} -*/ - -typedef struct ESS_cert_id { - ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ - ESS_ISSUER_SERIAL *issuer_serial; -} ESS_CERT_ID; - +typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL; +typedef struct ESS_cert_id ESS_CERT_ID; DECLARE_STACK_OF(ESS_CERT_ID) +typedef struct ESS_signing_cert ESS_SIGNING_CERT; -/* -SigningCertificate ::= SEQUENCE { - certs SEQUENCE OF ESSCertID, - policies SEQUENCE OF PolicyInformation OPTIONAL -} -*/ +typedef struct ESS_cert_id_v2 ESS_CERT_ID_V2; +DECLARE_STACK_OF(ESS_CERT_ID_V2) -typedef struct ESS_signing_cert { - STACK_OF(ESS_CERT_ID) *cert_ids; - STACK_OF(POLICYINFO) *policy_info; -} ESS_SIGNING_CERT; +typedef struct ESS_signing_cert_v2 ESS_SIGNING_CERT_V2; +typedef struct TS_resp_st TS_RESP; TS_REQ *TS_REQ_new(void); void TS_REQ_free(TS_REQ *a); @@ -351,8 +218,6 @@ ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, const unsigned char **pp, long length); ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); -void ERR_load_TS_strings(void); - int TS_REQ_set_version(TS_REQ *a, long version); long TS_REQ_get_version(const TS_REQ *a); @@ -389,11 +254,17 @@ void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); int TS_REQ_print_bio(BIO *bio, TS_REQ *a); -/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ +/* Function declarations for TS_RESP defined in ts/ts_rsp_utils.c */ int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); +const ASN1_UTF8STRING *TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *si); +const STACK_OF(ASN1_UTF8STRING) * + TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *si); +const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *si); +int TS_STATUS_INFO_set_status(TS_STATUS_INFO *si, int i); + /* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); PKCS7 *TS_RESP_get_token(TS_RESP *a); @@ -447,7 +318,7 @@ X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); -/* Declarations related to response generation, defined in ts/ts_resp_sign.c. */ +/* Declarations related to response generation, defined in ts/ts_rsp_sign.c. */ /* Optional flags for response generation. */ @@ -482,35 +353,7 @@ typedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, time_t *sec, long *usec) */ typedef int (*TS_extension_cb)(struct TS_resp_ctx *, X509_EXTENSION *, void *); -typedef struct TS_resp_ctx { - X509 *signer_cert; - EVP_PKEY *signer_key; - STACK_OF(X509) *certs; /* Certs to include in signed data. */ - STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ - ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ - STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ - ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ - ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ - ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ - unsigned clock_precision_digits; /* fraction of seconds in - time stamp token. */ - unsigned flags; /* Optional info, see values above. */ - - /* Callback functions. */ - TS_serial_cb serial_cb; - void *serial_cb_data; /* User data for serial_cb. */ - - TS_time_cb time_cb; - void *time_cb_data; /* User data for time_cb. */ - - TS_extension_cb extension_cb; - void *extension_cb_data; /* User data for extension_cb. */ - - /* These members are used only while creating the response. */ - TS_REQ *request; - TS_RESP *response; - TS_TST_INFO *tst_info; -} TS_RESP_CTX; +typedef struct TS_resp_ctx TS_RESP_CTX; DECLARE_STACK_OF(EVP_MD) @@ -555,6 +398,9 @@ void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); /* Default callback always returns a constant. */ void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); +/* Default callback uses gettimeofday() and gmtime(). */ +void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); + /* Default callback rejects all extensions. The extension callback is called * when the TS_TST_INFO object is already set up and not signed yet. */ /* FIXME: extension handling is not tested yet. */ @@ -585,7 +431,7 @@ TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); /* * Declarations related to response verification, - * they are defined in ts/ts_resp_verify.c. + * they are defined in ts/ts_rsp_verify.c. */ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, @@ -629,32 +475,7 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, | TS_VFY_SIGNER \ | TS_VFY_TSA_NAME) -typedef struct TS_verify_ctx { - /* Set this to the union of TS_VFY_... flags you want to carry out. */ - unsigned flags; - - /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ - X509_STORE *store; - STACK_OF(X509) *certs; - - /* Must be set only with TS_VFY_POLICY. */ - ASN1_OBJECT *policy; - - /* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, - the algorithm from the response is used. */ - X509_ALGOR *md_alg; - unsigned char *imprint; - unsigned imprint_len; - - /* Must be set only with TS_VFY_DATA. */ - BIO *data; - - /* Must be set only with TS_VFY_TSA_NAME. */ - ASN1_INTEGER *nonce; - - /* Must be set only with TS_VFY_TSA_NAME. */ - GENERAL_NAME *tsa_name; -} TS_VERIFY_CTX; +typedef struct TS_verify_ctx TS_VERIFY_CTX; int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); @@ -670,6 +491,17 @@ void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); +int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int flags); +int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int flags); +BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *bio); +X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *store); +/* R$ special */ +#define TS_VERIFY_CTS_set_certs TS_VERIFY_CTX_set_certs +STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, + STACK_OF(X509) *certs); +unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, + unsigned char *imprint, long imprint_len); + /* * If ctx is NULL, it allocates and returns a new object, otherwise * it returns ctx. It initialises all the members as follows: @@ -682,13 +514,13 @@ void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); * imprint, imprint_len = imprint from request * data = NULL * nonce, nonce_len = nonce from the request or NULL if absent (in this case - * TS_VFY_NONCE is cleared from flags as well) + * TS_VFY_NONCE is cleared from flags as well) * tsa_name = NULL * Important: after calling this method TS_VFY_SIGNATURE should be added! */ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); -/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ +/* Function declarations for TS_RESP defined in ts/ts_rsp_print.c */ int TS_RESP_print_bio(BIO *bio, TS_RESP *a); int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); @@ -732,11 +564,6 @@ int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, TS_RESP_CTX *ctx); -/* -------------------------------------------------- */ -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_TS_strings(void); /* Error codes for the TS functions. */ diff --git a/include/openssl/ui.h b/include/openssl/ui.h index 5ca65b0a..7755cf4a 100644 --- a/include/openssl/ui.h +++ b/include/openssl/ui.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ui.h,v 1.12 2020/09/24 19:20:32 tb Exp $ */ +/* $OpenBSD: ui.h,v 1.14 2022/07/12 18:43:56 jsing Exp $ */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL * project 2001. */ @@ -371,11 +371,6 @@ int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, int verify); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_UI_strings(void); /* Error codes for the UI functions. */ diff --git a/include/openssl/x509.h b/include/openssl/x509.h index bb675bde..bac1341a 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.h,v 1.76 2021/09/02 12:41:44 job Exp $ */ +/* $OpenBSD: x509.h,v 1.90 2022/07/12 14:42:50 kn Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -140,175 +140,43 @@ extern "C" { #define X509v3_KU_DECIPHER_ONLY 0x8000 #define X509v3_KU_UNDEF 0xffff -typedef struct X509_objects_st - { - int nid; - int (*a2i)(void); - int (*i2a)(void); - } X509_OBJECTS; - -struct X509_algor_st - { +struct X509_algor_st { ASN1_OBJECT *algorithm; ASN1_TYPE *parameter; - } /* X509_ALGOR */; - +} /* X509_ALGOR */; typedef STACK_OF(X509_ALGOR) X509_ALGORS; -typedef struct X509_val_st - { +typedef struct X509_val_st { ASN1_TIME *notBefore; ASN1_TIME *notAfter; - } X509_VAL; - -struct X509_pubkey_st - { - X509_ALGOR *algor; - ASN1_BIT_STRING *public_key; - EVP_PKEY *pkey; - }; - -typedef struct X509_sig_st - { - X509_ALGOR *algor; - ASN1_OCTET_STRING *digest; - } X509_SIG; - -typedef struct X509_name_entry_st - { - ASN1_OBJECT *object; - ASN1_STRING *value; - int set; - int size; /* temp variable */ - } X509_NAME_ENTRY; +} X509_VAL; -DECLARE_STACK_OF(X509_NAME_ENTRY) +typedef struct X509_sig_st X509_SIG; -/* we always keep X509_NAMEs in 2 forms. */ -struct X509_name_st - { - STACK_OF(X509_NAME_ENTRY) *entries; - int modified; /* true if 'bytes' needs to be built */ -#ifndef OPENSSL_NO_BUFFER - BUF_MEM *bytes; -#else - char *bytes; -#endif -/* unsigned long hash; Keep the hash around for lookups */ - unsigned char *canon_enc; - int canon_enclen; - } /* X509_NAME */; +typedef struct X509_name_entry_st X509_NAME_ENTRY; + +DECLARE_STACK_OF(X509_NAME_ENTRY) DECLARE_STACK_OF(X509_NAME) -#define X509_EX_V_NETSCAPE_HACK 0x8000 -#define X509_EX_V_INIT 0x0001 -typedef struct X509_extension_st - { - ASN1_OBJECT *object; - ASN1_BOOLEAN critical; - ASN1_OCTET_STRING *value; - } X509_EXTENSION; +typedef struct X509_extension_st X509_EXTENSION; typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; DECLARE_STACK_OF(X509_EXTENSION) -/* a sequence of these are used */ -typedef struct x509_attributes_st - { - ASN1_OBJECT *object; - int single; /* 0 for a set, 1 for a single item (which is wrong) */ - union { - char *ptr; -/* 0 */ STACK_OF(ASN1_TYPE) *set; -/* 1 */ ASN1_TYPE *single; - } value; - } X509_ATTRIBUTE; +typedef struct x509_attributes_st X509_ATTRIBUTE; DECLARE_STACK_OF(X509_ATTRIBUTE) +typedef struct X509_req_info_st X509_REQ_INFO; -typedef struct X509_req_info_st - { - ASN1_ENCODING enc; - ASN1_INTEGER *version; - X509_NAME *subject; - X509_PUBKEY *pubkey; - /* d=2 hl=2 l= 0 cons: cont: 00 */ - STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ - } X509_REQ_INFO; - -typedef struct X509_req_st - { - X509_REQ_INFO *req_info; - X509_ALGOR *sig_alg; - ASN1_BIT_STRING *signature; - int references; - } X509_REQ; - -typedef struct x509_cinf_st - { - ASN1_INTEGER *version; /* [ 0 ] default of v1 */ - ASN1_INTEGER *serialNumber; - X509_ALGOR *signature; - X509_NAME *issuer; - X509_VAL *validity; - X509_NAME *subject; - X509_PUBKEY *key; - ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ - ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ - STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ - ASN1_ENCODING enc; - } X509_CINF; - -/* This stuff is certificate "auxiliary info" - * it contains details which are useful in certificate - * stores and databases. When used this is tagged onto - * the end of the certificate itself - */ +typedef struct X509_req_st X509_REQ; -typedef struct x509_cert_aux_st - { - STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ - STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ - ASN1_UTF8STRING *alias; /* "friendly name" */ - ASN1_OCTET_STRING *keyid; /* key id of private key */ - STACK_OF(X509_ALGOR) *other; /* other unspecified info */ - } X509_CERT_AUX; - -struct x509_st - { - X509_CINF *cert_info; - X509_ALGOR *sig_alg; - ASN1_BIT_STRING *signature; - int valid; - int references; - char *name; - CRYPTO_EX_DATA ex_data; - /* These contain copies of various extension values */ - long ex_pathlen; - long ex_pcpathlen; - unsigned long ex_flags; - unsigned long ex_kusage; - unsigned long ex_xkusage; - unsigned long ex_nscert; - ASN1_OCTET_STRING *skid; - AUTHORITY_KEYID *akid; - X509_POLICY_CACHE *policy_cache; - STACK_OF(DIST_POINT) *crldp; - STACK_OF(GENERAL_NAME) *altname; - NAME_CONSTRAINTS *nc; -#ifndef OPENSSL_NO_RFC3779 - STACK_OF(IPAddressFamily) *rfc3779_addr; - struct ASIdentifiers_st *rfc3779_asid; -#endif -#ifndef OPENSSL_NO_SHA - unsigned char sha1_hash[SHA_DIGEST_LENGTH]; -#endif - X509_CERT_AUX *aux; - } /* X509 */; +typedef struct x509_cert_aux_st X509_CERT_AUX; + +typedef struct x509_cinf_st X509_CINF; DECLARE_STACK_OF(X509) @@ -325,13 +193,9 @@ typedef struct x509_trust_st { DECLARE_STACK_OF(X509_TRUST) -typedef struct x509_cert_pair_st { - X509 *forward; - X509 *reverse; -} X509_CERT_PAIR; - /* standard trust ids */ +/* OpenSSL changed this to 0 */ #define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */ #define X509_TRUST_COMPAT 1 @@ -432,61 +296,13 @@ typedef struct x509_cert_pair_st { XN_FLAG_FN_LN | \ XN_FLAG_FN_ALIGN) -struct x509_revoked_st - { - ASN1_INTEGER *serialNumber; - ASN1_TIME *revocationDate; - STACK_OF(X509_EXTENSION) /* optional */ *extensions; - /* Set up if indirect CRL */ - STACK_OF(GENERAL_NAME) *issuer; - /* Revocation reason */ - int reason; - int sequence; /* load sequence */ - }; - DECLARE_STACK_OF(X509_REVOKED) -typedef struct X509_crl_info_st - { - ASN1_INTEGER *version; - X509_ALGOR *sig_alg; - X509_NAME *issuer; - ASN1_TIME *lastUpdate; - ASN1_TIME *nextUpdate; - STACK_OF(X509_REVOKED) *revoked; - STACK_OF(X509_EXTENSION) /* [0] */ *extensions; - ASN1_ENCODING enc; - } X509_CRL_INFO; - -struct X509_crl_st - { - /* actual signature */ - X509_CRL_INFO *crl; - X509_ALGOR *sig_alg; - ASN1_BIT_STRING *signature; - int references; - int flags; - /* Copies of various extensions */ - AUTHORITY_KEYID *akid; - ISSUING_DIST_POINT *idp; - /* Convenient breakdown of IDP */ - int idp_flags; - int idp_reasons; - /* CRL and base CRL numbers for delta processing */ - ASN1_INTEGER *crl_number; - ASN1_INTEGER *base_crl_number; -#ifndef OPENSSL_NO_SHA - unsigned char sha1_hash[SHA_DIGEST_LENGTH]; -#endif - STACK_OF(GENERAL_NAMES) *issuers; - const X509_CRL_METHOD *meth; - void *meth_data; - } /* X509_CRL */; +typedef struct X509_crl_info_st X509_CRL_INFO; DECLARE_STACK_OF(X509_CRL) -typedef struct private_key_st - { +typedef struct private_key_st { int version; /* The PKCS#8 data types */ X509_ALGOR *enc_algor; @@ -504,11 +320,10 @@ typedef struct private_key_st EVP_CIPHER_INFO cipher; int references; - } X509_PKEY; +} X509_PKEY; #ifndef OPENSSL_NO_EVP -typedef struct X509_info_st - { +typedef struct X509_info_st { X509 *x509; X509_CRL *crl; X509_PKEY *x_pkey; @@ -518,7 +333,7 @@ typedef struct X509_info_st char *enc_data; int references; - } X509_INFO; +} X509_INFO; DECLARE_STACK_OF(X509_INFO) #endif @@ -527,64 +342,46 @@ DECLARE_STACK_OF(X509_INFO) * Pat Richard and are used to manipulate * Netscapes spki structures - useful if you are writing a CA web page */ -typedef struct Netscape_spkac_st - { +typedef struct Netscape_spkac_st { X509_PUBKEY *pubkey; ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ - } NETSCAPE_SPKAC; +} NETSCAPE_SPKAC; -typedef struct Netscape_spki_st - { +typedef struct Netscape_spki_st { NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ X509_ALGOR *sig_algor; ASN1_BIT_STRING *signature; - } NETSCAPE_SPKI; +} NETSCAPE_SPKI; /* Netscape certificate sequence structure */ -typedef struct Netscape_certificate_sequence - { +typedef struct Netscape_certificate_sequence { ASN1_OBJECT *type; STACK_OF(X509) *certs; - } NETSCAPE_CERT_SEQUENCE; +} NETSCAPE_CERT_SEQUENCE; -/* Unused (and iv length is wrong) -typedef struct CBCParameter_st - { - unsigned char iv[8]; - } CBC_PARAM; -*/ /* Password based encryption structure */ typedef struct PBEPARAM_st { -ASN1_OCTET_STRING *salt; -ASN1_INTEGER *iter; + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *iter; } PBEPARAM; /* Password based encryption V2 structures */ typedef struct PBE2PARAM_st { -X509_ALGOR *keyfunc; -X509_ALGOR *encryption; + X509_ALGOR *keyfunc; + X509_ALGOR *encryption; } PBE2PARAM; typedef struct PBKDF2PARAM_st { -ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */ -ASN1_INTEGER *iter; -ASN1_INTEGER *keylength; -X509_ALGOR *prf; + /* Usually OCTET STRING but could be anything */ + ASN1_TYPE *salt; + ASN1_INTEGER *iter; + ASN1_INTEGER *keylength; + X509_ALGOR *prf; } PBKDF2PARAM; - -/* PKCS#8 private key info structure */ - -struct pkcs8_priv_key_info_st { - ASN1_INTEGER *version; - X509_ALGOR *pkeyalg; - ASN1_OCTET_STRING *pkey; - STACK_OF(X509_ATTRIBUTE) *attributes; -}; - #ifdef __cplusplus } #endif @@ -596,9 +393,6 @@ struct pkcs8_priv_key_info_st { extern "C" { #endif -#define X509_EXT_PACK_UNKNOWN 1 -#define X509_EXT_PACK_STRING 2 - #define X509_extract_key(x) X509_get_pubkey(x) /*****/ #define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) #define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) @@ -606,6 +400,8 @@ extern "C" { int X509_CRL_up_ref(X509_CRL *x); int X509_CRL_get_signature_nid(const X509_CRL *crl); +int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); + const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); long X509_CRL_get_version(const X509_CRL *crl); const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); @@ -634,10 +430,7 @@ void X509_CRL_METHOD_free(X509_CRL_METHOD *m); void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); void *X509_CRL_get_meth_data(X509_CRL *crl); -/* This one is only used so that a binary form can output, as in - * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */ -#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) - +X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); const char *X509_verify_cert_error_string(long n); @@ -837,6 +630,11 @@ void X509_SIG_free(X509_SIG *a); X509_SIG *d2i_X509_SIG(X509_SIG **a, const unsigned char **in, long len); int i2d_X509_SIG(X509_SIG *a, unsigned char **out); extern const ASN1_ITEM X509_SIG_it; +void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, + const ASN1_OCTET_STRING **pdigest); +void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, + ASN1_OCTET_STRING **pdigest); + X509_REQ_INFO *X509_REQ_INFO_new(void); void X509_REQ_INFO_free(X509_REQ_INFO *a); X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a, const unsigned char **in, long len); @@ -895,18 +693,15 @@ X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, const unsigned char **in, lo int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **out); extern const ASN1_ITEM X509_CERT_AUX_it; -X509_CERT_PAIR *X509_CERT_PAIR_new(void); -void X509_CERT_PAIR_free(X509_CERT_PAIR *a); -X509_CERT_PAIR *d2i_X509_CERT_PAIR(X509_CERT_PAIR **a, const unsigned char **in, long len); -int i2d_X509_CERT_PAIR(X509_CERT_PAIR *a, unsigned char **out); -extern const ASN1_ITEM X509_CERT_PAIR_it; - int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int X509_set_ex_data(X509 *r, int idx, void *arg); void *X509_get_ex_data(X509 *r, int idx); int i2d_X509_AUX(X509 *a,unsigned char **pp); X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length); + +int i2d_re_X509_tbs(X509 *x, unsigned char **pp); + void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x); int X509_get_signature_nid(const X509 *x); @@ -1019,6 +814,8 @@ int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); X509_NAME *X509_REQ_get_subject_name(const X509_REQ *x); int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); +int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); +EVP_PKEY * X509_REQ_get0_pubkey(X509_REQ *req); int X509_REQ_extension_nid(int nid); int * X509_REQ_get_extension_nids(void); void X509_REQ_set_extension_nids(int *nids); @@ -1339,10 +1136,6 @@ int X509_TRUST_get_trust(const X509_TRUST *xp); int X509_up_ref(X509 *x); STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_X509_strings(void); /* Error codes for the X509 functions. */ @@ -1408,6 +1201,7 @@ void ERR_load_X509_strings(void); #define X509_R_LOADING_CERT_DIR 103 #define X509_R_LOADING_DEFAULTS 104 #define X509_R_METHOD_NOT_SUPPORTED 124 +#define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 136 #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 #define X509_R_PUBLIC_KEY_DECODE_ERROR 125 #define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 diff --git a/include/openssl/x509_verify.h b/include/openssl/x509_verify.h index a097404f..d8d2cb0b 100644 --- a/include/openssl/x509_verify.h +++ b/include/openssl/x509_verify.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_verify.h,v 1.1 2020/09/13 15:06:17 beck Exp $ */ +/* $OpenBSD: x509_verify.h,v 1.2 2021/11/04 23:52:34 beck Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -19,6 +19,7 @@ #ifdef LIBRESSL_INTERNAL struct x509_verify_ctx; +struct x509_verify_cert_info; typedef struct x509_verify_ctx X509_VERIFY_CTX; X509_VERIFY_CTX *x509_verify_ctx_new(STACK_OF(X509) *roots); diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 57189b9d..98b1cf5e 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -1,25 +1,25 @@ -/* $OpenBSD: x509_vfy.h,v 1.32 2021/02/24 18:01:31 tb Exp $ */ +/* $OpenBSD: x509_vfy.h,v 1.54 2022/07/07 13:01:28 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -77,197 +77,40 @@ extern "C" { #endif -typedef struct x509_file_st - { - int num_paths; /* number of paths to files or directories */ - int num_alloced; - char **paths; /* the list of paths or directories */ - int *path_type; - } X509_CERT_FILE_CTX; - -/*******************************/ /* -SSL_CTX -> X509_STORE - -> X509_LOOKUP - ->X509_LOOKUP_METHOD - -> X509_LOOKUP - ->X509_LOOKUP_METHOD - -SSL -> X509_STORE_CTX - ->X509_STORE - -The X509_STORE holds the tables etc for verification stuff. -A X509_STORE_CTX is used while validating a single certificate. -The X509_STORE has X509_LOOKUPs for looking up certs. -The X509_STORE then calls a function to actually verify the -certificate chain. -*/ - -#define X509_LU_RETRY -1 -#define X509_LU_FAIL 0 -#define X509_LU_X509 1 -#define X509_LU_CRL 2 -#define X509_LU_PKEY 3 - -typedef struct x509_object_st - { - /* one of the above types */ - int type; - union { - char *ptr; - X509 *x509; - X509_CRL *crl; - EVP_PKEY *pkey; - } data; - } X509_OBJECT; - -typedef struct x509_lookup_st X509_LOOKUP; + * SSL_CTX -> X509_STORE + * -> X509_LOOKUP + * ->X509_LOOKUP_METHOD + * -> X509_LOOKUP + * ->X509_LOOKUP_METHOD + * + * SSL -> X509_STORE_CTX + * ->X509_STORE + * + * The X509_STORE holds the tables etc for verification stuff. + * A X509_STORE_CTX is used while validating a single certificate. + * The X509_STORE has X509_LOOKUPs for looking up certs. + * The X509_STORE then calls a function to actually verify the + * certificate chain. + */ + +typedef enum { + X509_LU_NONE, + X509_LU_X509, + X509_LU_CRL, +} X509_LOOKUP_TYPE; + DECLARE_STACK_OF(X509_LOOKUP) DECLARE_STACK_OF(X509_OBJECT) +DECLARE_STACK_OF(X509_VERIFY_PARAM) -/* This is a static that defines the function interface */ -typedef struct x509_lookup_method_st - { - const char *name; - int (*new_item)(X509_LOOKUP *ctx); - void (*free)(X509_LOOKUP *ctx); - int (*init)(X509_LOOKUP *ctx); - int (*shutdown)(X509_LOOKUP *ctx); - int (*ctrl)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret); - int (*get_by_subject)(X509_LOOKUP *ctx, int type, X509_NAME *name, - X509_OBJECT *ret); - int (*get_by_issuer_serial)(X509_LOOKUP *ctx, int type, X509_NAME *name, - ASN1_INTEGER *serial,X509_OBJECT *ret); - int (*get_by_fingerprint)(X509_LOOKUP *ctx, int type, - const unsigned char *bytes, int len, X509_OBJECT *ret); - int (*get_by_alias)(X509_LOOKUP *ctx, int type, const char *str, - int len, X509_OBJECT *ret); - } X509_LOOKUP_METHOD; - +/* unused in OpenSSL */ typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID; -/* This structure hold all parameters associated with a verify operation - * by including an X509_VERIFY_PARAM structure in related structures the - * parameters used can be customized - */ - -typedef struct X509_VERIFY_PARAM_st - { - char *name; - time_t check_time; /* Time to use */ - unsigned long inh_flags; /* Inheritance flags */ - unsigned long flags; /* Various verify flags */ - int purpose; /* purpose to check untrusted certificates */ - int trust; /* trust setting to check */ - int depth; /* Verify depth */ - STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ - X509_VERIFY_PARAM_ID *id; /* opaque ID data */ -} X509_VERIFY_PARAM; - -DECLARE_STACK_OF(X509_VERIFY_PARAM) - -/* This is used to hold everything. It is used for all certificate - * validation. Once we have a certificate chain, the 'verify' - * function is then called to actually check the cert chain. */ -struct x509_store_st - { - /* The following is a cache of trusted certs */ - int cache; /* if true, stash any hits */ - STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ - - /* These are external lookup methods */ - STACK_OF(X509_LOOKUP) *get_cert_methods; - - X509_VERIFY_PARAM *param; - - /* Callbacks for various operations */ - int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ - int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ - int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ - int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ - int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ - int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ - int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ - int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ - STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm); - STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); - int (*cleanup)(X509_STORE_CTX *ctx); - - CRYPTO_EX_DATA ex_data; - int references; - } /* X509_STORE */; int X509_STORE_set_depth(X509_STORE *store, int depth); -#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) -#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) - -/* This is the functions plus an instance of the local variables. */ -struct x509_lookup_st - { - int init; /* have we been started */ - int skip; /* don't use us. */ - X509_LOOKUP_METHOD *method; /* the functions */ - char *method_data; /* method data */ - - X509_STORE *store_ctx; /* who owns us */ - } /* X509_LOOKUP */; - -/* This is a used when verifying cert chains. Since the - * gathering of the cert chain can take some time (and have to be - * 'retried', this needs to be kept and passed around. */ -struct x509_store_ctx_st /* X509_STORE_CTX */ - { - X509_STORE *ctx; - int current_method; /* used when looking up certs */ - - /* The following are set by the caller */ - X509 *cert; /* The cert to check */ - STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ - STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */ - - X509_VERIFY_PARAM *param; - void *other_ctx; /* Other info for use with get_issuer() */ - - /* Callbacks for various operations */ - int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ - int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ - int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ - int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ - int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ - int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ - int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ - int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ - int (*check_policy)(X509_STORE_CTX *ctx); - STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm); - STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); - int (*cleanup)(X509_STORE_CTX *ctx); - - /* The following is built up */ - int valid; /* if 0, rebuild chain */ - int last_untrusted; /* XXX: number of untrusted certs in chain!!! */ - STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */ - X509_POLICY_TREE *tree; /* Valid policy tree */ - - int explicit_policy; /* Require explicit policy value */ - - /* When something goes wrong, this is why */ - int error_depth; - int error; - X509 *current_cert; - X509 *current_issuer; /* cert currently being tested as valid issuer */ - X509_CRL *current_crl; /* current CRL */ - - int current_crl_score; /* score of current CRL */ - unsigned int current_reasons; /* Reason mask */ - - X509_STORE_CTX *parent; /* For CRL path validation: parent context */ - - CRYPTO_EX_DATA ex_data; - } /* X509_STORE_CTX */; - void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); #define X509_STORE_CTX_set_app_data(ctx,data) \ @@ -362,6 +205,11 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); /* Issuer lookup error */ #define X509_V_ERR_STORE_LOOKUP 66 +/* Security level errors */ +#define X509_V_ERR_EE_KEY_TOO_SMALL 67 +#define X509_V_ERR_CA_KEY_TOO_SMALL 68 +#define X509_V_ERR_CA_MD_TOO_WEAK 69 + /* Certificate verify flags */ /* Send issuer+subject checks to verify_cb */ @@ -422,21 +270,23 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); | X509_V_FLAG_INHIBIT_ANY \ | X509_V_FLAG_INHIBIT_MAP) -int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, +X509_OBJECT *X509_OBJECT_new(void); +void X509_OBJECT_free(X509_OBJECT *a); +int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, X509_NAME *name); -X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, + X509_LOOKUP_TYPE type, X509_NAME *name); X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x); int X509_OBJECT_up_ref_count(X509_OBJECT *a); -int X509_OBJECT_get_type(const X509_OBJECT *a); -void X509_OBJECT_free_contents(X509_OBJECT *a); +X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); X509 *X509_OBJECT_get0_X509(const X509_OBJECT *xo); X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *xo); X509_STORE *X509_STORE_new(void); void X509_STORE_free(X509_STORE *v); int X509_STORE_up_ref(X509_STORE *x); -STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); -STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *xs); void *X509_STORE_get_ex_data(X509_STORE *xs, int idx); int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data); @@ -451,8 +301,14 @@ int X509_STORE_set_trust(X509_STORE *ctx, int trust); int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); +typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); + +X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *); + void X509_STORE_set_verify_cb(X509_STORE *ctx, - int (*verify_cb)(int, X509_STORE_CTX *)); + int (*verify_cb)(int, X509_STORE_CTX *)); +#define X509_STORE_set_verify_cb_func(ctx, func) \ + X509_STORE_set_verify_cb((ctx), (func)) X509_STORE_CTX *X509_STORE_CTX_new(void); @@ -479,8 +335,11 @@ X509_LOOKUP_METHOD *X509_LOOKUP_mem(void); int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); -int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name, - X509_OBJECT *ret); +int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); +#define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject +X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, + X509_LOOKUP_TYPE type, X509_NAME *name); int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); @@ -493,17 +352,17 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); void X509_LOOKUP_free(X509_LOOKUP *ctx); int X509_LOOKUP_init(X509_LOOKUP *ctx); -int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, - X509_OBJECT *ret); -int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, - ASN1_INTEGER *serial, X509_OBJECT *ret); -int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, - const unsigned char *bytes, int len, X509_OBJECT *ret); -int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, const char *str, - int len, X509_OBJECT *ret); +int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); +int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, ASN1_INTEGER *serial, X509_OBJECT *ret); +int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const unsigned char *bytes, int len, X509_OBJECT *ret); +int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const char *str, int len, X509_OBJECT *ret); int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); -int X509_STORE_load_locations (X509_STORE *ctx, +int X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *dir); int X509_STORE_load_mem(X509_STORE *ctx, void *buf, int len); int X509_STORE_set_default_paths(X509_STORE *ctx); @@ -515,7 +374,9 @@ void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx); int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); @@ -531,11 +392,24 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t); +void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +int (*X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx))(X509_STORE_CTX *); +void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, + int (*verify)(X509_STORE_CTX *)); +int (*X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx))(int, X509_STORE_CTX *); void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, int (*verify_cb)(int, X509_STORE_CTX *)); - + +typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); + +void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx); +#define X509_STORE_set_verify_func(ctx, func) \ + X509_STORE_set_verify((ctx), (func)) + X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); @@ -547,7 +421,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, const X509_VERIFY_PARAM *from); -int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, +int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, const X509_VERIFY_PARAM *from); int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags); @@ -557,10 +431,12 @@ unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level); +time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy); -int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, +int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, STACK_OF(ASN1_OBJECT) *policies); int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, const char *name, diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index abe93077..2bc87f60 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.5 2021/09/02 13:48:39 job Exp $ */ +/* $OpenBSD: x509v3.h,v 1.15 2022/07/12 14:42:50 kn Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -206,8 +206,6 @@ union { } d; } GENERAL_NAME; -typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; - typedef struct ACCESS_DESCRIPTION_st { ASN1_OBJECT *method; GENERAL_NAME *location; @@ -219,6 +217,9 @@ typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; DECLARE_STACK_OF(GENERAL_NAME) +typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; +DECLARE_STACK_OF(GENERAL_NAMES) + DECLARE_STACK_OF(ACCESS_DESCRIPTION) typedef struct DIST_POINT_NAME_st { @@ -446,7 +447,7 @@ struct ISSUING_DIST_POINT_st #define NS_OBJSIGN_CA 0x01 #define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) -#define XKU_SSL_SERVER 0x1 +#define XKU_SSL_SERVER 0x1 #define XKU_SSL_CLIENT 0x2 #define XKU_SMIME 0x4 #define XKU_CODE_SIGN 0x8 @@ -454,6 +455,7 @@ struct ISSUING_DIST_POINT_st #define XKU_OCSP_SIGN 0x20 #define XKU_TIMESTAMP 0x40 #define XKU_DVCS 0x80 +#define XKU_ANYEKU 0x100 #define X509_PURPOSE_DYNAMIC 0x1 #define X509_PURPOSE_DYNAMIC_NAME 0x2 @@ -770,7 +772,6 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit char *hex_to_string(const unsigned char *buffer, long len); unsigned char *string_to_hex(const char *str, long *len); -int name_cmp(const char *name, const char *cmp); void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml); @@ -798,6 +799,9 @@ char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); void X509_PURPOSE_cleanup(void); int X509_PURPOSE_get_id(const X509_PURPOSE *); +uint32_t X509_get_extension_flags(X509 *x); +uint32_t X509_get_key_usage(X509 *x); +uint32_t X509_get_extended_key_usage(X509 *x); STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); @@ -842,39 +846,40 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); DECLARE_STACK_OF(X509_POLICY_NODE) -#if defined(LIBRESSL_INTERNAL) #ifndef OPENSSL_NO_RFC3779 typedef struct ASRange_st { - ASN1_INTEGER *min, *max; + ASN1_INTEGER *min; + ASN1_INTEGER *max; } ASRange; -# define ASIdOrRange_id 0 -# define ASIdOrRange_range 1 +#define ASIdOrRange_id 0 +#define ASIdOrRange_range 1 typedef struct ASIdOrRange_st { - int type; - union { - ASN1_INTEGER *id; - ASRange *range; - } u; + int type; + union { + ASN1_INTEGER *id; + ASRange *range; + } u; } ASIdOrRange; typedef STACK_OF(ASIdOrRange) ASIdOrRanges; DECLARE_STACK_OF(ASIdOrRange) -# define ASIdentifierChoice_inherit 0 -# define ASIdentifierChoice_asIdsOrRanges 1 +#define ASIdentifierChoice_inherit 0 +#define ASIdentifierChoice_asIdsOrRanges 1 typedef struct ASIdentifierChoice_st { - int type; - union { - ASN1_NULL *inherit; - ASIdOrRanges *asIdsOrRanges; - } u; + int type; + union { + ASN1_NULL *inherit; + ASIdOrRanges *asIdsOrRanges; + } u; } ASIdentifierChoice; typedef struct ASIdentifiers_st { - ASIdentifierChoice *asnum, *rdi; + ASIdentifierChoice *asnum; + ASIdentifierChoice *rdi; } ASIdentifiers; ASRange *ASRange_new(void); @@ -905,37 +910,38 @@ int i2d_ASIdentifiers(ASIdentifiers *a, unsigned char **out); extern const ASN1_ITEM ASIdentifiers_it; typedef struct IPAddressRange_st { - ASN1_BIT_STRING *min, *max; + ASN1_BIT_STRING *min; + ASN1_BIT_STRING *max; } IPAddressRange; -# define IPAddressOrRange_addressPrefix 0 -# define IPAddressOrRange_addressRange 1 +#define IPAddressOrRange_addressPrefix 0 +#define IPAddressOrRange_addressRange 1 typedef struct IPAddressOrRange_st { - int type; - union { - ASN1_BIT_STRING *addressPrefix; - IPAddressRange *addressRange; - } u; + int type; + union { + ASN1_BIT_STRING *addressPrefix; + IPAddressRange *addressRange; + } u; } IPAddressOrRange; typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; DECLARE_STACK_OF(IPAddressOrRange) -# define IPAddressChoice_inherit 0 -# define IPAddressChoice_addressesOrRanges 1 +#define IPAddressChoice_inherit 0 +#define IPAddressChoice_addressesOrRanges 1 typedef struct IPAddressChoice_st { - int type; - union { - ASN1_NULL *inherit; - IPAddressOrRanges *addressesOrRanges; - } u; + int type; + union { + ASN1_NULL *inherit; + IPAddressOrRanges *addressesOrRanges; + } u; } IPAddressChoice; typedef struct IPAddressFamily_st { - ASN1_OCTET_STRING *addressFamily; - IPAddressChoice *ipAddressChoice; + ASN1_OCTET_STRING *addressFamily; + IPAddressChoice *ipAddressChoice; } IPAddressFamily; typedef STACK_OF(IPAddressFamily) IPAddrBlocks; @@ -972,8 +978,8 @@ extern const ASN1_ITEM IPAddressFamily_it; /* * API tag for elements of the ASIdentifer SEQUENCE. */ -# define V3_ASID_ASNUM 0 -# define V3_ASID_RDI 1 +#define V3_ASID_ASNUM 0 +#define V3_ASID_RDI 1 /* * AFI values, assigned by IANA. It'd be nice to make the AFI @@ -981,8 +987,9 @@ extern const ASN1_ITEM IPAddressFamily_it; * that would need to be defined for other address families for it to * be worth the trouble. */ -# define IANA_AFI_IPV4 1 -# define IANA_AFI_IPV6 2 +#define IANA_AFI_IPV4 1 +#define IANA_AFI_IPV6 2 + /* * Utilities to construct and extract values from RFC3779 extensions, * since some of the encodings (particularly for IP address prefixes @@ -990,19 +997,17 @@ extern const ASN1_ITEM IPAddressFamily_it; */ int X509v3_asid_add_inherit(ASIdentifiers *asid, int which); int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, - ASN1_INTEGER *min, ASN1_INTEGER *max); -int X509v3_addr_add_inherit(IPAddrBlocks *addr, - const unsigned afi, const unsigned *safi); -int X509v3_addr_add_prefix(IPAddrBlocks *addr, - const unsigned afi, const unsigned *safi, - unsigned char *a, const int prefixlen); -int X509v3_addr_add_range(IPAddrBlocks *addr, - const unsigned afi, const unsigned *safi, - unsigned char *min, unsigned char *max); + ASN1_INTEGER *min, ASN1_INTEGER *max); +int X509v3_addr_add_inherit(IPAddrBlocks *addr, const unsigned afi, + const unsigned *safi); +int X509v3_addr_add_prefix(IPAddrBlocks *addr, const unsigned afi, + const unsigned *safi, unsigned char *a, const int prefixlen); +int X509v3_addr_add_range(IPAddrBlocks *addr, const unsigned afi, + const unsigned *safi, unsigned char *min, unsigned char *max); unsigned X509v3_addr_get_afi(const IPAddressFamily *f); int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, - unsigned char *min, unsigned char *max, - const int length); + unsigned char *min, unsigned char *max, const int length); + /* * Canonical forms. */ @@ -1024,19 +1029,13 @@ int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); */ int X509v3_asid_validate_path(X509_STORE_CTX *); int X509v3_addr_validate_path(X509_STORE_CTX *); -int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, - ASIdentifiers *ext, - int allow_inheritance); -int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, - IPAddrBlocks *ext, int allow_inheritance); +int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, ASIdentifiers *ext, + int allow_inheritance); +int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext, + int allow_inheritance); -#endif /* OPENSSL_NO_RFC3779 */ -#endif +#endif /* !OPENSSL_NO_RFC3779 */ -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_X509V3_strings(void); /* Error codes for the X509V3 functions. */ diff --git a/include/tls.h b/include/tls.h index de6d257c..0c9e497e 100644 --- a/include/tls.h +++ b/include/tls.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.h,v 1.58 2020/01/22 06:44:02 beck Exp $ */ +/* $OpenBSD: tls.h,v 1.62 2022/03/24 15:56:34 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing * diff --git a/m4/check-hardening-options.m4 b/m4/check-hardening-options.m4 index c8ab12ea..4b5784b6 100644 --- a/m4/check-hardening-options.m4 +++ b/m4/check-hardening-options.m4 @@ -4,16 +4,13 @@ AC_DEFUN([CHECK_CFLAG], [ AC_MSG_CHECKING([if $saved_CC supports "$1"]) old_cflags="$CFLAGS" CFLAGS="$1 -Wall -Werror" - AC_TRY_LINK([ - #include - ], - [printf("Hello")], - AC_MSG_RESULT([yes]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[printf("Hello")]])], + [AC_MSG_RESULT([yes]) CFLAGS=$old_cflags - HARDEN_CFLAGS="$HARDEN_CFLAGS $1", - AC_MSG_RESULT([no]) + HARDEN_CFLAGS="$HARDEN_CFLAGS $1"], + [AC_MSG_RESULT([no]) CFLAGS=$old_cflags - [$2]) + [$2]]) ]) AC_DEFUN([CHECK_LDFLAG], [ @@ -21,16 +18,13 @@ AC_DEFUN([CHECK_LDFLAG], [ AC_MSG_CHECKING([if $saved_LD supports "$1"]) old_ldflags="$LDFLAGS" LDFLAGS="$1 -Wall -Werror" - AC_TRY_LINK([ - #include - ], - [printf("Hello")], - AC_MSG_RESULT([yes]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[printf("Hello")]])], + [AC_MSG_RESULT([yes]) LDFLAGS=$old_ldflags - HARDEN_LDFLAGS="$HARDEN_LDFLAGS $1", - AC_MSG_RESULT([no]) + HARDEN_LDFLAGS="$HARDEN_LDFLAGS $1"], + [AC_MSG_RESULT([no]) LDFLAGS=$old_ldflags - [$2]) + [$2]]) ]) AC_DEFUN([DISABLE_AS_EXECUTABLE_STACK], [ diff --git a/m4/check-libc.m4 b/m4/check-libc.m4 index e511f6d0..68a4f88e 100644 --- a/m4/check-libc.m4 +++ b/m4/check-libc.m4 @@ -1,6 +1,11 @@ AC_DEFUN([CHECK_LIBC_COMPAT], [ # Check for libc headers -AC_CHECK_HEADERS([err.h readpassphrase.h]) +AC_CHECK_HEADERS([endian.h machine/endian.h err.h readpassphrase.h]) +AC_CHECK_HEADERS([netinet/ip.h], [], [], +[#include +#include +]) +AC_HEADER_RESOLV # Check for general libc functions AC_CHECK_FUNCS([asprintf freezero memmem]) AC_CHECK_FUNCS([readpassphrase reallocarray recallocarray]) @@ -9,10 +14,7 @@ AC_CHECK_FUNCS([timegm _mkgmtime timespecsub]) AC_CHECK_FUNCS([getprogname syslog syslog_r]) AC_CACHE_CHECK([for getpagesize], ac_cv_func_getpagesize, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[ -// Since Android NDK v16 getpagesize is defined as inline inside unistd.h -#ifdef __ANDROID__ -# include -#endif +#include ]], [[ getpagesize(); ]])], diff --git a/m4/check-os-options.m4 b/m4/check-os-options.m4 index 644bf714..bd389384 100644 --- a/m4/check-os-options.m4 +++ b/m4/check-os-options.m4 @@ -68,10 +68,15 @@ char buf[1]; getentropy(buf, 1); ;; *hpux*) HOST_OS=hpux; - if test "`echo $CC | cut -d ' ' -f 1`" = "gcc" ; then - CFLAGS="$CFLAGS -mlp64" - else - CFLAGS="-g -O2 +DD64 +Otype_safety=off $USER_CFLAGS" + if test "`echo $host_os | cut -c 1-4`" = "ia64" ; then + if test "`echo $CC | cut -d ' ' -f 1`" = "gcc" ; then + CFLAGS="$CFLAGS -mlp64" + else + CFLAGS="+DD64" + fi + fi + if ! test "`echo $CC | cut -d ' ' -f 1`" = "gcc" ; then + CFLAGS="-g -O2 +Otype_safety=off $CFLAGS $USER_CFLAGS" fi CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT" ;; @@ -118,7 +123,7 @@ char buf[1]; getentropy(buf, 1); HOST_OS=solaris HOST_ABI=elf CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP" - AC_SUBST([PLATFORM_LDADD], ['-ldl -lnsl -lsocket']) + AC_SUBST([PLATFORM_LDADD], ['-ldl -lmd -lnsl -lsocket']) ;; *) ;; esac diff --git a/man/ACCESS_DESCRIPTION_new.3 b/man/ACCESS_DESCRIPTION_new.3 index a53723fb..15156ffc 100644 --- a/man/ACCESS_DESCRIPTION_new.3 +++ b/man/ACCESS_DESCRIPTION_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ACCESS_DESCRIPTION_new.3,v 1.5 2019/06/06 01:06:58 schwarze Exp $ +.\" $OpenBSD: ACCESS_DESCRIPTION_new.3,v 1.6 2022/03/31 17:27:16 naddy Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: March 31 2022 $ .Dt ACCESS_DESCRIPTION_NEW 3 .Os .Sh NAME @@ -94,7 +94,7 @@ object, which is a and represents an ASN.1 .Vt AuthorityInfoAccessSyntax structure defined in RFC 5280 section 4.2.2.1. -If can be used for the authority information access extension of +It can be used for the authority information access extension of certificates and certificate revocation lists and for the subject information access extension of certificates. .Fn AUTHORITY_INFO_ACCESS_free diff --git a/man/ASN1_BIT_STRING_num_asc.3 b/man/ASN1_BIT_STRING_num_asc.3 new file mode 100644 index 00000000..3891ced8 --- /dev/null +++ b/man/ASN1_BIT_STRING_num_asc.3 @@ -0,0 +1,146 @@ +.\" $OpenBSD: ASN1_BIT_STRING_num_asc.3,v 1.1 2021/11/19 16:00:54 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 19 2021 $ +.Dt ASN1_BIT_STRING_NUM_ASC 3 +.Os +.Sh NAME +.Nm ASN1_BIT_STRING_num_asc , +.Nm ASN1_BIT_STRING_set_asc , +.Nm ASN1_BIT_STRING_name_print +.Nd names for individual bits +.Sh SYNOPSIS +.In openssl/asn1.h +.Bd -unfilled +typedef struct { + int bitnum; + const char *lname; + const char *sname; +} BIT_STRING_BITNAME; +.Ed +.Pp +.Ft int +.Fo ASN1_BIT_STRING_num_asc +.Fa "const char *name" +.Fa "BIT_STRING_BITNAME *table" +.Fc +.Ft int +.Fo ASN1_BIT_STRING_set_asc +.Fa "ASN1_BIT_STRING *bitstr" +.Fa "const char *name" +.Fa "int set" +.Fa "BIT_STRING_BITNAME *table" +.Fc +.Ft int +.Fo ASN1_BIT_STRING_name_print +.Fa "BIO *bio" +.Fa "ASN1_BIT_STRING *bitstr" +.Fa "BIT_STRING_BITNAME *table" +.Fa "int indent" +.Fc +.Sh DESCRIPTION +These functions provide access to individual bits of an ASN.1 BIT STRING +based on a +.Fa table +assigning names to individual bits. +The +.Fa table +is a variable-sized array. +Each element contains a long name +.Fa lname +and a short name +.Fa sname +for the bit with the bit number +.Fa bitnum . +The table needs to be terminated with a dummy element containing a +.Dv NULL +pointer in the +.Fa lname +field. +.Pp +.Fn ASN1_BIT_STRING_num_asc +retrieves the +.Fa bitnum +from the first element in the +.Fa table +where at least one of the names matches the +.Fa name +argument in the sense of +.Xr strcmp 3 . +That bit number can then be used for +.Xr ASN1_BIT_STRING_get_bit 3 . +.Pp +.Fn ASN1_BIT_STRING_set_asc +converts the +.Fa name +to a bit number using +.Fn ASN1_BIT_STRING_num_asc +and sets or clears that bit in +.Fa bitstr +according to the +.Fa set +argument, using +.Xr ASN1_BIT_STRING_set_bit 3 . +If +.Fa bitstr +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn ASN1_BIT_STRING_name_print +prints a single line of text to the given +.Fa BIO . +The line starts with +.Fa indent +space characters, contains the long names of the bit contained in the +.Fa table +that are set in +.Fa bitstr , +separated by commas, and ends with a newline character. +If any bits are set in +.Fa bitstr +that have no corresponding entries in the +.Fa table , +those bits are silently ignored and nothing is printed for them. +.Sh RETURN VALUES +.Fn ASN1_BIT_STRING_num_asc +returns a non-negative bit number or \-1 if the +.Fa name +is not found in the +.Fa table . +.Pp +.Fn ASN1_BIT_STRING_set_asc +returns 1 on success or 0 if the +.Fa name +is not found in the +.Fa table +or if memory allocation fails. +.Pp +.Fn ASN1_BIT_STRING_name_print +is intended to return 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr ASN1_BIT_STRING_new 3 , +.Xr ASN1_BIT_STRING_set 3 , +.Xr BIO_new 3 , +.Xr strcmp 3 +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.5 +and have been available since +.Ox 2.7 . +.Sh BUGS +.Fn ASN1_BIT_STRING_name_print +ignores all errors and always returns 1, +even if nothing or only part of the desired output was printed. diff --git a/man/ASN1_BIT_STRING_set.3 b/man/ASN1_BIT_STRING_set.3 new file mode 100644 index 00000000..5b18c1c4 --- /dev/null +++ b/man/ASN1_BIT_STRING_set.3 @@ -0,0 +1,179 @@ +.\" $OpenBSD: ASN1_BIT_STRING_set.3,v 1.2 2021/11/19 16:00:54 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 19 2021 $ +.Dt ASN1_BIT_STRING_SET 3 +.Os +.Sh NAME +.Nm ASN1_BIT_STRING_set , +.Nm ASN1_BIT_STRING_set_bit , +.Nm ASN1_BIT_STRING_get_bit , +.Nm ASN1_BIT_STRING_check +.Nd ASN.1 BIT STRING accessors +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft int +.Fo ASN1_BIT_STRING_set +.Fa "ASN1_BIT_STRING *bitstr" +.Fa "unsigned char *data" +.Fa "int len" +.Fc +.Ft int +.Fo ASN1_BIT_STRING_set_bit +.Fa "ASN1_BIT_STRING *bitstr" +.Fa "int bitnumber" +.Fa "int set" +.Fc +.Ft int +.Fo ASN1_BIT_STRING_get_bit +.Fa "ASN1_BIT_STRING *bitstr" +.Fa "int bitnumber" +.Fc +.Ft int +.Fo ASN1_BIT_STRING_check +.Fa "ASN1_BIT_STRING *bitstr" +.Fa "const unsigned char *goodbits" +.Fa "int goodbits_len" +.Fc +.Sh DESCRIPTION +.Fn ASN1_BIT_STRING_set +sets the length attribute of +.Fa bitstr +to +.Fa len +and copies that number of bytes from +.Fa data +into +.Fa bitstr , +overwriting any previous data, by merely calling +.Xr ASN1_STRING_set 3 . +This function does no validation whatsoever. +In particular, it neither checks that +.Fa bitstr +is actually of the type +.Dv V_ASN1_BIT_STRING +nor, even if it is, that the +.Fa data +and +.Fa len +arguments make sense for this particular bit string. +.Pp +If the +.Fa set +argument is non-zero, +.Fn ASN1_BIT_STRING_set_bit +sets the bit with the given +.Fa bitnumber +in the +.Fa bitstr ; +otherwise, it clears that bit. +A +.Fa bitnumber +of 0 addresses the most significant bit in the first data byte of +.Fa bitstr , +7 the least significant bit in the same byte, +8 the most significant bit in the second data byte, and so on. +.Pp +If setting a bit is requested beyond the last existing data byte, +additional bytes are added to the +.Fa bitstr +as needed. +After clearing a bit, any trailing NUL bytes are removed from the +.Fa bitstr . +.Pp +.Fn ASN1_BIT_STRING_get_bit +checks that the bit with the given +.Fa bitnumber +is set in +.Fa bitstr . +.Pp +.Fn ASN1_BIT_STRING_check +checks that all bits set in +.Fa bitstr +are also set in +.Fa goodbits . +Expressed symbolically, it evaluates: +.Pp +.D1 Po Fa bitstr No & Pf \(ti Fa goodbits Pc == 0 +.Pp +The buffer +.Fa goodbits +is expected to contain +.Fa goodbits_len +bytes. +.Sh RETURN VALUES +.Fn ASN1_BIT_STRING_set +returns 1 on success or 0 if memory allocation fails or if +.Fa data +is +.Dv NULL +and +.Fa len +is \-1 in the same call. +.Pp +.Fn ASN1_BIT_STRING_set_bit +returns 1 on success or 0 if +.Fa bitstr +is +.Dv NULL +or if memory allocation fails. +.Pp +.Fn ASN1_BIT_STRING_get_bit +returns 1 if the bit with the given +.Fa bitnumber +is set in the +.Fa bitstr +or 0 if +.Fa bitstr +is +.Dv NULL , +if +.Fa bitnumber +points beyond the last data byte in +.Fa bitstr , +or if the requested bit is not set. +.Pp +.Fn ASN1_BIT_STRING_check +returns 0 +if at least one bit is set in +.Fa bitstr +that is not set in +.Fa goodbits , +or 1 otherwise. +In particular, it returns 1 if +.Fa bitstr +is +.Dv NULL +or if no bit is set in +.Fa bitstr . +.Sh SEE ALSO +.Xr ASN1_BIT_STRING_new 3 , +.Xr ASN1_BIT_STRING_num_asc 3 , +.Xr ASN1_STRING_set 3 , +.Xr d2i_ASN1_BIT_STRING 3 +.Sh HISTORY +.Fn ASN1_BIT_STRING_set +first appeared in SSLeay 0.6.5. +.Fn ASN1_BIT_STRING_set_bit +and +.Fn ASN1_BIT_STRING_get_bit +first appeared in SSLeay 0.9.0. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn ASN1_BIT_STRING_check +first appeared in OpenSSL 1.0.0 and has have been available since +.Ox 4.9 . diff --git a/man/ASN1_INTEGER_get.3 b/man/ASN1_INTEGER_get.3 index 72342ec1..b7737393 100644 --- a/man/ASN1_INTEGER_get.3 +++ b/man/ASN1_INTEGER_get.3 @@ -1,11 +1,11 @@ -.\" $OpenBSD: ASN1_INTEGER_get.3,v 1.3 2019/08/26 12:45:27 schwarze Exp $ +.\" $OpenBSD: ASN1_INTEGER_get.3,v 1.6 2022/07/09 13:13:34 schwarze Exp $ .\" selective merge up to: -.\" OpenSSL man3/ASN1_INTEGER_get_int64 df75c2bf Dec 9 01:02:36 2018 +0100 +.\" OpenSSL man3/ASN1_INTEGER_get_int64 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" -.\" Copyright (c) 2018, 2019 Ingo Schwarze +.\" Copyright (c) 2018, 2021, 2022 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -66,31 +66,67 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 26 2019 $ +.Dd $Mdocdate: July 9 2022 $ .Dt ASN1_INTEGER_GET 3 .Os .Sh NAME +.Nm ASN1_INTEGER_get_uint64 , +.Nm ASN1_INTEGER_get_int64 , .Nm ASN1_INTEGER_get , +.Nm ASN1_INTEGER_set_uint64 , +.Nm ASN1_INTEGER_set_int64 , .Nm ASN1_INTEGER_set , +.Nm ASN1_INTEGER_cmp , +.Nm ASN1_INTEGER_dup , .Nm BN_to_ASN1_INTEGER , .Nm ASN1_INTEGER_to_BN , -.Nm i2a_ASN1_INTEGER , +.Nm ASN1_ENUMERATED_get_int64 , .Nm ASN1_ENUMERATED_get , +.Nm ASN1_ENUMERATED_set_int64 , .Nm ASN1_ENUMERATED_set , .Nm BN_to_ASN1_ENUMERATED , .Nm ASN1_ENUMERATED_to_BN .Nd ASN.1 INTEGER and ENUMERATED utilities .Sh SYNOPSIS .In openssl/asn1.h +.Ft int +.Fo ASN1_INTEGER_get_uint64 +.Fa "uint64_t *out_val" +.Fa "const ASN1_INTEGER *a" +.Fc +.Ft int +.Fo ASN1_INTEGER_get_int64 +.Fa "int64_t *out_val" +.Fa "const ASN1_INTEGER *a" +.Fc .Ft long .Fo ASN1_INTEGER_get .Fa "const ASN1_INTEGER *a" .Fc .Ft int +.Fo ASN1_INTEGER_set_uint64 +.Fa "ASN1_INTEGER *a" +.Fa "uint64_t v" +.Fc +.Ft int +.Fo ASN1_INTEGER_set_int64 +.Fa "ASN1_INTEGER *a" +.Fa "int64_t v"; +.Fc +.Ft int .Fo ASN1_INTEGER_set .Fa "ASN1_INTEGER *a" .Fa "long v" .Fc +.Ft int +.Fo ASN1_INTEGER_cmp +.Fa "const ASN1_INTEGER *a1" +.Fa "const ASN1_INTEGER *a2" +.Fc +.Ft ASN1_INTEGER * +.Fo ASN1_INTEGER_dup +.Fa "const ASN1_INTEGER *a" +.Fc .Ft ASN1_INTEGER * .Fo BN_to_ASN1_INTEGER .Fa "const BIGNUM *bn" @@ -102,15 +138,20 @@ .Fa "BIGNUM *bn" .Fc .Ft int -.Fo i2a_ASN1_INTEGER -.Fa "BIO *out_bio" -.Fa "const ASN1_INTEGER *a" +.Fo ASN1_ENUMERATED_get_int64 +.Fa "int64_t *out_val" +.Fa "const ASN1_ENUMERATED *a" .Fc .Ft long .Fo ASN1_ENUMERATED_get .Fa "const ASN1_ENUMERATED *a" .Fc .Ft int +.Fo ASN1_ENUMERATED_set_int64 +.Fa "ASN1_ENUMERATED *a" +.Fa "int64_t v" +.Fc +.Ft int .Fo ASN1_ENUMERATED_set .Fa "ASN1_ENUMERATED *a" .Fa "long v" @@ -132,6 +173,16 @@ and .Vt ASN1_ENUMERATED objects. .Pp +.Fn ASN1_INTEGER_get_uint64 +and +.Fn ASN1_INTEGER_get_int64 +store the value of +.Fa a +in +.Pf * Fa out_val +if successful. +.Pp +The deprecated function .Fn ASN1_INTEGER_get converts .Fa a @@ -139,12 +190,39 @@ to the .Vt long type. .Pp +.Fn ASN1_INTEGER_set_uint64 , +.Fn ASN1_INTEGER_set_int64 , +and .Fn ASN1_INTEGER_set -sets the value of +set the type of +.Fa a +to +.Dv V_ASN1_INTEGER +or +.Dv V_ASN1_NEG_INTEGER +depending on the sign of +.Fa v +and set the value of .Fa a to .Fa v . .Pp +.Fn ASN1_INTEGER_cmp +compares the signed integer numbers represented by +.Fa a1 +and +.Fa a2 . +.Pp +.Fn ASN1_INTEGER_dup +does exactly the same as +.Xr ASN1_STRING_dup 3 +without providing any type safety, +except that it fails if the +.Xr ASN1_STRING_length 3 +of +.Fa a +is 0. +.Pp .Fn BN_to_ASN1_INTEGER converts .Fa bn @@ -177,17 +255,9 @@ Otherwise, the existing object .Fa bn is used instead. .Pp -.Fn i2a_ASN1_INTEGER -writes a hexadecimal representation of -.Fa a -to -.Fa out_bio . -The output optionally starts with a minus sign, -followed by an even number of upper case ASCII hexadecimal digits. -After each group of 70 digits, a backslash and a linefeed -are inserted before the next digit. -.Pp +.Fn ASN1_ENUMERATED_get_int64 , .Fn ASN1_ENUMERATED_get , +.Fn ASN1_ENUMERATED_set_int64 , .Fn ASN1_ENUMERATED_set , .Fn BN_to_ASN1_ENUMERATED , and @@ -198,6 +268,26 @@ counterparts except that they operate on an .Vt ASN1_ENUMERATED object. .Sh RETURN VALUES +.Fn ASN1_INTEGER_get_uint64 +returns 1 in case of success or 0 if +.Fa a +is not of the type +.Dv V_ASN1_INTEGER +or greater than +.Dv UINT64_MAX . +.Pp +.Fn ASN1_INTEGER_get_int64 +returns 1 in case of success or 0 if +.Fa a +is not of the type +.Dv V_ASN1_INTEGER +or +.Dv V_ASN1_NEG_INTEGER , +less than +.Dv INT64_MIN , +or greater than +.Dv INT64_MAX . +.Pp .Fn ASN1_INTEGER_get and .Fn ASN1_ENUMERATED_get @@ -209,12 +299,37 @@ or \-1 on error, which is ambiguous because \-1 is a legitimate value for an .Vt ASN1_INTEGER . .Pp -.Fn ASN1_INTEGER_set +.Fn ASN1_INTEGER_set_uint64 , +.Fn ASN1_INTEGER_set_int64 , +.Fn ASN1_INTEGER_set , +.Fn ASN1_ENUMERATED_set_int64 , and .Fn ASN1_ENUMERATED_set return 1 for success or 0 for failure. They only fail if a memory allocation error occurs. .Pp +.Fn ASN1_INTEGER_cmp +returns a value greater than, equal to, or less than 0 +if the signed integer number represented by +.Fa a1 +is greater than, equal to, or less than +the signed integer number represented by +.Fa a2 , +respectively. +.Pp +.Fn ASN1_INTEGER_dup +returns a pointer to a newly allocated +.Vt ASN1_STRING +structure or +.Dv NULL +if +.Fa a +is a +.Dv NULL +pointer, if the length of +.Fa a +is 0, or if memory allocation fails. +.Pp .Fn BN_to_ASN1_INTEGER and .Fn BN_to_ASN1_ENUMERATED @@ -237,28 +352,21 @@ object of if an error occurs. They can fail if the passed type is incorrect (due to a programming error) or due to memory allocation failures. -.Pp -In case of success, -.Fn i2a_ASN1_INTEGER -returns the total number of bytes written, which is at least 2. -It returns 0 if -.Fa a -is -.Dv NULL -or -1 if -.Xr BIO_write 3 -fails. .Sh SEE ALSO -.Xr ASN1_INTEGER_new 3 +.Xr ASN1_INTEGER_new 3 , +.Xr ASN1_STRING_length 3 .Sh HISTORY .Fn ASN1_INTEGER_set first appeared in SSLeay 0.5.1. .Fn ASN1_INTEGER_get , .Fn BN_to_ASN1_INTEGER , -.Fn ASN1_INTEGER_to_BN , and -.Fn i2a_ASN1_INTEGER +.Fn ASN1_INTEGER_to_BN first appeared in SSLeay 0.6.0. +.Fn ASN1_INTEGER_cmp +and +.Fn ASN1_INTEGER_dup +first appeared in SSLeay 0.6.5. These functions have been available since .Ox 2.3 . .Pp @@ -269,6 +377,16 @@ and .Fn ASN1_ENUMERATED_to_BN first appeared in OpenSSL 0.9.2b and have been available since .Ox 2.6 . +.Pp +.Fn ASN1_INTEGER_get_uint64 , +.Fn ASN1_INTEGER_get_int64 , +.Fn ASN1_INTEGER_set_uint64 , +.Fn ASN1_INTEGER_set_int64 , +.Fn ASN1_ENUMERATED_get_int64 , +and +.Fn ASN1_ENUMERATED_set_int64 +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 7.2 . .Sh CAVEATS In general an .Vt ASN1_INTEGER @@ -283,3 +401,28 @@ The ambiguous return values of and .Fn ASN1_ENUMERATED_get imply that these functions should be avoided if possible. +.Sh BUGS +.Fn ASN1_INTEGER_cmp , +.Fn ASN1_INTEGER_dup , +and +.Fn ASN1_INTEGER_to_BN +do not check whether their arguments are really of the type +.Dv V_ASN1_INTEGER +or +.Dv V_ASN1_NEG_INTEGER . +They may report success even if their arguments are of a wrong type. +Consequently, even in case of success, the return value of +.Fn ASN1_INTEGER_dup +is not guaranteed to be of the type +.Dv V_ASN1_INTEGER +or +.Dv V_ASN1_NEG_INTEGER +either. +.Pp +Similarly, +.Fn ASN1_ENUMERATED_to_BN +does not check whether its argument is really of the type +.Dv V_ASN1_ENUMERATED +or +.Dv V_ASN1_NEG_ENUMERATED +and may report success even if the argument is of a wrong type. diff --git a/man/ASN1_NULL_new.3 b/man/ASN1_NULL_new.3 new file mode 100644 index 00000000..b4d2428e --- /dev/null +++ b/man/ASN1_NULL_new.3 @@ -0,0 +1,66 @@ +.\" $OpenBSD: ASN1_NULL_new.3,v 1.3 2021/12/09 18:42:35 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: December 9 2021 $ +.Dt ASN1_NULL_NEW 3 +.Os +.Sh NAME +.Nm ASN1_NULL_new , +.Nm ASN1_NULL_free +.Nd ASN.1 NULL value +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft ASN1_NULL * +.Fn ASN1_NULL_new void +.Ft void +.Fn ASN1_NULL_free "ASN1_NULL *val_in" +.Sh DESCRIPTION +.Fn ASN1_NULL_new +returns a specific invalid pointer that represents the ASN.1 NULL value, +which is the only possible value of the ASN.1 NULL type. +That pointer is different from a +.Dv NULL +pointer. +Dereferencing it almost certainly results in a segmentation fault. +This function does not allocate memory and cannot fail. +.Pp +.Fn ASN1_NULL_free +has no effect whatsoever. +In particular, it ignores the +.Fa val_in +argument and does not free any memory. +In normal use, application programs only pass the invalid pointer +obtained from +.Fn ASN1_NULL_new +to this function. +But even if a valid pointer is passed, that pointer does not become invalid. +.Pp +The ASN.1 NULL type is also represented by the +.Dv V_ASN1_NULL +type identifier constant. +.Sh SEE ALSO +.Xr ASN1_item_new 3 , +.Xr d2i_ASN1_NULL 3 +.Sh STANDARDS +ITU-T Recommendation X.208, also known as ISO/IEC 8824-1: +Specification of Abstract Syntax Notation One (ASN.1), +section 19: Notation for the null type +.Sh HISTORY +.Fn ASN1_NULL_new +and +.Fn ASN1_NULL_free +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . diff --git a/man/ASN1_OBJECT_new.3 b/man/ASN1_OBJECT_new.3 index cf48ccce..6aa4723c 100644 --- a/man/ASN1_OBJECT_new.3 +++ b/man/ASN1_OBJECT_new.3 @@ -1,10 +1,10 @@ -.\" $OpenBSD: ASN1_OBJECT_new.3,v 1.11 2019/06/06 01:06:58 schwarze Exp $ -.\" OpenSSL 99d63d4 Mar 19 12:28:58 2016 -0400 +.\" $OpenBSD: ASN1_OBJECT_new.3,v 1.15 2021/12/15 20:07:51 schwarze Exp $ +.\" full merge up to: OpenSSL 99d63d4 Mar 19 12:28:58 2016 -0400 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" -.\" Copyright (c) 2017 Ingo Schwarze +.\" Copyright (c) 2017, 2021 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -65,11 +65,12 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: December 15 2021 $ .Dt ASN1_OBJECT_NEW 3 .Os .Sh NAME .Nm ASN1_OBJECT_new , +.Nm ASN1_OBJECT_create , .Nm ASN1_OBJECT_free .Nd ASN.1 object identifiers .Sh SYNOPSIS @@ -78,6 +79,14 @@ .Fo ASN1_OBJECT_new .Fa void .Fc +.Ft ASN1_OBJECT * +.Fo ASN1_OBJECT_create +.Fa "int nid" +.Fa "unsigned char *content" +.Fa "int len" +.Fa "const char *short_name" +.Fa "const char *long_name" +.Fc .Ft void .Fo ASN1_OBJECT_free .Fa "ASN1_OBJECT *a" @@ -92,10 +101,32 @@ and a sequence of integers identifying a node in the International Object Identifier tree as specified in ITU-T recommendation X.660. The new object is marked as dynamically allocated. .Pp +The ASN.1 object identifier type is also represented by the +.Dv V_ASN1_OBJECT +type identifier constant. +.Pp +.Fn ASN1_OBJECT_create +allocates a new +.Vt ASN1_OBJECT +with the given +.Fa nid , +copies the +.Fa len +DER +.Fa content +octets, the +.Fa short_name , +and the +.Fa long_name +into it, and marks the new object and all data contained in it +as dynamically allocated. +.Pp Application programs normally use utility functions like .Xr OBJ_nid2obj 3 rather than using .Fn ASN1_OBJECT_new +or +.Fn ASN1_OBJECT_create directly. .Pp .Fn ASN1_OBJECT_free @@ -123,20 +154,56 @@ is a pointer or if neither the object itself nor any of its content is marked as dynamically allocated, no action occurs. .Sh RETURN VALUES -If the allocation fails, .Fn ASN1_OBJECT_new -returns +and +.Fn ASN1_OBJECT_create +return a pointer to the new object or .Dv NULL -and sets an error code that can be obtained by -.Xr ERR_get_error 3 . -Otherwise it returns a pointer to the new object. +if memory allocation fails, +.Sh ERRORS +After failure of +.Fn ASN1_OBJECT_new +or +.Fn ASN1_OBJECT_create , +the following diagnostic can be retrieved with +.Xr ERR_get_error 3 , +.Xr ERR_GET_REASON 3 , +and +.Xr ERR_reason_error_string 3 : +.Bl -tag -width Ds +.It Dv ERR_R_MALLOC_FAILURE Qq "malloc failure" +Memory allocation failed. +.El +.Pp +After some cases of failure of +.Fn ASN1_OBJECT_create , +the following diagnostic can be retrieved in addition to the above: +.Bl -tag -width Ds +.It Dv ERR_R_ASN1_LIB Qq "ASN1 lib" +Memory allocation failed. +.El .Sh SEE ALSO +.Xr a2d_ASN1_OBJECT 3 , .Xr ASN1_TYPE_get 3 , .Xr d2i_ASN1_OBJECT 3 , +.Xr OBJ_create 3 , .Xr OBJ_nid2obj 3 +.Sh STANDARDS +ITU-T Recommendation X.208, also known as ISO/IEC 8824-1: +Specification of Abstract Syntax Notation One (ASN.1), +section 28: Notation for the object identifier type +.Pp +ITU-T Recommendation X.690, also known as ISO/IEC 8825-1: +Information technology - ASN.1 encoding rules: +Specification of Basic Encoding Rules (BER), Canonical Encoding +Rules (CER) and Distinguished Encoding Rules (DER), +section 8.19: Encoding of an object identifier value .Sh HISTORY .Fn ASN1_OBJECT_new and .Fn ASN1_OBJECT_free -first appeared in SSLeay 0.5.1 and have been available since +first appeared in SSLeay 0.5.1 and +.Fn ASN1_OBJECT_create +in SSLeay 0.8.0. +These functions have been available since .Ox 2.4 . diff --git a/man/ASN1_PRINTABLE_type.3 b/man/ASN1_PRINTABLE_type.3 new file mode 100644 index 00000000..391dd32e --- /dev/null +++ b/man/ASN1_PRINTABLE_type.3 @@ -0,0 +1,92 @@ +.\" $OpenBSD: ASN1_PRINTABLE_type.3,v 1.1 2021/11/15 13:39:40 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 15 2021 $ +.Dt ASN1_PRINTABLE_TYPE 3 +.Os +.Sh NAME +.Nm ASN1_PRINTABLE_type +.Nd classify a single-byte character string +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft int +.Fo ASN1_PRINTABLE_type +.Fa "const unsigned char *string" +.Fa "int len" +.Fc +.Sh DESCRIPTION +.Fn ASN1_PRINTABLE_type +assumes that the given +.Fa string +consists of single-byte characters and classifies it +according to which kinds characters occur. +If +.Fa len +is greater than 0, at most +.Fa len +characters are inspected. +Otherwise, the +.Fa string +needs to be NUL-terminated. +.Sh RETURN VALUES +If the given +.Fa string +contains a character outside the +.Xr ascii 7 +range, +.Fn ASN1_PRINTABLE_type +returns +.Dv V_ASN1_T61STRING . +.Pp +Otherwise, if it contains a character that is neither a letter +nor a digit nor the space character +.Po +.Ql "\ " , +ASCII 0x20 +.Pc +nor the apostrophe quote +.Po +.Ql \(aq , +ASCII 0x27 +.Pc +nor contained in the set +.Qq ()+,\-./:=?\& , +it returns +.Dv V_ASN1_IA5STRING . +.Pp +Otherwise, including if +.Fa string +is a +.Dv NULL +pointer or points to an empty string, it returns +.Dv V_ASN1_PRINTABLESTRING . +.Sh SEE ALSO +.Xr ASN1_mbstring_copy 3 , +.Xr ASN1_STRING_new 3 , +.Xr ASN1_STRING_to_UTF8 3 , +.Xr isascii 3 , +.Xr ascii 7 +.Sh HISTORY +.Fn ASN1_PRINTABLE_type +first appeared in SSLeay 0.4.5d, has been part of the public API +since SSLeay 0.5.1, and has been available since +.Ox 2.4 . +.Sh CAVEATS +The ASN.1 notion of what constitutes a +.Vt PrintableString +is more restrictive than what the C library function +.Xr isprint 3 +considers printable. diff --git a/man/ASN1_STRING_TABLE_add.3 b/man/ASN1_STRING_TABLE_add.3 index c4ae6c9b..482faa0f 100644 --- a/man/ASN1_STRING_TABLE_add.3 +++ b/man/ASN1_STRING_TABLE_add.3 @@ -1,7 +1,8 @@ -.\" $OpenBSD: ASN1_STRING_TABLE_add.3,v 1.4 2019/06/14 13:59:32 schwarze Exp $ -.\" OpenSSL ASN1_STRING_TABLE_add.pod 7b608d08 Jul 27 01:18:50 2017 +0800 +.\" $OpenBSD: ASN1_STRING_TABLE_add.3,v 1.9 2021/12/15 20:07:51 schwarze Exp $ +.\" checked up to: +.\" OpenSSL ASN1_STRING_TABLE_add.pod 7b608d08 Jul 27 01:18:50 2017 +0800 .\" -.\" Copyright (c) 2017 Ingo Schwarze +.\" Copyright (c) 2017, 2021 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -15,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 14 2019 $ +.Dd $Mdocdate: December 15 2021 $ .Dt ASN1_STRING_TABLE_ADD 3 .Os .Sh NAME @@ -46,25 +47,62 @@ Each entry is of the type and contains information about one NID object. Some entries are predefined according to RFC 3280 appendix A.1. .Pp +By default, the upper bounds for the number of characters in various kinds of +.Vt ASN1_STRING +objects are: +.Pp +.Bl -column -compact NID_organizationalUnitNa maxsi ub_organization_unit_na +.It object type Ta maxsize Ta symbolic constant +.It Dv NID_commonName Ta 64 Ta Dv ub_common_name +.It Dv NID_countryName Ta 2 Ta \(em +.It Dv NID_givenName Ta 32768 Ta Dv ub_name +.It Dv NID_initials Ta 32768 Ta Dv ub_name +.It Dv NID_localityName Ta 128 Ta Dv ub_locality_name +.It Dv NID_name Ta 32768 Ta Dv ub_name +.It Dv NID_organizationName Ta 64 Ta Dv ub_organization_name +.It Dv NID_organizationalUnitName Ta 64 Ta Dv ub_organization_unit_name +.It Dv NID_pkcs9_emailAddress Ta 128 Ta Dv ub_email_address +.It Dv NID_serialNumber Ta 64 Ta Dv ub_serial_number +.It Dv NID_stateOrProvinceName Ta 128 Ta Dv ub_state_name +.It Dv NID_surname Ta 32768 Ta Dv ub_name +.El +.Pp The function .Fn ASN1_STRING_TABLE_add changes the existing entry for .Fa nid or, if there is none, allocates a new entry. -Each field of the entry is modified according to the function argument +The fields of the entry are overwritten with the function arguments of the same name. -The +If .Fa minsize -and +or .Fa maxsize -arguments overwrite the existing fields unless they are \-1. -The +is negative or .Fa mask -argument always overwrites the existing field. +is 0, that argument is ignored and the respective field remains unchanged, +or for a new entry, it is set to \-1, \-1, 0, or +.Dv STABLE_FLAGS_MALLOC , +respectively. +.Pp The bits set in the .Fa flags -argument are OR'ed into the existing field. -No useful flags are currently defined, so passing 0 is recommended. +argument are OR'ed into the existing field rather than overwriting it. +The only useful flag is +.Dv STABLE_NO_MASK . +If it is set, +.Xr ASN1_STRING_set_by_NID 3 +skips applying the global mask that can be set with +.Xr ASN1_STRING_set_default_mask 3 . +Otherwise, the table entry only accepts types +permitted by both the global mask and the +.Fa mask +argument. +Setting +.Dv STABLE_FLAGS_MALLOC +or any other bit in the +.Fa mask +argument has no effect. .Pp The function .Fn ASN1_STRING_TABLE_get @@ -73,7 +111,8 @@ retrieves the entry for .Pp The function .Fn ASN1_STRING_TABLE_cleanup -removes and frees all entries except the predefined ones. +removes and frees all entries except the predefined ones +and restores the predefined ones to their default state. .Sh RETURN VALUES The .Fn ASN1_STRING_TABLE_add @@ -89,6 +128,8 @@ structure or if nothing is found. .Sh SEE ALSO .Xr ASN1_OBJECT_new 3 , +.Xr ASN1_STRING_set_by_NID 3 , +.Xr OBJ_create 3 , .Xr OBJ_nid2obj 3 .Sh HISTORY .Fn ASN1_STRING_TABLE_add , diff --git a/man/ASN1_STRING_length.3 b/man/ASN1_STRING_length.3 index b87cf998..20834e08 100644 --- a/man/ASN1_STRING_length.3 +++ b/man/ASN1_STRING_length.3 @@ -1,10 +1,10 @@ -.\" $OpenBSD: ASN1_STRING_length.3,v 1.20 2019/08/26 07:59:02 schwarze Exp $ -.\" full merge up to: OpenSSL 4a56d2a3 Feb 25 16:49:27 2018 +0300 +.\" $OpenBSD: ASN1_STRING_length.3,v 1.29 2021/12/14 19:36:18 schwarze Exp $ +.\" full merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" -.\" Copyright (c) 2018, 2019 Ingo Schwarze +.\" Copyright (c) 2018, 2019, 2021 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -66,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 26 2019 $ +.Dd $Mdocdate: December 14 2021 $ .Dt ASN1_STRING_LENGTH 3 .Os .Sh NAME @@ -78,10 +78,14 @@ .Nm ASN1_STRING_get0_data , .Nm ASN1_STRING_length , .Nm ASN1_STRING_length_set , +.Nm ASN1_STRING_set0 , .Nm ASN1_STRING_set , .Nm ASN1_OCTET_STRING_set , +.Nm ASN1_STRING_copy , .Nm ASN1_STRING_to_UTF8 , .Nm ASN1_STRING_type +.\" deprecated aliases, intentionally undocumented: +.\" M_ASN1_STRING_data, M_ASN1_STRING_length .Nd ASN1_STRING utility functions .Sh SYNOPSIS .In openssl/asn1.h @@ -120,6 +124,12 @@ .Fa "ASN1_STRING *x" .Fa "int len" .Fc +.Ft void +.Fo ASN1_STRING_set0 +.Fa "ASN1_STRING *str" +.Fa "void *data" +.Fa "int len" +.Fc .Ft int .Fo ASN1_STRING_set .Fa "ASN1_STRING *str" @@ -133,6 +143,11 @@ .Fa "int len" .Fc .Ft int +.Fo ASN1_STRING_copy +.Fa "ASN1_STRING *dst" +.Fa "const ASN1_STRING *src" +.Fc +.Ft int .Fo ASN1_STRING_to_UTF8 .Fa "unsigned char **out" .Fa "const ASN1_STRING *in" @@ -147,13 +162,16 @@ These functions manipulate structures. .Pp .Fn ASN1_STRING_cmp -and -.Fn ASN1_OCTET_STRING_cmp -compare the type, the length, and the content of +compares the type, the length, and the content of .Fa a and .Fa b . .Pp +.Fn ASN1_OCTET_STRING_cmp +does exactly the same as +.Fn ASN1_STRING_cmp +without providing any type safety. +.Pp .Fn ASN1_STRING_data is similar to .Fn ASN1_STRING_get0_data @@ -164,10 +182,16 @@ Applications should use instead. .Pp .Fn ASN1_STRING_dup -and +allocates a new +.Vt ASN1_STRING +object and copies the type, length, data, and flags from +.Fa a +into it. +.Pp .Fn ASN1_OCTET_STRING_dup -copy -.Fa a . +does exactly the same as +.Fn ASN1_STRING_dup +without providing any type safety. .Pp .Fn ASN1_STRING_get0_data returns an internal pointer to the data of @@ -188,20 +212,28 @@ It may put .Fa x into an inconsistent internal state. .Pp +.Fn ASN1_STRING_set0 +frees any data stored in +.Fa str , +sets the length attribute to +.Fa len +bytes, and sets the data attribute to +.Fa data , +transferring ownership, without doing any validation. +.Pp .Fn ASN1_STRING_set -and -.Fn ASN1_OCTET_STRING_set -set the length attribute of +sets the length attribute of .Fa str to .Fa len -and copy that number of bytes from +and copies that number of bytes from .Fa data into -.Fa str . +.Fa str , +overwriting any previous data. If .Fa len -is -1, then +is \-1, then .Fn strlen data is used instead of .Fa len . @@ -215,6 +247,23 @@ remains uninitialized; that is not considered an error unless .Fa len is negative. .Pp +.Fn ASN1_OCTET_STRING_set +does exactly the same as +.Fn ASN1_STRING_set +without providing any type safety. +.Pp +.Fn ASN1_STRING_copy +copies the length and data of +.Fa src +into +.Fa dst +using +.Fn ASN1_STRING_set +and changes the type and flags of +.Fa dst +to match the type and flags of +.Fa src . +.Pp .Fn ASN1_STRING_to_UTF8 converts the string .Fa in @@ -229,6 +278,11 @@ should be freed using .Fn ASN1_STRING_type returns the type of .Fa x . +If the bit +.Dv V_ASN1_NEG +is set in the return value, +.Fa x +is an ASN.1 INTEGER or ENUMERATED object with a negative value. .Pp Almost all ASN.1 types are represented as .Vt ASN1_STRING @@ -272,7 +326,9 @@ UTF-8 characters. .Pp Similar care should be taken to ensure the data is in the correct format when calling -.Fn ASN1_STRING_set . +.Fn ASN1_STRING_set +or +.Fn ASN1_STRING_set0 . .Sh RETURN VALUES .Fn ASN1_STRING_cmp and @@ -304,10 +360,27 @@ if an error occurred. .Fn ASN1_STRING_length returns a number of bytes. .Pp +.Fn ASN1_STRING_set , +.Fn ASN1_OCTET_STRING_set , +and +.Fn ASN1_STRING_copy +return 1 on success or 0 on failure. +They fail if memory allocation fails. .Fn ASN1_STRING_set and .Fn ASN1_OCTET_STRING_set -return 1 on success or 0 on failure. +also fail if +.Fa data +is +.Dv NULL +and +.Fa len +is \-1 in the same call. +.Fn ASN1_STRING_copy +also fails if +.Fa src +is +.Dv NULL . .Pp .Fn ASN1_STRING_to_UTF8 returns the number of bytes in the output buffer @@ -316,7 +389,9 @@ or a negative number if an error occurred. .Pp .Fn ASN1_STRING_type returns an integer constant, for example -.Dv V_ASN1_OCTET_STRING . +.Dv V_ASN1_OCTET_STRING +or +.Dv V_ASN1_NEG_INTEGER . .Pp In some cases of failure of .Fn ASN1_STRING_dup , @@ -326,7 +401,11 @@ and the reason can be determined with .Xr ERR_get_error 3 . .Sh SEE ALSO -.Xr ASN1_STRING_new 3 +.Xr ASN1_BIT_STRING_set 3 , +.Xr ASN1_mbstring_copy 3 , +.Xr ASN1_PRINTABLE_type 3 , +.Xr ASN1_STRING_new 3 , +.Xr ASN1_UNIVERSALSTRING_to_string 3 .Sh HISTORY .Fn ASN1_STRING_cmp , .Fn ASN1_STRING_dup , @@ -353,6 +432,27 @@ first appeared in OpenSSL 0.9.5 and has been available since first appeared in OpenSSL 0.9.6 and has been available since .Ox 2.9 . .Pp +.Fn ASN1_STRING_set0 +first appeared in OpenSSL 0.9.8h and has been available since +.Ox 4.5 . +.Pp +.Fn ASN1_STRING_copy +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . +.Pp .Fn ASN1_STRING_get0_data first appeared in OpenSSL 1.1.0 and has been available since .Ox 6.3 . +.Sh BUGS +.Fn ASN1_OCTET_STRING_cmp , +.Fn ASN1_OCTET_STRING_dup , +and +.Fn ASN1_OCTET_STRING_set +do not check whether their arguments are really of the type +.Dv V_ASN1_OCTET_STRING . +They may report success even if their arguments are of a wrong type. +Consequently, even in case of success, the return value of +.Fn ASN1_OCTET_STRING_dup +is not guaranteed to be of the type +.Dv V_ASN1_OCTET_STRING +either. diff --git a/man/ASN1_STRING_new.3 b/man/ASN1_STRING_new.3 index 46325f39..d9f5093f 100644 --- a/man/ASN1_STRING_new.3 +++ b/man/ASN1_STRING_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ASN1_STRING_new.3,v 1.17 2019/06/14 13:59:32 schwarze Exp $ +.\" $OpenBSD: ASN1_STRING_new.3,v 1.24 2021/12/14 19:36:18 schwarze Exp $ .\" OpenSSL 99d63d46 Tue Mar 24 07:52:24 2015 -0400 .\" .\" Copyright (c) 2017 Ingo Schwarze @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 14 2019 $ +.Dd $Mdocdate: December 14 2021 $ .Dt ASN1_STRING_NEW 3 .Os .Sh NAME @@ -58,6 +58,8 @@ .Nm ASN1_UTCTIME_free , .Nm ASN1_TIME_new , .Nm ASN1_TIME_free +.\" deprecated aliases, intentionally undocumented: M_ASN1_IA5STRING_new, +.\" M_ASN1_ENUMERATED_free, M_ASN1_INTEGER_free, M_ASN1_OCTET_STRING_free .Nd allocate and free ASN1_STRING objects .Sh SYNOPSIS .In openssl/asn1.h @@ -203,14 +205,21 @@ object if successful; otherwise is returned and an error code can be retrieved with .Xr ERR_get_error 3 . .Sh SEE ALSO +.Xr ASN1_BIT_STRING_num_asc 3 , +.Xr ASN1_BIT_STRING_set 3 , .Xr ASN1_INTEGER_get 3 , +.Xr ASN1_item_pack 3 , +.Xr ASN1_mbstring_copy 3 , +.Xr ASN1_PRINTABLE_type 3 , .Xr ASN1_STRING_length 3 , .Xr ASN1_STRING_print_ex 3 , .Xr ASN1_time_parse 3 , .Xr ASN1_TIME_set 3 , .Xr ASN1_TYPE_get 3 , +.Xr ASN1_UNIVERSALSTRING_to_string 3 , .Xr d2i_ASN1_OBJECT 3 , .Xr d2i_ASN1_OCTET_STRING 3 , +.Xr i2a_ASN1_STRING 3 , .Xr X509_cmp_time 3 , .Xr X509_EXTENSION_get_object 3 , .Xr X509_get_ext_by_OBJ 3 , diff --git a/man/ASN1_STRING_print_ex.3 b/man/ASN1_STRING_print_ex.3 index 2d48a42c..eb43b2fe 100644 --- a/man/ASN1_STRING_print_ex.3 +++ b/man/ASN1_STRING_print_ex.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ASN1_STRING_print_ex.3,v 1.17 2021/07/11 19:03:45 schwarze Exp $ +.\" $OpenBSD: ASN1_STRING_print_ex.3,v 1.18 2021/12/14 19:36:18 schwarze Exp $ .\" full merge up to: OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 .\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 .\" @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 11 2021 $ +.Dd $Mdocdate: December 14 2021 $ .Dt ASN1_STRING_PRINT_EX 3 .Os .Sh NAME @@ -58,6 +58,7 @@ .Nm ASN1_STRING_print_ex_fp , .Nm ASN1_STRING_print , .Nm ASN1_tag2str +.\" M_ASN1_OCTET_STRING_print is a deprecated alias, intentionally undocumented .Nd ASN1_STRING output routines .Sh SYNOPSIS .In openssl/asn1.h diff --git a/man/ASN1_TIME_set.3 b/man/ASN1_TIME_set.3 index 7aa30092..cd6ab937 100644 --- a/man/ASN1_TIME_set.3 +++ b/man/ASN1_TIME_set.3 @@ -1,6 +1,6 @@ -.\" $OpenBSD: ASN1_TIME_set.3,v 1.15 2019/06/06 01:06:58 schwarze Exp $ +.\" $OpenBSD: ASN1_TIME_set.3,v 1.17 2022/03/31 17:27:16 naddy Exp $ .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 -.\" selective merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000 +.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" This file was written by Dr. Stephen Henson .\" and Todd Short . @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: March 31 2022 $ .Dt ASN1_TIME_SET 3 .Os .Sh NAME @@ -69,6 +69,7 @@ .Nm ASN1_TIME_print , .Nm ASN1_UTCTIME_print , .Nm ASN1_GENERALIZEDTIME_print , +.Nm ASN1_TIME_diff , .Nm ASN1_UTCTIME_cmp_time_t , .Nm ASN1_TIME_to_generalizedtime .Nd ASN.1 Time functions @@ -153,6 +154,13 @@ .Fa "const ASN1_GENERALIZEDTIME *s" .Fc .Ft int +.Fo ASN1_TIME_diff +.Fa "int *pday" +.Fa "int *psec" +.Fa "const ASN1_TIME *from" +.Fa "const ASN1_TIME *to" +.Fc +.Ft int .Fo ASN1_UTCTIME_cmp_time_t .Fa "const ASN1_UTCTIME *s" .Fa "time_t t" @@ -273,6 +281,59 @@ The output of may include a fractional part following the second. .Pp The function +.Fn ASN1_TIME_diff +sets +.Pf * Fa pday +and +.Pf * Fa psec +to the time difference between +.Fa from +and +.Fa to . +If +.Fa to +represents a time later than +.Fa from , +then one or both (depending on the time difference) of +.Pf * Fa pday +and +.Pf * Fa psec +will be positive. +If +.Fa to +represents a time earlier than +.Fa from , +then one or both of +.Pf * Fa pday +and +.Pf * Fa psec +will be negative. +If +.Fa to +and +.Fa from +represent the same time, then +.Pf * Fa pday +and +.Pf * Fa psec +will both be zero. +If both +.Pf * Fa pday +and +.Pf * Fa psec +are nonzero, they will always have the same sign. +The value of +.Pf * Fa psec +will always be less than the number of seconds in a day. +If +.Fa from +or +.Fa to +is +.Dv NULL , +the current time is used. +.Pp +The function .Fn ASN1_UTCTIME_cmp_time_t compares the two times represented by .Fa s @@ -368,6 +429,10 @@ and return 1 if the time is successfully printed or 0 if an error occurred (I/O error or invalid time format). .Pp +.Fn ASN1_TIME_diff +returns 1 for success or 0 for failure. +It can for example fail if a time structure passed in has invalid syntax. +.Pp .Fn ASN1_UTCTIME_cmp_time_t returns \-1 if .Fa s @@ -439,6 +504,10 @@ and .Fn ASN1_TIME_set_string first appeared in OpenSSL 1.0.0 and have been available since .Ox 4.9 . +.Pp +.Fn ASN1_TIME_diff +first appeared in OpenSSL 1.0.2 and have been available since +.Ox 7.1 . .Sh CAVEATS Some applications add offset times directly to a .Vt time_t diff --git a/man/ASN1_TYPE_get.3 b/man/ASN1_TYPE_get.3 index 284ad61b..03b41f8f 100644 --- a/man/ASN1_TYPE_get.3 +++ b/man/ASN1_TYPE_get.3 @@ -1,10 +1,10 @@ -.\" $OpenBSD: ASN1_TYPE_get.3,v 1.12 2021/07/11 19:03:45 schwarze Exp $ -.\" OpenSSL 99d63d46 Mon Jun 6 00:43:05 2016 -0400 +.\" $OpenBSD: ASN1_TYPE_get.3,v 1.18 2022/01/12 17:54:51 tb Exp $ +.\" selective merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" -.\" Copyright (c) 2017 Ingo Schwarze +.\" Copyright (c) 2017, 2021 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 11 2021 $ +.Dd $Mdocdate: January 12 2022 $ .Dt ASN1_TYPE_GET 3 .Os .Sh NAME @@ -74,6 +74,10 @@ .Nm ASN1_TYPE_get , .Nm ASN1_TYPE_set , .Nm ASN1_TYPE_set1 , +.Nm ASN1_TYPE_set_octetstring , +.Nm ASN1_TYPE_get_octetstring , +.Nm ASN1_TYPE_set_int_octetstring , +.Nm ASN1_TYPE_get_int_octetstring , .Nm ASN1_TYPE_cmp .Nd ASN.1 objects of arbitrary type .Sh SYNOPSIS @@ -99,13 +103,42 @@ .Fa "const void *value" .Fc .Ft int +.Fo ASN1_TYPE_set_octetstring +.Fa "ASN1_TYPE *a" +.Fa "const unsigned char *data" +.Fa "int len" +.Fc +.Ft int +.Fo ASN1_TYPE_get_octetstring +.Fa "const ASN1_TYPE *a" +.Fa "unsigned char *buffer" +.Fa "int buflen" +.Fc +.Ft int +.Fo ASN1_TYPE_set_int_octetstring +.Fa "ASN1_TYPE *a" +.Fa "long num" +.Fa "const unsigned char *data" +.Fa "int len" +.Fc +.Ft int +.Fo ASN1_TYPE_get_int_octetstring +.Fa "const ASN1_TYPE *a", +.Fa "long *num" +.Fa "unsigned char *buffer", +.Fa "int buflen" +.Fc +.Ft int .Fo ASN1_TYPE_cmp .Fa "const ASN1_TYPE *a" .Fa "const ASN1_TYPE *b" .Fc .Sh DESCRIPTION +The .Vt ASN1_TYPE -represents the ASN.1 ANY type. +data type and the +.Dv V_ASN1_ANY +type identifier constant represent the ASN.1 ANY type. An .Vt ASN1_TYPE object can store an ASN.1 value of arbitrary type, @@ -128,7 +161,7 @@ is a pointer, no action occurs. .Pp .Fn ASN1_TYPE_get -returns the type of +returns the type currently held by .Fa a , represented by one of the .Dv V_ASN1_* @@ -138,12 +171,12 @@ constants defined in .Fn ASN1_TYPE_set frees the value contained in .Fa a , -if any, and sets -.Fa a -to -.Fa type +if any, and sets the +.Fa value and -.Fa value . +.Fa type +now held in +.Fa a . This function uses the pointer .Fa value internally so it must @@ -151,7 +184,7 @@ internally so it must be freed up after the call. .Pp .Fn ASN1_TYPE_set1 -sets the type of +sets the type held by .Fa a to .Fa type @@ -216,12 +249,73 @@ then the contains the entire ASN.1 encoding verbatim, including tag and length octets. .Pp +.Fn ASN1_TYPE_set_octetstring +allocates a new +.Vt ASN1_OCTET_STRING +object, copies +.Fa len +bytes of +.Fa data +into it using +.Xr ASN1_STRING_set 3 , +and replaces the value of +.Fa a +with it by calling +.Fn ASN1_TYPE_set +with a type of +.Dv V_ASN1_OCTET_STRING . +.Pp +.Fn ASN1_TYPE_get_octetstring +copies the contents of the +.Vt ASN1_OCTET_STRING +object contained in +.Fa a , +but not more than +.Fa buflen +bytes, into the +.Fa buffer +provided by the caller. +.Pp +.Fn ASN1_TYPE_set_int_octetstring +frees the value contained in +.Fa a , +if any, sets its type to +.Dv V_ASN1_SEQUENCE , +and sets its value to a two-element ASN.1 sequence consisting of +an ASN.1 INTEGER object with the value +.Fa num +and an ASN.1 OCTET STRING object +containing a copy of the +.Fa len +bytes pointed to by +.Fa data . +.Pp +.Fn ASN1_TYPE_get_int_octetstring +copies the integer value from the first element of the ASN.1 sequence +.Fa a +to +.Pf * Fa num +unless +.Fa num +is a +.Dv NULL +pointer and copies the octet string value from the second element, +but not more than +.Fa buflen +bytes, into the +.Fa buffer +provided by the caller unless +.Fa buffer +is a +.Dv NULL +pointer. +.Pp .Fn ASN1_TYPE_cmp checks that .Fa a and .Fa b -have the same type, the same value, and are encoded in the same way. +hold the same type, the same value, and are encoded in the same way. .Pp If the types agree and the values have the same meaning but are encoded differently, they are considered different. @@ -242,7 +336,7 @@ the two types could be absent OPTIONAL fields and so should match, however passing .Dv NULL values could also indicate a programming error (for example an -unparseable type which returns +unparsable type which returns .Dv NULL ) for types which do .Sy not @@ -257,7 +351,7 @@ object or if an error occurs. .Pp .Fn ASN1_TYPE_get -returns the type of +returns the type currently held by .Fa a or 0 if an error occurs. The latter can happen if @@ -268,8 +362,41 @@ For example, it will always happen for empty objects newly constructed with .Fn ASN1_TYPE_new . .Pp -.Fn ASN1_TYPE_set1 -returns 1 if the copying succeeds or 0 if it fails. +.Fn ASN1_TYPE_set1 , +.Fn ASN1_TYPE_set_octetstring , +and +.Fn ASN1_TYPE_set_int_octetstring +return 1 on success or 0 on failure. +.Pp +.Fn ASN1_TYPE_get_octetstring +returns the number of data bytes contained in the +.Vt ASN1_OCTET_STRING +object contained in +.Fa a +or \-1 if +.Fa a +is not of the type +.Dv V_ASN1_OCTET_STRING +or does not contain any object. +If the return value is greater than the +.Fa buflen +argument, the content was truncated when copied to the +.Fa buffer . +.Pp +.Fn ASN1_TYPE_get_int_octetstring +returns the number of data bytes contained in the +.Vt ASN1_OCTET_STRING +object that is the second element of the ASN.1 sequence +.Fa a +or \-1 if +.Fa a +is not of the type +.Dv V_ASN1_SEQUENCE +or if decoding fails. +If the return value is greater than the +.Fa buflen +argument, the content was truncated when copied to the +.Fa buffer . .Pp .Fn ASN1_TYPE_cmp returns 0 for a match or non-zero for a mismatch. @@ -291,11 +418,17 @@ returns 0 for a match or non-zero for a mismatch. .Fn ASN1_TYPE_new and .Fn ASN1_TYPE_free -first appeared in SSLeay 0.5.1. +first appeared in SSLeay 0.5.1, .Fn ASN1_TYPE_get and .Fn ASN1_TYPE_set -first appeared in SSLeay 0.8.0. +in SSLeay 0.8.0, and +.Fn ASN1_TYPE_set_octetstring , +.Fn ASN1_TYPE_get_octetstring , +.Fn ASN1_TYPE_set_int_octetstring , +and +.Fn ASN1_TYPE_get_int_octetstring +in SSLeay 0.9.0. These functions have been available since .Ox 2.4 . .Pp diff --git a/man/ASN1_UNIVERSALSTRING_to_string.3 b/man/ASN1_UNIVERSALSTRING_to_string.3 new file mode 100644 index 00000000..2af67529 --- /dev/null +++ b/man/ASN1_UNIVERSALSTRING_to_string.3 @@ -0,0 +1,64 @@ +.\" $OpenBSD: ASN1_UNIVERSALSTRING_to_string.3,v 1.1 2021/11/15 13:39:40 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 15 2021 $ +.Dt ASN1_UNIVERSALSTRING_TO_STRING 3 +.Os +.Sh NAME +.Nm ASN1_UNIVERSALSTRING_to_string +.Nd recode UTF-32 to ISO Latin-1 +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft int +.Fo ASN1_UNIVERSALSTRING_to_string +.Fa "ASN1_UNIVERSALSTRING *string" +.Fc +.Sh DESCRIPTION +.Fn ASN1_UNIVERSALSTRING_to_string +assumes that the given +.Fa string +is encoded in UTF-32, recodes it in place to ISO Latin-1, +and changes the type according to +.Xr ASN1_PRINTABLE_type 3 . +.Pp +.Fn ASN1_UNIVERSALSTRING_to_string +fails and leaves the +.Fa string +unchanged if its +.Xr ASN1_STRING_type 3 +is not +.Dv V_ASN1_UNIVERSALSTRING , +if its +.Xr ASN1_STRING_length 3 +is not a multiple of four bytes, +or if any of its characters cannot be represented in ISO Latin-1. +.Pp +In case of success, the +.Xr ASN1_STRING_length 3 +of the +.Fa string +is reduced by a factor of four. +.Sh RETURN VALUES +.Fn ASN1_UNIVERSALSTRING_to_string +returns 1 on success or 0 on failure. +.Sh SEE ALSO +.Xr ASN1_mbstring_copy 3 , +.Xr ASN1_STRING_new 3 , +.Xr ASN1_STRING_to_UTF8 3 +.Sh HISTORY +.Fn ASN1_UNIVERSALSTRING_to_string +first appeared in SSLeay 0.8.0 and has been available since +.Ox 2.4 . diff --git a/man/ASN1_bn_print.3 b/man/ASN1_bn_print.3 new file mode 100644 index 00000000..75944917 --- /dev/null +++ b/man/ASN1_bn_print.3 @@ -0,0 +1,118 @@ +.\" $OpenBSD: ASN1_bn_print.3,v 1.1 2021/12/08 21:52:29 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: December 8 2021 $ +.Dt ASN1_BN_PRINT 3 +.Os +.Sh NAME +.Nm ASN1_bn_print +.Nd pretty-print a BIGNUM object +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft int +.Fo ASN1_bn_print +.Fa "BIO *bio_out" +.Fa "const char *label" +.Fa "const BIGNUM *bn" +.Fa "unsigned char *buffer" +.Fa "int indent" +.Fc +.Sh DESCRIPTION +.Fn ASN1_bn_print +prints +.Fa bn +to +.Fa bio_out +in human-readable form. +Despite its name and the header file, +this function has nothing to do with ASN.1. +.Pp +The caller is responsible for providing a +.Fa buffer +that is at least +.Fn BN_num_bytes bn ++ 1 bytes long. +To avoid a buffer overrun, be careful to not forget the +.Dq plus one . +It is unspecified what the buffer may contain after the function returns. +.Pp +If +.Fa indent +is greater than zero, +.Fa indent +space characters are printed first, but not more than 128. +.Pp +The NUL-terminated +.Fa label +is printed next. +.Pp +After that, there are three cases: +.Bl -bullet +.It +If +.Fa bn +represents the number zero, +.Qq 0 +is printed. +.It +If +.Fa bn +can be represented by the data type +.Vt unsigned long , +it is printed in decimal notation, +followed by hexadecimal notation in parentheses, +both optionally preceded by a minus sign. +.It +Otherwise, the string +.Qq Pq Negative +is printed if appropriate, a new output line is started, +and the indentation is increased by four space characters. +The bytes of the value of +.Fa bn +are then printed in big-endian order, each byte represented +by a two-digit hexadecimal number, +and each but the last byte followed by a colon. +A new output line is started after every group of 15 bytes. +.El +.Pp +Finally, a newline character is printed to end the output. +.Pp +If +.Fa bn +is a +.Dv NULL +pointer, all arguments are ignored and nothing is printed. +.Sh RETURN VALUES +.Fn ASN1_bn_print +returns 1 +if successful or if +.Fa bn +is a +.Dv NULL +pointer. +It returns 0 if printing fails. +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr BIO_write 3 , +.Xr BN_is_negative 3 , +.Xr BN_is_zero 3 , +.Xr BN_new 3 , +.Xr BN_num_bytes 3 , +.Xr BN_print 3 +.Sh HISTORY +.Fn ASN1_bn_print +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . diff --git a/man/ASN1_item_d2i.3 b/man/ASN1_item_d2i.3 index 140ea6f1..1e86d0b5 100644 --- a/man/ASN1_item_d2i.3 +++ b/man/ASN1_item_d2i.3 @@ -1,10 +1,11 @@ -.\" $OpenBSD: ASN1_item_d2i.3,v 1.10 2021/07/11 15:30:21 schwarze Exp $ -.\" OpenSSL doc/man3/d2i_X509.pod b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" $OpenBSD: ASN1_item_d2i.3,v 1.16 2022/04/27 08:06:37 tb Exp $ +.\" selective merge up to: +.\" OpenSSL doc/man3/d2i_X509.pod 256989ce Jun 19 15:00:32 2020 +0200 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" -.\" Copyright (c) 2016 Ingo Schwarze +.\" Copyright (c) 2016, 2021 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -65,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 11 2021 $ +.Dd $Mdocdate: April 27 2022 $ .Dt ASN1_ITEM_D2I 3 .Os .Sh NAME @@ -76,6 +77,7 @@ .Nm ASN1_item_i2d , .Nm ASN1_item_i2d_bio , .Nm ASN1_item_i2d_fp , +.Nm ASN1_item_ndef_i2d , .Nm i2d_ASN1_TYPE , .Nm ASN1_item_dup , .Nm ASN1_item_print @@ -126,6 +128,12 @@ .Fa "void *val_in" .Fc .Ft int +.Fo ASN1_item_ndef_i2d +.Fa "ASN1_VALUE *val_in" +.Fa "unsigned char **der_out" +.Fa "const ASN1_ITEM *it" +.Fc +.Ft int .Fo i2d_ASN1_TYPE .Fa "ASN1_TYPE *val_in" .Fa "unsigned char **der_out" @@ -262,6 +270,12 @@ or .Vt FILE , respectively. .Pp +.Fn ASN1_item_ndef_i2d +is similar to +.Fn ASN1_item_i2d +except that it encodes using BER rather than DER, +using the indefinite length form where appropriate. +.Pp .Fn i2d_ASN1_TYPE is similar to .Fn ASN1_item_i2d @@ -295,7 +309,8 @@ If an error occurs, .Dv NULL is returned. .Pp -.Fn ASN1_item_i2d +.Fn ASN1_item_i2d , +.Fn ASN1_item_ndef_i2d , and .Fn i2d_ASN1_TYPE return the number of bytes written @@ -336,9 +351,10 @@ if (len < 0) .Pp Attempt to decode a buffer: .Bd -literal -offset indent -X509 *x; -unsigned char *buf, *p; -int len; +X509 *x; +unsigned char *buf; +const unsigned char *p; +int len; /* Set up buf and len to point to the input buffer. */ p = buf; @@ -349,9 +365,10 @@ if (x == NULL) .Pp Equivalent technique: .Bd -literal -offset indent -X509 *x; -unsigned char *buf, *p; -int len; +X509 *x; +unsigned char *buf; +const unsigned char *p; +int len; /* Set up buf and len to point to the input buffer. */ p = buf; @@ -362,7 +379,11 @@ if (d2i_X509(&x, &p, len) == NULL) .Ed .Sh SEE ALSO .Xr ASN1_get_object 3 , +.Xr ASN1_item_digest 3 , .Xr ASN1_item_new 3 , +.Xr ASN1_item_pack 3 , +.Xr ASN1_item_sign 3 , +.Xr ASN1_item_verify 3 , .Xr ASN1_TYPE_new 3 .Sh HISTORY .Fn d2i_ASN1_TYPE @@ -382,6 +403,10 @@ and first appeared in OpenSSL 0.9.7 and have been available since .Ox 3.2 . .Pp +.Fn ASN1_item_ndef_i2d +first appeared in OpenSSL 0.9.8 and has been available since +.Ox 4.5 . +.Pp .Fn ASN1_item_print first appeared in OpenSSL 1.0.0 and has been available since .Ox 4.9 . diff --git a/man/ASN1_item_digest.3 b/man/ASN1_item_digest.3 new file mode 100644 index 00000000..56a97555 --- /dev/null +++ b/man/ASN1_item_digest.3 @@ -0,0 +1,71 @@ +.\" $OpenBSD: ASN1_item_digest.3,v 1.2 2022/09/11 04:39:46 jsg Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: September 11 2022 $ +.Dt ASN1_ITEM_DIGEST 3 +.Os +.Sh NAME +.Nm ASN1_item_digest +.Nd DER-encode and hash an ASN.1 value +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo ASN1_item_digest +.Fa "const ASN1_ITEM *it" +.Fa "const EVP_MD *type" +.Fa "void *val_in" +.Fa "unsigned char *md" +.Fa "unsigned int *s" +.Fc +.Sh DESCRIPTION +.Fn ASN1_item_digest +assumes that +.Fa val_in +is an +.Vt ASN1_VALUE +of the type specified by +.Fa it , +encodes it into DER format by calling +.Xr ASN1_item_i2d 3 , +hashes the resulting byte array using the digest +.Fa type +by calling +.Xr EVP_Digest 3 , +places the digest value into +.Pf * Fa md , +and, unless +.Fa s +is +.Dv NULL , +places the length in bytes of the digest into +.Pf * Fa s . +Providing a buffer +.Pf * Fa md +large enough to contain the digest is the responsibility of the caller; +providing a buffer of +.Dv EVP_MAX_MD_SIZE +bytes is recommended. +.Sh RETURN VALUES +.Fn ASN1_item_digest +returns 1 for success or 0 if encoding or hashing fails. +.Sh SEE ALSO +.Xr ASN1_item_i2d 3 , +.Xr ASN1_item_sign 3 , +.Xr EVP_Digest 3 +.Sh HISTORY +.Fn ASN1_item_digest +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.1 . diff --git a/man/ASN1_item_new.3 b/man/ASN1_item_new.3 index a5bf8aa5..7015ed63 100644 --- a/man/ASN1_item_new.3 +++ b/man/ASN1_item_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ASN1_item_new.3,v 1.6 2021/07/11 15:30:21 schwarze Exp $ +.\" $OpenBSD: ASN1_item_new.3,v 1.11 2022/01/12 17:54:51 tb Exp $ .\" .\" Copyright (c) 2016, 2018 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 11 2021 $ +.Dd $Mdocdate: January 12 2022 $ .Dt ASN1_ITEM_NEW 3 .Os .Sh NAME @@ -87,8 +87,6 @@ object. If .Fa it is -.Dv ASN1_BOOLEAN_it -or .Dv LONG_it , .Fn ASN1_item_new does not return a pointer at all, but a @@ -107,6 +105,11 @@ is returned and an error code can be retrieved with .Sh SEE ALSO .Xr ASN1_get_object 3 , .Xr ASN1_item_d2i 3 , +.Xr ASN1_item_digest 3 , +.Xr ASN1_item_pack 3 , +.Xr ASN1_item_sign 3 , +.Xr ASN1_item_verify 3 , +.Xr ASN1_NULL_new 3 , .Xr ASN1_TYPE_new 3 , .Xr d2i_ASN1_NULL 3 , .Xr OBJ_nid2obj 3 diff --git a/man/ASN1_item_pack.3 b/man/ASN1_item_pack.3 new file mode 100644 index 00000000..4c875306 --- /dev/null +++ b/man/ASN1_item_pack.3 @@ -0,0 +1,84 @@ +.\" $OpenBSD: ASN1_item_pack.3,v 1.1 2021/11/15 11:51:09 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 15 2021 $ +.Dt ASN1_ITEM_PACK 3 +.Os +.Sh NAME +.Nm ASN1_item_pack , +.Nm ASN1_item_unpack +.Nd pack an ASN.1 object into an ASN1_STRING +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft ASN1_STRING * +.Fo ASN1_item_pack +.Fa "void *val_in" +.Fa "const ASN1_ITEM *it" +.Fa "ASN1_STRING **string_out" +.Fc +.Ft void * +.Fo ASN1_item_unpack +.Fa "const ASN1_STRING *string_in" +.Fa "const ASN1_ITEM *it" +.Fc +.Sh DESCRIPTION +.Fn ASN1_item_pack +encodes the object pointed to by +.Fa val_in +into DER format using +.Xr ASN1_item_i2d 3 +and stores the encoded form in +.Pf ** Fa string_out . +If +.Fa string_out +or +.Pf * Fa string_out +is a +.Dv NULL +pointer, a new +.Vt ASN1_STRING +object is allocated and returned. +.Pp +.Fn ASN1_item_unpack +interprets the data in +.Fa string_in +as a DER- or BER-encoded byte array and decodes one value of the type +.Fa it +into a newly allocated object using +.Xr ASN1_item_d2i 3 . +.Sh RETURN VALUES +.Fn ASN1_item_pack +returns the modified or new object or +.Dv NULL +if memory allocation or encoding fails. +.Pp +.Fn ASN1_item_unpack +returns the new object or +.Dv NULL +if memory allocation or decoding fails. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr ASN1_item_new 3 , +.Xr ASN1_STRING_new 3 +.Sh HISTORY +.Fn ASN1_item_pack +and +.Fn ASN1_item_unpack +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Sh BUGS +See the BUGS section in +.Xr ASN1_item_i2d 3 . diff --git a/man/ASN1_item_sign.3 b/man/ASN1_item_sign.3 new file mode 100644 index 00000000..b47fd1d0 --- /dev/null +++ b/man/ASN1_item_sign.3 @@ -0,0 +1,128 @@ +.\" $OpenBSD: ASN1_item_sign.3,v 1.2 2021/12/18 17:47:44 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: December 18 2021 $ +.Dt ASN1_ITEM_SIGN 3 +.Os +.Sh NAME +.Nm ASN1_item_sign , +.Nm ASN1_item_sign_ctx +.Nd DER-encode and sign an ASN.1 value +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo ASN1_item_sign +.Fa "const ASN1_ITEM *it" +.Fa "X509_ALGOR *algor1" +.Fa "X509_ALGOR *algor2" +.Fa "ASN1_BIT_STRING *sig_out" +.Fa "void *val_in" +.Fa "EVP_PKEY *pkey" +.Fa "const EVP_MD *type" +.Fc +.Ft int +.Fo ASN1_item_sign_ctx +.Fa "const ASN1_ITEM *it" +.Fa "X509_ALGOR *algor1" +.Fa "X509_ALGOR *algor2" +.Fa "ASN1_BIT_STRING *sig_out" +.Fa "void *val_in" +.Fa "EVP_MD_CTX *ctx" +.Fc +.Sh DESCRIPTION +.Fn ASN1_item_sign +assumes that +.Fa val_in +is an +.Vt ASN1_VALUE +of the type specified by +.Fa it , +encodes it into DER format by calling +.Xr ASN1_item_i2d 3 , +and signs the resulting byte array in a way similar to +.Xr EVP_DigestSign 3 , +using a signing context created with +.Xr EVP_DigestSignInit 3 +for the given digest +.Fa type +and private key +.Fa pkey . +The created signature is placed into the +.Fa sig_out +object provided by the caller, +freeing and replacing any data already contained in that object. +.Pp +.Fn ASN1_item_sign_ctx +is similar except that the provided +.Ft ctx +is used rather than creating a new one. +No matter whether +.Fn ASN1_item_sign_ctx +succeeds or fails, +.Xr EVP_MD_CTX_cleanup 3 +is called on +.Fa ctx +before returning. +.Pp +For both functions, unless +.Fa algor1 +is +.Dv NULL , +its algorithm OID and parameter type are set according to the digest +.Fa type +used, and its parameter value is cleared. +In RSA-PSS mode, the parameter value is also copied into +.Fa algor1 . +Unless +.Fa algor2 +is +.Dv NULL , +the same data is copied into it. +.\" The following is not yet supported by LibreSSL +.\" because we do not provide EVP_PKEY_asn1_set_item(3). +.\" except that user-defined key types set up with +.\" .Xr EVP_PKEY_asn1_new 3 +.\" may optionally provide information about a second algorithm in +.\" .Fa algor2 . +.Sh RETURN VALUES +These functions return the length of the signature in bytes +or 0 if memory allocation, encoding, or signing fails. +.Pp +.Fn ASN1_item_sign_ctx +also fails and returns 0 if +.Fa ctx +is not fully initialized. +.Sh SEE ALSO +.Xr ASN1_BIT_STRING_new 3 , +.Xr ASN1_item_digest 3 , +.Xr ASN1_item_i2d 3 , +.Xr ASN1_item_verify 3 , +.Xr EVP_Digest 3 , +.Xr EVP_DigestSign 3 , +.Xr EVP_MD_CTX_new 3 , +.\" We do not provide EVP_PKEY_asn1_set_item(3). +.\" .Xr EVP_PKEY_asn1_new 3 , +.Xr EVP_PKEY_new 3 , +.Xr OBJ_find_sigid_by_algs 3 , +.Xr X509_ALGOR_new 3 +.Sh HISTORY +.Fn ASN1_item_sign +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.1 . +.Pp +.Fn ASN1_item_sign_ctx +first appeared in OpenSSL 1.0.1 and has been available since +.Ox 5.3 . diff --git a/man/ASN1_item_verify.3 b/man/ASN1_item_verify.3 new file mode 100644 index 00000000..d2810879 --- /dev/null +++ b/man/ASN1_item_verify.3 @@ -0,0 +1,77 @@ +.\" $OpenBSD: ASN1_item_verify.3,v 1.3 2021/12/18 17:47:44 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: December 18 2021 $ +.Dt ASN1_ITEM_VERIFY 3 +.Os +.Sh NAME +.Nm ASN1_item_verify +.Nd signature verification for ASN.1 values +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo ASN1_item_verify +.Fa "const ASN1_ITEM *it" +.Fa "X509_ALGOR *algor1" +.Fa "ASN1_BIT_STRING *sig_in" +.Fa "void *val_in" +.Fa "EVP_PKEY *pkey" +.Fc +.Sh DESCRIPTION +.Fn ASN1_item_verify +assumes that +.Fa val_in +is an +.Ft ASN1_VALUE +of the type specified by +.Fa it , +encodes it into DER format by calling +.Xr ASN1_item_i2d 3 , +and verifies in a way similar to +.Xr EVP_DigestVerify 3 +that +.Fa sig_in +contains a valid signature of the resulting byte array, +a signature that was created with the signature algorithm +.Fa algor1 +and the private key corresponding to the public key +.Fa pkey . +.Sh RETURN VALUES +.Fn ASN1_item_verify +returns 1 if signature verification succeeds, 0 if signature verification +fails, or \-1 if +.Fa pkey +is +.Dv NULL , +if +.Fa sig_in +contains invalid flags, or if +.Fa algor1 +requests an invalid or unsupported digest algorithm +or does not work with the given +.Fa pkey . +.Sh SEE ALSO +.Xr ASN1_BIT_STRING_new 3 , +.Xr ASN1_item_i2d 3 , +.Xr ASN1_item_sign 3 , +.Xr EVP_DigestVerify 3 , +.Xr EVP_PKEY_new 3 , +.Xr OBJ_find_sigid_algs 3 , +.Xr X509_ALGOR_new 3 +.Sh HISTORY +.Fn ASN1_item_verify +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.1 . diff --git a/man/ASN1_mbstring_copy.3 b/man/ASN1_mbstring_copy.3 new file mode 100644 index 00000000..e0b48aaa --- /dev/null +++ b/man/ASN1_mbstring_copy.3 @@ -0,0 +1,369 @@ +.\" $OpenBSD: ASN1_mbstring_copy.3,v 1.6 2022/02/21 00:22:03 jsg Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: February 21 2022 $ +.Dt ASN1_MBSTRING_COPY 3 +.Os +.Sh NAME +.Nm ASN1_mbstring_copy , +.Nm ASN1_mbstring_ncopy , +.Nm ASN1_STRING_set_by_NID , +.Nm ASN1_STRING_set_default_mask , +.Nm ASN1_STRING_set_default_mask_asc , +.Nm ASN1_STRING_get_default_mask , +.Nm ASN1_tag2bit +.Nd copy a multibyte string into an ASN.1 string object +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft int +.Fo ASN1_mbstring_copy +.Fa "ASN1_STRING **out" +.Fa "const unsigned char *in" +.Fa "int inbytes" +.Fa "int inform" +.Fa "unsigned long mask" +.Fc +.Ft int +.Fo ASN1_mbstring_ncopy +.Fa "ASN1_STRING **out" +.Fa "const unsigned char *in" +.Fa "int inbytes" +.Fa "int inform" +.Fa "unsigned long mask" +.Fa "long minchars" +.Fa "long maxchars" +.Fc +.Ft ASN1_STRING * +.Fo ASN1_STRING_set_by_NID +.Fa "ASN1_STRING **out" +.Fa "const unsigned char *in" +.Fa "int inbytes" +.Fa "int inform" +.Fa "int nid" +.Fc +.Ft void +.Fo ASN1_STRING_set_default_mask +.Fa "unsigned long mask" +.Fc +.Ft int +.Fo ASN1_STRING_set_default_mask_asc +.Fa "const char *maskname" +.Fc +.Ft unsigned long +.Fn ASN1_STRING_get_default_mask void +.Ft unsigned long +.Fn ASN1_tag2bit "int tag" +.Sh DESCRIPTION +.Fn ASN1_mbstring_copy +interprets +.Fa inbytes +bytes starting at +.Fa in +as a multibyte string and copies it to +.Pf * Fa out , +optionally changing the encoding. +If the +.Fa inbytes +argument is negative, the +.Xr strlen 3 +of +.Fa in +is used instead. +.Pp +The +.Fa inform +argument specifies the character encoding of +.Fa in : +.Bl -column MBSTRING_UNIV encoding +.It Ar inform Ta encoding +.It Dv MBSTRING_ASC Ta ISO-Latin-1 +.It Dv MBSTRING_BMP Ta UTF-16 +.It Dv MBSTRING_UNIV Ta UTF-32 +.It Dv MBSTRING_UTF8 Ta UTF-8 +.El +.Pp +The bit +.Fa mask +specifies a set of ASN.1 string types +that the user is willing to accept: +.Bl -column B_ASN1_UNIVERSALSTRING ASN1_UNIVERSALSTRING default +.It bit in Fa mask Ta acceptable output type Ta default +.It Dv B_ASN1_PRINTABLESTRING Ta Vt ASN1_PRINTABLESTRING Ta yes +.It Dv B_ASN1_IA5STRING Ta Vt ASN1_IA5STRING Ta no +.It Dv B_ASN1_T61STRING Ta Vt ASN1_T61STRING Ta yes +.It Dv B_ASN1_BMPSTRING Ta Vt ASN1_BMPSTRING Ta yes +.It Dv B_ASN1_UNIVERSALSTRING Ta Vt ASN1_UNIVERSALSTRING Ta no +.It any other bit Ta Vt ASN1_UTF8STRING Ta yes +.El +.Pp +The first type from the above table that is included in the +.Fa mask +argument and that can represent +.Fa in +is used as the output type. +The +.Dq default +column indicates whether the type is considered acceptable if the +.Fa mask +argument has the special value 0. +.Pp +The following bit mask constants +each include several of the bits listed above: +.Bl -column B_ASN1_DIRECTORYSTRING_ MMM MMM MMM MMM MMM MMMM +.It mask constant Ta PRI Ta IA5 Ta T61 Ta BMP Ta UNI Ta UTF8 +.It Dv B_ASN1_DIRECTORYSTRING Ta yes Ta no Ta yes Ta yes Ta yes Ta yes +.It Dv DIRSTRING_TYPE Ta yes Ta no Ta yes Ta yes Ta no Ta yes +.It Dv PKCS9STRING_TYPE Ta yes Ta yes Ta yes Ta yes Ta no Ta yes +.El +.Pp +If +.Fa out +is +.Dv NULL , +.Fa inform , +.Fa inbytes , +and +.Fa in +are validated and the output type is determined and returned, +but nothing is copied. +.Pp +Otherwise, if +.Pf * Fa out +is +.Dv NULL , +a new output object of the output type is allocated +and a pointer to it is stored in +.Pf * Fa out . +.Pp +Otherwise, +.Pf ** Fa out +is used as the output object. +Any data already stored in it is freed +and its type is changed to the output type. +.Pp +Finally, +.Fa in +is copied to the output object, changing the character encoding if +.Fa inform +does not match the encoding used by the output type. +.Pp +.Fn ASN1_mbstring_ncopy +is similar except that the number of characters in +.Fa in +is restricted to the range from +.Fa minchars +to +.Fa maxchars , +inclusive. +If +.Fa maxchars +is 0, no upper limit is enforced on the number of characters. +.Pp +.Fn ASN1_STRING_set_by_NID +is similar with the following differences: +.Bl -bullet -width 1n +.It +If +.Fa out +is +.Dv NULL , +a new output object is allocated and returned +instead of skipping the copying. +.It +If +.Fa nid +has a global string table entry that can be retrieved with +.Xr ASN1_STRING_TABLE_get 3 , +.Fa mask , +.Fa minchars , +and +.Fa maxchars +are taken from that string table entry. +For some values of +.Fa nid , +an additional global mask is AND'ed into the mask before using it. +The default value of the global mask is +.Dv B_ASN1_UTF8STRING . +.It +If +.Fa nid +has no global string table entry, +.Dv B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | +.Dv B_ASN1_BMPSTRING | B_ASN1_UTF8STRING +is used instead of the mask taken from the table, +and the global mask is also AND'ed into it. +.It +Even though success and failure happen in the same situations, +the return value is different. +.Xr ASN1_STRING_type 3 +can be used to determine the type of the return value. +.El +.Pp +.Fn ASN1_STRING_set_default_mask +sets the global mask used by +.Fn ASN1_STRING_set_by_NID +to the +.Fa mask +argument. +.Pp +.Fn ASN1_STRING_set_default_mask_asc +sets the global mask as follows: +.Bl -column utf8only +.It Ar maskname Ta Ar mask +.It Qo default Qc Ta anything +.It Qo nombstr Qc Ta anything except Dv B_ASN1_BMPSTRING | B_ASN1_UTF8STRING +.It Qo pkix Qc Ta anything except Dv B_ASN1_T61STRING +.It Qo utf8only Qc Ta Dv B_ASN1_UTF8STRING +.El +.Pp +If the +.Fa maskname +argument starts with the substring +.Qq MASK:\& , +the rest of it is interpreted as an +.Vt unsigned long +value using +.Xr strtoul 3 . +.Pp +.Fn ASN1_tag2bit +translates ASN.1 data types to type bits as follows: +.Bl -column V_ASN1_OBJECT_DESCRIPTOR B_ASN1_UNIVERSALSTRING +.It Fa tag Ta return value +.It Dv V_ASN1_BIT_STRING Ta Dv B_ASN1_BIT_STRING +.It Dv V_ASN1_BMPSTRING Ta Dv B_ASN1_BMPSTRING +.It Dv V_ASN1_BOOLEAN Ta 0 +.It Dv V_ASN1_ENUMERATED Ta Dv B_ASN1_UNKNOWN +.It Dv V_ASN1_EOC Ta 0 +.It Dv V_ASN1_EXTERNAL Ta Dv B_ASN1_UNKNOWN +.It Dv V_ASN1_GENERALIZEDTIME Ta Dv B_ASN1_GENERALIZEDTIME +.It Dv V_ASN1_GENERALSTRING Ta Dv B_ASN1_GENERALSTRING +.It Dv V_ASN1_GRAPHICSTRING Ta Dv B_ASN1_GRAPHICSTRING +.It Dv V_ASN1_IA5STRING Ta Dv B_ASN1_IA5STRING +.It Dv V_ASN1_INTEGER Ta 0 +.It Dv V_ASN1_ISO64STRING Ta Dv B_ASN1_ISO64STRING +.It Dv V_ASN1_NULL Ta 0 +.It Dv V_ASN1_NUMERICSTRING Ta Dv B_ASN1_NUMERICSTRING +.It Dv V_ASN1_OBJECT Ta 0 +.It Dv V_ASN1_OBJECT_DESCRIPTOR Ta Dv B_ASN1_UNKNOWN +.It Dv V_ASN1_OCTET_STRING Ta Dv B_ASN1_OCTET_STRING +.It Dv V_ASN1_PRINTABLESTRING Ta Dv B_ASN1_PRINTABLESTRING +.It Dv V_ASN1_REAL Ta Dv B_ASN1_UNKNOWN +.It Dv V_ASN1_SEQUENCE Ta Dv B_ASN1_SEQUENCE +.It Dv V_ASN1_SET Ta 0 +.It Dv V_ASN1_T61STRING Ta Dv B_ASN1_T61STRING +.It Dv V_ASN1_TELETEXSTRING Ta Dv B_ASN1_TELETEXSTRING +.It Dv V_ASN1_UNDEF Ta 0 +.It Dv V_ASN1_UNIVERSALSTRING Ta Dv B_ASN1_UNIVERSALSTRING +.It Dv V_ASN1_UTCTIME Ta Dv B_ASN1_UTCTIME +.It Dv V_ASN1_UTF8STRING Ta Dv B_ASN1_UTF8STRING +.It Dv V_ASN1_VIDEOTEXSTRING Ta Dv B_ASN1_VIDEOTEXSTRING +.It Dv V_ASN1_VISIBLESTRING Ta Dv B_ASN1_VISIBLESTRING +.It 11, 13, 14, 15, 29 Ta Dv B_ASN1_UNKNOWN +.It Dv other Po < 0, > 30 Pc Ta Dv 0 +.El +.Pp +In typical usage, the calling code calculates the bitwise AND +of the return value and a mask describing data types +that the calling code is willing to use. +If the result of the AND operation is non-zero, the data type is +adequate; otherwise, the calling code may need to raise an error. +.Sh RETURN VALUES +.Fn ASN1_mbstring_copy +and +.Fn ASN1_mbstring_ncopy +return the +.Dv V_ASN1_* +constant representing the output type or \-1 if +.Fa inform +is invalid, if +.Fa inbytes +or +.Fa in +is invalid for the +.Fa inform +encoding, if +.Fa in +contains an UTF-16 surrogate, +which is unsupported even for input using the UTF-16 encoding, +or if memory allocation fails. +.Pp +.Fn ASN1_mbstring_ncopy +also returns \-1 if +.Fa in +contains fewer than +.Fa minchars +or more than +.Fa maxchars +characters. +.Pp +.Fn ASN1_STRING_set_by_NID +returns the new or changed ASN.1 string object or +.Dv NULL +on failure. +.Pp +.Fn ASN1_STRING_set_default_mask_asc +returns 1 if successful or 0 if +.Qq MASK:\& +is not followed by a number, if the number is followed by a non-numeric +character, or if the +.Fa maskname +is invalid. +.Pp +.Fn ASN1_STRING_get_default_mask +returns the global mask. +.Pp +.Fn ASN1_tag2bit +returns a +.Dv B_ASN1_* +constant or 0. +.Sh SEE ALSO +.Xr ASN1_PRINTABLE_type 3 , +.Xr ASN1_STRING_new 3 , +.Xr ASN1_STRING_set 3 , +.Xr ASN1_STRING_TABLE_get 3 , +.Xr ASN1_UNIVERSALSTRING_to_string 3 +.Sh HISTORY +.Fn ASN1_mbstring_copy , +.Fn ASN1_mbstring_ncopy , +.Fn ASN1_STRING_set_by_NID , +.Fn ASN1_STRING_set_default_mask , +.Fn ASN1_STRING_set_default_mask_asc , +and +.Fn ASN1_STRING_get_default_mask +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . +.Pp +.Fn ASN1_tag2bit +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.2 . +.Sh BUGS +If integer overflow occurs in +.Fn ASN1_STRING_set_default_mask_asc +while parsing a number following +.Qq MASK:\& , +the function succeeds, essentially behaving in the same way as for +.Qq default . +.Pp +Passing +.Qq default +to +.Fn ASN1_STRING_set_default_mask_asc +does +.Em not +restore the default mask. +Instead, passing +.Qq utf8only +does that. diff --git a/man/ASN1_parse_dump.3 b/man/ASN1_parse_dump.3 index 240d2d33..50761f38 100644 --- a/man/ASN1_parse_dump.3 +++ b/man/ASN1_parse_dump.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ASN1_parse_dump.3,v 1.1 2021/07/11 19:03:45 schwarze Exp $ +.\" $OpenBSD: ASN1_parse_dump.3,v 1.3 2021/12/09 18:52:09 schwarze Exp $ .\" .\" Copyright (c) 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 11 2021 $ +.Dd $Mdocdate: December 9 2021 $ .Dt ASN1_PARSE_DUMP 3 .Os .Sh NAME @@ -133,7 +133,7 @@ carriage returns and horizontal tabs, it is printed as an ASCII string. Otherwise, the .Fa dump argument decides the format. -If it is zero, a raw hex dump is emissed, consisting of two hexadecimal +If it is zero, a raw hex dump is emitted, consisting of two hexadecimal digits for every data byte. If .Fa dump @@ -175,7 +175,7 @@ bytes. .Fn ASN1_parse is identical to .Fn ASN1_parse_dump -woth 0 passed as the +with 0 passed as the .Fa dump argument. .Sh RETURN VALUES @@ -196,6 +196,12 @@ when any printing operation fails. .Xr ASN1_item_new 3 , .Xr ASN1_STRING_print 3 , .Xr ASN1_TYPE_new 3 +.Sh STANDARDS +ITU-T Recommendation X.690, also known as ISO/IEC 8825-1: +Information technology - ASN.1 encoding rules: +Specification of Basic Encoding Rules (BER), Canonical Encoding +Rules (CER) and Distinguished Encoding Rules (DER), +section 8.1: General rules for encoding .Sh HISTORY .Fn ASN1_parse first appeared in SSLeay 0.5.1 and has been available since diff --git a/man/ASN1_put_object.3 b/man/ASN1_put_object.3 index f1f0021f..97a35272 100644 --- a/man/ASN1_put_object.3 +++ b/man/ASN1_put_object.3 @@ -1,6 +1,6 @@ -.\" $OpenBSD: ASN1_put_object.3,v 1.1 2019/08/26 11:41:31 schwarze Exp $ +.\" $OpenBSD: ASN1_put_object.3,v 1.5 2022/01/12 17:54:51 tb Exp $ .\" -.\" Copyright (c) 2019 Ingo Schwarze +.\" Copyright (c) 2019, 2021 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -14,12 +14,13 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 26 2019 $ +.Dd $Mdocdate: January 12 2022 $ .Dt ASN1_PUT_OBJECT 3 .Os .Sh NAME .Nm ASN1_put_object , -.Nm ASN1_put_eoc +.Nm ASN1_put_eoc , +.Nm ASN1_object_size .Nd start and end the BER encoding of an arbitrary ASN.1 data element .Sh SYNOPSIS .In openssl/asn1.h @@ -27,7 +28,7 @@ .Fo ASN1_put_object .Fa "unsigned char **ber_out" .Fa "int constructed" -.Fa "int length" +.Fa "int content_length" .Fa "int tag" .Fa "int class" .Fc @@ -35,6 +36,12 @@ .Fo ASN1_put_eoc .Fa "unsigned char **ber_out" .Fc +.Ft int +.Fo ASN1_object_size +.Fa "int constructed" +.Fa "int content_length" +.Fa "int tag" +.Fc .Sh DESCRIPTION .Fn ASN1_put_object begins writing the BER encoding of an arbitrary ASN.1 data element @@ -73,7 +80,9 @@ Start a constructed value and use the indefinite form, .Pp If the .Fa tag -is less than 0x1f, it is written to the five least significant bits +is less than +.Dv V_ASN1_PRIMITIVE_TAG Pq = 0x1f , +it is written to the five least significant bits of the only identifier byte written. Otherwise, these five bits are all set to 1, and the .Fa tag @@ -81,10 +90,14 @@ is encoded in one or more following identifier bytes as needed. .Pp After completing the identifier byte(s), when using the definite form, the given -.Fa length -is encoded in one or more bytes as needed. -Otherwise, the special byte 0x80 is written instead and the -.Ar length +.Fa content_length +is encoded in one or more bytes as needed, +using the long form if and only if the +.Fa content_length +is greater than 127. +When using the indefinite form, +the special byte 0x80 is written instead and the +.Fa content_length argument is ignored. .Pp At the end, @@ -100,9 +113,30 @@ which writes an end-of-content marker to consisting of two NUL bytes, and advances .Pf * Fa ber_out by two bytes. +.Pp +.Fn ASN1_object_size +calculates the total length in bytes of the BER encoding +of an ASN.1 data element with the given +.Fa tag +and the number of content bytes given by +.Fa content_length . +The +.Fa constructed +argument has the same meaning as for +.Fn ASN1_put_object . +The return value includes the identifier, length, and content bytes. +If +.Fa constructed +is 2, it also includes the end-of-content bytes. +For the definite form, only the short form is supported if the +.Fa content_length +is less than 128. .Sh RETURN VALUES .Fn ASN1_put_eoc returns the number of bytes written, which is always 2. +.Pp +.Fn ASN1_object_size +returns the total number of bytes in the encoding of the data element. .Sh SEE ALSO .Xr ASN1_item_i2d 3 , .Xr ASN1_TYPE_get 3 , @@ -110,20 +144,24 @@ returns the number of bytes written, which is always 2. .Xr i2d_ASN1_OBJECT 3 , .Xr i2d_ASN1_OCTET_STRING 3 , .Xr i2d_ASN1_SEQUENCE_ANY 3 +.Sh STANDARDS +ITU-T Recommendation X.690, also known as ISO/IEC 8825-1: +Information technology - ASN.1 encoding rules: +Specification of Basic Encoding Rules (BER), Canonical Encoding +Rules (CER) and Distinguished Encoding Rules (DER), +section 8.1: General rules for encoding .Sh HISTORY .Fn ASN1_put_object -first appeared in SSLeay 0.5.1 and has been available since +and +.Fn ASN1_object_size +first appeared in SSLeay 0.5.1 and have been available since .Ox 2.4 . .Pp .Fn ASN1_put_eoc first appeared in OpenSSL 0.9.8 and has been available since .Ox 4.5 . .Sh CAVEATS -Neither -.Fn ASN1_put_object -nor -.Fn ASN1_put_eoc -do any sanity checking. +None of these functions do any sanity checking. When called in inconsistent ways, invalid content may result in .Pf * Fa ber_out , for example @@ -131,12 +169,19 @@ for example .It a .Fa tag -number less than 0x1f with a non-universal +number less than +.Dv V_ASN1_PRIMITIVE_TAG +with a .Fa class +other than +.Dv V_ASN1_UNIVERSAL .It a .Fa tag -number equal to 0x00 or 0x1f +number equal to +.Dv V_ASN1_EOC Pq 0x00 +or +.Dv V_ASN1_PRIMITIVE_TAG Pq 0x1f .It a .Vt BOOLEAN , @@ -155,12 +200,12 @@ etc. without the bit set .It a -.Fa length +.Fa content_length that makes no sense for the given .Fa tag .It a -.Fa length +.Fa content_length that disagrees with the following data .It a diff --git a/man/BASIC_CONSTRAINTS_new.3 b/man/BASIC_CONSTRAINTS_new.3 index cfe6737c..e60b0d22 100644 --- a/man/BASIC_CONSTRAINTS_new.3 +++ b/man/BASIC_CONSTRAINTS_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BASIC_CONSTRAINTS_new.3,v 1.5 2019/08/22 15:15:35 schwarze Exp $ +.\" $OpenBSD: BASIC_CONSTRAINTS_new.3,v 1.6 2021/10/27 11:24:47 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 22 2019 $ +.Dd $Mdocdate: October 27 2021 $ .Dt BASIC_CONSTRAINTS_NEW 3 .Os .Sh NAME @@ -70,6 +70,7 @@ if an error occurs. .Xr d2i_BASIC_CONSTRAINTS 3 , .Xr X509_check_purpose 3 , .Xr X509_EXTENSION_new 3 , +.Xr X509_get_extension_flags 3 , .Xr X509_new 3 .Sh STANDARDS RFC 5280: Internet X.509 Public Key Infrastructure Certificate and diff --git a/man/BIO_ctrl.3 b/man/BIO_ctrl.3 index 24265c03..762d45a5 100644 --- a/man/BIO_ctrl.3 +++ b/man/BIO_ctrl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_ctrl.3,v 1.15 2020/12/03 22:47:21 jmc Exp $ +.\" $OpenBSD: BIO_ctrl.3,v 1.16 2022/08/18 18:42:13 tb Exp $ .\" OpenSSL b055fceb Thu Oct 20 09:56:18 2016 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 3 2020 $ +.Dd $Mdocdate: August 18 2022 $ .Dt BIO_CTRL 3 .Os .Sh NAME @@ -69,7 +69,7 @@ .Nm BIO_ctrl_wpending , .Nm BIO_get_info_callback , .Nm BIO_set_info_callback , -.Nm bio_info_cb +.Nm BIO_info_cb .Nd BIO control operations .Sh SYNOPSIS .In openssl/bio.h @@ -84,7 +84,7 @@ .Fo BIO_callback_ctrl .Fa "BIO *b" .Fa "int cmd" -.Fa "bio_info_cb cb" +.Fa "BIO_info_cb cb" .Fc .Ft char * .Fo BIO_ptr_ctrl @@ -148,21 +148,18 @@ .Ft int .Fo BIO_get_info_callback .Fa "BIO *b" -.Fa "bio_info_cb **cbp" +.Fa "BIO_info_cb **cbp" .Fc .Ft int .Fo BIO_set_info_callback .Fa "BIO *b" -.Fa "bio_info_cb *cb" +.Fa "BIO_info_cb *cb" .Fc -.Ft typedef void -.Fo bio_info_cb +.Ft typedef int +.Fo BIO_info_cb .Fa "BIO *b" -.Fa "int oper" -.Fa "const char *ptr" -.Fa "int arg1" -.Fa "long arg2" -.Fa "long arg3" +.Fa "int state" +.Fa "int res" .Fc .Sh DESCRIPTION .Fn BIO_ctrl , diff --git a/man/BIO_dump.3 b/man/BIO_dump.3 index 1b66d956..b2145e22 100644 --- a/man/BIO_dump.3 +++ b/man/BIO_dump.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_dump.3,v 1.2 2021/07/11 20:18:07 beck Exp $ +.\" $OpenBSD: BIO_dump.3,v 1.3 2022/01/15 23:38:50 jsg Exp $ .\" .\" Copyright (c) 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 11 2021 $ +.Dd $Mdocdate: January 15 2022 $ .Dt BIO_DUMP 3 .Os .Sh NAME @@ -76,7 +76,7 @@ the same bytes are printed again, this time as ASCII characters. Non-printable ASCII characters are replaced with dots. .Pp Trailing space characters and NUL bytes are omitted from the main table. -If there are any, an additional line is printed, constisting of the +If there are any, an additional line is printed, consisting of the .Fa len argument as a four-digit hexadecimal number, a dash, and the fixed string .Qq . diff --git a/man/BIO_f_asn1.3 b/man/BIO_f_asn1.3 new file mode 100644 index 00000000..3bf5a512 --- /dev/null +++ b/man/BIO_f_asn1.3 @@ -0,0 +1,229 @@ +.\" $OpenBSD: BIO_f_asn1.3,v 1.2 2021/12/12 17:31:18 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: December 12 2021 $ +.Dt BIO_F_ASN1 3 +.Os +.Sh NAME +.Nm BIO_f_asn1 , +.Nm asn1_ps_func , +.Nm BIO_asn1_set_prefix , +.Nm BIO_asn1_get_prefix , +.Nm BIO_asn1_set_suffix , +.Nm BIO_asn1_get_suffix +.Nd BER-encoding filter BIO +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft const BIO_METHOD * +.Fn BIO_f_asn1 void +.In openssl/bio.h +.Ft typedef int +.Fo asn1_ps_func +.Fa "BIO *bio" +.Fa "unsigned char **pbuf" +.Fa "int *plen" +.Fa "void *parg" +.Fc +.Ft int +.Fo BIO_asn1_set_prefix +.Fa "BIO *chain" +.Fa "asn1_ps_func *prefix" +.Fa "asn1_ps_func *prefix_free" +.Fc +.Ft int +.Fo BIO_asn1_get_prefix +.Fa "BIO *chain" +.Fa "asn1_ps_func **pprefix" +.Fa "asn1_ps_func **pprefix_free" +.Fc +.Ft int +.Fo BIO_asn1_set_suffix +.Fa "BIO *chain" +.Fa "asn1_ps_func *suffix" +.Fa "asn1_ps_func *suffix_free" +.Fc +.Ft int +.Fo BIO_asn1_get_suffix +.Fa "BIO *chain" +.Fa "asn1_ps_func **psuffix" +.Fa "asn1_ps_func **psuffix_free" +.Fc +.Sh DESCRIPTION +.Fn BIO_f_asn1 +returns the +.Qq asn1 +BIO method. +BIOs created from it with +.Xr BIO_new 3 +are filter BIOs intended to BER-encode data written to them +and pass the encoded data on to the next BIO in the chain. +Such BIOs operate as follows: +.Bl -hang -width 1n +.It Xr BIO_method_type 3 +returns +.Dv BIO_TYPE_ASN1 . +.It Xr BIO_method_name 3 +returns a pointer to the static string +.Qq asn1 . +.It Xr BIO_write 3 +writes the DER encoding of an ASN.1 OCTET STRING with the +.Fa len +content octets in +.Fa buf +to the next BIO in the chain. +.Pp +If a +.Fa prefix +function was installed with +.Fn BIO_asn1_set_prefix , +that function is called before writing the object. +It may for example produce additional output. +If it fails, writing fails. +.Pp +If a +.Fa prefix_free +function was installed as well, that function is called +after writing any output produced by +.Fa prefix +but before writing the object. +Failure of +.Fa prefix_free +is silently ignored. +.It Xr BIO_puts 3 +operates like +.Xr BIO_write 3 +but uses the +.Xr strlen 3 +of +.Fa buf +instead of a +.Fa len +argument. +.It Xr BIO_flush 3 +calls the +.Fa suffix +callback function, if any. +If that produces any output, it calls the +.Fa suffix_free +callback function, if any, silently ignoring failure. +Finally, it calls +.Xr BIO_flush 3 +on the next BIO in the chain. +It fails if no data was previously written or if the +.Fa suffix +callback, writing, or +.Xr BIO_flush 3 +on the next BIO fail. +.It Xr BIO_ctrl 3 +with a +.Fa cmd +of +.Dv BIO_C_SET_EX_ARG +stores the pointer +.Fa parg +internally such that it will be passed to the +.Fn asn1_ps_func +callback functions. +With a +.Fa cmd +of +.Dv BIO_C_GET_EX_ARG , +it retrieves that pointer, storing it in +.Pf * Fa parg . +The commands +.Dv BIO_C_SET_PREFIX , +.Dv BIO_C_GET_PREFIX , +.Dv BIO_C_SET_SUFFIX , +.Dv BIO_C_GET_SUFFIX , +and +.Dv BIO_CTRL_FLUSH +are used internally to implement +.Fn BIO_asn1_set_prefix , +.Fn BIO_asn1_get_prefix , +.Fn BIO_asn1_set_suffix , +.Fn BIO_asn1_get_suffix +and +.Xr BIO_flush 3 +and are not intended for use by application programs. +Other commands are merely forwarded to the next BIO in the chain. +.It Xo +.Xr BIO_read 3 , +.Xr BIO_gets 3 , +and +.Xr BIO_callback_ctrl 3 +.Xc +merely call the same function on the next BIO in the chain. +.El +.Pp +If the above description of a function mentions the next BIO in the +chain, that function fails if the asn1 BIO is the last BIO in the chain. +.Pp +.Fn BIO_asn1_set_prefix +and +.Fn BIO_asn1_get_prefix +install and retrieve the +.Fa prefix +and +.Fa prefix_free +callback functions in and from the first asn1 BIO in the given +.Fa chain . +Similarly, +.Fn BIO_asn1_set_suffix +and +.Fn BIO_asn1_get_suffix +install and retrieve the +.Fa suffix +and +.Fa suffix_free +callback functions. +Passing a +.Dv NULL +pointer for any of the +.Fn asn1_ps_func +arguments disables that particular callback. +.Sh RETURN VALUES +.Fn BIO_f_asn1 +always returns a pointer to a static built-in object. +.Pp +Functions of the type +.Fn asn1_ps_func +are supposed to return 1 on success or 0 on failure. +.Pp +.Fn BIO_asn1_set_prefix , +.Fn BIO_asn1_get_prefix , +.Fn BIO_asn1_set_suffix , +and +.Fn BIO_asn1_get_suffix +return 1 on success or 0 if +.Fa chain +is a +.Dv NULL +pointer or does not contain any asn1 BIO. +They may return \-2 if a BIO is encountered in the +.Fa chain +that is not properly initialized. +.Sh SEE ALSO +.Xr ASN1_put_object 3 , +.Xr BIO_ctrl 3 , +.Xr BIO_new 3 , +.Xr BIO_new_NDEF 3 , +.Xr BIO_next 3 , +.Xr BIO_write 3 , +.Xr i2d_ASN1_OCTET_STRING 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.0.0 +and have been available since +.Ox 4.9 . diff --git a/man/BIO_f_buffer.3 b/man/BIO_f_buffer.3 index 21a6e9a5..27baf727 100644 --- a/man/BIO_f_buffer.3 +++ b/man/BIO_f_buffer.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_f_buffer.3,v 1.10 2018/05/01 17:05:05 schwarze Exp $ +.\" $OpenBSD: BIO_f_buffer.3,v 1.11 2022/03/31 17:27:16 naddy Exp $ .\" OpenSSL 9b86974e Mar 19 12:32:14 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 1 2018 $ +.Dd $Mdocdate: March 31 2022 $ .Dt BIO_F_BUFFER 3 .Os .Sh NAME @@ -132,7 +132,7 @@ bytes of .Fa buf . If .Fa num -is larger than the current buffer size the buffer is expanded. +is larger than the current buffer size, the buffer is expanded. .Pp Except .Fn BIO_f_buffer , diff --git a/man/BIO_f_ssl.3 b/man/BIO_f_ssl.3 index 86432002..5e18a85b 100644 --- a/man/BIO_f_ssl.3 +++ b/man/BIO_f_ssl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_f_ssl.3,v 1.11 2019/06/12 09:36:30 schwarze Exp $ +.\" $OpenBSD: BIO_f_ssl.3,v 1.12 2022/03/31 17:27:18 naddy Exp $ .\" full merge up to: OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500 .\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 .\" @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 12 2019 $ +.Dd $Mdocdate: March 31 2022 $ .Dt BIO_F_SSL 3 .Os .Sh NAME @@ -147,7 +147,7 @@ is appended to an .Vt SSL .Vt BIO using -.Xr BIO_push 3 +.Xr BIO_push 3 , it is automatically used as the .Vt SSL .Vt BIO Ns 's read and write @@ -213,7 +213,7 @@ is 0, server mode is set. .Fn BIO_set_ssl_renegotiate_bytes sets the renegotiate byte count to .Fa num . -When set after every +When set, after every .Fa num bytes of I/O (read and write) the SSL session is automatically renegotiated. .Fa num @@ -222,7 +222,7 @@ must be at least 512 bytes. .Fn BIO_set_ssl_renegotiate_timeout sets the renegotiate timeout to .Fa seconds . -When the renegotiate timeout elapses the session is automatically renegotiated. +When the renegotiate timeout elapses, the session is automatically renegotiated. .Pp .Fn BIO_get_num_renegotiates returns the total number of session renegotiations due to I/O or timeout. @@ -303,7 +303,7 @@ established; the call should be used for non blocking connect .Vt BIO Ns s to determine if the call should be retried. -If an SSL connection has already been established this call has no effect. +If an SSL connection has already been established, this call has no effect. .Pp .Vt SSL .Vt BIO Ns s @@ -325,7 +325,7 @@ using a blocking transport will never request a retry. Since unknown .Xr BIO_ctrl 3 operations are sent through filter -.Vt BIO Ns s +.Vt BIO Ns s , the server name and port can be set using .Xr BIO_set_conn_hostname 3 and diff --git a/man/BIO_find_type.3 b/man/BIO_find_type.3 index 99e93167..8882dbf4 100644 --- a/man/BIO_find_type.3 +++ b/man/BIO_find_type.3 @@ -1,7 +1,24 @@ -.\" $OpenBSD: BIO_find_type.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" $OpenBSD: BIO_find_type.3,v 1.10 2021/11/25 12:15:37 schwarze Exp $ +.\" full merge up to: OpenSSL 1cb7eff4 Sep 10 13:56:40 2019 +0100 .\" -.\" This file was written by Dr. Stephen Henson . +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . .\" Copyright (c) 2000, 2013, 2016 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -48,28 +65,33 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: November 25 2021 $ .Dt BIO_FIND_TYPE 3 .Os .Sh NAME .Nm BIO_find_type , .Nm BIO_next , -.Nm BIO_method_type +.Nm BIO_method_type , +.Nm BIO_method_name .Nd BIO chain traversal .Sh SYNOPSIS .In openssl/bio.h .Ft BIO * .Fo BIO_find_type -.Fa "BIO *b" -.Fa "int bio_type" +.Fa "BIO *bio" +.Fa "int type" .Fc .Ft BIO * .Fo BIO_next -.Fa "BIO *b" +.Fa "BIO *bio" .Fc .Ft int .Fo BIO_method_type -.Fa "const BIO *b" +.Fa "const BIO *bio" +.Fc +.Ft const char * +.Fo BIO_method_name +.Fa "const BIO *bio" .Fc .Fd #define BIO_TYPE_NONE 0 .Fd #define BIO_TYPE_MEM (1|0x0400) @@ -90,86 +112,113 @@ .Fd #define BIO_TYPE_NULL_FILTER (17|0x0200) .Fd #define BIO_TYPE_BER (18|0x0200) .Fd #define BIO_TYPE_BIO (19|0x0400) +.Fd #define BIO_TYPE_LINEBUFFER (20|0x0200) +.Fd #define BIO_TYPE_DGRAM (21|0x0400|0x0100) +.Fd #define BIO_TYPE_ASN1 (22|0x0200) +.Fd #define BIO_TYPE_COMP (23|0x0200) .Fd #define BIO_TYPE_DESCRIPTOR 0x0100 .Fd #define BIO_TYPE_FILTER 0x0200 .Fd #define BIO_TYPE_SOURCE_SINK 0x0400 +.Fd #define BIO_TYPE_START 128 .Sh DESCRIPTION -The function .Fn BIO_find_type -searches for a BIO of a given type in a chain, starting at BIO -.Fa b . -If -.Fa bio_type -is a specific type (such as -.Dv BIO_TYPE_MEM ) , -then a search is made for a BIO of that type. -If -.Fa bio_type -is a general type (such as -.Dv BIO_TYPE_SOURCE_SINK ) , -then the next matching BIO of the given general type is searched for. -.Fn BIO_find_type -returns the next matching BIO or -.Dv NULL -if none is found. +searches for a BIO matching the given +.Fa type +in the chain starting at +.Fa bio . +If the least significant byte of the +.Fa type +argument is non-zero, only exact matches of the +.Fa type +are accepted. +Otherwise, a match only requires that any of the bits set in the +.Fa type +argument is also set in the candidate BIO. .Pp -Note: not all the +Not all the .Dv BIO_TYPE_* -types above have corresponding BIO implementations. +types shown above have corresponding BIO implementations. +.Pp +Types with a least significant byte in the range from 0 to +.Dv BIO_TYPE_START , +inclusive, are reserved for BIO types built into the library. +Types with a least significant byte greater than +.Dv BIO_TYPE_START +are available for user-defined BIO types; see +.Xr BIO_get_new_index 3 +for details. .Pp .Fn BIO_next -returns the next BIO in a chain. -It can be used to traverse all BIOs in a chain or used in conjunction with +returns the next BIO in the chain after +.Fa bio . +This function can be used to traverse all BIOs in a chain +or in conjunction with .Fn BIO_find_type to find all BIOs of a certain type. .Pp .Fn BIO_method_type -returns the type of a BIO. +returns the type of the given +.Fa bio . +.Pp +.Fn BIO_method_name +returns an ASCII string representing the type of the +.Fa bio . .Sh RETURN VALUES .Fn BIO_find_type -returns a matching BIO or +returns the next matching BIO or +.Dv NULL +if +.Fa bio +is a .Dv NULL -for no match. +pointer or if no matching BIO is found. .Pp .Fn BIO_next -returns the next BIO in a chain. +returns the next BIO or +.Dv NULL +if +.Fa bio +is a +.Dv NULL +pointer or points to the last BIO in a chain. .Pp .Fn BIO_method_type -returns the type of the BIO -.Fa b . +returns one of the +.Dv BIO_TYPE_* +constants. +.Pp +.Fn BIO_method_name +returns an internal pointer to a string. .Sh EXAMPLES Traverse a chain looking for digest BIOs: .Bd -literal -offset 2n BIO *btmp; -btmp = in_bio; /* in_bio is chain to search through */ -do { +btmp = in_bio; /* in_bio is the chain to search through */ +while (btmp != NULL) { btmp = BIO_find_type(btmp, BIO_TYPE_MD); if (btmp == NULL) break; /* Not found */ - /* btmp is a digest BIO, do something with it ...*/ + + /* btmp is a digest BIO, do something with it ... */ ... btmp = BIO_next(btmp); -} while(btmp); +} .Ed .Sh SEE ALSO +.Xr BIO_meth_new 3 , .Xr BIO_new 3 .Sh HISTORY .Fn BIO_method_type +and +.Fn BIO_method_name first appeared in SSLeay 0.6.0. .Fn BIO_find_type first appeared in SSLeay 0.6.6. -Both functions have been available since +These functions have been available since .Ox 2.4 . .Pp .Fn BIO_next first appeared in OpenSSL 0.9.6 and has been available since .Ox 2.9 . -.Sh BUGS -.Fn BIO_find_type -in OpenSSL 0.9.5a and earlier could not be safely passed a -.Dv NULL -pointer for the -.Fa b -argument. diff --git a/man/BIO_new.3 b/man/BIO_new.3 index e7c08c99..17f5a708 100644 --- a/man/BIO_new.3 +++ b/man/BIO_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_new.3,v 1.21 2021/07/10 15:56:18 schwarze Exp $ +.\" $OpenBSD: BIO_new.3,v 1.22 2021/11/27 16:18:03 schwarze Exp $ .\" full merge up to: .\" OpenSSL man3/BIO_new.pod fb46be03 Feb 26 11:51:31 2016 +0000 .\" OpenSSL man7/bio.pod 631c37be Dec 12 16:56:50 2017 +0100 @@ -52,7 +52,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 10 2021 $ +.Dd $Mdocdate: November 27 2021 $ .Dt BIO_NEW 3 .Os .Sh NAME @@ -230,6 +230,7 @@ Create a memory BIO: .Sh SEE ALSO .Xr BIO_ctrl 3 , .Xr BIO_dump 3 , +.Xr BIO_f_asn1 3 , .Xr BIO_f_base64 3 , .Xr BIO_f_buffer 3 , .Xr BIO_f_cipher 3 , diff --git a/man/BIO_new_CMS.3 b/man/BIO_new_CMS.3 index a7c2c1b2..c1c47e3a 100644 --- a/man/BIO_new_CMS.3 +++ b/man/BIO_new_CMS.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_new_CMS.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ +.\" $OpenBSD: BIO_new_CMS.3,v 1.8 2021/12/12 17:31:18 schwarze Exp $ .\" full merge up to: OpenSSL df75c2bfc Dec 9 01:02:36 2018 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 2 2019 $ +.Dd $Mdocdate: December 12 2021 $ .Dt BIO_NEW_CMS 3 .Os .Sh NAME @@ -128,6 +128,7 @@ The error can be obtained from .Xr ERR_get_error 3 . .Sh SEE ALSO .Xr BIO_new 3 , +.Xr BIO_new_NDEF 3 , .Xr CMS_ContentInfo_new 3 , .Xr CMS_encrypt 3 , .Xr CMS_sign 3 diff --git a/man/BIO_new_NDEF.3 b/man/BIO_new_NDEF.3 new file mode 100644 index 00000000..9a169247 --- /dev/null +++ b/man/BIO_new_NDEF.3 @@ -0,0 +1,120 @@ +.\" $OpenBSD: BIO_new_NDEF.3,v 1.3 2021/12/13 13:46:09 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: December 13 2021 $ +.Dt BIO_NEW_NDEF 3 +.Os +.Sh NAME +.Nm BIO_new_NDEF +.Nd generic constructor for streaming BIO chains +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft BIO * +.Fo BIO_new_NDEF +.Fa "BIO *out_bio" +.Fa "ASN1_VALUE *val_in" +.Fa "const ASN1_ITEM *it" +.Fc +.Sh DESCRIPTION +.Fn BIO_new_NDEF +is a wrapper around +.Xr BIO_new 3 +with a BIO +.Fa type +of +.Xr BIO_f_asn1 3 +that supports streaming by providing the following additional functionality. +.Pp +The data type +.Fa it +needs to support streaming. +Of the data types built into the library, currently only +.Vt CMS_ContentInfo +and +.Vt PKCS7 +support that. +The argument +.Fa val_in +needs to be of that type. +.Pp +A structure containing the following data is saved using +.Xr BIO_ctrl 3 +with an argument of +.Dv BIO_C_SET_EX_ARG +as described in +.Xr BIO_f_asn1 3 : +.Pp +.Bl -bullet -compact -offset indent +.It +the data type +.Fa it +.It +the input value +.Fa val_in +.It +a pointer to the +.Vt unsigned char * +content buffer of +.Fa val_in , +extracted using a type-specific callback function +.It +a pointer to the new asn1 BIO +.It +a pointer to the beginning of the BIO chain; +this may be the asn1 BIO itself, or one or more filter BIOs +may be prepended to it in a type-specific manner, +for example digest or encoding BIOs +.El +.Pp +In order to handle the output from the new asn1 BIO, the +.Fa out_bio +is appended to it using +.Xr BIO_push 3 . +The +.Fa out_bio +can be a single sink BIO or a BIO chain ending in a sink BIO. +.Pp +A built-in +.Fa prefix +function is installed with +.Xr BIO_asn1_set_prefix 3 +that encodes +.Fa val_in +using +.Xr ASN1_item_ndef_i2d 3 , +and a built-in +.Fa suffix +function is installed that finalizes the written structures +in a type-specific way. +.Sh RETURN VALUES +.Fn BIO_new_NDEF +returns a pointer to the beginning of the constructed BIO chain or +.Dv NULL +if +.Fa it +does not support streaming or if memory allocation fails. +.Sh SEE ALSO +.Xr ASN1_item_ndef_i2d 3 , +.Xr BIO_ctrl 3 , +.Xr BIO_f_asn1 3 , +.Xr BIO_new 3 , +.Xr BIO_new_CMS 3 , +.Xr BIO_push 3 , +.Xr i2d_ASN1_bio_stream 3 +.Sh HISTORY +.Fn BIO_new_NDEF +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . diff --git a/man/BIO_read.3 b/man/BIO_read.3 index 97514a61..ac809bc7 100644 --- a/man/BIO_read.3 +++ b/man/BIO_read.3 @@ -1,7 +1,24 @@ -.\" $OpenBSD: BIO_read.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" $OpenBSD: BIO_read.3,v 1.10 2021/12/08 16:31:10 schwarze Exp $ +.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" -.\" This file was written by Dr. Stephen Henson . +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . .\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -48,14 +65,15 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: December 8 2021 $ .Dt BIO_READ 3 .Os .Sh NAME .Nm BIO_read , .Nm BIO_gets , .Nm BIO_write , -.Nm BIO_puts +.Nm BIO_puts , +.Nm BIO_indent .Nd BIO I/O functions .Sh SYNOPSIS .In openssl/bio.h @@ -80,13 +98,19 @@ .Ft int .Fo BIO_puts .Fa "BIO *b" -.Fa "const char *buf" +.Fa "const char *string" +.Fc +.Ft int +.Fo BIO_indent +.Fa "BIO *b" +.Fa "int indent" +.Fa "int max" .Fc .Sh DESCRIPTION .Fn BIO_read attempts to read .Fa len -bytes from BIO +bytes from .Fa b and places the data in .Fa buf . @@ -96,7 +120,7 @@ performs the BIOs "gets" operation and places the data in .Fa buf . Usually this operation will attempt to read a line of data from the BIO of maximum length -.Fa len No - 1 . +.Fa size No \- 1 . There are exceptions to this however, for example .Fn BIO_gets on a digest BIO will calculate and return the digest @@ -110,15 +134,24 @@ attempts to write .Fa len bytes from .Fa buf -to BIO +to .Fa b . .Pp .Fn BIO_puts -attempts to write a null terminated string -.Fa buf -to BIO +attempts to write the NUL-terminated +.Fa string +to .Fa b . .Pp +.Fn BIO_indent +attempts to write +.Fa indent +space characters to +.Fa b , +but not more than +.Fa max +characters. +.Pp One technique sometimes used with blocking sockets is to use a system call (such as .Xr select 2 , @@ -152,15 +185,19 @@ work around this by adding a buffering BIO .Xr BIO_f_buffer 3 to the chain. .Sh RETURN VALUES -All these functions return either the amount of data successfully +.Fn BIO_indent +returns 1 if successful, even if nothing was written, +or 0 if writing fails. +.Pp +The other functions return either the amount of data successfully read or written (if the return value is positive) or that no data -was successfully read or written if the result is 0 or -1. -If the return value is -2, then the operation is not implemented +was successfully read or written if the result is 0 or \-1. +If the return value is \-2, then the operation is not implemented in the specific BIO type. The trailing NUL is not included in the length returned by .Fn BIO_gets . .Pp -A 0 or -1 return is not necessarily an indication of an error. +A 0 or \-1 return is not necessarily an indication of an error. In particular when the source/sink is non-blocking or of a certain type it may merely be an indication that no data is currently available and that the application should retry the operation later. @@ -176,3 +213,7 @@ and .Fn BIO_puts first appeared in SSLeay 0.6.0 and have been available since .Ox 2.4 . +.Pp +.Fn BIO_indent +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.4 . diff --git a/man/BIO_s_accept.3 b/man/BIO_s_accept.3 index 4ead28b6..810d4e2d 100644 --- a/man/BIO_s_accept.3 +++ b/man/BIO_s_accept.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_s_accept.3,v 1.11 2018/05/12 20:12:17 schwarze Exp $ +.\" $OpenBSD: BIO_s_accept.3,v 1.13 2022/03/31 17:30:05 naddy Exp $ .\" OpenSSL c03726ca Thu Aug 27 12:28:08 2015 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 12 2018 $ +.Dd $Mdocdate: March 31 2022 $ .Dt BIO_S_ACCEPT 3 .Os .Sh NAME @@ -220,10 +220,10 @@ will await an incoming connection, or request a retry in non-blocking mode. .Sh NOTES When an accept BIO is at the end of a chain, it will await an incoming connection before processing I/O calls. -When an accept BIO is not at then end of a chain, +When an accept BIO is not at the end of a chain, it passes I/O calls to the next BIO in the chain. .Pp -When a connection is established a new socket BIO is created +When a connection is established, a new socket BIO is created for the connection and appended to the chain. That is the chain is now accept->socket. This effectively means that attempting I/O on an initial accept diff --git a/man/BIO_s_bio.3 b/man/BIO_s_bio.3 index 171207df..bf4e8738 100644 --- a/man/BIO_s_bio.3 +++ b/man/BIO_s_bio.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_s_bio.3,v 1.13 2018/05/01 17:05:05 schwarze Exp $ +.\" $OpenBSD: BIO_s_bio.3,v 1.14 2022/03/31 17:27:16 naddy Exp $ .\" OpenSSL c03726ca Aug 27 12:28:08 2015 -0400 .\" .\" This file was written by @@ -53,7 +53,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 1 2018 $ +.Dd $Mdocdate: March 31 2022 $ .Dt BIO_S_BIO 3 .Os .Sh NAME @@ -182,7 +182,7 @@ sets the write buffer size of BIO .Fa b to .Fa size . -If the size is not initialized a default value is used. +If the size is not initialized, a default value is used. This is currently 17K, sufficient for a maximum size TLS record. .Pp .Fn BIO_get_write_buf_size @@ -255,7 +255,7 @@ or .Xr SSL_free 3 call, the other half still needs to be freed. .Pp -When used in bidirectional applications (such as TLS/SSL) +When used in bidirectional applications (such as TLS/SSL), care should be taken to flush any data in the write buffer. This can be done by calling .Xr BIO_pending 3 diff --git a/man/BIO_s_connect.3 b/man/BIO_s_connect.3 index 7ddde85f..2732e9bc 100644 --- a/man/BIO_s_connect.3 +++ b/man/BIO_s_connect.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_s_connect.3,v 1.11 2018/05/12 20:12:17 schwarze Exp $ +.\" $OpenBSD: BIO_s_connect.3,v 1.12 2022/03/31 17:27:16 naddy Exp $ .\" OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 12 2018 $ +.Dd $Mdocdate: March 31 2022 $ .Dt BIO_S_CONNECT 3 .Os .Sh NAME @@ -159,7 +159,7 @@ and also returns the socket. If .Fa c is not -.Dv NULL +.Dv NULL , it should be of type .Vt "int *" . .Pp diff --git a/man/BIO_s_mem.3 b/man/BIO_s_mem.3 index 89a9d55d..f2522a80 100644 --- a/man/BIO_s_mem.3 +++ b/man/BIO_s_mem.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_s_mem.3,v 1.14 2019/06/06 01:06:58 schwarze Exp $ +.\" $OpenBSD: BIO_s_mem.3,v 1.15 2022/02/19 16:00:14 jsing Exp $ .\" full merge up to: OpenSSL 8711efb4 Mon Apr 20 11:33:12 2009 +0000 .\" selective merge up to: OpenSSL 36359cec Mar 7 14:37:23 2018 +0100 .\" @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: February 19 2022 $ .Dt BIO_S_MEM 3 .Os .Sh NAME @@ -199,14 +199,6 @@ until the BIO is freed. .Pp Writes to memory BIOs will always succeed if memory is available: their size can grow indefinitely. -.Pp -Every read from a read/write memory BIO will remove the data just read -with an internal copy operation. -If a BIO contains a lot of data and it is read in small chunks, -the operation can be very slow. -The use of a read only memory BIO avoids this problem. -If the BIO must be read/write then adding a buffering BIO -to the chain will speed up the process. .Sh RETURN VALUES .Fn BIO_s_mem returns a pointer to a static object. @@ -275,6 +267,3 @@ There should be an option to set the maximum size of a memory BIO. .Pp There should be a way to "rewind" a read/write BIO without destroying its contents. -.Pp -The copying operation should not occur after every small read -of a large BIO to improve efficiency. diff --git a/man/BN_add.3 b/man/BN_add.3 index 8a11d7c0..ab2d3433 100644 --- a/man/BN_add.3 +++ b/man/BN_add.3 @@ -1,9 +1,26 @@ -.\" $OpenBSD: BN_add.3,v 1.13 2018/04/29 15:58:21 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" $OpenBSD: BN_add.3,v 1.16 2021/12/20 15:02:13 schwarze Exp $ +.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 .\" -.\" This file was written by Ulf Moeller +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Ulf Moeller .\" and Bodo Moeller . -.\" Copyright (c) 2000, 2001, 2015 The OpenSSL Project. All rights reserved. +.\" Copyright (c) 2000, 2015 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -49,21 +66,29 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 29 2018 $ +.Dd $Mdocdate: December 20 2021 $ .Dt BN_ADD 3 .Os .Sh NAME .Nm BN_add , +.Nm BN_uadd , .Nm BN_sub , +.Nm BN_usub , .Nm BN_mul , .Nm BN_sqr , .Nm BN_div , .Nm BN_mod , .Nm BN_nnmod , .Nm BN_mod_add , +.Nm BN_mod_add_quick , .Nm BN_mod_sub , +.Nm BN_mod_sub_quick , .Nm BN_mod_mul , .Nm BN_mod_sqr , +.Nm BN_mod_lshift , +.Nm BN_mod_lshift_quick , +.Nm BN_mod_lshift1 , +.Nm BN_mod_lshift1_quick , .Nm BN_exp , .Nm BN_mod_exp , .\" The following are public, but intentionally undocumented for now: @@ -84,22 +109,34 @@ .Fa "const BIGNUM *b" .Fc .Ft int +.Fo BN_uadd +.Fa "BIGNUM *r" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" +.Fc +.Ft int .Fo BN_sub .Fa "BIGNUM *r" .Fa "const BIGNUM *a" .Fa "const BIGNUM *b" .Fc .Ft int +.Fo BN_usub +.Fa "BIGNUM *r" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" +.Fc +.Ft int .Fo BN_mul .Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" .Fa "BN_CTX *ctx" .Fc .Ft int .Fo BN_sqr .Fa "BIGNUM *r" -.Fa "BIGNUM *a" +.Fa "const BIGNUM *a" .Fa "BN_CTX *ctx" .Fc .Ft int @@ -127,45 +164,87 @@ .Ft int .Fo BN_mod_add .Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" .Fa "const BIGNUM *m" .Fa "BN_CTX *ctx" .Fc .Ft int +.Fo BN_mod_add_quick +.Fa "BIGNUM *r" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" +.Fa "const BIGNUM *m" +.Fc +.Ft int .Fo BN_mod_sub .Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" .Fa "const BIGNUM *m" .Fa "BN_CTX *ctx" .Fc .Ft int +.Fo BN_mod_sub_quick +.Fa "BIGNUM *r" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" +.Fa "const BIGNUM *m" +.Fc +.Ft int .Fo BN_mod_mul .Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" .Fa "const BIGNUM *m" .Fa "BN_CTX *ctx" .Fc .Ft int .Fo BN_mod_sqr .Fa "BIGNUM *r" -.Fa "BIGNUM *a" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_mod_lshift +.Fa "BIGNUM *r" +.Fa "const BIGNUM *a" +.Fa "int n" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_mod_lshift_quick +.Fa "BIGNUM *r" +.Fa "const BIGNUM *a" +.Fa "int n" +.Fa "const BIGNUM *m" +.Fc +.Ft int +.Fo BN_mod_lshift1 +.Fa "BIGNUM *r" +.Fa "const BIGNUM *a" .Fa "const BIGNUM *m" .Fa "BN_CTX *ctx" .Fc .Ft int +.Fo BN_mod_lshift1_quick +.Fa "BIGNUM *r" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *m" +.Fc +.Ft int .Fo BN_exp .Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "BIGNUM *p" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *p" .Fa "BN_CTX *ctx" .Fc .Ft int .Fo BN_mod_exp .Fa "BIGNUM *r" -.Fa "BIGNUM *a" +.Fa "const BIGNUM *a" .Fa "const BIGNUM *p" .Fa "const BIGNUM *m" .Fa "BN_CTX *ctx" @@ -173,8 +252,8 @@ .Ft int .Fo BN_gcd .Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" .Fa "BN_CTX *ctx" .Fc .Sh DESCRIPTION @@ -194,6 +273,22 @@ as or .Fa b . .Pp +.Fn BN_uadd +adds the absolute values of +.Fa a +and +.Fa b +and places the result in +.Fa r +.Pq Li r=|a|+|b|\& . +.Fa r +may be the same +.Vt BIGNUM +as +.Fa a +or +.Fa b . +.Pp .Fn BN_sub subtracts .Fa b @@ -210,6 +305,28 @@ as or .Fa b . .Pp +.Fn BN_usub +subtracts the absolute value of +.Fa b +from the absolute value of +.Fa a +and places the result in +.Fa r +.Pq Li r=|a|-|b|\& . +It requires the absolute value of +.Fa a +to be greater than the absolute value of +.Fa b ; +otherwise, it will sometimes fail +and sometimes silently produce wrong results. +.Fa r +may be the same +.Vt BIGNUM +as +.Fa a +or +.Fa b . +.Pp .Fn BN_mul multiplies .Fa a @@ -299,6 +416,18 @@ modulo and places the non-negative result in .Fa r . .Pp +.Fn BN_mod_add_quick +is a variant of +.Fn BN_mod_add +that requires +.Fa a +and +.Fa b +to both be non-negative and smaller than +.Fa m . +If any of these constraints are violated, +it silently produces wrong results. +.Pp .Fn BN_mod_sub subtracts .Fa b @@ -309,6 +438,18 @@ modulo and places the non-negative result in .Fa r . .Pp +.Fn BN_mod_sub_quick +is a variant of +.Fn BN_mod_sub +that requires +.Fa a +and +.Fa b +to both be non-negative and smaller than +.Fa m . +If any of these constraints are violated, +it silently produces wrong results. +.Pp .Fn BN_mod_mul multiplies .Fa a @@ -338,6 +479,40 @@ modulo and places the result in .Fa r . .Pp +.Fn BN_mod_lshift +shifts +.Fa a +left by +.Fa n +bits, reduces the result modulo +.Fa m , +and places the non-negative remainder in +.Fa r +.Pq Li r=a*2^n mod m . +.Pp +.Fn BN_mod_lshift1 +shifts +.Fa a +left by one bit, reduces the result modulo +.Fa m , +and places the non-negative remainder in +.Fa r +.Pq Li r=a*2 mod m . +.Pp +.Fn BN_mod_lshift_quick +and +.Fn BN_mod_lshift1_quick +are variants of +.Fn BN_mod_lshift +and +.Fn BN_mod_lshift1 , +respectively, that require +.Fa a +to be non-negative and less than +.Fa m . +If either of these constraints is violated, they sometimes fail +and sometimes silently produce wrong results. +.Pp .Fn BN_exp raises .Fa a @@ -422,18 +597,26 @@ first appeared in SSLeay 0.9.0. All these functions have been available since .Ox 2.4 . .Pp -The +.Fn BN_uadd , +.Fn BN_usub , +and the .Fa ctx argument to .Fn BN_mul -was added in SSLeay 0.9.1 and +first appeared in SSLeay 0.9.1 and have been available since .Ox 2.6 . .Pp .Fn BN_nnmod , .Fn BN_mod_add , +.Fn BN_mod_add_quick , .Fn BN_mod_sub , +.Fn BN_mod_sub_quick , +.Fn BN_mod_sqr , +.Fn BN_mod_lshift , +.Fn BN_mod_lshift_quick , +.Fn BN_mod_lshift1 , and -.Fn BN_mod_sqr +.Fn BN_mod_lshift1_quick first appeared in OpenSSL 0.9.7 and have been available since .Ox 3.2 . .Sh BUGS diff --git a/man/BN_bn2bin.3 b/man/BN_bn2bin.3 index 48d350ab..ec69909d 100644 --- a/man/BN_bn2bin.3 +++ b/man/BN_bn2bin.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BN_bn2bin.3,v 1.14 2021/09/11 08:45:47 schwarze Exp $ +.\" $OpenBSD: BN_bn2bin.3,v 1.15 2021/12/08 21:52:29 schwarze Exp $ .\" full merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" This file was written by Ulf Moeller @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 11 2021 $ +.Dd $Mdocdate: December 8 2021 $ .Dt BN_BN2BIN 3 .Os .Sh NAME @@ -353,6 +353,7 @@ on error. The error codes can be obtained by .Xr ERR_get_error 3 . .Sh SEE ALSO +.Xr ASN1_bn_print 3 , .Xr ASN1_INTEGER_to_BN 3 , .Xr BN_new 3 , .Xr BN_num_bytes 3 , diff --git a/man/BN_cmp.3 b/man/BN_cmp.3 index 9e2baa24..9ca73a62 100644 --- a/man/BN_cmp.3 +++ b/man/BN_cmp.3 @@ -1,5 +1,5 @@ -.\" $OpenBSD: BN_cmp.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" $OpenBSD: BN_cmp.3,v 1.9 2021/12/18 21:11:50 schwarze Exp $ +.\" full merge up to: OpenSSL 5b31b9df Aug 4 10:45:52 2021 +0300 .\" .\" This file was written by Ulf Moeller . .\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: December 18 2021 $ .Dt BN_CMP 3 .Os .Sh NAME @@ -57,36 +57,42 @@ .Nm BN_is_zero , .Nm BN_is_one , .Nm BN_is_word , +.Nm BN_abs_is_word , .Nm BN_is_odd .Nd BIGNUM comparison and test functions .Sh SYNOPSIS .In openssl/bn.h .Ft int .Fo BN_cmp -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" .Fc .Ft int .Fo BN_ucmp -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" .Fc .Ft int .Fo BN_is_zero -.Fa "BIGNUM *a" +.Fa "const BIGNUM *a" .Fc .Ft int .Fo BN_is_one -.Fa "BIGNUM *a" +.Fa "const BIGNUM *a" .Fc .Ft int .Fo BN_is_word -.Fa "BIGNUM *a" -.Fa "BN_ULONG w" +.Fa "const BIGNUM *a" +.Fa "const BN_ULONG w" +.Fc +.Ft int +.Fo BN_abs_is_word +.Fa "const BIGNUM *a" +.Fa "const BN_ULONG w" .Fc .Ft int .Fo BN_is_odd -.Fa "BIGNUM *a" +.Fa "const BIGNUM *a" .Fc .Sh DESCRIPTION .Fn BN_cmp @@ -106,15 +112,13 @@ test if equals 0, 1, or .Fa w respectively. +.Fn BN_abs_is_word +tests if the absolute value of +.Fa a +equals +.Fa w . .Fn BN_is_odd tests if a is odd. -.Pp -.Fn BN_is_zero , -.Fn BN_is_one , -.Fn BN_is_word , -and -.Fn BN_is_odd -are macros. .Sh RETURN VALUES .Fn BN_cmp returns -1 if @@ -132,6 +136,7 @@ and .Fn BN_is_zero , .Fn BN_is_one , .Fn BN_is_word , +.Fn BN_abs_is_word , and .Fn BN_is_odd return 1 if the condition is true, 0 otherwise. @@ -147,5 +152,9 @@ and first appeared in SSLeay 0.5.1. .Fn BN_is_odd first appeared in SSLeay 0.8.0. -All these functions have been available since +These functions have been available since .Ox 2.4 . +.Pp +.Fn BN_abs_is_word +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.2 . diff --git a/man/BN_copy.3 b/man/BN_copy.3 index 956b368d..383255e3 100644 --- a/man/BN_copy.3 +++ b/man/BN_copy.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BN_copy.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ +.\" $OpenBSD: BN_copy.3,v 1.10 2021/12/06 19:45:27 schwarze Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Ulf Moeller @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: December 6 2021 $ .Dt BN_COPY 3 .Os .Sh NAME @@ -97,7 +97,7 @@ in It places significant restrictions on the copied data. Applications that do not adhere to these restrictions may encounter unexpected side effects or crashes. -For that reason, use of this macro is discouraged. +For that reason, use of this function is discouraged. .Pp Any flags provided in .Fa flags diff --git a/man/BN_mod_inverse.3 b/man/BN_mod_inverse.3 index aa509b1a..788f66fb 100644 --- a/man/BN_mod_inverse.3 +++ b/man/BN_mod_inverse.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BN_mod_inverse.3,v 1.10 2018/04/29 15:58:21 schwarze Exp $ +.\" $OpenBSD: BN_mod_inverse.3,v 1.11 2021/11/30 18:34:35 tb Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Ulf Moeller . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 29 2018 $ +.Dd $Mdocdate: November 30 2021 $ .Dt BN_MOD_INVERSE 3 .Os .Sh NAME @@ -59,7 +59,7 @@ .Ft BIGNUM * .Fo BN_mod_inverse .Fa "BIGNUM *r" -.Fa "BIGNUM *a" +.Fa "const BIGNUM *a" .Fa "const BIGNUM *n" .Fa "BN_CTX *ctx" .Fc diff --git a/man/BN_mod_mul_montgomery.3 b/man/BN_mod_mul_montgomery.3 index 8feed711..7b22efd7 100644 --- a/man/BN_mod_mul_montgomery.3 +++ b/man/BN_mod_mul_montgomery.3 @@ -1,7 +1,25 @@ -.\" $OpenBSD: BN_mod_mul_montgomery.3,v 1.11 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 6859cf74 Sep 25 13:33:28 2002 +0000 +.\" $OpenBSD: BN_mod_mul_montgomery.3,v 1.14 2021/12/21 11:14:07 schwarze Exp $ +.\" full merge up to: OpenSSL 6859cf74 Sep 25 13:33:28 2002 +0000 +.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" -.\" This file was written by Ulf Moeller . +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Ulf Moeller . .\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -48,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: December 21 2021 $ .Dt BN_MOD_MUL_MONTGOMERY 3 .Os .Sh NAME @@ -56,6 +74,7 @@ .Nm BN_MONT_CTX_init , .Nm BN_MONT_CTX_free , .Nm BN_MONT_CTX_set , +.Nm BN_MONT_CTX_set_locked , .Nm BN_MONT_CTX_copy , .Nm BN_mod_mul_montgomery , .Nm BN_from_montgomery , @@ -82,6 +101,13 @@ .Fa "BN_CTX *ctx" .Fc .Ft BN_MONT_CTX * +.Fo BN_MONT_CTX_set_locked +.Fa "BN_MONT_CTX **pmont" +.Fa "int lock" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft BN_MONT_CTX * .Fo BN_MONT_CTX_copy .Fa "BN_MONT_CTX *to" .Fa "BN_MONT_CTX *from" @@ -89,22 +115,22 @@ .Ft int .Fo BN_mod_mul_montgomery .Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" .Fa "BN_MONT_CTX *mont" .Fa "BN_CTX *ctx" .Fc .Ft int .Fo BN_from_montgomery .Fa "BIGNUM *r" -.Fa "BIGNUM *a" +.Fa "const BIGNUM *a" .Fa "BN_MONT_CTX *mont" .Fa "BN_CTX *ctx" .Fc .Ft int .Fo BN_to_montgomery .Fa "BIGNUM *r" -.Fa "BIGNUM *a" +.Fa "const BIGNUM *a" .Fa "BN_MONT_CTX *mont" .Fa "BN_CTX *ctx" .Fc @@ -133,6 +159,37 @@ structure from the modulus .Fa m by precomputing its inverse and a value R. .Pp +.Fn BN_MONT_CTX_set_locked +is a wrapper around +.Fn BN_MONT_CTX_new +and +.Fn BN_MONT_CTX_set +that is useful if more than one thread intends to use the same +.Vt BN_MONT_CTX +and none of these threads is exclusively responsible for creating +and initializing the context. +.Fn BN_MONT_CTX_set_locked +first acquires the specified +.Fa lock +using +.Xr CRYPTO_lock 3 . +If +.Pf * Fa pmont +already differs from +.Dv NULL , +no action occurs. +Otherwise, a new +.Vt BN_MONT_CTX +is allocated with +.Fn BN_MONT_CTX_new , +set up with +.Fn BN_MONT_CTX_set , +and a pointer to it is stored in +.Pf * Fa pmont . +Finally, the +.Fa lock +is released. +.Pp .Fn BN_MONT_CTX_copy copies the .Vt BN_MONT_CTX @@ -195,9 +252,6 @@ typedef struct bn_mont_ctx_st { } BN_MONT_CTX; .Ed .Pp -.Fn BN_to_montgomery -is a macro. -.Pp .Sy Warning : The inputs must be reduced modulo .Fa m , @@ -210,13 +264,19 @@ or .Dv NULL on error. .Pp +.Fn BN_MONT_CTX_set_locked +returns a pointer to the existing or newly created context or +.Dv NULL +on error. +.Pp For the other functions, 1 is returned for success or 0 on error. The error codes can be obtained by .Xr ERR_get_error 3 . .Sh SEE ALSO .Xr BN_add 3 , .Xr BN_CTX_new 3 , -.Xr BN_new 3 +.Xr BN_new 3 , +.Xr CRYPTO_lock 3 .Sh HISTORY .Fn BN_MONT_CTX_new , .Fn BN_MONT_CTX_free , @@ -233,6 +293,10 @@ and .Fn BN_MONT_CTX_copy first appeared in SSLeay 0.9.1 and have been available since .Ox 2.6 . +.Pp +.Fn BN_MONT_CTX_set_locked +first appeared in OpenSSL 0.9.8 and has been available since +.Ox 4.0 . .Sh CAVEATS .Fn BN_MONT_CTX_init must not be called on a context that was used previously, or diff --git a/man/BN_mod_mul_reciprocal.3 b/man/BN_mod_mul_reciprocal.3 index 9ace3576..77c29327 100644 --- a/man/BN_mod_mul_reciprocal.3 +++ b/man/BN_mod_mul_reciprocal.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BN_mod_mul_reciprocal.3,v 1.10 2018/03/27 17:35:50 schwarze Exp $ +.\" $OpenBSD: BN_mod_mul_reciprocal.3,v 1.11 2021/11/30 18:34:35 tb Exp $ .\" OpenSSL 6859cf74 Sep 25 13:33:28 2002 +0000 .\" .\" This file was written by Ulf Moeller . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: November 30 2021 $ .Dt BN_MOD_MUL_RECIPROCAL 3 .Os .Sh NAME @@ -64,8 +64,8 @@ .Ft int .Fo BN_mod_mul_reciprocal .Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "BIGNUM *b" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" .Fa "BN_RECP_CTX *recp" .Fa "BN_CTX *ctx" .Fc @@ -91,7 +91,7 @@ .Fo BN_div_recp .Fa "BIGNUM *dv" .Fa "BIGNUM *rem" -.Fa "BIGNUM *a" +.Fa "const BIGNUM *a" .Fa "BN_RECP_CTX *recp" .Fa "BN_CTX *ctx" .Fc diff --git a/man/BN_new.3 b/man/BN_new.3 index bb637a97..e8d268e8 100644 --- a/man/BN_new.3 +++ b/man/BN_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BN_new.3,v 1.16 2019/06/10 09:49:48 schwarze Exp $ +.\" $OpenBSD: BN_new.3,v 1.18 2022/07/13 21:51:35 schwarze Exp $ .\" full merge up to: OpenSSL man3/BN_new 2457c19d Mar 6 08:43:36 2004 +0000 .\" selective merge up to: man3/BN_new 681acb31 Sep 29 13:10:34 2017 +0200 .\" full merge up to: OpenSSL man7/bn 05ea606a May 20 20:52:46 2016 -0400 @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 10 2019 $ +.Dd $Mdocdate: July 13 2022 $ .Dt BN_NEW 3 .Os .Sh NAME @@ -144,6 +144,7 @@ If the allocation fails, it returns and sets an error code that can be obtained by .Xr ERR_get_error 3 . .Sh SEE ALSO +.Xr ASN1_bn_print 3 , .Xr BN_add 3 , .Xr BN_add_word 3 , .Xr BN_BLINDING_new 3 , @@ -159,6 +160,7 @@ and sets an error code that can be obtained by .Xr BN_mod_mul_reciprocal 3 , .Xr BN_num_bytes 3 , .Xr BN_rand 3 , +.Xr BN_security_bits 3 , .Xr BN_set_bit 3 , .Xr BN_set_flags 3 , .Xr BN_set_negative 3 , diff --git a/man/BN_num_bytes.3 b/man/BN_num_bytes.3 index ae32a8d8..f1a995f0 100644 --- a/man/BN_num_bytes.3 +++ b/man/BN_num_bytes.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BN_num_bytes.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" $OpenBSD: BN_num_bytes.3,v 1.8 2022/07/13 21:51:35 schwarze Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Ulf Moeller @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: July 13 2022 $ .Dt BN_NUM_BYTES 3 .Os .Sh NAME @@ -116,6 +116,7 @@ the "key size", just a lot more probability). The size. .Sh SEE ALSO .Xr BN_new 3 , +.Xr BN_security_bits 3 , .Xr DH_size 3 , .Xr DSA_size 3 , .Xr RSA_size 3 diff --git a/man/BN_rand.3 b/man/BN_rand.3 index c508738f..3d4401a4 100644 --- a/man/BN_rand.3 +++ b/man/BN_rand.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BN_rand.3,v 1.17 2021/09/10 14:37:14 tb Exp $ +.\" $OpenBSD: BN_rand.3,v 1.18 2021/11/30 18:34:35 tb Exp $ .\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 .\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 .\" @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 10 2021 $ +.Dd $Mdocdate: November 30 2021 $ .Dt BN_RAND 3 .Os .Sh NAME @@ -71,7 +71,7 @@ .Ft int .Fo BN_rand_range .Fa "BIGNUM *rnd" -.Fa "BIGNUM *range" +.Fa "const BIGNUM *range" .Fc .Sh DESCRIPTION .Fn BN_rand diff --git a/man/BN_set_bit.3 b/man/BN_set_bit.3 index 93bfda67..2c530667 100644 --- a/man/BN_set_bit.3 +++ b/man/BN_set_bit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BN_set_bit.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" $OpenBSD: BN_set_bit.3,v 1.8 2021/11/30 18:34:35 tb Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Ulf Moeller . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: November 30 2021 $ .Dt BN_SET_BIT 3 .Os .Sh NAME @@ -92,18 +92,18 @@ .Ft int .Fo BN_lshift1 .Fa "BIGNUM *r" -.Fa "BIGNUM *a" +.Fa "const BIGNUM *a" .Fc .Ft int .Fo BN_rshift .Fa "BIGNUM *r" -.Fa "BIGNUM *a" +.Fa "const BIGNUM *a" .Fa "int n" .Fc .Ft int .Fo BN_rshift1 .Fa "BIGNUM *r" -.Fa "BIGNUM *a" +.Fa "const BIGNUM *a" .Fc .Sh DESCRIPTION .Fn BN_set_bit diff --git a/man/BN_set_flags.3 b/man/BN_set_flags.3 index 8b2c4044..2baa9907 100644 --- a/man/BN_set_flags.3 +++ b/man/BN_set_flags.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BN_set_flags.3,v 1.4 2021/03/12 05:18:00 jsg Exp $ +.\" $OpenBSD: BN_set_flags.3,v 1.5 2021/12/06 19:45:27 schwarze Exp $ .\" .\" Copyright (c) 2017 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 12 2021 $ +.Dd $Mdocdate: December 6 2021 $ .Dt BN_SET_FLAGS 3 .Os .Sh NAME @@ -114,11 +114,6 @@ The .Fa flags argument has the same syntax as for .Fn BN_set_flags . -.Pp -These functions are currently implemented as macros, but they are -likely to become real functions in the future when the -.Vt BIGNUM -data type will be made opaque. .Sh RETURN VALUES .Fn BN_get_flags returns zero or more of the above constants, OR'ed together. diff --git a/man/BN_set_negative.3 b/man/BN_set_negative.3 index b47fa226..6cdff5c9 100644 --- a/man/BN_set_negative.3 +++ b/man/BN_set_negative.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BN_set_negative.3,v 1.5 2019/06/03 14:43:15 schwarze Exp $ +.\" $OpenBSD: BN_set_negative.3,v 1.6 2021/12/06 19:45:27 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 3 2019 $ +.Dd $Mdocdate: December 6 2021 $ .Dt BN_SET_NEGATIVE 3 .Os .Sh NAME @@ -45,7 +45,6 @@ are non-zero, otherwise it sets it to positive. .Fn BN_is_negative tests the sign of .Fa b . -It is currently implemented as a macro. .Sh RETURN VALUES .Fn BN_is_negative returns 1 if diff --git a/man/BN_swap.3 b/man/BN_swap.3 index db9082d7..218ca1cf 100644 --- a/man/BN_swap.3 +++ b/man/BN_swap.3 @@ -1,7 +1,24 @@ -.\" $OpenBSD: BN_swap.3,v 1.5 2018/03/22 21:08:22 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" $OpenBSD: BN_swap.3,v 1.6 2021/12/19 22:06:35 schwarze Exp $ +.\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 .\" -.\" This file was written by Bodo Moeller . +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Bodo Moeller . .\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -48,11 +65,12 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 22 2018 $ +.Dd $Mdocdate: December 19 2021 $ .Dt BN_SWAP 3 .Os .Sh NAME -.Nm BN_swap +.Nm BN_swap , +.Nm BN_consttime_swap .Nd exchange BIGNUMs .Sh SYNOPSIS .In openssl/bn.h @@ -61,15 +79,70 @@ .Fa "BIGNUM *a" .Fa "BIGNUM *b" .Fc +.Ft void +.Fo BN_consttime_swap +.Fa "BN_ULONG condition" +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fa "int nwords" +.Fc .Sh DESCRIPTION .Fn BN_swap -exchanges the values of +and +.Fn BN_consttime_swap +exchange the values of .Fa a and .Fa b . +.Pp +.Fn BN_swap +implements this by exchanging the pointers to the data buffers of +.Fa a +and +.Fa b +and also exchanging the values of the +.Dv BN_FLG_STATIC_DATA +bits. +Consequently, the operation is fast and execution time does not depend +on any properties of the two numbers. +However, execution time obviously differs between swapping (by calling +this function) and not swapping (by not calling this function). +.Pp +.Fn BN_consttime_swap +only performs the exchange if the +.Fa condition +is non-zero; otherwise, it has no effect. +It implements the exchange by exchanging the contents of the data +buffers rather than the pointers to the data buffers. +This is slower, but implemented in such a way that the execution time +is not only independent of the properties of the two numbers, but also +independent of the +.Fa condition +argument, i.e. the same for swapping or not swapping. +Execution time does however grow in an approximately linear manner with the +.Fa nwords +argument. +.Pp +.Fn BN_consttime_swap +calls +.Xr abort 3 +if at least one of +.Fa a +or +.Fa b +has fewer than +.Fa nwords +data words allocated or more than +.Fa nwords +data words are currently in use in at least one of them. .Sh SEE ALSO -.Xr BN_new 3 +.Xr BN_new 3 , +.Xr BN_set_flags 3 .Sh HISTORY .Fn BN_swap first appeared in OpenSSL 0.9.7 and has been available since .Ox 3.2 . +.Pp +.Fn BN_consttime_swap +first appeared in OpenSSL 1.0.1g and has been available since +.Ox 5.6 . diff --git a/man/BN_zero.3 b/man/BN_zero.3 index f3ca4cdf..aa3e8a06 100644 --- a/man/BN_zero.3 +++ b/man/BN_zero.3 @@ -1,9 +1,26 @@ -.\" $OpenBSD: BN_zero.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ +.\" $OpenBSD: BN_zero.3,v 1.11 2021/12/19 16:18:34 schwarze Exp $ .\" full merge up to: OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 .\" selective merge up to: OpenSSL b713c4ff Jan 22 14:41:09 2018 -0500 .\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2001, 2002, 2018 The OpenSSL Project. +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2001, 2018 The OpenSSL Project. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -50,10 +67,11 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: December 19 2021 $ .Dt BN_ZERO 3 .Os .Sh NAME +.Nm BN_zero_ex , .Nm BN_zero , .Nm BN_one , .Nm BN_value_one , @@ -62,6 +80,10 @@ .Nd BIGNUM assignment operations .Sh SYNOPSIS .In openssl/bn.h +.Ft void +.Fo BN_zero_ex +.Fa "BIGNUM *a" +.Fc .Ft int .Fo BN_zero .Fa "BIGNUM *a" @@ -81,14 +103,14 @@ .Fc .Ft BN_ULONG .Fo BN_get_word -.Fa "BIGNUM *a" +.Fa "const BIGNUM *a" .Fc .Sh DESCRIPTION .Vt BN_ULONG is a macro that expands to an unsigned integral type optimized for the most efficient implementation on the local platform. .Pp -.Fn BN_zero , +.Fn BN_zero_ex , .Fn BN_one , and .Fn BN_set_word @@ -98,6 +120,12 @@ to the values 0, 1 and .Fa w respectively. .Fn BN_zero +is a deprecated version of +.Fn BN_zero_ex +that may attempt to allocate memory; consequently, and in contrast to +.Fn BN_zero_ex , +it may fail. +.Fn BN_zero and .Fn BN_one are macros. @@ -137,8 +165,12 @@ and first appeared in SSLeay 0.5.1. .Fn BN_get_word first appeared in SSLeay 0.6.0. -All these functions have been available since +These functions have been available since .Ox 2.4 . +.Pp +.Fn BN_zero_ex +first appeared in OpenSSL 0.9.8 and has been available since +.Ox 4.5 . .Sh BUGS Someone might change the constant. .Pp diff --git a/man/CMS_get0_RecipientInfos.3 b/man/CMS_get0_RecipientInfos.3 index e431b2cb..094d6ec4 100644 --- a/man/CMS_get0_RecipientInfos.3 +++ b/man/CMS_get0_RecipientInfos.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: CMS_get0_RecipientInfos.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ +.\" $OpenBSD: CMS_get0_RecipientInfos.3,v 1.8 2022/03/31 17:27:16 naddy Exp $ .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 2 2019 $ +.Dd $Mdocdate: March 31 2022 $ .Dt CMS_GET0_RECIPIENTINFOS 3 .Os .Sh NAME @@ -255,7 +255,7 @@ Depending on the type, the structure can be ignored or its key identifier data retrieved using an appropriate function. If the corresponding secret or private key can be obtained by any -appropriate means it can then be associated with the structure and +appropriate means, it can then be associated with the structure and .Fn CMS_RecipientInfo_decrypt called. If successful, diff --git a/man/CMS_verify.3 b/man/CMS_verify.3 index 6bee927f..bd9599de 100644 --- a/man/CMS_verify.3 +++ b/man/CMS_verify.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: CMS_verify.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ +.\" $OpenBSD: CMS_verify.3,v 1.8 2022/01/19 20:28:06 tb Exp $ .\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 2 2019 $ +.Dd $Mdocdate: January 19 2022 $ .Dt CMS_VERIFY 3 .Os .Sh NAME @@ -95,6 +95,8 @@ retrieves the signing certificate(s) from It must be called after a successful .Fn CMS_verify operation. +The signers must be freed with +.Fn sk_X509_free . .Pp Normally the verify process proceeds as follows. .Pp @@ -198,6 +200,8 @@ returns 1 for a successful verification or 0 if an error occurred. returns all signers or .Dv NULL if an error occurred. +The signers must be freed with +.Fn sk_X509_free . .Pp The error can be obtained from .Xr ERR_get_error 3 . diff --git a/man/CRYPTO_set_ex_data.3 b/man/CRYPTO_set_ex_data.3 index c78076b8..9d72b856 100644 --- a/man/CRYPTO_set_ex_data.3 +++ b/man/CRYPTO_set_ex_data.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: CRYPTO_set_ex_data.3,v 1.12 2019/08/16 12:16:22 schwarze Exp $ +.\" $OpenBSD: CRYPTO_set_ex_data.3,v 1.13 2022/03/31 17:27:16 naddy Exp $ .\" full merge up to: .\" OpenSSL CRYPTO_get_ex_new_index 9e183d22 Mar 11 08:56:44 2017 -0500 .\" selective merge up to: 72a7a702 Feb 26 14:05:09 2019 +0000 @@ -52,7 +52,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 16 2019 $ +.Dd $Mdocdate: March 31 2022 $ .Dt CRYPTO_SET_EX_DATA 3 .Os .Sh NAME @@ -156,7 +156,7 @@ header file. .Pp The API described here is used by OpenSSL to manipulate exdata for specific structures. -Since the application data can be anything at all it is passed and +Since the application data can be anything at all, it is passed and retrieved as a .Vt void * type. diff --git a/man/ChaCha.3 b/man/ChaCha.3 index 6b037f80..9aae6d70 100644 --- a/man/ChaCha.3 +++ b/man/ChaCha.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ChaCha.3,v 1.2 2020/06/24 18:15:00 jmc Exp $ +.\" $OpenBSD: ChaCha.3,v 1.3 2022/02/18 10:24:32 jsg Exp $ .\" .\" Copyright (c) 2020 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 24 2020 $ +.Dd $Mdocdate: February 18 2022 $ .Dt CHACHA 3 .Os .Sh NAME @@ -201,7 +201,7 @@ from the first two thirds of .Rs .%A Daniel J. Bernstein .%T ChaCha, a variant of Salsa20 -.%U http://cr.yp.to/chacha/chacha-20080128.pdf +.%U https://cr.yp.to/chacha/chacha-20080128.pdf .%C Chicago .%D January 28, 2008 .Re diff --git a/man/DES_set_key.3 b/man/DES_set_key.3 index da58957d..e74c7c5e 100644 --- a/man/DES_set_key.3 +++ b/man/DES_set_key.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: DES_set_key.3,v 1.14 2019/06/06 01:06:58 schwarze Exp $ +.\" $OpenBSD: DES_set_key.3,v 1.15 2022/03/31 17:27:16 naddy Exp $ .\" full merge up to: .\" OpenSSL man3/DES_random_key 521738e9 Oct 5 14:58:30 2018 -0400 .\" @@ -115,7 +115,7 @@ .\" copied and put under another distribution licence .\" [including the GNU Public Licence.] .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: March 31 2022 $ .Dt DES_SET_KEY 3 .Os .Sh NAME @@ -747,7 +747,7 @@ If set to .Dv DES_PCBC_MODE (the default), DES_pcbc_encrypt is used. If set to -.Dv DES_CBC_MODE +.Dv DES_CBC_MODE , DES_cbc_encrypt is used. .Sh RETURN VALUES .Fn DES_set_key , diff --git a/man/DH_generate_parameters.3 b/man/DH_generate_parameters.3 index accdf116..ac29521e 100644 --- a/man/DH_generate_parameters.3 +++ b/man/DH_generate_parameters.3 @@ -1,7 +1,26 @@ -.\" $OpenBSD: DH_generate_parameters.3,v 1.13 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 +.\" $OpenBSD: DH_generate_parameters.3,v 1.14 2022/07/13 13:47:59 schwarze Exp $ +.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" selective merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000 .\" -.\" This file was written by Ulf Moeller . +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2022 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Ulf Moeller +.\" and Matt Caswell . .\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -48,12 +67,13 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 10 2019 $ +.Dd $Mdocdate: July 13 2022 $ .Dt DH_GENERATE_PARAMETERS 3 .Os .Sh NAME .Nm DH_generate_parameters_ex , .Nm DH_check , +.Nm DH_check_pub_key , .Nm DH_generate_parameters .Nd generate and check Diffie-Hellman parameters .Sh SYNOPSIS @@ -70,6 +90,12 @@ .Fa "DH *dh" .Fa "int *codes" .Fc +.Ft int +.Fo DH_check_pub_key +.Fa "const DH *dh" +.Fa "const BIGNUM *pub_key" +.Fa "int *codes" +.Fc .Pp Deprecated: .Pp @@ -130,11 +156,39 @@ The generator .Fa dh->g is not suitable. .El +.Pp +.Fn DH_check_pub_key +checks whether +.Fa pub_key +is a valid public key when using the domain parameters contained in +.Fa dh . +If no problems are found, +.Pf * Ar codes +is set to zero. +Otherwise, one or more of the following bits are set: +.Bl -tag -width Ds +.It Dv DH_CHECK_PUBKEY_TOO_SMALL +.Fa pub_key +is less than or equal to 1. +.It Dv DH_CHECK_PUBKEY_TOO_LARGE +.Fa pub_key +is greater than or equal to +.Fa dh->p No \- 1 . +.It DH_CHECK_PUBKEY_INVALID +.Fa dh->q +is set but +.Fa pub_key +to the power of +.Fa dh->q +is not 1 modulo +.Fa dh->p . +.El .Sh RETURN VALUES -.Fn DH_generate_parameters_ex +.Fn DH_generate_parameters_ex , +.Fn DH_check , and -.Fn DH_check -return 1 if the check could be performed, or 0 otherwise. +.Fn DH_check_pub_key +return 1 if the check could be performed or 0 otherwise. .Pp .Fn DH_generate_parameters (deprecated) returns a pointer to the @@ -161,10 +215,9 @@ argument to .Fn DH_generate_parameters was added in SSLeay 0.9.0. .Pp -In versions before OpenSSL 0.9.5, -.Dv DH_CHECK_P_NOT_STRONG_PRIME -is used instead of -.Dv DH_CHECK_P_NOT_SAFE_PRIME . +.Fn DH_check_pub_key +first appeared in OpenSSL 0.9.8a and has been available since +.Ox 4.0 . .Pp .Fn DH_generate_parameters_ex first appeared in OpenSSL 0.9.8 and has been available since diff --git a/man/DH_get0_pqg.3 b/man/DH_get0_pqg.3 index 5a115b71..b7dccfc9 100644 --- a/man/DH_get0_pqg.3 +++ b/man/DH_get0_pqg.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: DH_get0_pqg.3,v 1.5 2018/12/21 21:54:48 schwarze Exp $ +.\" $OpenBSD: DH_get0_pqg.3,v 1.6 2022/07/13 21:51:35 schwarze Exp $ .\" selective merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100 .\" .\" This file was written by Matt Caswell . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 21 2018 $ +.Dd $Mdocdate: July 13 2022 $ .Dt DH_GET0_PQG 3 .Os .Sh NAME @@ -265,6 +265,7 @@ if no engine was set for this object. .Xr DH_generate_key 3 , .Xr DH_generate_parameters 3 , .Xr DH_new 3 , +.Xr DH_security_bits 3 , .Xr DH_size 3 , .Xr DHparams_print 3 .Sh HISTORY diff --git a/man/DH_new.3 b/man/DH_new.3 index 9882874a..49934568 100644 --- a/man/DH_new.3 +++ b/man/DH_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: DH_new.3,v 1.11 2019/06/10 14:58:48 schwarze Exp $ +.\" $OpenBSD: DH_new.3,v 1.12 2022/07/13 21:51:35 schwarze Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Ulf Moeller . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 10 2019 $ +.Dd $Mdocdate: July 13 2022 $ .Dt DH_NEW 3 .Os .Sh NAME @@ -114,6 +114,7 @@ returns 1 for success or 0 for failure. .Xr DH_generate_parameters 3 , .Xr DH_get0_pqg 3 , .Xr DH_get_ex_new_index 3 , +.Xr DH_security_bits 3 , .Xr DH_set_method 3 , .Xr DH_size 3 , .Xr DHparams_print 3 , diff --git a/man/DH_set_method.3 b/man/DH_set_method.3 index 9863cbac..e89fdc64 100644 --- a/man/DH_set_method.3 +++ b/man/DH_set_method.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: DH_set_method.3,v 1.7 2018/04/18 01:09:01 schwarze Exp $ +.\" $OpenBSD: DH_set_method.3,v 1.8 2022/01/15 23:38:50 jsg Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Ulf Moeller . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 18 2018 $ +.Dd $Mdocdate: January 15 2022 $ .Dt DH_SET_METHOD 3 .Os .Sh NAME @@ -106,7 +106,7 @@ that can be successfully initialized, it overrides the default. .Pp .Fn DH_get_default_method returns a pointer to the current default method, -even if it is actually overridded by an +even if it is actually overridden by an .Vt ENGINE . .Pp .Fn DH_set_method diff --git a/man/DH_size.3 b/man/DH_size.3 index be1f5099..4e6dbc0c 100644 --- a/man/DH_size.3 +++ b/man/DH_size.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: DH_size.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ +.\" $OpenBSD: DH_size.3,v 1.10 2022/07/13 21:51:35 schwarze Exp $ .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Ulf Moeller @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: July 13 2022 $ .Dt DH_SIZE 3 .Os .Sh NAME @@ -85,7 +85,8 @@ must not be .Xr BN_num_bytes 3 , .Xr DH_generate_key 3 , .Xr DH_get0_key 3 , -.Xr DH_new 3 +.Xr DH_new 3 , +.Xr DH_security_bits 3 .Sh HISTORY .Fn DH_size first appeared in SSLeay 0.5.1 and has been available since diff --git a/man/DSA_get0_pqg.3 b/man/DSA_get0_pqg.3 index 56d57066..e2cf7405 100644 --- a/man/DSA_get0_pqg.3 +++ b/man/DSA_get0_pqg.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: DSA_get0_pqg.3,v 1.4 2018/03/23 23:18:17 schwarze Exp $ +.\" $OpenBSD: DSA_get0_pqg.3,v 1.5 2022/07/13 21:51:35 schwarze Exp $ .\" full merge up to: OpenSSL e90fc053 Jul 15 09:39:45 2017 -0400 .\" .\" This file was written by Matt Caswell . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 23 2018 $ +.Dd $Mdocdate: July 13 2022 $ .Dt DSA_GET0_PQG 3 .Os .Sh NAME @@ -244,6 +244,7 @@ if no engine was set for this object. .Xr DSA_generate_parameters 3 , .Xr DSA_new 3 , .Xr DSA_print 3 , +.Xr DSA_security_bits 3 , .Xr DSA_sign 3 , .Xr DSA_size 3 .Sh HISTORY diff --git a/man/DSA_meth_new.3 b/man/DSA_meth_new.3 index 41f43824..d89cd397 100644 --- a/man/DSA_meth_new.3 +++ b/man/DSA_meth_new.3 @@ -1,10 +1,10 @@ -.\" $OpenBSD: DSA_meth_new.3,v 1.1 2018/03/18 13:06:36 schwarze Exp $ -.\" selective merge up to: OpenSSL a970b14f Jul 31 18:58:40 2017 -0400 +.\" $OpenBSD: DSA_meth_new.3,v 1.3 2022/07/10 13:41:59 schwarze Exp $ +.\" selective merge up to: OpenSSL c4d3c19b Apr 3 13:57:12 2018 +0100 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" -.\" Copyright (c) 2018 Ingo Schwarze +.\" Copyright (c) 2018, 2022 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -65,13 +65,15 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 18 2018 $ +.Dd $Mdocdate: July 10 2022 $ .Dt DSA_METH_NEW 3 .Os .Sh NAME .Nm DSA_meth_new , .Nm DSA_meth_free , .Nm DSA_meth_dup , +.Nm DSA_meth_get0_name , +.Nm DSA_meth_set1_name , .Nm DSA_meth_set_sign , .Nm DSA_meth_set_finish .Nd build up DSA methods @@ -90,6 +92,15 @@ .Fo DSA_meth_dup .Fa "const DSA_METHOD *meth" .Fc +.Ft const char * +.Fo DSA_meth_get0_name +.Fa "const DSA_METHOD *meth" +.Fc +.Ft int +.Fo DSA_meth_set1_name +.Fa "DSA_METHOD *meth" +.Fa "const char *name" +.Fc .Ft int .Fo DSA_meth_set_sign .Fa "DSA_METHOD *meth" @@ -103,7 +114,7 @@ .Sh DESCRIPTION The .Vt DSA_METHOD -structure holds function pinters for custom DSA implementations. +structure holds function pointers for custom DSA implementations. .Pp .Fn DSA_meth_new creates a new @@ -134,6 +145,18 @@ destroys .Fa meth and frees any memory associated with it. .Pp +.Fn DSA_meth_get0_name +returns an internal pointer to the name of +.Fa meth . +.Fn DSA_meth_set1_name +stores a copy of the NUL-terminated +.Fa name +in +.Fa meth +after freeing the previously stored name. +Method names are ignored by the default DSA implementation but can be +used by alternative implementations and by the application program. +.Pp .Fn DSA_meth_set_sign sets the function used for creating a DSA signature. This function will be called from @@ -166,11 +189,22 @@ function. .Fn DSA_meth_new and .Fn DSA_meth_dup -return the newly allocated DSA_METHOD object or NULL on failure. +return the newly allocated +.Vt DSA_METHOD +object or +.Dv NULL +on failure. .Pp -All +.Fn DSA_meth_get0_name +returns an internal pointer which must not be freed by the caller. +.Pp +.Fn DSA_meth_set1_name +and all .Fn DSA_meth_set_* functions return 1 on success or 0 on failure. +In the current implementation, only +.Fn DSA_meth_set1_name +can actually fail. .Sh SEE ALSO .Xr DSA_do_sign 3 , .Xr DSA_new 3 , @@ -178,6 +212,19 @@ functions return 1 on success or 0 on failure. .Xr DSA_SIG_new 3 , .Xr DSA_sign 3 .Sh HISTORY -These functions first appeared in OpenSSL 1.1.0 -and have been available since +These functions first appeared in OpenSSL 1.1.0. +.Pp +.Fn DSA_meth_new , +.Fn DSA_meth_free , +.Fn DSA_meth_dup , +.Fn DSA_meth_set_sign , +and +.Fn DSA_meth_set_finish +have been available since .Ox 6.3 . +.Pp +.Fn DSA_meth_get0_name +and +.Fn DSA_meth_set1_name +have been available since +.Ox 7.2 . diff --git a/man/DSA_new.3 b/man/DSA_new.3 index 537dd18a..8e316011 100644 --- a/man/DSA_new.3 +++ b/man/DSA_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: DSA_new.3,v 1.12 2019/06/10 14:58:48 schwarze Exp $ +.\" $OpenBSD: DSA_new.3,v 1.13 2022/07/13 21:51:35 schwarze Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Ulf Moeller . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 10 2019 $ +.Dd $Mdocdate: July 13 2022 $ .Dt DSA_NEW 3 .Os .Sh NAME @@ -119,6 +119,7 @@ returns 1 for success or 0 for failure. .Xr DSA_get_ex_new_index 3 , .Xr DSA_meth_new 3 , .Xr DSA_print 3 , +.Xr DSA_security_bits 3 , .Xr DSA_set_method 3 , .Xr DSA_SIG_new 3 , .Xr DSA_sign 3 , diff --git a/man/DSA_set_method.3 b/man/DSA_set_method.3 index 8221f856..31ded16d 100644 --- a/man/DSA_set_method.3 +++ b/man/DSA_set_method.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: DSA_set_method.3,v 1.9 2018/04/18 01:09:01 schwarze Exp $ +.\" $OpenBSD: DSA_set_method.3,v 1.10 2022/01/15 23:38:50 jsg Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Ulf Moeller . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 18 2018 $ +.Dd $Mdocdate: January 15 2022 $ .Dt DSA_SET_METHOD 3 .Os .Sh NAME @@ -101,7 +101,7 @@ that can be successfully initialized, it overrides the default. .Pp .Fn DSA_get_default_method returns a pointer to the current default method, -even if it is actually overridded by an +even if it is actually overridden by an .Vt ENGINE . .Pp .Fn DSA_set_method diff --git a/man/DSA_size.3 b/man/DSA_size.3 index 7e935e3a..4786acc7 100644 --- a/man/DSA_size.3 +++ b/man/DSA_size.3 @@ -1,8 +1,26 @@ -.\" $OpenBSD: DSA_size.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 +.\" $OpenBSD: DSA_size.3,v 1.8 2022/07/13 21:44:23 schwarze Exp $ +.\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 .\" -.\" This file was written by Ulf Moeller . -.\" Copyright (c) 2000, 2002 The OpenSSL Project. All rights reserved. +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2022 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Ulf Moeller +.\" and Dr. Stephen Henson . +.\" Copyright (c) 2000, 2002, 2016 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -48,34 +66,57 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: July 13 2022 $ .Dt DSA_SIZE 3 .Os .Sh NAME -.Nm DSA_size -.Nd get DSA signature size +.Nm DSA_size , +.Nm DSA_bits +.Nd get DSA signature or key size .Sh SYNOPSIS .In openssl/dsa.h .Ft int .Fo DSA_size .Fa "const DSA *dsa" .Fc +.Ft int +.Fo DSA_bits +.Fa "const DSA *dsa" +.Fc .Sh DESCRIPTION -This function returns the size of an ASN.1 encoded DSA signature in -bytes. +.Fn DSA_size +returns the maximum size of an ASN.1 encoded DSA signature for the key +.Fa dsa +in bytes. It can be used to determine how much memory must be allocated for a DSA signature. .Pp .Fa dsa->q must not be .Dv NULL . +.Pp +.Fn DSA_bits +returns the number of significant bits in the public domain parameter +.Fa p +contained in +.Fa dsa . +This is also the number of bits in the public key. .Sh RETURN VALUES -The size in bytes. +.Fn DSA_size +returns the size of the signature in bytes. +.Pp +.Fn DSA_bits +returns the size of the public key in bits. .Sh SEE ALSO .Xr DSA_get0_pqg 3 , .Xr DSA_new 3 , +.Xr DSA_security_bits 3 , .Xr DSA_sign 3 .Sh HISTORY .Fn DSA_size first appeared in SSLeay 0.6.0 and has been available since .Ox 2.4 . +.Pp +.Fn DSA_bits +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 7.1 . diff --git a/man/EC_GFp_simple_method.3 b/man/EC_GFp_simple_method.3 index ad5268fa..28a39f3f 100644 --- a/man/EC_GFp_simple_method.3 +++ b/man/EC_GFp_simple_method.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EC_GFp_simple_method.3,v 1.9 2018/03/23 05:48:56 schwarze Exp $ +.\" $OpenBSD: EC_GFp_simple_method.3,v 1.10 2022/07/02 17:09:09 jsing Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Matt Caswell . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 23 2018 $ +.Dd $Mdocdate: July 2 2022 $ .Dt EC_GFP_SIMPLE_METHOD 3 .Os .Sh NAME @@ -136,7 +136,7 @@ If the field type is F2^m, then the value .Dv NID_X9_62_characteristic_two_field is returned. These values are defined in the -.In openssl/obj_mac.h +.In openssl/objects.h header file. .Sh RETURN VALUES All diff --git a/man/EC_GROUP_copy.3 b/man/EC_GROUP_copy.3 index 67154485..6aa56959 100644 --- a/man/EC_GROUP_copy.3 +++ b/man/EC_GROUP_copy.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EC_GROUP_copy.3,v 1.12 2021/09/14 13:47:59 schwarze Exp $ +.\" $OpenBSD: EC_GROUP_copy.3,v 1.13 2022/07/02 17:09:09 jsing Exp $ .\" full merge up to: OpenSSL d900a015 Oct 8 14:40:42 2015 +0200 .\" selective merge up to: OpenSSL 24c23e1f Aug 22 10:51:25 2019 +0530 .\" @@ -51,7 +51,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 14 2021 $ +.Dd $Mdocdate: July 2 2022 $ .Dt EC_GROUP_COPY 3 .Os .Sh NAME @@ -521,7 +521,7 @@ returns the values or .Dv NID_X9_62_ppBasis as defined in -.In openssl/obj_mac.h +.In openssl/objects.h for a trinomial or pentanomial, respectively. Alternatively in the event of an error a 0 is returned. .Sh SEE ALSO diff --git a/man/EC_GROUP_new.3 b/man/EC_GROUP_new.3 index a02104f9..ef7251fa 100644 --- a/man/EC_GROUP_new.3 +++ b/man/EC_GROUP_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EC_GROUP_new.3,v 1.13 2021/05/11 04:22:32 tb Exp $ +.\" $OpenBSD: EC_GROUP_new.3,v 1.14 2022/03/31 17:27:16 naddy Exp $ .\" OpenSSL 6328d367 Sat Jul 4 21:58:30 2020 +0200 .\" .\" This file was written by Matt Caswell . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 11 2021 $ +.Dd $Mdocdate: March 31 2022 $ .Dt EC_GROUP_NEW 3 .Os .Sh NAME @@ -288,7 +288,7 @@ item has a unique integer ID .Pq Fa nid and a human readable comment string describing the curve. .Pp -In order to construct a builtin curve use the function +In order to construct a builtin curve, use the function .Fn EC_GROUP_new_by_curve_name and provide the .Fa nid diff --git a/man/ENGINE_ctrl.3 b/man/ENGINE_ctrl.3 index c02e9b5a..b4965a5a 100644 --- a/man/ENGINE_ctrl.3 +++ b/man/ENGINE_ctrl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ENGINE_ctrl.3,v 1.4 2018/04/19 18:43:58 schwarze Exp $ +.\" $OpenBSD: ENGINE_ctrl.3,v 1.5 2022/01/15 23:38:50 jsg Exp $ .\" content checked up to: .\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 .\" @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: April 19 2018 $ +.Dd $Mdocdate: January 15 2022 $ .Dt ENGINE_CTRL 3 .Os .Sh NAME @@ -142,7 +142,7 @@ Copy the description of the user-defined command with the number into the buffer .Fa p and NUL-terminate it. -It is the reponsability of the caller to make sure that the buffer +It is the responsibility of the caller to make sure that the buffer .Fa p is large enough, either by calling .Dv ENGINE_CTRL_GET_DESC_LEN_FROM_CMD @@ -178,7 +178,7 @@ Copy the name of the user-defined command with the number into the buffer .Fa p and NUL-terminate it. -It is the reponsability of the caller to make sure that the buffer +It is the responsibility of the caller to make sure that the buffer .Fa p is large enough, either by calling .Dv ENGINE_CTRL_GET_NAME_LEN_FROM_CMD diff --git a/man/ERR.3 b/man/ERR.3 index 6d42d875..e6b1031a 100644 --- a/man/ERR.3 +++ b/man/ERR.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ERR.3,v 1.8 2019/06/10 09:49:48 schwarze Exp $ +.\" $OpenBSD: ERR.3,v 1.10 2022/09/06 10:22:31 kn Exp $ .\" OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700 .\" .\" This file was written by Ulf Moeller and @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 10 2019 $ +.Dd $Mdocdate: September 6 2022 $ .Dt ERR 3 .Os .Sh NAME @@ -113,72 +113,13 @@ to the .Fn ERR_load_crypto_strings function (in .Sy /usr/src/lib/libcrypto/err/err_all.c ) . -Finally, add an entry -.Pp -.Dl L XXX xxx.h xxx_err.c -.Pp -to -.Sy /usr/src/lib/libcrypto/err/openssl.ec , -and add +Finally, add .Pa xxx_err.c to the .Pa Makefile . -Running -.Sy make errors -will then generate a file -.Pa xxx_err.c , -and add all error codes used in the library to -.Pa xxx.h . -.Pp -Additionally the library include file must have a certain form. -Typically it will initially look like this: -.Bd -literal -offset indent -#ifndef HEADER_XXX_H -#define HEADER_XXX_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* Include files */ - -#include -#include - -/* Macros, structures and function prototypes */ - -/* BEGIN ERROR CODES */ -.Ed -.Pp -The -.Sy BEGIN ERROR CODES -sequence is used by the error code generation script as the point to -place new error codes. -Any text after this point will be overwritten when -.Sy make errors -is run. -The closing #endif etc. will be automatically added by the script. -.Pp -The generated C error code file -.Pa xxx_err.c -will load the header files -.In stdio.h , -.In openssl/err.h -and -.In openssl/xxx.h -so the header file must load any additional header files containing any -definitions it uses. .Sh USING ERROR CODES IN EXTERNAL LIBRARIES It is also possible to use OpenSSL's error code scheme in external libraries. -The library needs to load its own codes and call the OpenSSL error code -insertion script -.Pa mkerr.pl -explicitly to add codes to the header file and generate the C error code -file. -This will normally be done if the external library needs to generate new -ASN.1 structures but it can also be used to add more general purpose -error code handling. .Sh INTERNALS The error queues are stored in a hash table with one .Vt ERR_STATE diff --git a/man/ERR_load_crypto_strings.3 b/man/ERR_load_crypto_strings.3 index 4ad12659..beb30dba 100644 --- a/man/ERR_load_crypto_strings.3 +++ b/man/ERR_load_crypto_strings.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ERR_load_crypto_strings.3,v 1.9 2020/06/04 20:06:04 schwarze Exp $ +.\" $OpenBSD: ERR_load_crypto_strings.3,v 1.10 2021/11/11 13:13:38 schwarze Exp $ .\" full merge up to: OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500 .\" selective merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400 .\" @@ -66,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 4 2020 $ +.Dd $Mdocdate: November 11 2021 $ .Dt ERR_LOAD_CRYPTO_STRINGS 3 .Os .Sh NAME @@ -74,10 +74,37 @@ .Nm ERR_free_strings , .Nm SSL_load_error_strings .Nd load and free OpenSSL error strings -.\" The function ERR_load_ERR_strings() is intentionally undocumented -.\" because it is merely a subroutine of ERR_load_crypto_strings(3) -.\" and should not have been made a part of the API. -.\" The same applies to the other ERR_load_*_strings() functions. +.\" The following functions are intentionally undocumented +.\" because they are merely subroutines of ERR_load_crypto_strings(3) +.\" and should not have been made a part of the API: +.\" ERR_load_ASN1_strings() +.\" ERR_load_BIO_strings() +.\" ERR_load_BN_strings() +.\" ERR_load_BUF_strings() +.\" ERR_load_CMS_strings() +.\" ERR_load_CONF_strings() +.\" ERR_load_CRYPTO_strings() +.\" ERR_load_DH_strings() +.\" ERR_load_DSA_strings() +.\" ERR_load_DSO_strings() +.\" ERR_load_EC_strings() +.\" ERR_load_ECDH_strings() +.\" ERR_load_ECDSA_strings() +.\" ERR_load_ENGINE_strings() +.\" ERR_load_ERR_strings() +.\" ERR_load_EVP_strings() +.\" ERR_load_GOST_strings() +.\" ERR_load_OBJ_strings() +.\" ERR_load_OCSP_strings() +.\" ERR_load_PEM_strings() +.\" ERR_load_PKCS12_strings() +.\" ERR_load_PKCS7_strings() +.\" ERR_load_RAND_strings() +.\" ERR_load_RSA_strings() +.\" ERR_load_TS_strings() +.\" ERR_load_UI_strings() +.\" ERR_load_X509_strings() +.\" ERR_load_X509V3_strings() .Sh SYNOPSIS .In openssl/err.h .Ft void diff --git a/man/ERR_put_error.3 b/man/ERR_put_error.3 index 142d2eb2..7eac5e41 100644 --- a/man/ERR_put_error.3 +++ b/man/ERR_put_error.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ERR_put_error.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ +.\" $OpenBSD: ERR_put_error.3,v 1.10 2022/03/31 17:27:16 naddy Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Ulf Moeller . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: March 31 2022 $ .Dt ERR_PUT_ERROR 3 .Os .Sh NAME @@ -128,7 +128,7 @@ Function and reason codes should consist of upper case characters, numbers and underscores only. The error file generation script translates function codes into function names by looking in the header files for an appropriate function name. -If none is found it just uses the capitalized form such as "SSL23_READ" +If none is found, it just uses the capitalized form such as "SSL23_READ" in the above example. .Pp The trailing section of a reason code (after the "_R_") is translated diff --git a/man/EVP_AEAD_CTX_init.3 b/man/EVP_AEAD_CTX_init.3 index 5c4def17..b6e872be 100644 --- a/man/EVP_AEAD_CTX_init.3 +++ b/man/EVP_AEAD_CTX_init.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_AEAD_CTX_init.3,v 1.9 2019/06/06 01:06:58 schwarze Exp $ +.\" $OpenBSD: EVP_AEAD_CTX_init.3,v 1.10 2022/01/10 22:44:22 tb Exp $ .\" .\" Copyright (c) 2014, Google Inc. .\" Parts of the text were written by Adam Langley and David Benjamin. @@ -16,10 +16,12 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: January 10 2022 $ .Dt EVP_AEAD_CTX_INIT 3 .Os .Sh NAME +.Nm EVP_AEAD_CTX_new , +.Nm EVP_AEAD_CTX_free , .Nm EVP_AEAD_CTX_init , .Nm EVP_AEAD_CTX_cleanup , .Nm EVP_AEAD_CTX_open , @@ -35,6 +37,12 @@ .Nd authenticated encryption with additional data .Sh SYNOPSIS .In openssl/evp.h +.Ft EVP_AEAD_CTX * +.Fn EVP_AEAD_CTX_new void +.Ft void +.Fo EVP_AEAD_CTX_free +.Fa "EVP_AEAD_CTX *ctx" +.Fc .Ft int .Fo EVP_AEAD_CTX_init .Fa "EVP_AEAD_CTX *ctx" @@ -114,6 +122,19 @@ messages. Each message has a unique, per-message nonce and, optionally, additional data which is authenticated but not included in the output. .Pp +.Fn EVP_AEAD_CTX_new +allocates a new context for use with +.Fn EVP_AEAD_CTX_init . +It can be cleaned up for reuse with +.Fn EVP_AEAD_CTX_cleanup +and must be freed with +.Fn EVP_AEAD_CTX_free . +.Pp +.Fn EVP_AEAD_CTX_free +cleans up +.Fa ctx +and frees the space allocated to it. +.Pp .Fn EVP_AEAD_CTX_init initializes the context .Fa ctx @@ -131,6 +152,11 @@ A tag length of zero indicates the default tag length should be used. .Fn EVP_AEAD_CTX_cleanup frees any data allocated for the context .Fa ctx . +After +.Fn EVP_AEAD_CTX_cleanup , +.Fa ctx +is in the same state as after +.Fn EVP_AEAD_CTX_new . .Pp .Fn EVP_AEAD_CTX_open authenticates the input @@ -237,6 +263,12 @@ This is because the code then becomes transparent to the AEAD cipher used and much more flexible. It is also safer to use as it prevents common mistakes with the native APIs. .Sh RETURN VALUES +.Fn EVP_AEAD_CTX_new +returns the new +.Vt EVP_AEAD_CTX +object or +.Dv NULL +on failure. .Fn EVP_AEAD_CTX_init , .Fn EVP_AEAD_CTX_open , and @@ -263,16 +295,17 @@ Encrypt a string using ChaCha20-Poly1305: const EVP_AEAD *aead = EVP_aead_chacha20_poly1305(); static const unsigned char nonce[32] = {0}; size_t buf_len, nonce_len; -EVP_AEAD_CTX ctx; +EVP_AEAD_CTX *ctx; -EVP_AEAD_CTX_init(&ctx, aead, key32, EVP_AEAD_key_length(aead), +ctx = EVP_AEAD_CTX_new(); +EVP_AEAD_CTX_init(ctx, aead, key32, EVP_AEAD_key_length(aead), EVP_AEAD_DEFAULT_TAG_LENGTH, NULL); nonce_len = EVP_AEAD_nonce_length(aead); -EVP_AEAD_CTX_seal(&ctx, out, &out_len, BUFSIZE, nonce, +EVP_AEAD_CTX_seal(ctx, out, &out_len, BUFSIZE, nonce, nonce_len, in, in_len, NULL, 0); -EVP_AEAD_CTX_cleanup(&ctx); +EVP_AEAD_CTX_free(ctx); .Ed .Sh SEE ALSO .Xr evp 3 , @@ -305,3 +338,9 @@ AEAD is based on the implementation by .An Adam Langley for Chromium/BoringSSL and first appeared in .Ox 5.6 . +.Pp +.Fn EVP_AEAD_CTX_new +and +.Fn EVP_AEAD_CTX_free +first appeared in +.Ox 7.1 . diff --git a/man/EVP_DigestInit.3 b/man/EVP_DigestInit.3 index 85800722..209ad018 100644 --- a/man/EVP_DigestInit.3 +++ b/man/EVP_DigestInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_DigestInit.3,v 1.21 2021/09/10 18:58:43 millert Exp $ +.\" $OpenBSD: EVP_DigestInit.3,v 1.24 2022/08/31 14:27:34 tb Exp $ .\" full merge up to: OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000 .\" selective merge up to: OpenSSL a95d7574 Jul 2 12:16:38 2017 -0400 .\" @@ -68,7 +68,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 10 2021 $ +.Dd $Mdocdate: August 31 2022 $ .Dt EVP_DIGESTINIT 3 .Os .Sh NAME @@ -105,8 +105,6 @@ .Nm EVP_sha256 , .Nm EVP_sha384 , .Nm EVP_sha512 , -.Nm EVP_dss , -.Nm EVP_dss1 , .Nm EVP_ripemd160 , .Nm EVP_get_digestbyname , .Nm EVP_get_digestbynid , @@ -243,10 +241,6 @@ .Ft const EVP_MD * .Fn EVP_sha512 void .Ft const EVP_MD * -.Fn EVP_dss void -.Ft const EVP_MD * -.Fn EVP_dss1 void -.Ft const EVP_MD * .Fn EVP_ripemd160 void .Ft const EVP_MD * .Fo EVP_get_digestbyname @@ -273,8 +267,6 @@ cleans up and resets it to the state it had after .Fn EVP_MD_CTX_new , such that it can be reused. -It is also suitable for digest contexts on the stack that were -used and are no longer needed. .Pp .Fn EVP_MD_CTX_free cleans up @@ -322,11 +314,6 @@ is then the default implementation of digest .Fa type is used. -If -.Fa ctx -points to an unused object on the stack, it must be initialized with -.Fn EVP_MD_CTX_init -before calling this function. .Pp .Fn EVP_DigestUpdate hashes @@ -394,11 +381,6 @@ to .Fa out . This is useful if large amounts of data are to be hashed which only differ in the last few bytes. -If -.Fa out -points to an unused object on the stack, it must be initialized with -.Fn EVP_MD_CTX_init -before calling this function. .Pp .Fn EVP_DigestInit is a deprecated function behaving like @@ -463,7 +445,7 @@ For example .Fn EVP_sha1 is associated with RSA so this will return .Dv NID_sha1WithRSAEncryption . -Since digests and signature algorithms are no longer linked this +Since digests and signature algorithms are no longer linked, this function is only retained for compatibility reasons. .Pp .Fn EVP_md5 , @@ -484,16 +466,6 @@ returns an .Vt EVP_MD structure that provides concatenated MD5 and SHA1 message digests. .Pp -.Fn EVP_dss -and -.Fn EVP_dss1 -return -.Vt EVP_MD -structures for SHA1 digest algorithms but using DSS (DSA) for the -signature algorithm. -Note: there is no need to use these pseudo-digests in OpenSSL 1.0.0 and -later; they are however retained for compatibility. -.Pp .Fn EVP_md_null is a "null" message digest that does nothing: i.e. the hash it returns is of zero length. @@ -604,8 +576,6 @@ is .Fn EVP_md5 , .Fn EVP_md5_sha1 , .Fn EVP_sha1 , -.Fn EVP_dss , -.Fn EVP_dss1 , and .Fn EVP_ripemd160 return pointers to the corresponding @@ -694,10 +664,6 @@ main(int argc, char *argv[]) and .Fn EVP_sha1 first appeared in SSLeay 0.5.1. -.Fn EVP_dss -and -.Fn EVP_dss1 -first appeared in SSLeay 0.6.0. .Fn EVP_MD_size first appeared in SSLeay 0.6.6. .Fn EVP_MD_CTX_size , @@ -767,6 +733,4 @@ first appeared in OpenSSL 1.1.0 and have been available since The link between digests and signing algorithms was fixed in OpenSSL 1.0 and later, so now .Fn EVP_sha1 -can be used with RSA and DSA; there is no need to use -.Fn EVP_dss1 -any more. +can be used with RSA and DSA. diff --git a/man/EVP_DigestSignInit.3 b/man/EVP_DigestSignInit.3 index 57db4b31..de6e57c2 100644 --- a/man/EVP_DigestSignInit.3 +++ b/man/EVP_DigestSignInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_DigestSignInit.3,v 1.11 2021/05/20 14:41:47 tb Exp $ +.\" $OpenBSD: EVP_DigestSignInit.3,v 1.12 2022/01/15 09:08:51 tb Exp $ .\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 20 2021 $ +.Dd $Mdocdate: January 15 2022 $ .Dt EVP_DIGESTSIGNINIT 3 .Os .Sh NAME @@ -189,14 +189,6 @@ used in preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .Pp -In previous versions of OpenSSL, there was a link between message digest -types and public key algorithms. -This meant that "clone" digests such as -.Xr EVP_dss1 3 -needed to be used to sign using SHA1 and DSA. -This is no longer necessary and the use of clone digest is now -discouraged. -.Pp The call to .Fn EVP_DigestSignFinal internally finalizes a copy of the digest context. diff --git a/man/EVP_DigestVerifyInit.3 b/man/EVP_DigestVerifyInit.3 index 0b3fa139..0eb31434 100644 --- a/man/EVP_DigestVerifyInit.3 +++ b/man/EVP_DigestVerifyInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_DigestVerifyInit.3,v 1.13 2021/05/20 14:41:47 tb Exp $ +.\" $OpenBSD: EVP_DigestVerifyInit.3,v 1.14 2022/01/15 09:08:51 tb Exp $ .\" OpenSSL fb552ac6 Sep 30 23:43:01 2009 +0000 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 20 2021 $ +.Dd $Mdocdate: January 15 2022 $ .Dt EVP_DIGESTVERIFYINIT 3 .Os .Sh NAME @@ -170,14 +170,6 @@ used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. .Pp -In previous versions of OpenSSL, there was a link between message digest -types and public key algorithms. -This meant that "clone" digests such as -.Xr EVP_dss1 3 -needed to be used to sign using SHA1 and DSA. -This is no longer necessary and the use of clone digest is now -discouraged. -.Pp The call to .Fn EVP_DigestVerifyFinal internally finalizes a copy of the digest context. diff --git a/man/EVP_EncryptInit.3 b/man/EVP_EncryptInit.3 index bcfe2360..b4fbfa37 100644 --- a/man/EVP_EncryptInit.3 +++ b/man/EVP_EncryptInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_EncryptInit.3,v 1.41 2021/01/05 06:51:31 jmc Exp $ +.\" $OpenBSD: EVP_EncryptInit.3,v 1.44 2022/08/31 14:27:34 tb Exp $ .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800 .\" EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod .\" 7c6d372a Nov 20 13:20:01 2018 +0000 @@ -71,7 +71,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 5 2021 $ +.Dd $Mdocdate: August 31 2022 $ .Dt EVP_ENCRYPTINIT 3 .Os .Sh NAME @@ -386,13 +386,13 @@ .Ft int .Fo EVP_CIPHER_CTX_get_iv .Fa "const EVP_CIPHER_CTX *ctx" -.Fa "u_char *iv" +.Fa "unsigned char *iv" .Fa "size_t len" .Fc .Ft int .Fo EVP_CIPHER_CTX_set_iv .Fa "EVP_CIPHER_CTX *ctx" -.Fa "const u_char *iv" +.Fa "const unsigned char *iv" .Fa "size_t len" .Fc .Ft void * @@ -443,8 +443,6 @@ object itself, such that it can be reused for another series of calls to .Fn EVP_CipherUpdate , and .Fn EVP_CipherFinal . -It is also suitable for cipher contexts on the stack that were used -and are no longer needed. .Fn EVP_CIPHER_CTX_cleanup is a deprecated alias for .Fn EVP_CIPHER_CTX_reset . @@ -478,11 +476,6 @@ for encryption with cipher from .Vt ENGINE .Fa impl . -If -.Fa ctx -points to an unused object on the stack, it must be initialized with -.Fn EVP_MD_CTX_init -before calling this function. .Fa type is normally supplied by a function such as .Xr EVP_aes_256_cbc 3 . @@ -535,7 +528,7 @@ The encrypted final data is written to which should have sufficient space for one cipher block. The number of bytes written is placed in .Fa outl . -After this function is called the encryption operation is finished and +After this function is called, the encryption operation is finished and no further calls to .Fn EVP_EncryptUpdate should be made. @@ -754,7 +747,7 @@ This "type" is the actual NID of the cipher OBJECT IDENTIFIER as such it ignores the cipher parameters and 40-bit RC2 and 128-bit RC2 have the same NID. If the cipher does not have an object identifier or does not -have ASN.1 support this function will return +have ASN.1 support, this function will return .Dv NID_undef . .Pp .Fn EVP_CIPHER_CTX_cipher @@ -842,7 +835,7 @@ block size n will equal the block size. For example if the block size is 8 and 11 bytes are to be encrypted then 5 padding bytes of value 5 will be added. .Pp -When decrypting the final block is checked to see if it has the correct +When decrypting, the final block is checked to see if it has the correct form. .Pp Although the decryption operation can produce an error if padding is @@ -1374,7 +1367,7 @@ first appeared in LibreSSL 2.8.1 and has been available since and .Dv EVP_MAX_IV_LENGTH only refer to the internal ciphers with default key lengths. -If custom ciphers exceed these values the results are unpredictable. +If custom ciphers exceed these values, the results are unpredictable. This is because it has become standard practice to define a generic key as a fixed unsigned char array containing .Dv EVP_MAX_KEY_LENGTH diff --git a/man/EVP_PKCS82PKEY.3 b/man/EVP_PKCS82PKEY.3 new file mode 100644 index 00000000..5fed846f --- /dev/null +++ b/man/EVP_PKCS82PKEY.3 @@ -0,0 +1,63 @@ +.\" $OpenBSD: EVP_PKCS82PKEY.3,v 1.1 2021/10/25 13:48:12 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: October 25 2021 $ +.Dt EVP_PKCS82PKEY 3 +.Os +.Sh NAME +.Nm EVP_PKCS82PKEY , +.Nm EVP_PKEY2PKCS8 +.Nd convert between EVP_PKEY and PKCS#8 PrivateKeyInfo +.Sh SYNOPSIS +.In openssl/x509.h +.Ft EVP_PKEY * +.Fn EVP_PKCS82PKEY "const PKCS8_PRIV_KEY_INFO *keyinfo" +.Ft PKCS8_PRIV_KEY_INFO * +.Fn EVP_PKEY2PKCS8 "EVP_PKEY *pkey" +.Sh DESCRIPTION +.Fn EVP_PKCS82PKEY +extracts the private key from a PKCS#8 +.Vt PrivateKeyInfo +structure. +.Pp +.Fn EVP_PKEY2PKCS8 +creates a PKCS#8 +.Vt PrivateKeyInfo +structure representing the private key contained in +.Fa pkey . +.Pp +Supported algorithms include DH, DSA, EC, GOST2001, and RSA. +Application programs can add additional algorithms using +.Xr EVP_PKEY_asn1_add0 3 . +.Sh RETURN VALUES +These functions return a newly allocated object or +.Dv NULL +if the algorithm indicated in +.Fa keyinfo +or +.Fa pkey +is unsupported or if memory allocation, decoding, or encoding fails. +.Sh SEE ALSO +.Xr EVP_PKEY_asn1_add0 3 , +.Xr EVP_PKEY_base_id 3 , +.Xr EVP_PKEY_new 3 , +.Xr PKCS8_pkey_set0 3 , +.Xr PKCS8_PRIV_KEY_INFO_new 3 , +.Xr X509_ALGOR_get0 3 +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.3 +and have been available since +.Ox 2.6 . diff --git a/man/EVP_PKEY_CTX_new.3 b/man/EVP_PKEY_CTX_new.3 index 8f6a0a65..229f5522 100644 --- a/man/EVP_PKEY_CTX_new.3 +++ b/man/EVP_PKEY_CTX_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_PKEY_CTX_new.3,v 1.11 2020/06/24 19:55:55 schwarze Exp $ +.\" $OpenBSD: EVP_PKEY_CTX_new.3,v 1.12 2022/07/13 21:51:35 schwarze Exp $ .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 24 2020 $ +.Dd $Mdocdate: July 13 2022 $ .Dt EVP_PKEY_CTX_NEW 3 .Os .Sh NAME @@ -157,6 +157,7 @@ if an error occurred. .Xr EVP_DigestSignInit 3 , .Xr EVP_DigestVerifyInit 3 , .Xr EVP_PKEY_base_id 3 , +.Xr EVP_PKEY_check 3 , .Xr EVP_PKEY_CTX_ctrl 3 , .Xr EVP_PKEY_decrypt 3 , .Xr EVP_PKEY_derive 3 , diff --git a/man/EVP_PKEY_CTX_set_hkdf_md.3 b/man/EVP_PKEY_CTX_set_hkdf_md.3 new file mode 100644 index 00000000..559c68bd --- /dev/null +++ b/man/EVP_PKEY_CTX_set_hkdf_md.3 @@ -0,0 +1,253 @@ +.\" $OpenBSD: EVP_PKEY_CTX_set_hkdf_md.3,v 1.2 2022/05/06 10:10:10 tb Exp $ +.\" full merge up to: OpenSSL 1cb7eff4 Sep 10 13:56:40 2019 +0100 +.\" +.\" This file was written by Alessandro Ghedini , +.\" Matt Caswell , and Viktor Dukhovni . +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 6 2022 $ +.Dt EVP_PKEY_CTX_SET_HKDF_MD 3 +.Os +.Sh NAME +.Nm EVP_PKEY_CTX_set_hkdf_md , +.Nm EVP_PKEY_CTX_set1_hkdf_salt , +.Nm EVP_PKEY_CTX_set1_hkdf_key , +.Nm EVP_PKEY_CTX_add1_hkdf_info , +.Nm EVP_PKEY_CTX_hkdf_mode +.Nd HMAC-based Extract-and-Expand key derivation algorithm +.Sh SYNOPSIS +.In openssl/kdf.h +.Ft int +.Fo EVP_PKEY_CTX_hkdf_mode +.Fa "EVP_PKEY_CTX *pctx" +.Fa "int mode" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_set_hkdf_md +.Fa "EVP_PKEY_CTX *pctx" +.Fa "const EVP_MD *md" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_set1_hkdf_salt +.Fa "EVP_PKEY_CTX *pctx" +.Fa "unsigned char *salt" +.Fa "int saltlen" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_set1_hkdf_key +.Fa "EVP_PKEY_CTX *pctx" +.Fa "unsigned char *key" +.Fa "int keylen" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_add1_hkdf_info +.Fa "EVP_PKEY_CTX *pctx" +.Fa "unsigned char *info" +.Fa "int infolen" +.Fc +.Sh DESCRIPTION +The EVP_PKEY_HKDF algorithm implements the HKDF key derivation function. +HKDF follows the "extract-then-expand" paradigm, where the KDF logically +consists of two modules. +The first stage takes the input keying material and "extracts" from it a +fixed-length pseudorandom key K. +The second stage "expands" the key K +into several additional pseudorandom keys (the output of the KDF). +.Pp +.Fn EVP_PKEY_CTX_hkdf_mode +sets the mode for the HKDF operation. +There are three modes that are currently defined: +.Bl -tag -width Ds +.It Dv EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND +This is the default mode. +Calling +.Xr EVP_PKEY_derive 3 +on an EVP_PKEY_CTX set up for HKDF will perform an extract followed by +an expand operation in one go. +The derived key returned will be the result after the expand operation. +The intermediate fixed-length pseudorandom key K is not returned. +.Pp +In this mode the digest, key, salt and info values must be set before a +key is derived or an error occurs. +.It Dv EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY +In this mode calling +.Xr EVP_PKEY_derive 3 +will just perform the extract operation. +The value returned will be the intermediate fixed-length pseudorandom +key K. +.Pp +The digest, key and salt values must be set before a key is derived or +an error occurs. +.It Dv EVP_PKEY_HKDEF_MODE_EXPAND_ONLY +In this mode calling +.Xr EVP_PKEY_derive 3 +will just perform the expand operation. +The input key should be set to the intermediate fixed-length +pseudorandom key K returned from a previous extract operation. +.Pp +The digest, key and info values must be set before a key is derived or +an error occurs. +.El +.Pp +.Fn EVP_PKEY_CTX_set_hkdf_md +sets the message digest associated with the HKDF. +.Pp +.Fn EVP_PKEY_CTX_set1_hkdf_salt +sets the salt to +.Fa saltlen +bytes of the buffer +.Fa salt . +Any existing value is replaced. +.Pp +.Fn EVP_PKEY_CTX_set1_hkdf_key +sets the key to +.Fa keylen +bytes of the buffer +.Fa key . +Any existing value is replaced. +.Pp +.Fn EVP_PKEY_CTX_add1_hkdf_info +sets the info value to +.Fa infolen +bytes of the buffer +.Fa info . +If a value is already set, it is appended to the existing value. +.Sh STRING CTRLS +HKDF also supports string based control operations via +.Xr EVP_PKEY_CTX_ctrl_str 3 . +The +.Fa type +parameter "md" uses the supplied +.Fa value +as the name of the digest algorithm to use. +The +.Fa type +parameter "mode" accepts "EXTRACT_AND_EXPAND", "EXTRACT_ONLY" +and "EXPAND_ONLY" as +.Fa value +to determine the mode to use. +The +.Fa type +parameters "salt", "key" and "info" use the supplied +.Fa value +parameter as a +seed, key, or info. +The names "hexsalt", "hexkey" and "hexinfo" are similar except they take +a hex string which is converted to binary. +.Sh NOTES +All these functions are implemented as macros. +.Pp +A context for HKDF can be obtained by calling: +.Bd -literal + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); +.Ed +.Pp +The total length of the info buffer cannot exceed 1024 bytes in length: +this should be more than enough for any normal use of HKDF. +.Pp +The output length of an HKDF expand operation is specified via the +length parameter to the +.Xr EVP_PKEY_derive 3 +function. +Since the HKDF output length is variable, passing a +.Dv NULL +buffer as a means to obtain the requisite length is not meaningful with +HKDF in any mode that performs an expand operation. +Instead, the caller must allocate a buffer of the desired length, and +pass that buffer to +.Xr EVP_PKEY_derive 3 +along with (a pointer initialized to) the desired length. +Passing a +.Dv NULL +buffer to obtain the length is allowed when using +.Dv EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY . +.Sh RETURN VALUES +All these functions return 1 for success and 0 or a negative value for +failure. +In particular a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh EXAMPLES +This example derives 10 bytes using SHA-256 with the secret key +"secret", salt value "salt" and info value "label": +.Bd -literal +EVP_PKEY_CTX *pctx; +unsigned char out[10]; +size_t outlen = sizeof(out); + +if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)) == NULL) + /* Error */ + +if (EVP_PKEY_derive_init(pctx) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0) + /* Error */ +if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 5) <= 0) + /* Error */ +if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) + /* Error */ +.Ed +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_ctrl_str 3 , +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_derive 3 +.Sh STANDARDS +RFC 5869: HMAC-based Extract-and-Expand Key Derivation Function (HKDF) +.Sh HISTORY +.Fn EVP_PKEY_CTX_set_hkdf_md , +.Fn EVP_PKEY_CTX_set1_hkdf_salt , +.Fn EVP_PKEY_CTX_set1_hkdf_key , +and +.Fn EVP_PKEY_CTX_add1_hkdf_info +first appeared in OpenSSL 1.1.0 and +.Fn EVP_PKEY_CTX_hkdf_mode +in OpenSSL 1.1.1. +These functions have been available since +.Ox 7.2 . diff --git a/man/EVP_PKEY_add1_attr.3 b/man/EVP_PKEY_add1_attr.3 new file mode 100644 index 00000000..ae910b16 --- /dev/null +++ b/man/EVP_PKEY_add1_attr.3 @@ -0,0 +1,188 @@ +.\" $OpenBSD: EVP_PKEY_add1_attr.3,v 1.3 2021/10/26 18:50:38 jmc Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: October 26 2021 $ +.Dt EVP_PKEY_ADD1_ATTR 3 +.Os +.Sh NAME +.Nm EVP_PKEY_add1_attr , +.Nm EVP_PKEY_add1_attr_by_OBJ , +.Nm EVP_PKEY_add1_attr_by_NID , +.Nm EVP_PKEY_add1_attr_by_txt , +.Nm EVP_PKEY_delete_attr , +.Nm EVP_PKEY_get_attr , +.Nm EVP_PKEY_get_attr_count , +.Nm EVP_PKEY_get_attr_by_OBJ , +.Nm EVP_PKEY_get_attr_by_NID +.Nd X.501 Attributes of private keys +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo EVP_PKEY_add1_attr +.Fa "EVP_PKEY *key" +.Fa "X509_ATTRIBUTE *attr" +.Fc +.Ft int +.Fo EVP_PKEY_add1_attr_by_OBJ +.Fa "EVP_PKEY *key" +.Fa "const ASN1_OBJECT *obj" +.Fa "int type" +.Fa "const unsigned char *data" +.Fa "int len" +.Fc +.Ft int +.Fo EVP_PKEY_add1_attr_by_NID +.Fa "EVP_PKEY *key" +.Fa "int nid" +.Fa "int type" +.Fa "const unsigned char *data" +.Fa "int len" +.Fc +.Ft int +.Fo EVP_PKEY_add1_attr_by_txt +.Fa "EVP_PKEY *key" +.Fa "const char *name" +.Fa "int type" +.Fa "const unsigned char *data" +.Fa "int len" +.Fc +.Ft X509_ATTRIBUTE * +.Fo EVP_PKEY_delete_attr +.Fa "EVP_PKEY *key" +.Fa "int index" +.Fc +.Ft X509_ATTRIBUTE * +.Fo EVP_PKEY_get_attr +.Fa "const EVP_PKEY *key" +.Fa "int index" +.Fc +.Ft int +.Fo EVP_PKEY_get_attr_count +.Fa "const EVP_PKEY *key" +.Fc +.Ft int +.Fo EVP_PKEY_get_attr_by_OBJ +.Fa "const EVP_PKEY *key" +.Fa "const ASN1_OBJECT *obj" +.Fa "int start_after" +.Fc +.Ft int +.Fo EVP_PKEY_get_attr_by_NID +.Fa "const EVP_PKEY *key" +.Fa "int nid" +.Fa "int start_after" +.Fc +.Sh DESCRIPTION +These functions support associating an array of X.501 Attributes +with a private key. +Such attributes can for example be included in PKCS#12 structures. +.Pp +.Fn EVP_PKEY_add1_attr +appends a deep copy of the +.Fa attr +using +.Xr X509at_add1_attr 3 . +.Pp +.Fn EVP_PKEY_add1_attr_by_OBJ , +.Fn EVP_PKEY_add1_attr_by_NID , +and +.Fn EVP_PKEY_add1_attr_by_txt +create a new X.501 Attribute object using +.Xr X509_ATTRIBUTE_create_by_OBJ 3 , +.Xr X509_ATTRIBUTE_create_by_NID 3 , +or +.Xr X509_ATTRIBUTE_create_by_txt 3 , +respectively, and append it using +.Xr X509at_add1_attr 3 . +.Pp +.Fn EVP_PKEY_delete_attr +deletes the attribute with the zero-based +.Fa index +using +.Xr X509at_delete_attr 3 . +.Pp +.Fn EVP_PKEY_get_attr +returns the attribute with the zero-based +.Fa index +using +.Xr X509at_get_attr 3 . +.Pp +.Fn EVP_PKEY_get_attr_count +returns the number of attributes currently associated with the +.Fa key +using +.Xr X509at_get_attr_count 3 . +.Pp +.Fn EVP_PKEY_get_attr_by_OBJ +and +.Fn EVP_PKEY_get_attr_by_NID +search for an attribute of the type +.Fa obj +or +.Fa nid +using +.Xr X509at_get_attr_by_OBJ 3 +or +.Xr X509at_get_attr_by_NID 3 , +respectively. +.Sh RETURN VALUES +.Fn EVP_PKEY_add1_attr , +.Fn EVP_PKEY_add1_attr_by_OBJ , +.Fn EVP_PKEY_add1_attr_by_NID , +and +.Fn EVP_PKEY_add1_attr_by_txt +return 1 for success or 0 for failure. +.Pp +.Fn EVP_PKEY_delete_attr +and +.Fn EVP_PKEY_get_attr +return the deleted or requested attribute or +.Dv NULL +if the requested index is negative or greater than or equal to +the current number of attributes associated with the +.Fa key . +.Pp +.Fn EVP_PKEY_get_attr_count +returns the current number of attributes. +.Pp +.Fn EVP_PKEY_get_attr_by_OBJ +and +.Fn EVP_PKEY_get_attr_by_NID +return the index of the first attribute that has an index greater than +.Fa start_after +and a type matching +.Fa obj +or +.Fa nid , +respectively, or \-1 on failure. +In addition, +.Fn EVP_PKEY_get_attr_by_NID +returns \-2 if +.Xr OBJ_nid2obj 3 +fails on the requested +.Fa nid . +.Sh SEE ALSO +.Xr EVP_PKEY_new 3 , +.Xr OBJ_nid2obj 3 , +.Xr PKCS12_create 3 , +.Xr X509_ATTRIBUTE_create_by_OBJ 3 , +.Xr X509_ATTRIBUTE_new 3 , +.Xr X509at_add1_attr 3 , +.Xr X509at_get_attr 3 +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.8 +and have been available since +.Ox 4.5 . diff --git a/man/EVP_PKEY_asn1_new.3 b/man/EVP_PKEY_asn1_new.3 index 5d915d01..d9947ad7 100644 --- a/man/EVP_PKEY_asn1_new.3 +++ b/man/EVP_PKEY_asn1_new.3 @@ -1,8 +1,9 @@ -.\" $OpenBSD: EVP_PKEY_asn1_new.3,v 1.5 2019/09/01 09:10:09 schwarze Exp $ +.\" $OpenBSD: EVP_PKEY_asn1_new.3,v 1.8 2022/07/13 19:10:40 schwarze Exp $ .\" selective merge up to: .\" OpenSSL man3/EVP_PKEY_ASN1_METHOD b0004708 Nov 1 00:45:24 2017 +0800 .\" .\" This file was written by Richard Levitte +.\" and Paul Yang . .\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -49,8 +50,8 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 1 2019 $ -.Dt EVP_PKEY_ASN1_METHOD 3 +.Dd $Mdocdate: July 13 2022 $ +.Dt EVP_PKEY_ASN1_NEW 3 .Os .Sh NAME .Nm EVP_PKEY_asn1_new , @@ -62,7 +63,11 @@ .Nm EVP_PKEY_asn1_set_private , .Nm EVP_PKEY_asn1_set_param , .Nm EVP_PKEY_asn1_set_free , -.Nm EVP_PKEY_asn1_set_ctrl +.Nm EVP_PKEY_asn1_set_ctrl , +.Nm EVP_PKEY_asn1_set_check , +.Nm EVP_PKEY_asn1_set_public_check , +.Nm EVP_PKEY_asn1_set_param_check , +.Nm EVP_PKEY_asn1_set_security_bits .Nd manipulating and registering an EVP_PKEY_ASN1_METHOD structure .Sh SYNOPSIS .In openssl/evp.h @@ -132,6 +137,26 @@ .Fa "EVP_PKEY_ASN1_METHOD *ameth" .Fa "int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2)" .Fc +.Ft void +.Fo EVP_PKEY_asn1_set_check +.Fa "EVP_PKEY_ASN1_METHOD *ameth" +.Fa "int (*pkey_check)(const EVP_PKEY *pk)" +.Fc +.Ft void +.Fo EVP_PKEY_asn1_set_public_check +.Fa "EVP_PKEY_ASN1_METHOD *ameth" +.Fa "int (*pkey_public_check)(const EVP_PKEY *pk)" +.Fc +.Ft void +.Fo EVP_PKEY_asn1_set_param_check +.Fa "EVP_PKEY_ASN1_METHOD *ameth" +.Fa "int (*pkey_param_check)(const EVP_PKEY *pk)" +.Fc +.Ft void +.Fo EVP_PKEY_asn1_set_security_bits +.Fa "EVP_PKEY_ASN1_METHOD *ameth" +.Fa "int (*pkey_security_bits)(const EVP_PKEY *pkey)" +.Fc .Sh DESCRIPTION .Vt EVP_PKEY_ASN1_METHOD is a structure which holds a set of ASN.1 conversion, printing and @@ -150,205 +175,167 @@ key algorithm present by the .Vt EVP_PKEY object. .Bd -unfilled -.Ft int Fo (*pub_decode) -.Fa "EVP_PKEY *pk" -.Fa "X509_PUBKEY *pub" -.Fc -.Ft int Fo (*pub_encode) -.Fa "X509_PUBKEY *pub" -.Fa "const EVP_PKEY *pk" -.Fc -.Ft int Fo (*pub_cmp) -.Fa "const EVP_PKEY *a" -.Fa "const EVP_PKEY *b" -.Fc -.Ft int Fo (*pub_print) -.Fa "BIO *out" -.Fa "const EVP_PKEY *pkey" -.Fa "int indent" -.Fa "ASN1_PCTX *pctx" -.Fc +.Ft int Fn (*pub_decode) "EVP_PKEY *pk" "X509_PUBKEY *pub" +.Ft int Fn (*pub_encode) "X509_PUBKEY *pub" "const EVP_PKEY *pk" .Ed .Pp -The -.Fn pub_decode -and -.Fn pub_encode -methods are called to decode and encode +Decode and encode .Vt X509_PUBKEY ASN.1 parameters to and from .Fa pk . -They must return 0 on error and 1 on success. +These methods must return 0 on error and 1 on success. They are called by .Xr X509_PUBKEY_get 3 and .Xr X509_PUBKEY_set 3 . +.Bd -unfilled +.Ft int Fn (*pub_cmp) "const EVP_PKEY *a" "const EVP_PKEY *b" +.Ed .Pp -The -.Fn pub_cmp -method is called when two public keys are compared. -It must return 1 when the keys are equal and 0 otherwise. +Compare two public keys. +This method must return 1 when the keys are equal and 0 otherwise. It is called by .Xr EVP_PKEY_cmp 3 . +.Bd -filled +.Ft int Fo (*pub_print) +.Fa "BIO *out" +.Fa "const EVP_PKEY *pkey" +.Fa "int indent" +.Fa "ASN1_PCTX *pctx" +.Fc +.Ed .Pp -The -.Fn pub_print -method is called to print a public key in humanly readable text to +Print a public key in humanly readable text to .Fa out , indented .Fa indent spaces. -It must return 0 on error and 1 on success. +This method must return 0 on error and 1 on success. It is called by .Xr EVP_PKEY_print_public 3 . .Bd -unfilled -.Ft int Fo (*priv_decode) -.Fa "EVP_PKEY *pk" -.Fa "const PKCS8_PRIV_KEY_INFO *p8inf" -.Fc -.Ft int Fo (*priv_encode) -.Fa "PKCS8_PRIV_KEY_INFO *p8" -.Fa "const EVP_PKEY *pk" -.Fc -.Ft int Fo (*priv_print) -.Fa "BIO *out" -.Fa "const EVP_PKEY *pkey" -.Fa "int indent" -.Fa "ASN1_PCTX *pctx" -.Fc +.Ft int Fn (*priv_decode) "EVP_PKEY *pk" "const PKCS8_PRIV_KEY_INFO *p8inf" +.Ft int Fn (*priv_encode) "PKCS8_PRIV_KEY_INFO *p8" "const EVP_PKEY *pk" .Ed .Pp -The -.Fn priv_decode -and -.Fn priv_encode -methods are called to decode and encode +Decode and encode .Vt PKCS8_PRIV_KEY_INFO form private key to and from .Fa pk . -They must return 0 on error, 1 on success. +These methods must return 0 on error, 1 on success. They are called by -.Fn EVP_PKCS82PKEY +.Xr EVP_PKCS82PKEY 3 and -.Fn EVP_PKEY2PKCS8 . +.Xr EVP_PKEY2PKCS8 3 . +.Bd -filled +.Ft int Fo (*priv_print) +.Fa "BIO *out" +.Fa "const EVP_PKEY *pkey" +.Fa "int indent" +.Fa "ASN1_PCTX *pctx" +.Fc +.Ed .Pp -The -.Fn priv_print -method is called to print a private key in humanly readable text to +Print a private key in humanly readable text to .Fa out , indented .Fa indent spaces. -It must return 0 on error and 1 on success. +This method must return 0 on error and 1 on success. It is called by .Xr EVP_PKEY_print_private 3 . .Bd -unfilled .Ft int Fn (*pkey_size) "const EVP_PKEY *pk" -.Ft int Fn (*pkey_bits) "const EVP_PKEY *pk"; .Ed .Pp -The -.Fn pkey_size -method returns the key size in bytes. -It is called by +Returns the key size in bytes. +This method is called by .Xr EVP_PKEY_size 3 . +.Bd -unfilled +.Ft int Fn (*pkey_bits) "const EVP_PKEY *pk" +.Ed .Pp -The -.Fn pkey_bits -method returns the key size in bits. -It is called by +Returns the key size in bits. +This method is called by .Xr EVP_PKEY_bits 3 . -.Bd -unfilled +.Bd -filled .Ft int Fo (*param_decode) .Fa "EVP_PKEY *pkey" .Fa "const unsigned char **pder" .Fa "int derlen" .Fc +.br .Ft int Fo (*param_encode) .Fa "const EVP_PKEY *pkey" .Fa "unsigned char **pder" .Fc -.Ft int Fo (*param_missing) -.Fa "const EVP_PKEY *pk" -.Fc -.Ft int Fo (*param_copy) -.Fa "EVP_PKEY *to" -.Fa "const EVP_PKEY *from" -.Fc -.Ft int Fo (*param_cmp) -.Fa "const EVP_PKEY *a" -.Fa "const EVP_PKEY *b" -.Fc -.Ft int Fo (*param_print) -.Fa "BIO *out" -.Fa "const EVP_PKEY *pkey" -.Fa "int indent" -.Fa "ASN1_PCTX *pctx" -.Fc .Ed .Pp -The -.Fn param_decode -and -.Fn param_encode -methods are called to decode and encode DER formatted parameters to and from +Decode and encode DER formatted parameters to and from .Fa pk . -They must return 0 on error and 1 on success. +These methods must return 0 on error and 1 on success. They are called by .Fn PEM_read_bio_Parameters . +.Bd -unfilled +.Ft int Fn (*param_missing) "const EVP_PKEY *pk" +.Ed .Pp -The -.Fn param_missing -method returns 0 if a key parameter is missing or otherwise 1. -It is called by +Return 0 if a key parameter is missing or 1 otherwise. +This method is called by .Xr EVP_PKEY_missing_parameters 3 . +.Bd -unfilled +.Ft int Fn (*param_copy) "EVP_PKEY *to" "const EVP_PKEY *from" +.Ed .Pp -The -.Fn param_copy -method copies key parameters from +Copy key parameters from .Fa from to .Fa to . -It must return 0 on error and 1 on success. +This method must return 0 on error and 1 on success. It is called by .Xr EVP_PKEY_copy_parameters 3 . +.Bd -unfilled +.Ft int Fn (*param_cmp) "const EVP_PKEY *a" "const EVP_PKEY *b" +.Ed .Pp -The -.Fn param_cmp -method compares the parameters of the keys +Compare the parameters of the keys .Fa a and .Fa b . -It must return 1 when the keys are equal, 0 when not equal, and a +This method must return 1 when the keys are equal, 0 when not equal, and a negative number on error. It is called by .Xr EVP_PKEY_cmp_parameters 3 . +.Bd -filled +.Ft int Fo (*param_print) +.Fa "BIO *out" +.Fa "const EVP_PKEY *pkey" +.Fa "int indent" +.Fa "ASN1_PCTX *pctx" +.Fc +.Ed .Pp -The -.Fn param_print -method prints the private key parameters in humanly readable text to +Print the private key parameters in humanly readable text to .Fa out , indented .Fa indent spaces. -It must return 0 on error and 1 on success. +This method must return 0 on error and 1 on success. It is called by .Xr EVP_PKEY_print_params 3 . .Bd -unfilled .Ft void Fn (*pkey_free) "EVP_PKEY *pkey" .Ed .Pp -The -.Fn pkey_free -method helps freeing the internals of +Free the internals of .Fa pkey . -It is called by +This method is called by .Xr EVP_PKEY_free 3 , .Xr EVP_PKEY_set_type 3 , .Fn EVP_PKEY_set_type_str , and .Xr EVP_PKEY_assign 3 . -.Bd -unfilled +.Bd -filled .Ft int Fo (*pkey_ctrl) .Fa "EVP_PKEY *pkey" .Fa "int op" @@ -357,14 +344,36 @@ and .Fc .Ed .Pp -The -.Fn pkey_ctrl -method adds extra algorithm specific control. -It is called by +Add extra algorithm specific control. +This method is called by .Xr EVP_PKEY_get_default_digest_nid 3 , .Fn PKCS7_SIGNER_INFO_set , .Fn PKCS7_RECIP_INFO_set , and other functions. +.Bd -unfilled +.Ft int Fn (*pkey_check) "const EVP_PKEY *pk" +.Ft int Fn (*pkey_public_check) "const EVP_PKEY *pk" +.Ft int Fn (*pkey_param_check) "const EVP_PKEY *pk" +.Ed +.Pp +Check the validity of +.Fa pk +for key-pair, public component, and parameters, respectively. +These methods must return 0 for an invalid key or 1 for a valid key. +They are called by +.Xr EVP_PKEY_check 3 , +.Xr EVP_PKEY_public_check 3 , +and +.Xr EVP_PKEY_param_check 3 , +respectively. +.Bd -unfilled +.Ft int Fn (*pkey_security_bits) "const EVP_PKEY *pkey" +.Ed +.Pp +Return the security strength measured in bits of +.Fa pkey . +It is called by +.Xr EVP_PKEY_security_bits 3 . .Ss Functions .Fn EVP_PKEY_asn1_new creates and returns a new @@ -436,8 +445,12 @@ initializing the application. .Fn EVP_PKEY_asn1_set_private , .Fn EVP_PKEY_asn1_set_param , .Fn EVP_PKEY_asn1_set_free , +.Fn EVP_PKEY_asn1_set_ctrl , +.Fn EVP_PKEY_asn1_set_check , +.Fn EVP_PKEY_asn1_set_public_check , +.Fn EVP_PKEY_asn1_set_param_check , and -.Fn EVP_PKEY_asn1_set_ctrl +.Fn EVP_PKEY_asn1_set_security_bits set the diverse methods of the given .Vt EVP_PKEY_ASN1_METHOD object. @@ -458,6 +471,27 @@ return 0 on error or 1 on success. .Xr EVP_PKEY_new 3 , .Xr X509_PUBKEY_new 3 .Sh HISTORY -These functions first appeared in OpenSSL 1.0.0 -and have been available since +.Fn EVP_PKEY_asn1_new , +.Fn EVP_PKEY_asn1_copy , +.Fn EVP_PKEY_asn1_free , +.Fn EVP_PKEY_asn1_add0 , +.Fn EVP_PKEY_asn1_add_alias , +.Fn EVP_PKEY_asn1_set_public , +.Fn EVP_PKEY_asn1_set_private , +.Fn EVP_PKEY_asn1_set_param , +.Fn EVP_PKEY_asn1_set_free , +and +.Fn EVP_PKEY_asn1_set_ctrl +first appeared in OpenSSL 1.0.0 and have been available since .Ox 4.9 . +.Pp +.Fn EVP_PKEY_asn1_set_check , +.Fn EVP_PKEY_asn1_set_public_check , +and +.Fn EVP_PKEY_asn1_set_param_check +first appeared in OpenSSL 1.1.1 and have been available since +.Ox 7.1 . +.Pp +.Fn EVP_PKEY_asn1_set_security_bits +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 7.2 . diff --git a/man/EVP_PKEY_check.3 b/man/EVP_PKEY_check.3 new file mode 100644 index 00000000..5a78e351 --- /dev/null +++ b/man/EVP_PKEY_check.3 @@ -0,0 +1,149 @@ +.\" $OpenBSD: EVP_PKEY_check.3,v 1.2 2022/07/14 14:49:09 tb Exp $ +.\" +.\" Copyright (c) 2022 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 14 2022 $ +.Dt EVP_PKEY_CHECK 3 +.Os +.Sh NAME +.Nm EVP_PKEY_check , +.Nm EVP_PKEY_public_check , +.Nm EVP_PKEY_param_check +.Nd key and parameter check functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fn EVP_PKEY_check "EVP_PKEY_CTX *ctx" +.Ft int +.Fn EVP_PKEY_public_check "EVP_PKEY_CTX *ctx" +.Ft int +.Fn EVP_PKEY_param_check "EVP_PKEY_CTX *ctx" +.Sh DESCRIPTION +.Fn EVP_PKEY_check +performs various sanity checks on the key contained in +.Fa ctx +but only supports a small number of key types by default. +It preferably uses the function +.Fa check +configured for +.Fa ctx +with +.Xr EVP_PKEY_meth_set_check 3 . +It falls back to the function +.Fa pkey_check +configured for the private key contained in +.Fa ctx +with +.Xr EVP_PKEY_asn1_set_check 3 . +If that wasn't configured either, it attempts to use the following +check functions: +.Pp +.Bl -tag -width 3n -compact -offset -indent +.It DH +not supported, return value \-2 +.It EC +.Xr EC_KEY_check_key 3 +.It RSA +.Xr RSA_check_key 3 +.El +.Pp +.Fn EVP_PKEY_public_check +performs various sanity checks on the public key contained in +.Fa ctx +but only supports a small number of key types by default. +It preferably uses the function +.Fa public_check +configured for +.Fa ctx +with +.Xr EVP_PKEY_meth_set_public_check 3 . +It falls back to the function +.Fa pkey_public_check +configured for the private key contained in +.Fa ctx +with +.Xr EVP_PKEY_asn1_set_public_check 3 . +If that wasn't configured either, it attempts to use the following +check functions: +.Pp +.Bl -tag -width 3n -compact -offset -indent +.It DH +.Xr DH_check_pub_key 3 +.It EC +.Xr EC_KEY_check_key 3 +.It RSA +not supported, return value \-2 +.El +.Pp +.Fn EVP_PKEY_param_check +performs various sanity checks on the key parameters contained in +.Fa ctx +but only supports a small number of key types by default. +It preferably uses the function +.Fa check +configured for +.Fa ctx +with +.Xr EVP_PKEY_meth_set_param_check 3 . +It falls back to the function +.Fa pkey_check +configured for the private key contained in +.Fa ctx +with +.Xr EVP_PKEY_asn1_set_param_check 3 . +If that wasn't configured either, it attempts to use the following +check functions: +.Pp +.Bl -tag -width 3n -compact -offset -indent +.It DH +.Xr DH_check 3 +.It EC +.Xr EC_GROUP_check 3 +.It RSA +not supported, return value \-2 +.El +.Sh RETURN VALUES +These functions return 1 if the check was performed and no problem +was found, 0 if a problem was found or if the check could not be +performed, for example because +.Fa ctx +does not contain an +.Vt EVP_PKEY +object, or \-2 if the required check function is neither configured for +.Fa ctx +nor for the +.Vt PKEY +contained therein, and the check in question is not supported by default +for the algorithm in question either. +.Sh SEE ALSO +.Xr DH_check 3 , +.Xr EC_GROUP_check 3 , +.Xr EC_KEY_new 3 , +.Xr EVP_PKEY_asn1_new 3 , +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_meth_new 3 , +.Xr EVP_PKEY_new 3 , +.Xr RSA_check_key 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.1.1 +and have been available since +.Ox 7.1 . +.Sh BUGS +For EC keys, +.Fn EVP_PKEY_public_check +also checks the +.Em private +key and fails if there is a problem with any of the private +components, even if no problem is found with the public key. diff --git a/man/EVP_PKEY_cmp.3 b/man/EVP_PKEY_cmp.3 index 5226ec58..e00147dc 100644 --- a/man/EVP_PKEY_cmp.3 +++ b/man/EVP_PKEY_cmp.3 @@ -1,7 +1,25 @@ -.\" $OpenBSD: EVP_PKEY_cmp.3,v 1.10 2019/06/06 01:06:58 schwarze Exp $ -.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 +.\" $OpenBSD: EVP_PKEY_cmp.3,v 1.12 2021/10/19 17:42:49 schwarze Exp $ +.\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 +.\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" -.\" This file was written by Dr. Stephen Henson . +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . .\" Copyright (c) 2006, 2013, 2014, 2016 The OpenSSL Project. .\" All rights reserved. .\" @@ -49,7 +67,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: October 19 2021 $ .Dt EVP_PKEY_CMP 3 .Os .Sh NAME @@ -66,8 +84,8 @@ .Fc .Ft int .Fo EVP_PKEY_copy_parameters -.Fa "EVP_PKEY *to" -.Fa "const EVP_PKEY *from" +.Fa "EVP_PKEY *destination" +.Fa "const EVP_PKEY *source" .Fc .Ft int .Fo EVP_PKEY_cmp_parameters @@ -80,35 +98,31 @@ .Fa "const EVP_PKEY *b" .Fc .Sh DESCRIPTION -The function .Fn EVP_PKEY_missing_parameters -returns 1 if the public key parameters of -.Fa pkey -are missing and 0 if they are present or the algorithm doesn't use -parameters. +checks whether any public key parameters are missing from +.Fa pkey . .Pp -The function .Fn EVP_PKEY_copy_parameters -copies the parameters from key -.Fa from -to key -.Fa to . -An error is returned if the parameters are missing in -.Fa from . +copies all public key parameters from the +.Fa source +to the +.Fa destination . +If the algorithm does not use parameters, no action occurs. .Pp -The function .Fn EVP_PKEY_cmp_parameters -compares the parameters of keys +compares the public key parameters of .Fa a and .Fa b . +This is only supported for algorithms that use parameters. .Pp -The function .Fn EVP_PKEY_cmp -compares the public key components and parameters (if present) of keys +compares the public key components of .Fa a and .Fa b . +If the algorithm uses public key parameters, +it also compares the parameters. .Pp The main purpose of the functions .Fn EVP_PKEY_missing_parameters @@ -123,18 +137,19 @@ function .Fn EVP_PKEY_cmp can also be used to determine if a private key matches a public key. .Sh RETURN VALUES -The function .Fn EVP_PKEY_missing_parameters returns 1 if the public key parameters of .Fa pkey -are missing and 0 if they are present or the algorithm doesn't use -parameters. +are missing or incomplete or 0 if they are present and complete +or if the algorithm doesn't use parameters. .Pp -The function .Fn EVP_PKEY_copy_parameters -returns 1 for success and 0 for failure. +returns 1 for success or 0 for failure. +In particular, it fails if the key types mismatch or if the public +key parameters in the +.Fa source +are missing or incomplete. .Pp -The functions .Fn EVP_PKEY_cmp_parameters and .Fn EVP_PKEY_cmp @@ -144,7 +159,8 @@ are different and -2 if the operation is not supported. .Xr EVP_PKEY_asn1_set_public 3 , .Xr EVP_PKEY_CTX_new 3 , .Xr EVP_PKEY_keygen 3 , -.Xr EVP_PKEY_new 3 +.Xr EVP_PKEY_new 3 , +.Xr X509_get_pubkey_parameters 3 .Sh HISTORY .Fn EVP_PKEY_missing_parameters and diff --git a/man/EVP_PKEY_decrypt.3 b/man/EVP_PKEY_decrypt.3 index cdae726c..af5ed93f 100644 --- a/man/EVP_PKEY_decrypt.3 +++ b/man/EVP_PKEY_decrypt.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_PKEY_decrypt.3,v 1.7 2018/03/23 04:34:23 schwarze Exp $ +.\" $OpenBSD: EVP_PKEY_decrypt.3,v 1.8 2022/03/31 17:27:17 naddy Exp $ .\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 23 2018 $ +.Dd $Mdocdate: March 31 2022 $ .Dt EVP_PKEY_DECRYPT 3 .Os .Sh NAME @@ -102,7 +102,7 @@ then before the call the parameter should contain the length of the .Fa out buffer. -If the call is successful the decrypted data is written to +If the call is successful, the decrypted data is written to .Fa out and the amount of data written to .Fa outlen . diff --git a/man/EVP_PKEY_encrypt.3 b/man/EVP_PKEY_encrypt.3 index a627c2ab..210c43d6 100644 --- a/man/EVP_PKEY_encrypt.3 +++ b/man/EVP_PKEY_encrypt.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_PKEY_encrypt.3,v 1.6 2018/03/23 04:34:23 schwarze Exp $ +.\" $OpenBSD: EVP_PKEY_encrypt.3,v 1.7 2022/03/31 17:27:17 naddy Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 23 2018 $ +.Dd $Mdocdate: March 31 2022 $ .Dt EVP_PKEY_ENCRYPT 3 .Os .Sh NAME @@ -102,7 +102,7 @@ then before the call the parameter should contain the length of the .Fa out buffer. -If the call is successful the encrypted data is written to +If the call is successful, the encrypted data is written to .Fa out and the amount of data written to .Fa outlen . diff --git a/man/EVP_PKEY_meth_new.3 b/man/EVP_PKEY_meth_new.3 index 706824cd..3d9d1ba5 100644 --- a/man/EVP_PKEY_meth_new.3 +++ b/man/EVP_PKEY_meth_new.3 @@ -1,5 +1,5 @@ -.\" $OpenBSD: EVP_PKEY_meth_new.3,v 1.4 2019/06/06 01:06:58 schwarze Exp $ -.\" selective merge up to: OpenSSL 43f985fd Aug 21 11:47:17 2017 -0400 +.\" $OpenBSD: EVP_PKEY_meth_new.3,v 1.5 2022/07/13 19:10:40 schwarze Exp $ +.\" selective merge up to: OpenSSL 335a587b May 7 11:59:11 2019 +0200 .\" .\" This file was written by Paul Yang .\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: July 13 2022 $ .Dt EVP_PKEY_METH_NEW 3 .Os .Sh NAME @@ -70,7 +70,10 @@ .Nm EVP_PKEY_meth_set_encrypt , .Nm EVP_PKEY_meth_set_decrypt , .Nm EVP_PKEY_meth_set_derive , -.Nm EVP_PKEY_meth_set_ctrl +.Nm EVP_PKEY_meth_set_ctrl , +.Nm EVP_PKEY_meth_set_check , +.Nm EVP_PKEY_meth_set_public_check , +.Nm EVP_PKEY_meth_set_param_check .Nd manipulate an EVP_PKEY_METHOD structure .Sh SYNOPSIS .In openssl/evp.h @@ -184,6 +187,21 @@ .Fa "int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)" .Fa "int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value)" .Fc +.Ft void +.Fo EVP_PKEY_meth_set_check +.Fa "EVP_PKEY_METHOD *pmeth" +.Fa "int (*check)(EVP_PKEY *pkey)" +.Fc +.Ft void +.Fo EVP_PKEY_meth_set_public_check +.Fa "EVP_PKEY_METHOD *pmeth" +.Fa "int (*public_check)(EVP_PKEY *pkey)" +.Fc +.Ft void +.Fo EVP_PKEY_meth_set_param_check +.Fa "EVP_PKEY_METHOD *pmeth" +.Fa "int (*param_check)(EVP_PKEY *pkey)" +.Fc .Sh DESCRIPTION The .Vt EVP_PKEY_METHOD @@ -451,6 +469,21 @@ methods are used to adjust algorithm-specific settings. See .Xr EVP_PKEY_CTX_ctrl 3 for details. +.Bd -unfilled +.Ft int Fn (*check) "EVP_PKEY *pkey" +.Ft int Fn (*public_check) "EVP_PKEY *pkey" +.Ft int Fn (*param_check) "EVP_PKEY *pkey" +.Ed +These methods are used to validate a key pair, the public component, +and the parameters for the given +.Fa pkey , +respectively. +They are called by +.Xr EVP_PKEY_check 3 , +.Xr EVP_PKEY_public_check 3 , +and +.Xr EVP_PKEY_param_check 3 , +respectively. .Ss Functions .Fn EVP_PKEY_meth_new creates a new @@ -553,3 +586,10 @@ first appeared in OpenSSL 1.0.0 and have been available since .Fn EVP_PKEY_meth_copy first appeared in OpenSSL 1.0.1 and has been available since .Ox 5.3 . +.Pp +.Fn EVP_PKEY_meth_set_check , +.Fn EVP_PKEY_meth_set_public_check , +and +.Fn EVP_PKEY_meth_set_param_check +first appeared in OpenSSL 1.1.1 and have been available since +.Ox 7.1 . diff --git a/man/EVP_PKEY_new.3 b/man/EVP_PKEY_new.3 index 939d5f0d..c5673a66 100644 --- a/man/EVP_PKEY_new.3 +++ b/man/EVP_PKEY_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_PKEY_new.3,v 1.13 2021/03/31 16:48:43 tb Exp $ +.\" $OpenBSD: EVP_PKEY_new.3,v 1.17 2022/07/13 21:51:35 schwarze Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 .\" @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 31 2021 $ +.Dd $Mdocdate: July 13 2022 $ .Dt EVP_PKEY_NEW 3 .Os .Sh NAME @@ -184,13 +184,18 @@ returns 1 for success or 0 for failure. .Xr CMAC_Init 3 , .Xr d2i_PrivateKey 3 , .Xr evp 3 , +.Xr EVP_PKCS82PKEY 3 , +.Xr EVP_PKEY_add1_attr 3 , .Xr EVP_PKEY_asn1_new 3 , +.Xr EVP_PKEY_check 3 , .Xr EVP_PKEY_cmp 3 , .Xr EVP_PKEY_CTX_new 3 , .Xr EVP_PKEY_get_default_digest_nid 3 , .Xr EVP_PKEY_meth_new 3 , .Xr EVP_PKEY_print_private 3 , -.Xr EVP_PKEY_set1_RSA 3 +.Xr EVP_PKEY_set1_RSA 3 , +.Xr EVP_PKEY_size 3 , +.Xr X509_get_pubkey_parameters 3 .Sh HISTORY .Fn EVP_PKEY_new and diff --git a/man/EVP_PKEY_set1_RSA.3 b/man/EVP_PKEY_set1_RSA.3 index 2883c02d..cf2786d6 100644 --- a/man/EVP_PKEY_set1_RSA.3 +++ b/man/EVP_PKEY_set1_RSA.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_PKEY_set1_RSA.3,v 1.18 2021/07/02 11:48:01 schwarze Exp $ +.\" $OpenBSD: EVP_PKEY_set1_RSA.3,v 1.19 2022/09/11 04:39:46 jsg Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file is a derived work. @@ -18,7 +18,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.\" The original file was written by by Dr. Stephen Henson . +.\" The original file was written by Dr. Stephen Henson . .\" Copyright (c) 2002, 2015, 2016 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 2 2021 $ +.Dd $Mdocdate: September 11 2022 $ .Dt EVP_PKEY_SET1_RSA 3 .Os .Sh NAME diff --git a/man/EVP_PKEY_sign.3 b/man/EVP_PKEY_sign.3 index efbea950..fbd8e663 100644 --- a/man/EVP_PKEY_sign.3 +++ b/man/EVP_PKEY_sign.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_PKEY_sign.3,v 1.7 2018/03/23 04:34:23 schwarze Exp $ +.\" $OpenBSD: EVP_PKEY_sign.3,v 1.8 2022/03/31 17:27:17 naddy Exp $ .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 23 2018 $ +.Dd $Mdocdate: March 31 2022 $ .Dt EVP_PKEY_SIGN 3 .Os .Sh NAME @@ -102,7 +102,7 @@ then before the call the parameter should contain the length of the .Fa sig buffer. -If the call is successful the signature is written to +If the call is successful, the signature is written to .Fa sig and the amount of data written to .Fa siglen . diff --git a/man/EVP_PKEY_size.3 b/man/EVP_PKEY_size.3 new file mode 100644 index 00000000..3070aee0 --- /dev/null +++ b/man/EVP_PKEY_size.3 @@ -0,0 +1,224 @@ +.\" $OpenBSD: EVP_PKEY_size.3,v 1.1 2022/07/13 19:10:40 schwarze Exp $ +.\" full merge up to: OpenSSL eed9d03b Jan 8 11:04:15 2020 +0100 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2022 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Richard Levitte . +.\" Copyright (c) 2020 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: July 13 2022 $ +.Dt EVP_PKEY_SIZE 3 +.Os +.Sh NAME +.Nm EVP_PKEY_size , +.Nm EVP_PKEY_bits , +.Nm EVP_PKEY_security_bits +.Nd EVP_PKEY information functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_size +.Fa "const EVP_PKEY *pkey" +.Fc +.Ft int +.Fo EVP_PKEY_bits +.Fa "const EVP_PKEY *pkey" +.Fc +.Ft int +.Fo EVP_PKEY_security_bits +.Fa "const EVP_PKEY *pkey" +.Fc +.Sh DESCRIPTION +.Fn EVP_PKEY_size +returns the maximum size in bytes needed for the output buffer +for almost any operation that can be done with +.Fa pkey . +The primary use is with +.Xr EVP_SignFinal 3 +and +.Xr EVP_SealInit 3 . +The returned size is also large enough for the output buffer of +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_encrypt 3 , +.Xr EVP_PKEY_decrypt 3 , +and +.Xr EVP_PKEY_derive 3 . +.Pp +Unless the documentation for the operation says otherwise, +the size returned by +.Fn EVP_PKEY_size +is only an upper limit and the final content of the target +buffer may be smaller. +It is therefore crucial to take note of the size given back by the +function that performs the operation. +For example, +.Xr EVP_PKEY_sign 3 +returns that length in the +.Pf * Fa siglen +argument. +.Pp +Using +.Fn EVP_PKEY_size +is discouraged with +.Xr EVP_DigestSignFinal 3 . +.Pp +Most functions using an output buffer support passing +.Dv NULL +for the buffer and a pointer to an integer +to get the exact size that this function call delivers +in the context that it is called in. +This allows those functions to be called twice, once to find out the +exact buffer size, then allocate the buffer in between, and call that +function again to actually output the data. +For those functions, it isn't strictly necessary to call +.Fn EVP_PKEY_size +to find out the buffer size, but it may still be useful in cases +where it's desirable to know the upper limit in advance. +.Pp +By default, +.Fn EVP_PKEY_size +is supported for the following algorithms: +.Bl -column GOST01 "EVP_MAX_BLOCK_LENGTH = 32" +.It Ta same result as from: +.It CMAC Ta Dv EVP_MAX_BLOCK_LENGTH No = 32 +.It DH Ta Xr DH_size 3 +.It DSA Ta Xr DSA_size 3 +.It EC Ta Xr ECDSA_size 3 +.It GOST01 Ta 64 or 128 +.It HMAC Ta Dv EVP_MAX_MD_SIZE No = 64 +.It RSA Ta Xr RSA_size 3 +.El +.Pp +The application program can support additional algorithms by calling +.Xr EVP_PKEY_asn1_set_public 3 . +.Pp +.Fn EVP_PKEY_bits +returns the cryptographic length of the cryptosystem to which the key in +.Fa pkey +belongs, in bits. +The definition of cryptographic length is specific to the key cryptosystem. +By default, the following algorithms are supported: +.Bl -column GOST01 "the public domain parameter p" DSA_bits(3) +.It Ta cryptographic length = Ta same result as from: +.It Ta significant bits in ... Ta +.It DH Ta the public domain parameter Fa p Ta Xr DH_bits 3 +.It DSA Ta the public domain parameter Fa p Ta Xr DSA_bits 3 +.It EC Ta the order of the group Ta Xr EC_GROUP_order_bits 3 +.It GOST01 Ta 256 or 512 Ta \(em +.It RSA Ta the public modulus Ta Xr RSA_bits 3 +.El +.Pp +The application program can support additional algorithms by calling +.Xr EVP_PKEY_asn1_set_public 3 . +.Pp +.Fn EVP_PKEY_security_bits +returns the security strength measured in bits of the given +.Fa pkey +as defined in NIST SP800-57. +By default, the following algorithms are supported: +.Bl -column GOST01 DSA_security_bits(3) +.It Ta same result as from: +.It DH Ta Xr DH_security_bits 3 +.It DSA Ta Xr DSA_security_bits 3 +.It EC Ta Xr EC_GROUP_order_bits 3 divided by 2 +.It GOST01 Ta not supported, return value is \-2 +.It RSA Ta Xr RSA_security_bits 3 +.El +.Pp +For EC keys, if the result is greater than 80, it is rounded down +to 256, 192, 128, 112, or 80. +.Pp +The application program can support additional algorithms by calling +.Xr EVP_PKEY_asn1_set_security_bits 3 . +.Sh RETURN VALUES +.Fn EVP_PKEY_size +and +.Fn EVP_PKEY_bits +return a positive number or 0 if this size isn't available. +.Pp +.Fn EVP_PKEY_security_bits +returns a number in the range from 0 to 256 inclusive +or \-2 if this function is unsupported for the algorithm used by +.Fa pkey . +It returns 0 if +.Fa pkey +is +.Dv NULL . +.Sh SEE ALSO +.Xr EVP_PKEY_decrypt 3 , +.Xr EVP_PKEY_derive 3 , +.Xr EVP_PKEY_encrypt 3 , +.Xr EVP_PKEY_new 3 , +.Xr EVP_PKEY_sign 3 , +.Xr EVP_SealInit 3 , +.Xr EVP_SignFinal 3 +.Sh HISTORY +.Fn EVP_PKEY_size +first appeared in SSLeay 0.6.0 and +.Fn EVP_PKEY_bits +in SSLeay 0.9.0. +Both functions have been available since +.Ox 2.4 . +.Pp +.Fn EVP_PKEY_security_bits +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 7.2 . diff --git a/man/EVP_SignInit.3 b/man/EVP_SignInit.3 index a53d059b..59dbca1e 100644 --- a/man/EVP_SignInit.3 +++ b/man/EVP_SignInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_SignInit.3,v 1.14 2019/06/10 14:58:48 schwarze Exp $ +.\" $OpenBSD: EVP_SignInit.3,v 1.16 2022/07/13 19:10:40 schwarze Exp $ .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000 .\" @@ -50,16 +50,14 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 10 2019 $ +.Dd $Mdocdate: July 13 2022 $ .Dt EVP_SIGNINIT 3 .Os .Sh NAME .Nm EVP_SignInit_ex , .Nm EVP_SignUpdate , .Nm EVP_SignFinal , -.Nm EVP_SignInit , -.Nm EVP_PKEY_size , -.Nm EVP_PKEY_bits +.Nm EVP_SignInit .Nd EVP signing functions .Sh SYNOPSIS .In openssl/evp.h @@ -87,14 +85,6 @@ .Fa "EVP_MD_CTX *ctx" .Fa "const EVP_MD *type" .Fc -.Ft int -.Fo EVP_PKEY_size -.Fa "const EVP_PKEY *pkey" -.Fc -.Ft int -.Fo EVP_PKEY_bits -.Fa "const EVP_PKEY *pkey" -.Fc .Sh DESCRIPTION The EVP signature routines are a high level interface to digital signatures. @@ -132,7 +122,7 @@ and places the signature in .Fa sig . .Fa sig must be at least -.Fn EVP_PKEY_size pkey +.Xr EVP_PKEY_size 3 bytes in size. .Fa s is an OUT parameter, and not used as an IN parameter. @@ -140,7 +130,7 @@ The number of bytes of data written (i.e.\& the length of the signature) will be written to the integer at .Fa s . At most -.Fn EVP_PKEY_size pkey +.Xr EVP_PKEY_size 3 bytes will be written. .Pp .Fn EVP_SignInit @@ -149,12 +139,6 @@ initializes a signing context to use the default implementation of digest .Fa type . .Pp -.Fn EVP_PKEY_size -returns the maximum size of a signature in bytes. -The actual signature returned by -.Fn EVP_SignFinal -may be smaller. -.Pp The EVP interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used @@ -180,31 +164,20 @@ and .Fn EVP_SignFinal return 1 for success and 0 for failure. .Pp -.Fn EVP_PKEY_size -returns the maximum size of a signature in bytes. -.Pp -.Fn EVP_PKEY_bits -returns the number of significant bits in the key -or 0 if an error occurs. -.Pp The error codes can be obtained by .Xr ERR_get_error 3 . .Sh SEE ALSO .Xr evp 3 , .Xr EVP_DigestInit 3 , .Xr EVP_PKEY_asn1_set_public 3 , +.Xr EVP_PKEY_size 3 , .Xr EVP_VerifyInit 3 .Sh HISTORY .Fn EVP_SignInit , .Fn EVP_SignUpdate , and .Fn EVP_SignFinal -first appeared in SSLeay 0.5.1. -.Fn EVP_PKEY_size -first appeared in SSLeay 0.6.0. -.Fn EVP_PKEY_bits -first appeared in SSLeay 0.9.0. -These functions have been available since +first appeared in SSLeay 0.5.1 and have been available since .Ox 2.4 . .Pp .Fn EVP_SignInit_ex @@ -217,7 +190,7 @@ could not be made after calling .Fn EVP_SignFinal . .Pp Since the private key is passed in the call to -.Fn EVP_SignFinal +.Fn EVP_SignFinal , any error relating to the private key (for example an unsuitable key and digest combination) will not be indicated until after potentially large amounts of data have been passed through diff --git a/man/EXTENDED_KEY_USAGE_new.3 b/man/EXTENDED_KEY_USAGE_new.3 index 869f538c..3d1ed17f 100644 --- a/man/EXTENDED_KEY_USAGE_new.3 +++ b/man/EXTENDED_KEY_USAGE_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EXTENDED_KEY_USAGE_new.3,v 1.5 2019/08/22 15:15:35 schwarze Exp $ +.\" $OpenBSD: EXTENDED_KEY_USAGE_new.3,v 1.6 2021/10/27 11:24:47 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 22 2019 $ +.Dd $Mdocdate: October 27 2021 $ .Dt EXTENDED_KEY_USAGE_NEW 3 .Os .Sh NAME @@ -65,6 +65,7 @@ if an error occurs. .Xr POLICYINFO_new 3 , .Xr X509_check_purpose 3 , .Xr X509_EXTENSION_new 3 , +.Xr X509_get_extension_flags 3 , .Xr X509_new 3 .Sh STANDARDS RFC 5280: Internet X.509 Public Key Infrastructure Certificate and diff --git a/man/HMAC.3 b/man/HMAC.3 index b76d8b28..a0af270c 100644 --- a/man/HMAC.3 +++ b/man/HMAC.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: HMAC.3,v 1.17 2020/06/24 16:06:27 schwarze Exp $ +.\" $OpenBSD: HMAC.3,v 1.20 2022/01/25 17:55:39 tb Exp $ .\" full merge up to: OpenSSL crypto/hmac a528d4f0 Oct 27 13:40:11 2015 -0400 .\" selective merge up to: OpenSSL man3/HMAC b3696a55 Sep 2 09:35:50 2017 -0400 .\" @@ -52,7 +52,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 24 2020 $ +.Dd $Mdocdate: January 25 2022 $ .Dt HMAC 3 .Os .Sh NAME @@ -60,9 +60,6 @@ .Nm HMAC_CTX_new , .Nm HMAC_CTX_reset , .Nm HMAC_CTX_free , -.Nm HMAC_CTX_init , -.Nm HMAC_CTX_cleanup , -.Nm HMAC_cleanup , .Nm HMAC_Init_ex , .Nm HMAC_Init , .Nm HMAC_Update , @@ -94,18 +91,6 @@ .Fo HMAC_CTX_free .Fa "HMAC_CTX *ctx" .Fc -.Ft void -.Fo HMAC_CTX_init -.Fa "HMAC_CTX *ctx" -.Fc -.Ft void -.Fo HMAC_CTX_cleanup -.Fa "HMAC_CTX *ctx" -.Fc -.Ft void -.Fo HMAC_cleanup -.Fa "HMAC_CTX *ctx" -.Fc .Ft int .Fo HMAC_Init_ex .Fa "HMAC_CTX *ctx" @@ -212,34 +197,6 @@ releases any associated resources, and finally frees .Fa ctx itself. .Pp -.Fn HMAC_CTX_init -is a deprecated function to initialize an empty -.Vt HMAC_CTX -object, similar to -.Fn CTX_new -but without the allocation. -Calling it is required for static objects and objects on the stack -before using them. -.Pp -.Fn HMAC_CTX_cleanup -is a deprecated function to erase the key and other data from -.Fa ctx -and release any associated resources, similar to -.Fn HMAC_CTX_free -but without freeing -.Fa ctx -itself. -Calling it is required for static objects and objects on the stack -that were initialized with -.Fn HMAC_CTX_init -and are no longer needed. -.Pp -.Fn HMAC_cleanup -is an alias for -.Fn HMAC_CTX_cleanup -included for backward compatibility with 0.9.6b. -It is deprecated and implemented as a macro. -.Pp The following functions may be used if the message is not completely stored in memory: .Pp @@ -257,8 +214,6 @@ The .Fa ctx must have been created with .Fn HMAC_CTX_new -or initialized with -.Fn HMAC_CTX_init before the first use in this function. If .Fn HMAC_Init_ex @@ -276,33 +231,9 @@ different digest is not supported. .Pp .Fn HMAC_Init is a deprecated wrapper around -.Fn HMAC_Init_ex . -If called with both -.Fa key -and -.Fa md , -it calls -.Fn HMAC_CTX_init -first, which only makes sense for an empty, uninitialized -.Fa ctx , -but not for one already initialized with -.Fn HMAC_CTX_new -or -.Fn HMAC_CTX_init . -If -.Fa key -or -.Fa md -is -.Dv NULL , -it does not call -.Fn HMAC_CTX_init ; -so in this case, -.Fa ctx -already needs to be initialized with -.Fn HMAC_CTX_new -or -.Fn HMAC_CTX_init . +.Fn HMAC_Init_ex +which performs no longer useful extra initialization in +some circumstances. .Pp .Fn HMAC_Update can be called repeatedly with chunks of the message to be authenticated @@ -371,7 +302,6 @@ or 0 on error. RFC 2104 .Sh HISTORY .Fn HMAC , -.Fn HMAC_cleanup , .Fn HMAC_Init , .Fn HMAC_Update , .Fn HMAC_Final , @@ -380,9 +310,6 @@ and first appeared in SSLeay 0.9.0 and have been available since .Ox 2.4 . .Pp -.Fn HMAC_CTX_init , -.Fn HMAC_CTX_cleanup , -and .Fn HMAC_Init_ex first appeared in OpenSSL 0.9.7 and have been available since .Ox 3.2 . diff --git a/man/Makefile.am b/man/Makefile.am index ea919041..9ce0a2ea 100644 --- a/man/Makefile.am +++ b/man/Makefile.am @@ -33,13 +33,16 @@ dist_man3_MANS += SSL_CTX_set_client_cert_cb.3 dist_man3_MANS += SSL_CTX_set_default_passwd_cb.3 dist_man3_MANS += SSL_CTX_set_generate_session_id.3 dist_man3_MANS += SSL_CTX_set_info_callback.3 +dist_man3_MANS += SSL_CTX_set_keylog_callback.3 dist_man3_MANS += SSL_CTX_set_max_cert_list.3 dist_man3_MANS += SSL_CTX_set_min_proto_version.3 dist_man3_MANS += SSL_CTX_set_mode.3 dist_man3_MANS += SSL_CTX_set_msg_callback.3 +dist_man3_MANS += SSL_CTX_set_num_tickets.3 dist_man3_MANS += SSL_CTX_set_options.3 dist_man3_MANS += SSL_CTX_set_quiet_shutdown.3 dist_man3_MANS += SSL_CTX_set_read_ahead.3 +dist_man3_MANS += SSL_CTX_set_security_level.3 dist_man3_MANS += SSL_CTX_set_session_cache_mode.3 dist_man3_MANS += SSL_CTX_set_session_id_context.3 dist_man3_MANS += SSL_CTX_set_ssl_version.3 @@ -126,18 +129,29 @@ dist_man3_MANS += d2i_SSL_SESSION.3 dist_man3_MANS += ssl.3 dist_man3_MANS += ACCESS_DESCRIPTION_new.3 dist_man3_MANS += AES_encrypt.3 +dist_man3_MANS += ASN1_BIT_STRING_num_asc.3 +dist_man3_MANS += ASN1_BIT_STRING_set.3 dist_man3_MANS += ASN1_INTEGER_get.3 +dist_man3_MANS += ASN1_NULL_new.3 dist_man3_MANS += ASN1_OBJECT_new.3 +dist_man3_MANS += ASN1_PRINTABLE_type.3 dist_man3_MANS += ASN1_STRING_TABLE_add.3 dist_man3_MANS += ASN1_STRING_length.3 dist_man3_MANS += ASN1_STRING_new.3 dist_man3_MANS += ASN1_STRING_print_ex.3 dist_man3_MANS += ASN1_TIME_set.3 dist_man3_MANS += ASN1_TYPE_get.3 +dist_man3_MANS += ASN1_UNIVERSALSTRING_to_string.3 +dist_man3_MANS += ASN1_bn_print.3 dist_man3_MANS += ASN1_generate_nconf.3 dist_man3_MANS += ASN1_get_object.3 dist_man3_MANS += ASN1_item_d2i.3 +dist_man3_MANS += ASN1_item_digest.3 dist_man3_MANS += ASN1_item_new.3 +dist_man3_MANS += ASN1_item_pack.3 +dist_man3_MANS += ASN1_item_sign.3 +dist_man3_MANS += ASN1_item_verify.3 +dist_man3_MANS += ASN1_mbstring_copy.3 dist_man3_MANS += ASN1_parse_dump.3 dist_man3_MANS += ASN1_put_object.3 dist_man3_MANS += ASN1_time_parse.3 @@ -146,6 +160,7 @@ dist_man3_MANS += BASIC_CONSTRAINTS_new.3 dist_man3_MANS += BF_set_key.3 dist_man3_MANS += BIO_ctrl.3 dist_man3_MANS += BIO_dump.3 +dist_man3_MANS += BIO_f_asn1.3 dist_man3_MANS += BIO_f_base64.3 dist_man3_MANS += BIO_f_buffer.3 dist_man3_MANS += BIO_f_cipher.3 @@ -157,6 +172,7 @@ dist_man3_MANS += BIO_get_ex_new_index.3 dist_man3_MANS += BIO_meth_new.3 dist_man3_MANS += BIO_new.3 dist_man3_MANS += BIO_new_CMS.3 +dist_man3_MANS += BIO_new_NDEF.3 dist_man3_MANS += BIO_printf.3 dist_man3_MANS += BIO_push.3 dist_man3_MANS += BIO_read.3 @@ -279,10 +295,14 @@ dist_man3_MANS += EVP_DigestVerifyInit.3 dist_man3_MANS += EVP_EncodeInit.3 dist_man3_MANS += EVP_EncryptInit.3 dist_man3_MANS += EVP_OpenInit.3 +dist_man3_MANS += EVP_PKCS82PKEY.3 dist_man3_MANS += EVP_PKEY_CTX_ctrl.3 dist_man3_MANS += EVP_PKEY_CTX_new.3 +dist_man3_MANS += EVP_PKEY_CTX_set_hkdf_md.3 +dist_man3_MANS += EVP_PKEY_add1_attr.3 dist_man3_MANS += EVP_PKEY_asn1_get_count.3 dist_man3_MANS += EVP_PKEY_asn1_new.3 +dist_man3_MANS += EVP_PKEY_check.3 dist_man3_MANS += EVP_PKEY_cmp.3 dist_man3_MANS += EVP_PKEY_decrypt.3 dist_man3_MANS += EVP_PKEY_derive.3 @@ -295,6 +315,7 @@ dist_man3_MANS += EVP_PKEY_new.3 dist_man3_MANS += EVP_PKEY_print_private.3 dist_man3_MANS += EVP_PKEY_set1_RSA.3 dist_man3_MANS += EVP_PKEY_sign.3 +dist_man3_MANS += EVP_PKEY_size.3 dist_man3_MANS += EVP_PKEY_verify.3 dist_man3_MANS += EVP_PKEY_verify_recover.3 dist_man3_MANS += EVP_SealInit.3 @@ -312,6 +333,9 @@ dist_man3_MANS += GENERAL_NAME_new.3 dist_man3_MANS += HMAC.3 dist_man3_MANS += MD5.3 dist_man3_MANS += NAME_CONSTRAINTS_new.3 +dist_man3_MANS += OBJ_NAME_add.3 +dist_man3_MANS += OBJ_add_sigid.3 +dist_man3_MANS += OBJ_create.3 dist_man3_MANS += OBJ_nid2obj.3 dist_man3_MANS += OCSP_CRLID_new.3 dist_man3_MANS += OCSP_REQUEST_new.3 @@ -334,6 +358,7 @@ dist_man3_MANS += PEM_X509_INFO_read.3 dist_man3_MANS += PEM_bytes_read_bio.3 dist_man3_MANS += PEM_read.3 dist_man3_MANS += PEM_read_bio_PrivateKey.3 +dist_man3_MANS += PEM_write_bio_ASN1_stream.3 dist_man3_MANS += PEM_write_bio_CMS_stream.3 dist_man3_MANS += PEM_write_bio_PKCS7_stream.3 dist_man3_MANS += PKCS12_SAFEBAG_new.3 @@ -356,6 +381,7 @@ dist_man3_MANS += PKCS7_sign.3 dist_man3_MANS += PKCS7_sign_add_signer.3 dist_man3_MANS += PKCS7_verify.3 dist_man3_MANS += PKCS8_PRIV_KEY_INFO_new.3 +dist_man3_MANS += PKCS8_pkey_set0.3 dist_man3_MANS += PKEY_USAGE_PERIOD_new.3 dist_man3_MANS += POLICYINFO_new.3 dist_man3_MANS += PROXY_POLICY_new.3 @@ -378,13 +404,18 @@ dist_man3_MANS += RSA_pkey_ctx_ctrl.3 dist_man3_MANS += RSA_print.3 dist_man3_MANS += RSA_private_encrypt.3 dist_man3_MANS += RSA_public_encrypt.3 +dist_man3_MANS += RSA_security_bits.3 dist_man3_MANS += RSA_set_method.3 dist_man3_MANS += RSA_sign.3 dist_man3_MANS += RSA_sign_ASN1_OCTET_STRING.3 dist_man3_MANS += RSA_size.3 dist_man3_MANS += SHA1.3 +dist_man3_MANS += SMIME_crlf_copy.3 +dist_man3_MANS += SMIME_read_ASN1.3 dist_man3_MANS += SMIME_read_CMS.3 dist_man3_MANS += SMIME_read_PKCS7.3 +dist_man3_MANS += SMIME_text.3 +dist_man3_MANS += SMIME_write_ASN1.3 dist_man3_MANS += SMIME_write_CMS.3 dist_man3_MANS += SMIME_write_PKCS7.3 dist_man3_MANS += STACK_OF.3 @@ -399,8 +430,11 @@ dist_man3_MANS += X509V3_EXT_print.3 dist_man3_MANS += X509V3_extensions_print.3 dist_man3_MANS += X509V3_get_d2i.3 dist_man3_MANS += X509_ALGOR_dup.3 +dist_man3_MANS += X509_ATTRIBUTE_get0_object.3 dist_man3_MANS += X509_ATTRIBUTE_new.3 +dist_man3_MANS += X509_ATTRIBUTE_set1_object.3 dist_man3_MANS += X509_CINF_new.3 +dist_man3_MANS += X509_CRL_METHOD_new.3 dist_man3_MANS += X509_CRL_get0_by_serial.3 dist_man3_MANS += X509_CRL_new.3 dist_man3_MANS += X509_CRL_print.3 @@ -415,15 +449,21 @@ dist_man3_MANS += X509_NAME_hash.3 dist_man3_MANS += X509_NAME_new.3 dist_man3_MANS += X509_NAME_print_ex.3 dist_man3_MANS += X509_OBJECT_get0_X509.3 +dist_man3_MANS += X509_PKEY_new.3 dist_man3_MANS += X509_PUBKEY_new.3 dist_man3_MANS += X509_PURPOSE_set.3 +dist_man3_MANS += X509_REQ_add1_attr.3 +dist_man3_MANS += X509_REQ_add_extensions.3 dist_man3_MANS += X509_REQ_new.3 +dist_man3_MANS += X509_REQ_print_ex.3 dist_man3_MANS += X509_REVOKED_new.3 +dist_man3_MANS += X509_SIG_get0.3 dist_man3_MANS += X509_SIG_new.3 dist_man3_MANS += X509_STORE_CTX_get_error.3 dist_man3_MANS += X509_STORE_CTX_get_ex_new_index.3 dist_man3_MANS += X509_STORE_CTX_new.3 dist_man3_MANS += X509_STORE_CTX_set_flags.3 +dist_man3_MANS += X509_STORE_CTX_set_verify.3 dist_man3_MANS += X509_STORE_CTX_set_verify_cb.3 dist_man3_MANS += X509_STORE_get_by_subject.3 dist_man3_MANS += X509_STORE_load_locations.3 @@ -431,6 +471,7 @@ dist_man3_MANS += X509_STORE_new.3 dist_man3_MANS += X509_STORE_set1_param.3 dist_man3_MANS += X509_STORE_set_verify_cb_func.3 dist_man3_MANS += X509_TRUST_set.3 +dist_man3_MANS += X509_VERIFY_PARAM_new.3 dist_man3_MANS += X509_VERIFY_PARAM_set_flags.3 dist_man3_MANS += X509_add1_trust_object.3 dist_man3_MANS += X509_check_ca.3 @@ -446,20 +487,27 @@ dist_man3_MANS += X509_find_by_subject.3 dist_man3_MANS += X509_get0_notBefore.3 dist_man3_MANS += X509_get0_signature.3 dist_man3_MANS += X509_get1_email.3 +dist_man3_MANS += X509_get_extension_flags.3 dist_man3_MANS += X509_get_pubkey.3 +dist_man3_MANS += X509_get_pubkey_parameters.3 dist_man3_MANS += X509_get_serialNumber.3 dist_man3_MANS += X509_get_subject_name.3 dist_man3_MANS += X509_get_version.3 dist_man3_MANS += X509_keyid_set1.3 +dist_man3_MANS += X509_load_cert_file.3 dist_man3_MANS += X509_new.3 dist_man3_MANS += X509_ocspid_print.3 dist_man3_MANS += X509_policy_check.3 +dist_man3_MANS += X509_policy_tree_get0_policies.3 dist_man3_MANS += X509_policy_tree_level_count.3 dist_man3_MANS += X509_print_ex.3 dist_man3_MANS += X509_sign.3 dist_man3_MANS += X509_signature_dump.3 dist_man3_MANS += X509_verify_cert.3 +dist_man3_MANS += X509at_add1_attr.3 +dist_man3_MANS += X509at_get_attr.3 dist_man3_MANS += X509v3_get_ext_by_NID.3 +dist_man3_MANS += a2d_ASN1_OBJECT.3 dist_man3_MANS += bn_dump.3 dist_man3_MANS += crypto.3 dist_man3_MANS += d2i_ASN1_NULL.3 @@ -498,6 +546,8 @@ dist_man3_MANS += d2i_X509_SIG.3 dist_man3_MANS += des_read_pw.3 dist_man3_MANS += evp.3 dist_man3_MANS += get_rfc3526_prime_8192.3 +dist_man3_MANS += i2a_ASN1_STRING.3 +dist_man3_MANS += i2d_ASN1_bio_stream.3 dist_man3_MANS += i2d_CMS_bio_stream.3 dist_man3_MANS += i2d_PKCS7_bio_stream.3 dist_man3_MANS += lh_new.3 @@ -525,14 +575,28 @@ install-data-hook: ln -sf "AES_encrypt.3" "$(DESTDIR)$(mandir)/man3/AES_decrypt.3" ln -sf "AES_encrypt.3" "$(DESTDIR)$(mandir)/man3/AES_set_decrypt_key.3" ln -sf "AES_encrypt.3" "$(DESTDIR)$(mandir)/man3/AES_set_encrypt_key.3" + ln -sf "ASN1_BIT_STRING_num_asc.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_name_print.3" + ln -sf "ASN1_BIT_STRING_num_asc.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_set_asc.3" + ln -sf "ASN1_BIT_STRING_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_check.3" + ln -sf "ASN1_BIT_STRING_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_get_bit.3" + ln -sf "ASN1_BIT_STRING_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_set_bit.3" ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_get.3" + ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_get_int64.3" ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_set.3" + ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_set_int64.3" ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_to_BN.3" + ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_cmp.3" + ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_dup.3" + ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_get_int64.3" + ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_get_uint64.3" ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_set.3" + ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_set_int64.3" + ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_set_uint64.3" ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_to_BN.3" ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/BN_to_ASN1_ENUMERATED.3" ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/BN_to_ASN1_INTEGER.3" - ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/i2a_ASN1_INTEGER.3" + ln -sf "ASN1_NULL_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_NULL_free.3" + ln -sf "ASN1_OBJECT_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_create.3" ln -sf "ASN1_OBJECT_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3" ln -sf "ASN1_STRING_TABLE_add.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_cleanup.3" ln -sf "ASN1_STRING_TABLE_add.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_get.3" @@ -540,11 +604,13 @@ install-data-hook: ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_dup.3" ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_set.3" ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_cmp.3" + ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_copy.3" ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_data.3" ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_dup.3" ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_get0_data.3" ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_length_set.3" ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set.3" + ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set0.3" ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_to_UTF8.3" ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type.3" ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_free.3" @@ -595,6 +661,7 @@ install-data-hook: ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_set_string.3" ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_adj.3" ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_check.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_diff.3" ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_print.3" ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_string.3" ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_to_generalizedtime.3" @@ -606,9 +673,13 @@ install-data-hook: ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set_string.3" ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_cmp.3" ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_free.3" + ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_get_int_octetstring.3" + ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_get_octetstring.3" ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_new.3" ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set.3" ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set1.3" + ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set_int_octetstring.3" + ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set_octetstring.3" ln -sf "ASN1_generate_nconf.3" "$(DESTDIR)$(mandir)/man3/ASN1_generate_v3.3" ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_bio.3" ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_fp.3" @@ -616,11 +687,21 @@ install-data-hook: ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d.3" ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_bio.3" ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_fp.3" + ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_ndef_i2d.3" ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_print.3" ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TYPE.3" ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TYPE.3" ln -sf "ASN1_item_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_free.3" + ln -sf "ASN1_item_pack.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_unpack.3" + ln -sf "ASN1_item_sign.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_sign_ctx.3" + ln -sf "ASN1_mbstring_copy.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_get_default_mask.3" + ln -sf "ASN1_mbstring_copy.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set_by_NID.3" + ln -sf "ASN1_mbstring_copy.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set_default_mask.3" + ln -sf "ASN1_mbstring_copy.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set_default_mask_asc.3" + ln -sf "ASN1_mbstring_copy.3" "$(DESTDIR)$(mandir)/man3/ASN1_mbstring_ncopy.3" + ln -sf "ASN1_mbstring_copy.3" "$(DESTDIR)$(mandir)/man3/ASN1_tag2bit.3" ln -sf "ASN1_parse_dump.3" "$(DESTDIR)$(mandir)/man3/ASN1_parse.3" + ln -sf "ASN1_put_object.3" "$(DESTDIR)$(mandir)/man3/ASN1_object_size.3" ln -sf "ASN1_put_object.3" "$(DESTDIR)$(mandir)/man3/ASN1_put_eoc.3" ln -sf "ASN1_time_parse.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_tm.3" ln -sf "ASN1_time_parse.3" "$(DESTDIR)$(mandir)/man3/ASN1_time_tm_cmp.3" @@ -640,6 +721,7 @@ install-data-hook: ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_flush.3" ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_close.3" ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_info_callback.3" + ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_info_cb.3" ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_int_ctrl.3" ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_pending.3" ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_ptr_ctrl.3" @@ -649,10 +731,14 @@ install-data-hook: ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_info_callback.3" ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_tell.3" ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_wpending.3" - ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/bio_info_cb.3" ln -sf "BIO_dump.3" "$(DESTDIR)$(mandir)/man3/BIO_dump_fp.3" ln -sf "BIO_dump.3" "$(DESTDIR)$(mandir)/man3/BIO_dump_indent.3" ln -sf "BIO_dump.3" "$(DESTDIR)$(mandir)/man3/BIO_dump_indent_fp.3" + ln -sf "BIO_f_asn1.3" "$(DESTDIR)$(mandir)/man3/BIO_asn1_get_prefix.3" + ln -sf "BIO_f_asn1.3" "$(DESTDIR)$(mandir)/man3/BIO_asn1_get_suffix.3" + ln -sf "BIO_f_asn1.3" "$(DESTDIR)$(mandir)/man3/BIO_asn1_set_prefix.3" + ln -sf "BIO_f_asn1.3" "$(DESTDIR)$(mandir)/man3/BIO_asn1_set_suffix.3" + ln -sf "BIO_f_asn1.3" "$(DESTDIR)$(mandir)/man3/asn1_ps_func.3" ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_get_buffer_num_lines.3" ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_read_data.3" ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_size.3" @@ -676,6 +762,7 @@ install-data-hook: ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_timeout.3" ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_ssl_copy_session_id.3" ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_ssl_shutdown.3" + ln -sf "BIO_find_type.3" "$(DESTDIR)$(mandir)/man3/BIO_method_name.3" ln -sf "BIO_find_type.3" "$(DESTDIR)$(mandir)/man3/BIO_method_type.3" ln -sf "BIO_find_type.3" "$(DESTDIR)$(mandir)/man3/BIO_next.3" ln -sf "BIO_get_data.3" "$(DESTDIR)$(mandir)/man3/BIO_get_shutdown.3" @@ -733,6 +820,7 @@ install-data-hook: ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_vsnprintf.3" ln -sf "BIO_push.3" "$(DESTDIR)$(mandir)/man3/BIO_pop.3" ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_gets.3" + ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_indent.3" ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_puts.3" ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_write.3" ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_do_accept.3" @@ -814,14 +902,22 @@ install-data-hook: ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_gcd.3" ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod.3" ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_add.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_add_quick.3" ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_exp.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_lshift.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_lshift1.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_lshift1_quick.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_lshift_quick.3" ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_mul.3" ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_sqr.3" ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_sub.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_sub_quick.3" ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mul.3" ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_nnmod.3" ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_sqr.3" ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_sub.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_uadd.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_usub.3" ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_div_word.3" ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_mod_word.3" ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_mul_word.3" @@ -839,6 +935,7 @@ install-data-hook: ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_mpi2bn.3" ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_print.3" ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_print_fp.3" + ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_abs_is_word.3" ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_odd.3" ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_one.3" ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_word.3" @@ -866,6 +963,7 @@ install-data-hook: ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_init.3" ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_new.3" ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set.3" + ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set_locked.3" ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_from_montgomery.3" ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_to_montgomery.3" ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_free.3" @@ -891,10 +989,12 @@ install-data-hook: ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_rshift1.3" ln -sf "BN_set_flags.3" "$(DESTDIR)$(mandir)/man3/BN_get_flags.3" ln -sf "BN_set_negative.3" "$(DESTDIR)$(mandir)/man3/BN_is_negative.3" + ln -sf "BN_swap.3" "$(DESTDIR)$(mandir)/man3/BN_consttime_swap.3" ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_get_word.3" ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_one.3" ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_set_word.3" ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_value_one.3" + ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_zero_ex.3" ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_free.3" ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow.3" ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow_clean.3" @@ -1005,6 +1105,7 @@ install-data-hook: ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_xcbc_encrypt.3" ln -sf "DH_generate_key.3" "$(DESTDIR)$(mandir)/man3/DH_compute_key.3" ln -sf "DH_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DH_check.3" + ln -sf "DH_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DH_check_pub_key.3" ln -sf "DH_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DH_generate_parameters_ex.3" ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_clear_flags.3" ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_get0_engine.3" @@ -1046,6 +1147,8 @@ install-data-hook: ln -sf "DSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/DSA_set_ex_data.3" ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_dup.3" ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_free.3" + ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_get0_name.3" + ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_set1_name.3" ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_set_finish.3" ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_set_sign.3" ln -sf "DSA_new.3" "$(DESTDIR)$(mandir)/man3/DSA_free.3" @@ -1056,6 +1159,7 @@ install-data-hook: ln -sf "DSA_set_method.3" "$(DESTDIR)$(mandir)/man3/DSA_set_default_method.3" ln -sf "DSA_sign.3" "$(DESTDIR)$(mandir)/man3/DSA_sign_setup.3" ln -sf "DSA_sign.3" "$(DESTDIR)$(mandir)/man3/DSA_verify.3" + ln -sf "DSA_size.3" "$(DESTDIR)$(mandir)/man3/DSA_bits.3" ln -sf "ECDH_compute_key.3" "$(DESTDIR)$(mandir)/man3/ECDH_size.3" ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_OpenSSL.3" ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_free.3" @@ -1323,6 +1427,8 @@ install-data-hook: ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_new.3" ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_SIGNING_CERT_free.3" ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_cleanup.3" + ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_free.3" + ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_new.3" ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_open.3" ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_seal.3" ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_key_length.3" @@ -1357,8 +1463,6 @@ install-data-hook: ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_pkey_type.3" ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_size.3" ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_type.3" - ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_dss.3" - ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_dss1.3" ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyname.3" ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_digestbynid.3" ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyobj.3" @@ -1463,6 +1567,7 @@ install-data-hook: ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3" ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3" ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3" + ln -sf "EVP_PKCS82PKEY.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY2PKCS8.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_ecdh_kdf_ukm.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id.3" @@ -1487,6 +1592,18 @@ install-data-hook: ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3" ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3" ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3" + ln -sf "EVP_PKEY_CTX_set_hkdf_md.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_add1_hkdf_info.3" + ln -sf "EVP_PKEY_CTX_set_hkdf_md.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_hkdf_mode.3" + ln -sf "EVP_PKEY_CTX_set_hkdf_md.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set1_hkdf_key.3" + ln -sf "EVP_PKEY_CTX_set_hkdf_md.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set1_hkdf_salt.3" + ln -sf "EVP_PKEY_add1_attr.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_add1_attr_by_NID.3" + ln -sf "EVP_PKEY_add1_attr.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_add1_attr_by_OBJ.3" + ln -sf "EVP_PKEY_add1_attr.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_add1_attr_by_txt.3" + ln -sf "EVP_PKEY_add1_attr.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_delete_attr.3" + ln -sf "EVP_PKEY_add1_attr.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get_attr.3" + ln -sf "EVP_PKEY_add1_attr.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get_attr_by_NID.3" + ln -sf "EVP_PKEY_add1_attr.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get_attr_by_OBJ.3" + ln -sf "EVP_PKEY_add1_attr.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get_attr_count.3" ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find.3" ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find_str.3" ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0.3" @@ -1496,11 +1613,17 @@ install-data-hook: ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add_alias.3" ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_copy.3" ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_free.3" + ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_check.3" ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_ctrl.3" ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_free.3" ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_param.3" + ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_param_check.3" ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_private.3" ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_public.3" + ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_public_check.3" + ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_security_bits.3" + ln -sf "EVP_PKEY_check.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_param_check.3" + ln -sf "EVP_PKEY_check.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_public_check.3" ln -sf "EVP_PKEY_cmp.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_cmp_parameters.3" ln -sf "EVP_PKEY_cmp.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_copy_parameters.3" ln -sf "EVP_PKEY_cmp.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_missing_parameters.3" @@ -1521,6 +1644,7 @@ install-data-hook: ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_copy.3" ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_find.3" ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_free.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_check.3" ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_cleanup.3" ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_copy.3" ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_ctrl.3" @@ -1529,7 +1653,9 @@ install-data-hook: ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_encrypt.3" ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_init.3" ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_keygen.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_param_check.3" ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_paramgen.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_public_check.3" ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_sign.3" ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_signctx.3" ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_verify.3" @@ -1565,12 +1691,12 @@ install-data-hook: ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set_type.3" ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_type.3" ln -sf "EVP_PKEY_sign.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_sign_init.3" + ln -sf "EVP_PKEY_size.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_bits.3" + ln -sf "EVP_PKEY_size.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_security_bits.3" ln -sf "EVP_PKEY_verify.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_init.3" ln -sf "EVP_PKEY_verify_recover.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_recover_init.3" ln -sf "EVP_SealInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SealFinal.3" ln -sf "EVP_SealInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SealUpdate.3" - ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_bits.3" - ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_size.3" ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SignFinal.3" ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SignInit_ex.3" ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SignUpdate.3" @@ -1669,11 +1795,9 @@ install-data-hook: ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_NAME_free.3" ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/OTHERNAME_free.3" ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/OTHERNAME_new.3" - ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_cleanup.3" ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_copy.3" ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_free.3" ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_get_md.3" - ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_init.3" ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_new.3" ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_reset.3" ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_set_flags.3" @@ -1681,7 +1805,6 @@ install-data-hook: ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Init.3" ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Init_ex.3" ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Update.3" - ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_cleanup.3" ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_size.3" ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4.3" ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4_Final.3" @@ -1693,9 +1816,23 @@ install-data-hook: ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_free.3" ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_new.3" ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/NAME_CONSTRAINTS_free.3" - ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_cleanup.3" + ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_cleanup.3" + ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all.3" + ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all_sorted.3" + ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_get.3" + ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_init.3" + ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_new_index.3" + ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_remove.3" + ln -sf "OBJ_add_sigid.3" "$(DESTDIR)$(mandir)/man3/OBJ_find_sigid_algs.3" + ln -sf "OBJ_add_sigid.3" "$(DESTDIR)$(mandir)/man3/OBJ_find_sigid_by_algs.3" + ln -sf "OBJ_add_sigid.3" "$(DESTDIR)$(mandir)/man3/OBJ_sigid_free.3" + ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/OBJ_add_object.3" + ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/OBJ_cleanup.3" + ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/OBJ_create_objects.3" + ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/OBJ_new_nid.3" + ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/check_defer.3" + ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/obj_cleanup_defer.3" ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_cmp.3" - ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_create.3" ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_dup.3" ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_ln2nid.3" ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_nid2ln.3" @@ -1948,6 +2085,9 @@ install-data-hook: ln -sf "PKCS7_set_type.3" "$(DESTDIR)$(mandir)/man3/PKCS7_set0_type_other.3" ln -sf "PKCS7_verify.3" "$(DESTDIR)$(mandir)/man3/PKCS7_get0_signers.3" ln -sf "PKCS8_PRIV_KEY_INFO_new.3" "$(DESTDIR)$(mandir)/man3/PKCS8_PRIV_KEY_INFO_free.3" + ln -sf "PKCS8_pkey_set0.3" "$(DESTDIR)$(mandir)/man3/PKCS8_pkey_add1_attr_by_NID.3" + ln -sf "PKCS8_pkey_set0.3" "$(DESTDIR)$(mandir)/man3/PKCS8_pkey_get0.3" + ln -sf "PKCS8_pkey_set0.3" "$(DESTDIR)$(mandir)/man3/PKCS8_pkey_get0_attrs.3" ln -sf "PKEY_USAGE_PERIOD_new.3" "$(DESTDIR)$(mandir)/man3/PKEY_USAGE_PERIOD_free.3" ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_free.3" ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_new.3" @@ -2059,6 +2199,9 @@ install-data-hook: ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3" ln -sf "RSA_private_encrypt.3" "$(DESTDIR)$(mandir)/man3/RSA_public_decrypt.3" ln -sf "RSA_public_encrypt.3" "$(DESTDIR)$(mandir)/man3/RSA_private_decrypt.3" + ln -sf "RSA_security_bits.3" "$(DESTDIR)$(mandir)/man3/BN_security_bits.3" + ln -sf "RSA_security_bits.3" "$(DESTDIR)$(mandir)/man3/DH_security_bits.3" + ln -sf "RSA_security_bits.3" "$(DESTDIR)$(mandir)/man3/DSA_security_bits.3" ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_PKCS1_SSLeay.3" ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_flags.3" ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_get_default_method.3" @@ -2197,6 +2340,8 @@ install-data-hook: ln -sf "SSL_CTX_set_info_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_info_callback.3" ln -sf "SSL_CTX_set_info_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_get_info_callback.3" ln -sf "SSL_CTX_set_info_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_info_callback.3" + ln -sf "SSL_CTX_set_keylog_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_keylog_callback.3" + ln -sf "SSL_CTX_set_keylog_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_keylog_cb_func.3" ln -sf "SSL_CTX_set_max_cert_list.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_cert_list.3" ln -sf "SSL_CTX_set_max_cert_list.3" "$(DESTDIR)$(mandir)/man3/SSL_get_max_cert_list.3" ln -sf "SSL_CTX_set_max_cert_list.3" "$(DESTDIR)$(mandir)/man3/SSL_set_max_cert_list.3" @@ -2215,6 +2360,9 @@ install-data-hook: ln -sf "SSL_CTX_set_msg_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_msg_callback_arg.3" ln -sf "SSL_CTX_set_msg_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback.3" ln -sf "SSL_CTX_set_msg_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback_arg.3" + ln -sf "SSL_CTX_set_num_tickets.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_num_tickets.3" + ln -sf "SSL_CTX_set_num_tickets.3" "$(DESTDIR)$(mandir)/man3/SSL_get_num_tickets.3" + ln -sf "SSL_CTX_set_num_tickets.3" "$(DESTDIR)$(mandir)/man3/SSL_set_num_tickets.3" ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_options.3" ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_options.3" ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_options.3" @@ -2228,6 +2376,9 @@ install-data-hook: ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_read_ahead.3" ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_get_read_ahead.3" ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_set_read_ahead.3" + ln -sf "SSL_CTX_set_security_level.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_security_level.3" + ln -sf "SSL_CTX_set_security_level.3" "$(DESTDIR)$(mandir)/man3/SSL_get_security_level.3" + ln -sf "SSL_CTX_set_security_level.3" "$(DESTDIR)$(mandir)/man3/SSL_set_security_level.3" ln -sf "SSL_CTX_set_session_cache_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_session_cache_mode.3" ln -sf "SSL_CTX_set_session_id_context.3" "$(DESTDIR)$(mandir)/man3/SSL_set_session_id_context.3" ln -sf "SSL_CTX_set_ssl_version.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ssl_method.3" @@ -2335,6 +2486,8 @@ install-data-hook: ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3" ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3" ln -sf "SSL_read.3" "$(DESTDIR)$(mandir)/man3/SSL_peek.3" + ln -sf "SSL_read.3" "$(DESTDIR)$(mandir)/man3/SSL_peek_ex.3" + ln -sf "SSL_read.3" "$(DESTDIR)$(mandir)/man3/SSL_read_ex.3" ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_early_data.3" ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_early_data.3" ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_max_early_data.3" @@ -2356,6 +2509,7 @@ install-data-hook: ln -sf "SSL_set_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_set_rfd.3" ln -sf "SSL_set_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_set_wfd.3" ln -sf "SSL_set_max_send_fragment.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_send_fragment.3" + ln -sf "SSL_set_psk_use_session_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_psk_use_session_cb_func.3" ln -sf "SSL_set_shutdown.3" "$(DESTDIR)$(mandir)/man3/SSL_get_shutdown.3" ln -sf "SSL_set_tmp_ecdh.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ecdh_auto.3" ln -sf "SSL_set_tmp_ecdh.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_ecdh.3" @@ -2367,6 +2521,7 @@ install-data-hook: ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_read.3" ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_write.3" ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_x509_lookup.3" + ln -sf "SSL_write.3" "$(DESTDIR)$(mandir)/man3/SSL_write_ex.3" ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/SXNETID_free.3" ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/SXNETID_new.3" ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/SXNET_free.3" @@ -2449,12 +2604,25 @@ install-data-hook: ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_new.3" ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set0.3" ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set_md.3" + ln -sf "X509_ATTRIBUTE_get0_object.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_count.3" + ln -sf "X509_ATTRIBUTE_get0_object.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_get0_data.3" + ln -sf "X509_ATTRIBUTE_get0_object.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_get0_type.3" + ln -sf "X509_ATTRIBUTE_new.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_create.3" + ln -sf "X509_ATTRIBUTE_new.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_dup.3" ln -sf "X509_ATTRIBUTE_new.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_free.3" + ln -sf "X509_ATTRIBUTE_set1_object.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_create_by_NID.3" + ln -sf "X509_ATTRIBUTE_set1_object.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_create_by_OBJ.3" + ln -sf "X509_ATTRIBUTE_set1_object.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_create_by_txt.3" + ln -sf "X509_ATTRIBUTE_set1_object.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_set1_data.3" ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_free.3" ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_new.3" ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CINF_free.3" ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_VAL_free.3" ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_VAL_new.3" + ln -sf "X509_CRL_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_METHOD_free.3" + ln -sf "X509_CRL_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_meth_data.3" + ln -sf "X509_CRL_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set_default_method.3" + ln -sf "X509_CRL_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set_meth_data.3" ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_add0_revoked.3" ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_by_cert.3" ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_REVOKED.3" @@ -2467,6 +2635,7 @@ install-data-hook: ln -sf "X509_CRL_print.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_print_fp.3" ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_NID.3" ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_OBJ.3" + ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_dup.3" ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_free.3" ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_critical.3" ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_data.3" @@ -2477,9 +2646,6 @@ install-data-hook: ln -sf "X509_INFO_new.3" "$(DESTDIR)$(mandir)/man3/X509_INFO_free.3" ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_file.3" ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_mem.3" - ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_load_cert_crl_file.3" - ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_load_cert_file.3" - ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_load_crl_file.3" ln -sf "X509_LOOKUP_new.3" "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_add_dir.3" ln -sf "X509_LOOKUP_new.3" "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_add_mem.3" ln -sf "X509_LOOKUP_new.3" "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_by_alias.3" @@ -2522,13 +2688,16 @@ install-data-hook: ln -sf "X509_NAME_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_oneline.3" ln -sf "X509_NAME_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_print.3" ln -sf "X509_NAME_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_print_ex_fp.3" + ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_free.3" ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_free_contents.3" ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_get0_X509_CRL.3" ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_get_type.3" ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_idx_by_subject.3" + ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_new.3" ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_retrieve_by_subject.3" ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_retrieve_match.3" ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_up_ref_count.3" + ln -sf "X509_PKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PKEY_free.3" ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_free.3" ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get.3" ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get0.3" @@ -2538,9 +2707,11 @@ install-data-hook: ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY.3" ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_bio.3" ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_fp.3" + ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_PUBKEY.3" ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY.3" ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_bio.3" ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_fp.3" + ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_PUBKEY.3" ln -sf "X509_PURPOSE_set.3" "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_add.3" ln -sf "X509_PURPOSE_set.3" "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_cleanup.3" ln -sf "X509_PURPOSE_set.3" "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_get0.3" @@ -2551,15 +2722,33 @@ install-data-hook: ln -sf "X509_PURPOSE_set.3" "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_get_count.3" ln -sf "X509_PURPOSE_set.3" "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_get_id.3" ln -sf "X509_PURPOSE_set.3" "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_get_trust.3" + ln -sf "X509_REQ_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_add1_attr_by_NID.3" + ln -sf "X509_REQ_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_add1_attr_by_OBJ.3" + ln -sf "X509_REQ_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_add1_attr_by_txt.3" + ln -sf "X509_REQ_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_delete_attr.3" + ln -sf "X509_REQ_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_attr.3" + ln -sf "X509_REQ_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_attr_by_NID.3" + ln -sf "X509_REQ_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_attr_by_OBJ.3" + ln -sf "X509_REQ_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_attr_count.3" + ln -sf "X509_REQ_add_extensions.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_add_extensions_nid.3" + ln -sf "X509_REQ_add_extensions.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_extension_nid.3" + ln -sf "X509_REQ_add_extensions.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_extension_nids.3" + ln -sf "X509_REQ_add_extensions.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_extensions.3" + ln -sf "X509_REQ_add_extensions.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_set_extension_nids.3" ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_free.3" ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_new.3" + ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_dup.3" ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_free.3" + ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_to_X509_REQ.3" + ln -sf "X509_REQ_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_print.3" + ln -sf "X509_REQ_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_print_fp.3" ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_dup.3" ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_free.3" ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_revocationDate.3" ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_serialNumber.3" ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_revocationDate.3" ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_serialNumber.3" + ln -sf "X509_SIG_get0.3" "$(DESTDIR)$(mandir)/man3/X509_SIG_getm.3" ln -sf "X509_SIG_new.3" "$(DESTDIR)$(mandir)/man3/X509_SIG_free.3" ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_chain.3" ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_current_crl.3" @@ -2571,7 +2760,11 @@ install-data-hook: ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_current_cert.3" ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_error_depth.3" ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_explicit_policy.3" + ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_num_untrusted.3" + ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_verified_chain.3" + ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_current_cert.3" ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error.3" + ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error_depth.3" ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_verify_cert_error_string.3" ln -sf "X509_STORE_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_app_data.3" ln -sf "X509_STORE_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_ex_data.3" @@ -2597,7 +2790,11 @@ install-data-hook: ln -sf "X509_STORE_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_purpose.3" ln -sf "X509_STORE_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_time.3" ln -sf "X509_STORE_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_trust.3" + ln -sf "X509_STORE_CTX_set_verify.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_verify.3" + ln -sf "X509_STORE_CTX_set_verify_cb.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_verify_cb.3" ln -sf "X509_STORE_get_by_subject.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get1_issuer.3" + ln -sf "X509_STORE_get_by_subject.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_by_subject.3" + ln -sf "X509_STORE_get_by_subject.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_obj_by_subject.3" ln -sf "X509_STORE_get_by_subject.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get1_certs.3" ln -sf "X509_STORE_get_by_subject.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get1_crls.3" ln -sf "X509_STORE_load_locations.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_add_lookup.3" @@ -2617,7 +2814,6 @@ install-data-hook: ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_purpose.3" ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_trust.3" ln -sf "X509_STORE_set_verify_cb_func.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_cb.3" - ln -sf "X509_STORE_set_verify_cb_func.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_func.3" ln -sf "X509_TRUST_set.3" "$(DESTDIR)$(mandir)/man3/X509_TRUST_add.3" ln -sf "X509_TRUST_set.3" "$(DESTDIR)$(mandir)/man3/X509_TRUST_cleanup.3" ln -sf "X509_TRUST_set.3" "$(DESTDIR)$(mandir)/man3/X509_TRUST_get0.3" @@ -2626,31 +2822,34 @@ install-data-hook: ln -sf "X509_TRUST_set.3" "$(DESTDIR)$(mandir)/man3/X509_TRUST_get_count.3" ln -sf "X509_TRUST_set.3" "$(DESTDIR)$(mandir)/man3/X509_TRUST_get_flags.3" ln -sf "X509_TRUST_set.3" "$(DESTDIR)$(mandir)/man3/X509_TRUST_get_trust.3" + ln -sf "X509_VERIFY_PARAM_new.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_table.3" + ln -sf "X509_VERIFY_PARAM_new.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_free.3" + ln -sf "X509_VERIFY_PARAM_new.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0.3" + ln -sf "X509_VERIFY_PARAM_new.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_count.3" + ln -sf "X509_VERIFY_PARAM_new.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_inherit.3" + ln -sf "X509_VERIFY_PARAM_new.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_lookup.3" + ln -sf "X509_VERIFY_PARAM_new.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1.3" + ln -sf "X509_VERIFY_PARAM_new.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_table_cleanup.3" ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_policy.3" - ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_table.3" ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add1_host.3" ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_clear_flags.3" - ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_free.3" - ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0.3" ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0_name.3" ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0_peername.3" - ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_count.3" ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_depth.3" ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_flags.3" - ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_lookup.3" - ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_new.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_time.3" ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_email.3" ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_host.3" ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_ip.3" ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_ip_asc.3" ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_name.3" ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_policies.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_auth_level.3" ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_depth.3" ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_hostflags.3" ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_purpose.3" ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_time.3" ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_trust.3" - ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_table_cleanup.3" ln -sf "X509_add1_trust_object.3" "$(DESTDIR)$(mandir)/man3/X509_add1_reject_object.3" ln -sf "X509_add1_trust_object.3" "$(DESTDIR)$(mandir)/man3/X509_reject_clear.3" ln -sf "X509_add1_trust_object.3" "$(DESTDIR)$(mandir)/man3/X509_trust_clear.3" @@ -2658,6 +2857,7 @@ install-data-hook: ln -sf "X509_check_host.3" "$(DESTDIR)$(mandir)/man3/X509_check_ip.3" ln -sf "X509_check_host.3" "$(DESTDIR)$(mandir)/man3/X509_check_ip_asc.3" ln -sf "X509_check_private_key.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_check_private_key.3" + ln -sf "X509_check_trust.3" "$(DESTDIR)$(mandir)/man3/X509_TRUST_set_default.3" ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_cmp.3" ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_match.3" ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_cmp.3" @@ -2665,6 +2865,7 @@ install-data-hook: ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_issuer_name_cmp.3" ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_subject_name_cmp.3" ln -sf "X509_cmp_time.3" "$(DESTDIR)$(mandir)/man3/X509_cmp_current_time.3" + ln -sf "X509_cmp_time.3" "$(DESTDIR)$(mandir)/man3/X509_gmtime_adj.3" ln -sf "X509_cmp_time.3" "$(DESTDIR)$(mandir)/man3/X509_time_adj.3" ln -sf "X509_cmp_time.3" "$(DESTDIR)$(mandir)/man3/X509_time_adj_ex.3" ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_digest.3" @@ -2699,7 +2900,10 @@ install-data-hook: ln -sf "X509_get0_signature.3" "$(DESTDIR)$(mandir)/man3/X509_get_signature_type.3" ln -sf "X509_get1_email.3" "$(DESTDIR)$(mandir)/man3/X509_email_free.3" ln -sf "X509_get1_email.3" "$(DESTDIR)$(mandir)/man3/X509_get1_ocsp.3" + ln -sf "X509_get_extension_flags.3" "$(DESTDIR)$(mandir)/man3/X509_get_extended_key_usage.3" + ln -sf "X509_get_extension_flags.3" "$(DESTDIR)$(mandir)/man3/X509_get_key_usage.3" ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_extract_key.3" + ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get0_pubkey.3" ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_pubkey.3" ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_set_pubkey.3" ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_extract_key.3" @@ -2724,11 +2928,15 @@ install-data-hook: ln -sf "X509_keyid_set1.3" "$(DESTDIR)$(mandir)/man3/X509_alias_get0.3" ln -sf "X509_keyid_set1.3" "$(DESTDIR)$(mandir)/man3/X509_alias_set1.3" ln -sf "X509_keyid_set1.3" "$(DESTDIR)$(mandir)/man3/X509_keyid_get0.3" + ln -sf "X509_load_cert_file.3" "$(DESTDIR)$(mandir)/man3/X509_load_cert_crl_file.3" + ln -sf "X509_load_cert_file.3" "$(DESTDIR)$(mandir)/man3/X509_load_crl_file.3" + ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_to_X509.3" ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_chain_up_ref.3" ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_dup.3" ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_free.3" ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_up_ref.3" ln -sf "X509_policy_check.3" "$(DESTDIR)$(mandir)/man3/X509_policy_tree_free.3" + ln -sf "X509_policy_tree_get0_policies.3" "$(DESTDIR)$(mandir)/man3/X509_policy_tree_get0_user_policies.3" ln -sf "X509_policy_tree_level_count.3" "$(DESTDIR)$(mandir)/man3/X509_policy_level_get0_node.3" ln -sf "X509_policy_tree_level_count.3" "$(DESTDIR)$(mandir)/man3/X509_policy_level_node_count.3" ln -sf "X509_policy_tree_level_count.3" "$(DESTDIR)$(mandir)/man3/X509_policy_node_get0_parent.3" @@ -2748,6 +2956,14 @@ install-data-hook: ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_sign_ctx.3" ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_verify.3" ln -sf "X509_signature_dump.3" "$(DESTDIR)$(mandir)/man3/X509_signature_print.3" + ln -sf "X509at_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509at_add1_attr_by_NID.3" + ln -sf "X509at_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509at_add1_attr_by_OBJ.3" + ln -sf "X509at_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509at_add1_attr_by_txt.3" + ln -sf "X509at_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509at_delete_attr.3" + ln -sf "X509at_get_attr.3" "$(DESTDIR)$(mandir)/man3/X509at_get0_data_by_OBJ.3" + ln -sf "X509at_get_attr.3" "$(DESTDIR)$(mandir)/man3/X509at_get_attr_by_NID.3" + ln -sf "X509at_get_attr.3" "$(DESTDIR)$(mandir)/man3/X509at_get_attr_by_OBJ.3" + ln -sf "X509at_get_attr.3" "$(DESTDIR)$(mandir)/man3/X509at_get_attr_count.3" ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_add_ext.3" ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_delete_ext.3" ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext.3" @@ -3020,6 +3236,8 @@ install-data-hook: ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_bio.3" ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_fp.3" ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey.3" + ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey_bio.3" + ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey_fp.3" ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PublicKey.3" ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_Netscape_RSA.3" ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey.3" @@ -3083,7 +3301,12 @@ install-data-hook: ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_VAL.3" ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_bio.3" ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_fp.3" + ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_re_X509_CRL_tbs.3" + ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_re_X509_REQ_tbs.3" + ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_re_X509_tbs.3" + ln -sf "d2i_X509_ALGOR.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_ALGORS.3" ln -sf "d2i_X509_ALGOR.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_ALGOR.3" + ln -sf "d2i_X509_ALGOR.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_ALGORS.3" ln -sf "d2i_X509_ATTRIBUTE.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_ATTRIBUTE.3" ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_INFO.3" ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_bio.3" @@ -3134,6 +3357,11 @@ install-data-hook: ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_3072.3" ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_4096.3" ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_6144.3" + ln -sf "i2a_ASN1_STRING.3" "$(DESTDIR)$(mandir)/man3/a2i_ASN1_ENUMERATED.3" + ln -sf "i2a_ASN1_STRING.3" "$(DESTDIR)$(mandir)/man3/a2i_ASN1_INTEGER.3" + ln -sf "i2a_ASN1_STRING.3" "$(DESTDIR)$(mandir)/man3/a2i_ASN1_STRING.3" + ln -sf "i2a_ASN1_STRING.3" "$(DESTDIR)$(mandir)/man3/i2a_ASN1_ENUMERATED.3" + ln -sf "i2a_ASN1_STRING.3" "$(DESTDIR)$(mandir)/man3/i2a_ASN1_INTEGER.3" ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/DECLARE_LHASH_OF.3" ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_COMP_FN_TYPE.3" ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_ARG_FN_TYPE.3" @@ -3154,6 +3382,7 @@ install-data-hook: ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_free.3" ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_insert.3" ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_retrieve.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_strhash.3" ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_stats.3" ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3" ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3" @@ -3255,14 +3484,28 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/AES_decrypt.3" -rm -f "$(DESTDIR)$(mandir)/man3/AES_set_decrypt_key.3" -rm -f "$(DESTDIR)$(mandir)/man3/AES_set_encrypt_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_name_print.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_set_asc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_check.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_get_bit.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_set_bit.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_get.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_get_int64.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_set.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_set_int64.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_to_BN.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_get_int64.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_get_uint64.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_set.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_set_int64.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_set_uint64.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_to_BN.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_to_ASN1_ENUMERATED.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_to_ASN1_INTEGER.3" - -rm -f "$(DESTDIR)$(mandir)/man3/i2a_ASN1_INTEGER.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_NULL_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_create.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_cleanup.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_get.3" @@ -3270,11 +3513,13 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_dup.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_set.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_copy.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_dup.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_get0_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_length_set.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set0.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_to_UTF8.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_free.3" @@ -3325,6 +3570,7 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_set_string.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_adj.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_check.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_diff.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_print.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_string.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_to_generalizedtime.3" @@ -3336,9 +3582,13 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set_string.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_cmp.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_get_int_octetstring.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_get_octetstring.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_new.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set_int_octetstring.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set_octetstring.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_generate_v3.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_bio.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_fp.3" @@ -3346,11 +3596,21 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_bio.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_ndef_i2d.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_print.3" -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TYPE.3" -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TYPE.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_unpack.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_sign_ctx.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_get_default_mask.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set_default_mask.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set_default_mask_asc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_mbstring_ncopy.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_tag2bit.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_parse.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_object_size.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_put_eoc.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_tm.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_time_tm_cmp.3" @@ -3370,6 +3630,7 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/BIO_flush.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_close.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_info_callback.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_info_cb.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_int_ctrl.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_pending.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_ptr_ctrl.3" @@ -3379,10 +3640,14 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_info_callback.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_tell.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_wpending.3" - -rm -f "$(DESTDIR)$(mandir)/man3/bio_info_cb.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_dump_fp.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_dump_indent.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_dump_indent_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_asn1_get_prefix.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_asn1_get_suffix.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_asn1_set_prefix.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_asn1_set_suffix.3" + -rm -f "$(DESTDIR)$(mandir)/man3/asn1_ps_func.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_buffer_num_lines.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_read_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_size.3" @@ -3406,6 +3671,7 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_timeout.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_ssl_copy_session_id.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_ssl_shutdown.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_method_name.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_method_type.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_next.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_shutdown.3" @@ -3463,6 +3729,7 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/BIO_vsnprintf.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_pop.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_gets.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_indent.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_puts.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_write.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_do_accept.3" @@ -3544,14 +3811,22 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/BN_gcd.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_add.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_add_quick.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_exp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_lshift.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_lshift1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_lshift1_quick.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_lshift_quick.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_mul.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_sqr.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_sub.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_sub_quick.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_mul.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_nnmod.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_sqr.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_sub.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_uadd.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_usub.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_div_word.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_word.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_mul_word.3" @@ -3569,6 +3844,7 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/BN_mpi2bn.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_print.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_print_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_abs_is_word.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_is_odd.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_is_one.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_is_word.3" @@ -3596,6 +3872,7 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_init.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_new.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set_locked.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_from_montgomery.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_to_montgomery.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_free.3" @@ -3621,10 +3898,12 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/BN_rshift1.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_get_flags.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_is_negative.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_consttime_swap.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_get_word.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_one.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_set_word.3" -rm -f "$(DESTDIR)$(mandir)/man3/BN_value_one.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_zero_ex.3" -rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow.3" -rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow_clean.3" @@ -3735,6 +4014,7 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/DES_xcbc_encrypt.3" -rm -f "$(DESTDIR)$(mandir)/man3/DH_compute_key.3" -rm -f "$(DESTDIR)$(mandir)/man3/DH_check.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_check_pub_key.3" -rm -f "$(DESTDIR)$(mandir)/man3/DH_generate_parameters_ex.3" -rm -f "$(DESTDIR)$(mandir)/man3/DH_clear_flags.3" -rm -f "$(DESTDIR)$(mandir)/man3/DH_get0_engine.3" @@ -3776,6 +4056,8 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/DSA_set_ex_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_dup.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_get0_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_set1_name.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_set_finish.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_set_sign.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_free.3" @@ -3786,6 +4068,7 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/DSA_set_default_method.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_sign_setup.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_verify.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_bits.3" -rm -f "$(DESTDIR)$(mandir)/man3/ECDH_size.3" -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_OpenSSL.3" -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_free.3" @@ -4053,6 +4336,8 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_new.3" -rm -f "$(DESTDIR)$(mandir)/man3/ESS_SIGNING_CERT_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_cleanup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_new.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_open.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_seal.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_key_length.3" @@ -4087,8 +4372,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_pkey_type.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_size.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_type.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_dss.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_dss1.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyname.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_digestbynid.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyobj.3" @@ -4193,6 +4476,7 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY2PKCS8.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_ecdh_kdf_ukm.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id.3" @@ -4217,6 +4501,18 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_add1_hkdf_info.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_hkdf_mode.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set1_hkdf_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set1_hkdf_salt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_add1_attr_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_add1_attr_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_add1_attr_by_txt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_delete_attr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get_attr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get_attr_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get_attr_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get_attr_count.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find_str.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0.3" @@ -4226,11 +4522,17 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add_alias.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_copy.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_check.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_ctrl.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_param.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_param_check.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_private.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_public.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_public_check.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_security_bits.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_param_check.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_public_check.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_cmp_parameters.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_copy_parameters.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_missing_parameters.3" @@ -4251,6 +4553,7 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_copy.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_find.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_check.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_cleanup.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_copy.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_ctrl.3" @@ -4259,7 +4562,9 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_encrypt.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_init.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_keygen.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_param_check.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_paramgen.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_public_check.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_sign.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_signctx.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_verify.3" @@ -4295,12 +4600,12 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set_type.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_type.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_sign_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_bits.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_security_bits.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_init.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_recover_init.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_SealFinal.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_SealUpdate.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_bits.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_size.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_SignFinal.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_SignInit_ex.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_SignUpdate.3" @@ -4399,11 +4704,9 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_NAME_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/OTHERNAME_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/OTHERNAME_new.3" - -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_cleanup.3" -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_copy.3" -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_get_md.3" - -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_init.3" -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_new.3" -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_reset.3" -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_set_flags.3" @@ -4411,7 +4714,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Init.3" -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Init_ex.3" -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Update.3" - -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_cleanup.3" -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_size.3" -rm -f "$(DESTDIR)$(mandir)/man3/MD4.3" -rm -f "$(DESTDIR)$(mandir)/man3/MD4_Final.3" @@ -4423,9 +4725,23 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_new.3" -rm -f "$(DESTDIR)$(mandir)/man3/NAME_CONSTRAINTS_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_cleanup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all_sorted.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_get.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_new_index.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_remove.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_find_sigid_algs.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_find_sigid_by_algs.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_sigid_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_add_object.3" -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_cleanup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_create_objects.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_new_nid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/check_defer.3" + -rm -f "$(DESTDIR)$(mandir)/man3/obj_cleanup_defer.3" -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_cmp.3" - -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_create.3" -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_dup.3" -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_ln2nid.3" -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_nid2ln.3" @@ -4678,6 +4994,9 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_set0_type_other.3" -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_get0_signers.3" -rm -f "$(DESTDIR)$(mandir)/man3/PKCS8_PRIV_KEY_INFO_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS8_pkey_add1_attr_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS8_pkey_get0.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS8_pkey_get0_attrs.3" -rm -f "$(DESTDIR)$(mandir)/man3/PKEY_USAGE_PERIOD_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_new.3" @@ -4789,6 +5108,9 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_public_decrypt.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_private_decrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_security_bits.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_security_bits.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_security_bits.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_PKCS1_SSLeay.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_flags.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_get_default_method.3" @@ -4927,6 +5249,8 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_info_callback.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_info_callback.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_info_callback.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_keylog_callback.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_keylog_cb_func.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_cert_list.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_max_cert_list.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_max_cert_list.3" @@ -4945,6 +5269,9 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_msg_callback_arg.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback_arg.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_num_tickets.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_num_tickets.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_num_tickets.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_options.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_options.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_options.3" @@ -4958,6 +5285,9 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_read_ahead.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_read_ahead.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_read_ahead.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_security_level.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_security_level.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_security_level.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_session_cache_mode.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_session_id_context.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ssl_method.3" @@ -5065,6 +5395,8 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_peek.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_peek_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_read_ex.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_early_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_early_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_max_early_data.3" @@ -5086,6 +5418,7 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_rfd.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_wfd.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_send_fragment.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_psk_use_session_cb_func.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_shutdown.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ecdh_auto.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_ecdh.3" @@ -5097,6 +5430,7 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_read.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_write.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_x509_lookup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_write_ex.3" -rm -f "$(DESTDIR)$(mandir)/man3/SXNETID_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/SXNETID_new.3" -rm -f "$(DESTDIR)$(mandir)/man3/SXNET_free.3" @@ -5179,12 +5513,25 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_new.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set0.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set_md.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_count.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_get0_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_get0_type.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_create.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_dup.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_create_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_create_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_create_by_txt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_set1_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_new.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_CINF_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VAL_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VAL_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_METHOD_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_meth_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set_default_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set_meth_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_add0_revoked.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_by_cert.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_REVOKED.3" @@ -5197,6 +5544,7 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_print_fp.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_NID.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_dup.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_critical.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_data.3" @@ -5207,9 +5555,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/X509_INFO_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_file.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_mem.3" - -rm -f "$(DESTDIR)$(mandir)/man3/X509_load_cert_crl_file.3" - -rm -f "$(DESTDIR)$(mandir)/man3/X509_load_cert_file.3" - -rm -f "$(DESTDIR)$(mandir)/man3/X509_load_crl_file.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_add_dir.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_add_mem.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_by_alias.3" @@ -5252,13 +5597,16 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_oneline.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_print.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_print_ex_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_free_contents.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_get0_X509_CRL.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_get_type.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_idx_by_subject.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_new.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_retrieve_by_subject.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_retrieve_match.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_up_ref_count.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_PKEY_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get0.3" @@ -5268,9 +5616,11 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_bio.3" -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_bio.3" -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_add.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_cleanup.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_get0.3" @@ -5281,15 +5631,33 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_get_count.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_get_id.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_get_trust.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_add1_attr_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_add1_attr_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_add1_attr_by_txt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_delete_attr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_attr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_attr_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_attr_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_attr_count.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_add_extensions_nid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_extension_nid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_extension_nids.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_extensions.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_set_extension_nids.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_dup.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_to_X509_REQ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_print.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_print_fp.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_dup.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_revocationDate.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_serialNumber.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_revocationDate.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_serialNumber.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_SIG_getm.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_SIG_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_chain.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_current_crl.3" @@ -5301,7 +5669,11 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_current_cert.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_error_depth.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_explicit_policy.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_num_untrusted.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_verified_chain.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_current_cert.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error_depth.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_verify_cert_error_string.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_app_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_ex_data.3" @@ -5327,7 +5699,11 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_purpose.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_time.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_trust.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_verify.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_verify_cb.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get1_issuer.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_by_subject.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_obj_by_subject.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get1_certs.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get1_crls.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_add_lookup.3" @@ -5347,7 +5723,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_purpose.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_trust.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_cb.3" - -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_func.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_TRUST_add.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_TRUST_cleanup.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_TRUST_get0.3" @@ -5356,31 +5731,34 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/X509_TRUST_get_count.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_TRUST_get_flags.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_TRUST_get_trust.3" - -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_policy.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_table.3" - -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add1_host.3" - -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_clear_flags.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_count.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_inherit.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_lookup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_table_cleanup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_policy.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add1_host.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_clear_flags.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0_name.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0_peername.3" - -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_count.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_depth.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_flags.3" - -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_lookup.3" - -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_time.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_email.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_host.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_ip.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_ip_asc.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_name.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_policies.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_auth_level.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_depth.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_hostflags.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_purpose.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_time.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_trust.3" - -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_table_cleanup.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_add1_reject_object.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_reject_clear.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_trust_clear.3" @@ -5388,6 +5766,7 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/X509_check_ip.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_check_ip_asc.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_check_private_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_TRUST_set_default.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_cmp.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_match.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_cmp.3" @@ -5395,6 +5774,7 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/X509_issuer_name_cmp.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_subject_name_cmp.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_cmp_current_time.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_gmtime_adj.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_time_adj.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_time_adj_ex.3" -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_digest.3" @@ -5429,7 +5809,10 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/X509_get_signature_type.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_email_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_get1_ocsp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_get_extended_key_usage.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_get_key_usage.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_extract_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get0_pubkey.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_pubkey.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_set_pubkey.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_extract_key.3" @@ -5454,11 +5837,15 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/X509_alias_get0.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_alias_set1.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_keyid_get0.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_load_cert_crl_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_load_crl_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_to_X509.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_chain_up_ref.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_dup.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_up_ref.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_policy_tree_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_policy_tree_get0_user_policies.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_policy_level_get0_node.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_policy_level_node_count.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_policy_node_get0_parent.3" @@ -5478,6 +5865,14 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/X509_sign_ctx.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_verify.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_signature_print.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509at_add1_attr_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509at_add1_attr_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509at_add1_attr_by_txt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509at_delete_attr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509at_get0_data_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509at_get_attr_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509at_get_attr_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509at_get_attr_count.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_add_ext.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_delete_ext.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext.3" @@ -5750,6 +6145,8 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_bio.3" -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_fp.3" -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey_fp.3" -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PublicKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/d2i_Netscape_RSA.3" -rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey.3" @@ -5813,7 +6210,12 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_VAL.3" -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_bio.3" -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_re_X509_CRL_tbs.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_re_X509_REQ_tbs.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_re_X509_tbs.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_ALGORS.3" -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_ALGOR.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_ALGORS.3" -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_ATTRIBUTE.3" -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_INFO.3" -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_bio.3" @@ -5864,6 +6266,11 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_3072.3" -rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_4096.3" -rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_6144.3" + -rm -f "$(DESTDIR)$(mandir)/man3/a2i_ASN1_ENUMERATED.3" + -rm -f "$(DESTDIR)$(mandir)/man3/a2i_ASN1_INTEGER.3" + -rm -f "$(DESTDIR)$(mandir)/man3/a2i_ASN1_STRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2a_ASN1_ENUMERATED.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2a_ASN1_INTEGER.3" -rm -f "$(DESTDIR)$(mandir)/man3/DECLARE_LHASH_OF.3" -rm -f "$(DESTDIR)$(mandir)/man3/LHASH_COMP_FN_TYPE.3" -rm -f "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_ARG_FN_TYPE.3" @@ -5884,6 +6291,7 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/lh_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/lh_insert.3" -rm -f "$(DESTDIR)$(mandir)/man3/lh_retrieve.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_strhash.3" -rm -f "$(DESTDIR)$(mandir)/man3/lh_node_stats.3" -rm -f "$(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3" -rm -f "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3" diff --git a/man/Makefile.in b/man/Makefile.in index 47c21211..36eba9f1 100644 --- a/man/Makefile.in +++ b/man/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.3 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2020 Free Software Foundation, Inc. +# Copyright (C) 1994-2021 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -175,6 +175,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ @@ -185,6 +187,7 @@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ +ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ @@ -312,13 +315,16 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ SSL_CTX_set_default_passwd_cb.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ SSL_CTX_set_generate_session_id.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ SSL_CTX_set_info_callback.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ SSL_CTX_set_keylog_callback.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ SSL_CTX_set_max_cert_list.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ SSL_CTX_set_min_proto_version.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ SSL_CTX_set_mode.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ SSL_CTX_set_msg_callback.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ SSL_CTX_set_num_tickets.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ SSL_CTX_set_options.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ SSL_CTX_set_quiet_shutdown.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ SSL_CTX_set_read_ahead.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ SSL_CTX_set_security_level.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ SSL_CTX_set_session_cache_mode.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ SSL_CTX_set_session_id_context.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ SSL_CTX_set_ssl_version.3 \ @@ -389,29 +395,41 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ SSL_want.3 SSL_write.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ d2i_SSL_SESSION.3 ssl.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ ACCESS_DESCRIPTION_new.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ AES_encrypt.3 ASN1_INTEGER_get.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ AES_encrypt.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ ASN1_BIT_STRING_num_asc.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ ASN1_BIT_STRING_set.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ ASN1_INTEGER_get.3 ASN1_NULL_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ ASN1_OBJECT_new.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ ASN1_PRINTABLE_type.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ ASN1_STRING_TABLE_add.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ ASN1_STRING_length.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ ASN1_STRING_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ ASN1_STRING_print_ex.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ ASN1_TIME_set.3 ASN1_TYPE_get.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ ASN1_UNIVERSALSTRING_to_string.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ ASN1_bn_print.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ ASN1_generate_nconf.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ ASN1_get_object.3 ASN1_item_d2i.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ ASN1_item_new.3 ASN1_parse_dump.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ ASN1_put_object.3 ASN1_time_parse.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ ASN1_item_digest.3 ASN1_item_new.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ ASN1_item_pack.3 ASN1_item_sign.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ ASN1_item_verify.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ ASN1_mbstring_copy.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ ASN1_parse_dump.3 ASN1_put_object.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ ASN1_time_parse.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ AUTHORITY_KEYID_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ BASIC_CONSTRAINTS_new.3 BF_set_key.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ BIO_ctrl.3 BIO_dump.3 BIO_f_base64.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ BIO_f_buffer.3 BIO_f_cipher.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ BIO_f_md.3 BIO_f_null.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ BIO_find_type.3 BIO_get_data.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ BIO_ctrl.3 BIO_dump.3 BIO_f_asn1.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ BIO_f_base64.3 BIO_f_buffer.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ BIO_f_cipher.3 BIO_f_md.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ BIO_f_null.3 BIO_find_type.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ BIO_get_data.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ BIO_get_ex_new_index.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ BIO_meth_new.3 BIO_new.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ BIO_new_CMS.3 BIO_printf.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ BIO_push.3 BIO_read.3 BIO_s_accept.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ BIO_s_bio.3 BIO_s_connect.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ BIO_s_fd.3 BIO_s_file.3 BIO_s_mem.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ BIO_new_CMS.3 BIO_new_NDEF.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ BIO_printf.3 BIO_push.3 BIO_read.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ BIO_s_accept.3 BIO_s_bio.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ BIO_s_connect.3 BIO_s_fd.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ BIO_s_file.3 BIO_s_mem.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ BIO_s_null.3 BIO_s_socket.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ BIO_set_callback.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ BIO_should_retry.3 BN_BLINDING_new.3 \ @@ -484,19 +502,22 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ EVP_DigestSignInit.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_DigestVerifyInit.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_EncodeInit.3 EVP_EncryptInit.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ EVP_OpenInit.3 EVP_PKEY_CTX_ctrl.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ EVP_OpenInit.3 EVP_PKCS82PKEY.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_CTX_ctrl.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_CTX_new.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_CTX_set_hkdf_md.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_add1_attr.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_asn1_get_count.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_asn1_new.3 EVP_PKEY_cmp.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_decrypt.3 EVP_PKEY_derive.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_encrypt.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_asn1_new.3 EVP_PKEY_check.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_cmp.3 EVP_PKEY_decrypt.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_derive.3 EVP_PKEY_encrypt.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_get_default_digest_nid.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_keygen.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_meth_get0_info.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_meth_new.3 EVP_PKEY_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_print_private.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_set1_RSA.3 EVP_PKEY_sign.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_verify.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_size.3 EVP_PKEY_verify.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_verify_recover.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_SealInit.3 EVP_SignInit.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_VerifyInit.3 EVP_aes_128_cbc.3 \ @@ -505,7 +526,9 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ EVP_whirlpool.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EXTENDED_KEY_USAGE_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ GENERAL_NAME_new.3 HMAC.3 MD5.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ NAME_CONSTRAINTS_new.3 OBJ_nid2obj.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ NAME_CONSTRAINTS_new.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ OBJ_NAME_add.3 OBJ_add_sigid.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ OBJ_create.3 OBJ_nid2obj.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ OCSP_CRLID_new.3 OCSP_REQUEST_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ OCSP_SERVICELOC_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ OCSP_cert_to_id.3 \ @@ -522,6 +545,7 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ PEM_ASN1_read.3 PEM_X509_INFO_read.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ PEM_bytes_read_bio.3 PEM_read.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ PEM_read_bio_PrivateKey.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ PEM_write_bio_ASN1_stream.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ PEM_write_bio_CMS_stream.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ PEM_write_bio_PKCS7_stream.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ PKCS12_SAFEBAG_new.3 PKCS12_create.3 \ @@ -536,6 +560,7 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ PKCS7_sign.3 PKCS7_sign_add_signer.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ PKCS7_verify.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ PKCS8_PRIV_KEY_INFO_new.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ PKCS8_pkey_set0.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ PKEY_USAGE_PERIOD_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ POLICYINFO_new.3 PROXY_POLICY_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ RAND_add.3 RAND_bytes.3 \ @@ -550,10 +575,13 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ RSA_pkey_ctx_ctrl.3 RSA_print.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ RSA_private_encrypt.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ RSA_public_encrypt.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ RSA_set_method.3 RSA_sign.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ RSA_security_bits.3 RSA_set_method.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ RSA_sign.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ RSA_sign_ASN1_OCTET_STRING.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ RSA_size.3 SHA1.3 SMIME_read_CMS.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ SMIME_read_PKCS7.3 SMIME_write_CMS.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ RSA_size.3 SHA1.3 SMIME_crlf_copy.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ SMIME_read_ASN1.3 SMIME_read_CMS.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ SMIME_read_PKCS7.3 SMIME_text.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ SMIME_write_ASN1.3 SMIME_write_CMS.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ SMIME_write_PKCS7.3 STACK_OF.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ SXNET_new.3 TS_REQ_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ UI_UTIL_read_pw.3 UI_create_method.3 \ @@ -561,7 +589,11 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ X25519.3 X509V3_EXT_print.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509V3_extensions_print.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509V3_get_d2i.3 X509_ALGOR_dup.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ X509_ATTRIBUTE_new.3 X509_CINF_new.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_ATTRIBUTE_get0_object.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_ATTRIBUTE_new.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_ATTRIBUTE_set1_object.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_CINF_new.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_CRL_METHOD_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_CRL_get0_by_serial.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_CRL_new.3 X509_CRL_print.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_EXTENSION_set_object.3 \ @@ -574,13 +606,18 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ X509_NAME_hash.3 X509_NAME_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_NAME_print_ex.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_OBJECT_get0_X509.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ X509_PUBKEY_new.3 X509_PURPOSE_set.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ X509_REQ_new.3 X509_REVOKED_new.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_PKEY_new.3 X509_PUBKEY_new.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_PURPOSE_set.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_REQ_add1_attr.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_REQ_add_extensions.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_REQ_new.3 X509_REQ_print_ex.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_REVOKED_new.3 X509_SIG_get0.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_SIG_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_STORE_CTX_get_error.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_STORE_CTX_get_ex_new_index.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_STORE_CTX_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_STORE_CTX_set_flags.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_STORE_CTX_set_verify.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_STORE_CTX_set_verify_cb.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_STORE_get_by_subject.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_STORE_load_locations.3 \ @@ -588,6 +625,7 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ X509_STORE_set1_param.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_STORE_set_verify_cb_func.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_TRUST_set.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_VERIFY_PARAM_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_VERIFY_PARAM_set_flags.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_add1_trust_object.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_check_ca.3 X509_check_host.3 \ @@ -599,19 +637,25 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ X509_find_by_subject.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_get0_notBefore.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_get0_signature.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ X509_get1_email.3 X509_get_pubkey.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_get1_email.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_get_extension_flags.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_get_pubkey.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_get_pubkey_parameters.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_get_serialNumber.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_get_subject_name.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_get_version.3 X509_keyid_set1.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ X509_new.3 X509_ocspid_print.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_load_cert_file.3 X509_new.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_ocspid_print.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_policy_check.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509_policy_tree_get0_policies.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_policy_tree_level_count.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_print_ex.3 X509_sign.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_signature_dump.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_verify_cert.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ X509v3_get_ext_by_NID.3 bn_dump.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ crypto.3 d2i_ASN1_NULL.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ d2i_ASN1_OBJECT.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509at_add1_attr.3 X509at_get_attr.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ X509v3_get_ext_by_NID.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ a2d_ASN1_OBJECT.3 bn_dump.3 crypto.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ d2i_ASN1_NULL.3 d2i_ASN1_OBJECT.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ d2i_ASN1_OCTET_STRING.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ d2i_ASN1_SEQUENCE_ANY.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ d2i_AUTHORITY_KEYID.3 \ @@ -636,6 +680,8 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ d2i_X509_REQ.3 d2i_X509_SIG.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ des_read_pw.3 evp.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ get_rfc3526_prime_8192.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ i2a_ASN1_STRING.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ i2d_ASN1_bio_stream.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ i2d_CMS_bio_stream.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ i2d_PKCS7_bio_stream.3 lh_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ lh_stats.3 x509_verify.3 \ @@ -775,7 +821,6 @@ ctags CTAGS: cscope cscopelist: - distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am @@ -943,14 +988,28 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "AES_encrypt.3" "$(DESTDIR)$(mandir)/man3/AES_decrypt.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "AES_encrypt.3" "$(DESTDIR)$(mandir)/man3/AES_set_decrypt_key.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "AES_encrypt.3" "$(DESTDIR)$(mandir)/man3/AES_set_encrypt_key.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_BIT_STRING_num_asc.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_name_print.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_BIT_STRING_num_asc.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_set_asc.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_BIT_STRING_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_check.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_BIT_STRING_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_get_bit.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_BIT_STRING_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_set_bit.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_get.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_get_int64.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_set.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_set_int64.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_to_BN.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_cmp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_dup.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_get_int64.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_get_uint64.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_set.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_set_int64.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_set_uint64.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_to_BN.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/BN_to_ASN1_ENUMERATED.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/BN_to_ASN1_INTEGER.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/i2a_ASN1_INTEGER.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_NULL_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_NULL_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_OBJECT_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_create.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_OBJECT_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_TABLE_add.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_cleanup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_TABLE_add.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_get.3" @@ -958,11 +1017,13 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_set.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_cmp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_copy.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_get0_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_length_set.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set0.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_to_UTF8.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_free.3" @@ -1013,6 +1074,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_set_string.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_adj.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_check.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_diff.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_print.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_string.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_to_generalizedtime.3" @@ -1024,9 +1086,13 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set_string.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_cmp.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_get_int_octetstring.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_get_octetstring.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set1.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set_int_octetstring.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set_octetstring.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_generate_nconf.3" "$(DESTDIR)$(mandir)/man3/ASN1_generate_v3.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_bio.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_fp.3" @@ -1034,11 +1100,21 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_bio.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_fp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_ndef_i2d.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_print.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TYPE.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TYPE.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_item_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_item_pack.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_unpack.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_item_sign.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_sign_ctx.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_mbstring_copy.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_get_default_mask.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_mbstring_copy.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_mbstring_copy.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set_default_mask.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_mbstring_copy.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set_default_mask_asc.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_mbstring_copy.3" "$(DESTDIR)$(mandir)/man3/ASN1_mbstring_ncopy.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_mbstring_copy.3" "$(DESTDIR)$(mandir)/man3/ASN1_tag2bit.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_parse_dump.3" "$(DESTDIR)$(mandir)/man3/ASN1_parse.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_put_object.3" "$(DESTDIR)$(mandir)/man3/ASN1_object_size.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_put_object.3" "$(DESTDIR)$(mandir)/man3/ASN1_put_eoc.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_time_parse.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_tm.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_time_parse.3" "$(DESTDIR)$(mandir)/man3/ASN1_time_tm_cmp.3" @@ -1058,6 +1134,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_flush.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_close.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_info_callback.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_info_cb.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_int_ctrl.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_pending.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_ptr_ctrl.3" @@ -1067,10 +1144,14 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_info_callback.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_tell.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_wpending.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/bio_info_cb.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_dump.3" "$(DESTDIR)$(mandir)/man3/BIO_dump_fp.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_dump.3" "$(DESTDIR)$(mandir)/man3/BIO_dump_indent.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_dump.3" "$(DESTDIR)$(mandir)/man3/BIO_dump_indent_fp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_f_asn1.3" "$(DESTDIR)$(mandir)/man3/BIO_asn1_get_prefix.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_f_asn1.3" "$(DESTDIR)$(mandir)/man3/BIO_asn1_get_suffix.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_f_asn1.3" "$(DESTDIR)$(mandir)/man3/BIO_asn1_set_prefix.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_f_asn1.3" "$(DESTDIR)$(mandir)/man3/BIO_asn1_set_suffix.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_f_asn1.3" "$(DESTDIR)$(mandir)/man3/asn1_ps_func.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_get_buffer_num_lines.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_read_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_size.3" @@ -1094,6 +1175,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_timeout.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_ssl_copy_session_id.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_ssl_shutdown.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_find_type.3" "$(DESTDIR)$(mandir)/man3/BIO_method_name.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_find_type.3" "$(DESTDIR)$(mandir)/man3/BIO_method_type.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_find_type.3" "$(DESTDIR)$(mandir)/man3/BIO_next.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_get_data.3" "$(DESTDIR)$(mandir)/man3/BIO_get_shutdown.3" @@ -1151,6 +1233,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_vsnprintf.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_push.3" "$(DESTDIR)$(mandir)/man3/BIO_pop.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_gets.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_indent.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_puts.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_write.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_do_accept.3" @@ -1232,14 +1315,22 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_gcd.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_add.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_add_quick.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_exp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_lshift.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_lshift1.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_lshift1_quick.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_lshift_quick.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_mul.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_sqr.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_sub.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_sub_quick.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mul.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_nnmod.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_sqr.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_sub.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_uadd.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_usub.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_div_word.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_mod_word.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_mul_word.3" @@ -1257,6 +1348,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_mpi2bn.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_print.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_print_fp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_abs_is_word.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_odd.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_one.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_word.3" @@ -1284,6 +1376,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_init.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set_locked.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_from_montgomery.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_to_montgomery.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_free.3" @@ -1309,10 +1402,12 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_rshift1.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_set_flags.3" "$(DESTDIR)$(mandir)/man3/BN_get_flags.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_set_negative.3" "$(DESTDIR)$(mandir)/man3/BN_is_negative.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_swap.3" "$(DESTDIR)$(mandir)/man3/BN_consttime_swap.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_get_word.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_one.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_set_word.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_value_one.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_zero_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow_clean.3" @@ -1423,6 +1518,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_xcbc_encrypt.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DH_generate_key.3" "$(DESTDIR)$(mandir)/man3/DH_compute_key.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DH_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DH_check.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DH_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DH_check_pub_key.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DH_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DH_generate_parameters_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_clear_flags.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_get0_engine.3" @@ -1464,6 +1560,8 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/DSA_set_ex_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_get0_name.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_set1_name.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_set_finish.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_set_sign.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DSA_new.3" "$(DESTDIR)$(mandir)/man3/DSA_free.3" @@ -1474,6 +1572,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DSA_set_method.3" "$(DESTDIR)$(mandir)/man3/DSA_set_default_method.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DSA_sign.3" "$(DESTDIR)$(mandir)/man3/DSA_sign_setup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DSA_sign.3" "$(DESTDIR)$(mandir)/man3/DSA_verify.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DSA_size.3" "$(DESTDIR)$(mandir)/man3/DSA_bits.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ECDH_compute_key.3" "$(DESTDIR)$(mandir)/man3/ECDH_size.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_OpenSSL.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_free.3" @@ -1741,6 +1840,8 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_SIGNING_CERT_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_cleanup.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_open.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_seal.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_key_length.3" @@ -1775,8 +1876,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_pkey_type.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_size.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_type.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_dss.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_dss1.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyname.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_digestbynid.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyobj.3" @@ -1881,6 +1980,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKCS82PKEY.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY2PKCS8.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_ecdh_kdf_ukm.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id.3" @@ -1905,6 +2005,18 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_CTX_set_hkdf_md.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_add1_hkdf_info.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_CTX_set_hkdf_md.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_hkdf_mode.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_CTX_set_hkdf_md.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set1_hkdf_key.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_CTX_set_hkdf_md.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set1_hkdf_salt.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_add1_attr.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_add1_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_add1_attr.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_add1_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_add1_attr.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_add1_attr_by_txt.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_add1_attr.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_delete_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_add1_attr.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_add1_attr.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_add1_attr.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_add1_attr.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get_attr_count.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find_str.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0.3" @@ -1914,11 +2026,17 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add_alias.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_copy.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_check.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_ctrl.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_param.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_param_check.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_private.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_public.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_public_check.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_security_bits.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_check.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_param_check.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_check.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_public_check.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_cmp.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_cmp_parameters.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_cmp.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_copy_parameters.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_cmp.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_missing_parameters.3" @@ -1939,6 +2057,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_copy.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_find.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_check.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_cleanup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_copy.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_ctrl.3" @@ -1947,7 +2066,9 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_encrypt.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_init.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_keygen.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_param_check.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_paramgen.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_public_check.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_sign.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_signctx.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_verify.3" @@ -1983,12 +2104,12 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set_type.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_type.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_sign.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_sign_init.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_size.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_bits.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_size.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_security_bits.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_verify.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_init.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_verify_recover.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_recover_init.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_SealInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SealFinal.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_SealInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SealUpdate.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_bits.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_size.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SignFinal.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SignInit_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SignUpdate.3" @@ -2087,11 +2208,9 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_NAME_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/OTHERNAME_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/OTHERNAME_new.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_cleanup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_copy.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_get_md.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_init.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_reset.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_set_flags.3" @@ -2099,7 +2218,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Init.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Init_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Update.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_cleanup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_size.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4_Final.3" @@ -2111,9 +2229,23 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/NAME_CONSTRAINTS_free.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_cleanup.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_cleanup.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all_sorted.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_get.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_init.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_new_index.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_remove.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_add_sigid.3" "$(DESTDIR)$(mandir)/man3/OBJ_find_sigid_algs.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_add_sigid.3" "$(DESTDIR)$(mandir)/man3/OBJ_find_sigid_by_algs.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_add_sigid.3" "$(DESTDIR)$(mandir)/man3/OBJ_sigid_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/OBJ_add_object.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/OBJ_cleanup.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/OBJ_create_objects.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/OBJ_new_nid.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/check_defer.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/obj_cleanup_defer.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_cmp.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_create.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_ln2nid.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_nid2ln.3" @@ -2366,6 +2498,9 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "PKCS7_set_type.3" "$(DESTDIR)$(mandir)/man3/PKCS7_set0_type_other.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "PKCS7_verify.3" "$(DESTDIR)$(mandir)/man3/PKCS7_get0_signers.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "PKCS8_PRIV_KEY_INFO_new.3" "$(DESTDIR)$(mandir)/man3/PKCS8_PRIV_KEY_INFO_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "PKCS8_pkey_set0.3" "$(DESTDIR)$(mandir)/man3/PKCS8_pkey_add1_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "PKCS8_pkey_set0.3" "$(DESTDIR)$(mandir)/man3/PKCS8_pkey_get0.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "PKCS8_pkey_set0.3" "$(DESTDIR)$(mandir)/man3/PKCS8_pkey_get0_attrs.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "PKEY_USAGE_PERIOD_new.3" "$(DESTDIR)$(mandir)/man3/PKEY_USAGE_PERIOD_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_new.3" @@ -2477,6 +2612,9 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "RSA_private_encrypt.3" "$(DESTDIR)$(mandir)/man3/RSA_public_decrypt.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "RSA_public_encrypt.3" "$(DESTDIR)$(mandir)/man3/RSA_private_decrypt.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "RSA_security_bits.3" "$(DESTDIR)$(mandir)/man3/BN_security_bits.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "RSA_security_bits.3" "$(DESTDIR)$(mandir)/man3/DH_security_bits.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "RSA_security_bits.3" "$(DESTDIR)$(mandir)/man3/DSA_security_bits.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_PKCS1_SSLeay.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_flags.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_get_default_method.3" @@ -2615,6 +2753,8 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_info_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_info_callback.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_info_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_get_info_callback.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_info_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_info_callback.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_keylog_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_keylog_callback.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_keylog_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_keylog_cb_func.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_max_cert_list.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_cert_list.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_max_cert_list.3" "$(DESTDIR)$(mandir)/man3/SSL_get_max_cert_list.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_max_cert_list.3" "$(DESTDIR)$(mandir)/man3/SSL_set_max_cert_list.3" @@ -2633,6 +2773,9 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_msg_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_msg_callback_arg.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_msg_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_msg_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback_arg.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_num_tickets.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_num_tickets.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_num_tickets.3" "$(DESTDIR)$(mandir)/man3/SSL_get_num_tickets.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_num_tickets.3" "$(DESTDIR)$(mandir)/man3/SSL_set_num_tickets.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_options.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_options.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_options.3" @@ -2646,6 +2789,9 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_read_ahead.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_get_read_ahead.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_set_read_ahead.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_security_level.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_security_level.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_security_level.3" "$(DESTDIR)$(mandir)/man3/SSL_get_security_level.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_security_level.3" "$(DESTDIR)$(mandir)/man3/SSL_set_security_level.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_session_cache_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_session_cache_mode.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_session_id_context.3" "$(DESTDIR)$(mandir)/man3/SSL_set_session_id_context.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_CTX_set_ssl_version.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ssl_method.3" @@ -2753,6 +2899,8 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_read.3" "$(DESTDIR)$(mandir)/man3/SSL_peek.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_read.3" "$(DESTDIR)$(mandir)/man3/SSL_peek_ex.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_read.3" "$(DESTDIR)$(mandir)/man3/SSL_read_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_early_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_early_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_max_early_data.3" @@ -2774,6 +2922,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_set_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_set_rfd.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_set_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_set_wfd.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_set_max_send_fragment.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_send_fragment.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_set_psk_use_session_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_psk_use_session_cb_func.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_set_shutdown.3" "$(DESTDIR)$(mandir)/man3/SSL_get_shutdown.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_set_tmp_ecdh.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ecdh_auto.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_set_tmp_ecdh.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_ecdh.3" @@ -2785,6 +2934,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_read.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_write.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_x509_lookup.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SSL_write.3" "$(DESTDIR)$(mandir)/man3/SSL_write_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/SXNETID_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/SXNETID_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/SXNET_free.3" @@ -2867,12 +3017,25 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set0.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set_md.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_ATTRIBUTE_get0_object.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_count.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_ATTRIBUTE_get0_object.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_get0_data.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_ATTRIBUTE_get0_object.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_get0_type.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_ATTRIBUTE_new.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_create.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_ATTRIBUTE_new.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_ATTRIBUTE_new.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_ATTRIBUTE_set1_object.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_create_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_ATTRIBUTE_set1_object.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_create_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_ATTRIBUTE_set1_object.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_create_by_txt.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_ATTRIBUTE_set1_object.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_set1_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CINF_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_VAL_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_VAL_new.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CRL_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_METHOD_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CRL_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_meth_data.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CRL_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set_default_method.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CRL_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set_meth_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_add0_revoked.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_by_cert.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_REVOKED.3" @@ -2885,6 +3048,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CRL_print.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_print_fp.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_NID.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_critical.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_data.3" @@ -2895,9 +3059,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_INFO_new.3" "$(DESTDIR)$(mandir)/man3/X509_INFO_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_file.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_mem.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_load_cert_crl_file.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_load_cert_file.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_load_crl_file.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_LOOKUP_new.3" "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_add_dir.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_LOOKUP_new.3" "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_add_mem.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_LOOKUP_new.3" "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_by_alias.3" @@ -2940,13 +3101,16 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_NAME_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_oneline.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_NAME_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_print.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_NAME_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_print_ex_fp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_free_contents.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_get0_X509_CRL.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_get_type.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_idx_by_subject.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_retrieve_by_subject.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_retrieve_match.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_up_ref_count.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_PKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PKEY_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get0.3" @@ -2956,9 +3120,11 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_bio.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_fp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_PUBKEY.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_bio.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_fp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_PUBKEY.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_PURPOSE_set.3" "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_add.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_PURPOSE_set.3" "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_cleanup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_PURPOSE_set.3" "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_get0.3" @@ -2969,15 +3135,33 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_PURPOSE_set.3" "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_get_count.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_PURPOSE_set.3" "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_get_id.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_PURPOSE_set.3" "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_get_trust.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_add1_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_add1_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_add1_attr_by_txt.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_delete_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_attr_count.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_add_extensions.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_add_extensions_nid.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_add_extensions.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_extension_nid.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_add_extensions.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_extension_nids.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_add_extensions.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_extensions.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_add_extensions.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_set_extension_nids.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_new.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_to_X509_REQ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_print.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REQ_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_print_fp.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_revocationDate.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_serialNumber.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_revocationDate.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_serialNumber.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_SIG_get0.3" "$(DESTDIR)$(mandir)/man3/X509_SIG_getm.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_SIG_new.3" "$(DESTDIR)$(mandir)/man3/X509_SIG_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_chain.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_current_crl.3" @@ -2989,7 +3173,11 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_current_cert.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_error_depth.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_explicit_policy.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_num_untrusted.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_verified_chain.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_current_cert.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error_depth.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_verify_cert_error_string.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_app_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_ex_data.3" @@ -3015,7 +3203,11 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_purpose.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_time.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_trust.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_set_verify.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_verify.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_set_verify_cb.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_verify_cb.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_get_by_subject.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get1_issuer.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_get_by_subject.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_by_subject.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_get_by_subject.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_obj_by_subject.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_get_by_subject.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get1_certs.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_get_by_subject.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get1_crls.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_load_locations.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_add_lookup.3" @@ -3035,7 +3227,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_purpose.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_trust.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_set_verify_cb_func.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_cb.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_set_verify_cb_func.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_func.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_TRUST_set.3" "$(DESTDIR)$(mandir)/man3/X509_TRUST_add.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_TRUST_set.3" "$(DESTDIR)$(mandir)/man3/X509_TRUST_cleanup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_TRUST_set.3" "$(DESTDIR)$(mandir)/man3/X509_TRUST_get0.3" @@ -3044,31 +3235,34 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_TRUST_set.3" "$(DESTDIR)$(mandir)/man3/X509_TRUST_get_count.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_TRUST_set.3" "$(DESTDIR)$(mandir)/man3/X509_TRUST_get_flags.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_TRUST_set.3" "$(DESTDIR)$(mandir)/man3/X509_TRUST_get_trust.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_new.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_table.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_new.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_new.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_new.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_count.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_new.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_inherit.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_new.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_lookup.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_new.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_new.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_table_cleanup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_policy.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_table.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add1_host.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_clear_flags.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_free.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0_name.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0_peername.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_count.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_depth.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_flags.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_lookup.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_new.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_time.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_email.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_host.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_ip.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_ip_asc.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_name.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_policies.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_auth_level.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_depth.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_hostflags.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_purpose.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_time.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_trust.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_table_cleanup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_add1_trust_object.3" "$(DESTDIR)$(mandir)/man3/X509_add1_reject_object.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_add1_trust_object.3" "$(DESTDIR)$(mandir)/man3/X509_reject_clear.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_add1_trust_object.3" "$(DESTDIR)$(mandir)/man3/X509_trust_clear.3" @@ -3076,6 +3270,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_check_host.3" "$(DESTDIR)$(mandir)/man3/X509_check_ip.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_check_host.3" "$(DESTDIR)$(mandir)/man3/X509_check_ip_asc.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_check_private_key.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_check_private_key.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_check_trust.3" "$(DESTDIR)$(mandir)/man3/X509_TRUST_set_default.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_cmp.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_match.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_cmp.3" @@ -3083,6 +3278,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_issuer_name_cmp.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_subject_name_cmp.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_cmp_time.3" "$(DESTDIR)$(mandir)/man3/X509_cmp_current_time.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_cmp_time.3" "$(DESTDIR)$(mandir)/man3/X509_gmtime_adj.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_cmp_time.3" "$(DESTDIR)$(mandir)/man3/X509_time_adj.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_cmp_time.3" "$(DESTDIR)$(mandir)/man3/X509_time_adj_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_digest.3" @@ -3117,7 +3313,10 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_get0_signature.3" "$(DESTDIR)$(mandir)/man3/X509_get_signature_type.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_get1_email.3" "$(DESTDIR)$(mandir)/man3/X509_email_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_get1_email.3" "$(DESTDIR)$(mandir)/man3/X509_get1_ocsp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_get_extension_flags.3" "$(DESTDIR)$(mandir)/man3/X509_get_extended_key_usage.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_get_extension_flags.3" "$(DESTDIR)$(mandir)/man3/X509_get_key_usage.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_extract_key.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get0_pubkey.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_pubkey.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_set_pubkey.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_extract_key.3" @@ -3142,11 +3341,15 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_keyid_set1.3" "$(DESTDIR)$(mandir)/man3/X509_alias_get0.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_keyid_set1.3" "$(DESTDIR)$(mandir)/man3/X509_alias_set1.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_keyid_set1.3" "$(DESTDIR)$(mandir)/man3/X509_keyid_get0.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_load_cert_file.3" "$(DESTDIR)$(mandir)/man3/X509_load_cert_crl_file.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_load_cert_file.3" "$(DESTDIR)$(mandir)/man3/X509_load_crl_file.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_to_X509.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_chain_up_ref.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_up_ref.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_policy_check.3" "$(DESTDIR)$(mandir)/man3/X509_policy_tree_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_policy_tree_get0_policies.3" "$(DESTDIR)$(mandir)/man3/X509_policy_tree_get0_user_policies.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_policy_tree_level_count.3" "$(DESTDIR)$(mandir)/man3/X509_policy_level_get0_node.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_policy_tree_level_count.3" "$(DESTDIR)$(mandir)/man3/X509_policy_level_node_count.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_policy_tree_level_count.3" "$(DESTDIR)$(mandir)/man3/X509_policy_node_get0_parent.3" @@ -3166,6 +3369,14 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_sign_ctx.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_verify.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_signature_dump.3" "$(DESTDIR)$(mandir)/man3/X509_signature_print.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509at_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509at_add1_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509at_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509at_add1_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509at_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509at_add1_attr_by_txt.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509at_add1_attr.3" "$(DESTDIR)$(mandir)/man3/X509at_delete_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509at_get_attr.3" "$(DESTDIR)$(mandir)/man3/X509at_get0_data_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509at_get_attr.3" "$(DESTDIR)$(mandir)/man3/X509at_get_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509at_get_attr.3" "$(DESTDIR)$(mandir)/man3/X509at_get_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509at_get_attr.3" "$(DESTDIR)$(mandir)/man3/X509at_get_attr_count.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_add_ext.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_delete_ext.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext.3" @@ -3438,6 +3649,8 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_bio.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_fp.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey_bio.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey_fp.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PublicKey.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_Netscape_RSA.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey.3" @@ -3501,7 +3714,12 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_VAL.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_bio.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_fp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_re_X509_CRL_tbs.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_re_X509_REQ_tbs.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_re_X509_tbs.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_X509_ALGOR.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_ALGORS.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_X509_ALGOR.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_ALGOR.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_X509_ALGOR.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_ALGORS.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_X509_ATTRIBUTE.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_ATTRIBUTE.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_INFO.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_bio.3" @@ -3552,6 +3770,11 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_3072.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_4096.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_6144.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "i2a_ASN1_STRING.3" "$(DESTDIR)$(mandir)/man3/a2i_ASN1_ENUMERATED.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "i2a_ASN1_STRING.3" "$(DESTDIR)$(mandir)/man3/a2i_ASN1_INTEGER.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "i2a_ASN1_STRING.3" "$(DESTDIR)$(mandir)/man3/a2i_ASN1_STRING.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "i2a_ASN1_STRING.3" "$(DESTDIR)$(mandir)/man3/i2a_ASN1_ENUMERATED.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "i2a_ASN1_STRING.3" "$(DESTDIR)$(mandir)/man3/i2a_ASN1_INTEGER.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/DECLARE_LHASH_OF.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_COMP_FN_TYPE.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_ARG_FN_TYPE.3" @@ -3572,6 +3795,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_insert.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_retrieve.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_strhash.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_stats.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3" @@ -3673,14 +3897,28 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/AES_decrypt.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/AES_set_decrypt_key.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/AES_set_encrypt_key.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_name_print.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_set_asc.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_check.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_get_bit.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_set_bit.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_get.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_get_int64.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_set.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_set_int64.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_to_BN.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_cmp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_dup.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_get_int64.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_get_uint64.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_set.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_set_int64.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_set_uint64.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_to_BN.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_to_ASN1_ENUMERATED.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_to_ASN1_INTEGER.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2a_ASN1_INTEGER.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_NULL_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_create.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_cleanup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_get.3" @@ -3688,11 +3926,13 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_set.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_cmp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_copy.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_get0_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_length_set.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set0.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_to_UTF8.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_free.3" @@ -3743,6 +3983,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_set_string.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_adj.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_check.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_diff.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_print.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_string.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_to_generalizedtime.3" @@ -3754,9 +3995,13 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set_string.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_cmp.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_get_int_octetstring.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_get_octetstring.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set1.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set_int_octetstring.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set_octetstring.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_generate_v3.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_bio.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_fp.3" @@ -3764,11 +4009,21 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_bio.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_fp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_ndef_i2d.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_print.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TYPE.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TYPE.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_unpack.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_sign_ctx.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_get_default_mask.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set_default_mask.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set_default_mask_asc.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_mbstring_ncopy.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_tag2bit.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_parse.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_object_size.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_put_eoc.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_tm.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_time_tm_cmp.3" @@ -3788,6 +4043,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_flush.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_close.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_info_callback.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_info_cb.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_int_ctrl.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_pending.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_ptr_ctrl.3" @@ -3797,10 +4053,14 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_info_callback.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_tell.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_wpending.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bio_info_cb.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_dump_fp.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_dump_indent.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_dump_indent_fp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_asn1_get_prefix.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_asn1_get_suffix.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_asn1_set_prefix.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_asn1_set_suffix.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/asn1_ps_func.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_buffer_num_lines.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_read_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_size.3" @@ -3824,6 +4084,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_timeout.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_ssl_copy_session_id.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_ssl_shutdown.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_method_name.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_method_type.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_next.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_shutdown.3" @@ -3881,6 +4142,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_vsnprintf.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_pop.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_gets.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_indent.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_puts.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_write.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_do_accept.3" @@ -3962,14 +4224,22 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_gcd.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_add.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_add_quick.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_exp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_lshift.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_lshift1.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_lshift1_quick.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_lshift_quick.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_mul.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_sqr.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_sub.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_sub_quick.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_mul.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_nnmod.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_sqr.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_sub.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_uadd.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_usub.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_div_word.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_word.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_mul_word.3" @@ -3987,6 +4257,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_mpi2bn.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_print.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_print_fp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_abs_is_word.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_is_odd.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_is_one.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_is_word.3" @@ -4014,6 +4285,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_init.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set_locked.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_from_montgomery.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_to_montgomery.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_free.3" @@ -4039,10 +4311,12 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_rshift1.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_get_flags.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_is_negative.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_consttime_swap.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_get_word.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_one.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_set_word.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_value_one.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_zero_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow_clean.3" @@ -4153,6 +4427,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DES_xcbc_encrypt.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DH_compute_key.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DH_check.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DH_check_pub_key.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DH_generate_parameters_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DH_clear_flags.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DH_get0_engine.3" @@ -4194,6 +4469,8 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_set_ex_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_get0_name.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_set1_name.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_set_finish.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_set_sign.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_free.3" @@ -4204,6 +4481,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_set_default_method.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_sign_setup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_verify.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_bits.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ECDH_size.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_OpenSSL.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_free.3" @@ -4471,6 +4749,8 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ESS_SIGNING_CERT_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_cleanup.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_open.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_seal.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_key_length.3" @@ -4505,8 +4785,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_pkey_type.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_size.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_type.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_dss.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_dss1.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyname.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_digestbynid.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyobj.3" @@ -4611,6 +4889,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY2PKCS8.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_ecdh_kdf_ukm.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id.3" @@ -4635,6 +4914,18 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_add1_hkdf_info.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_hkdf_mode.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set1_hkdf_key.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set1_hkdf_salt.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_add1_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_add1_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_add1_attr_by_txt.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_delete_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get_attr_count.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find_str.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0.3" @@ -4644,11 +4935,17 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add_alias.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_copy.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_check.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_ctrl.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_param.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_param_check.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_private.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_public.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_public_check.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_security_bits.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_param_check.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_public_check.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_cmp_parameters.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_copy_parameters.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_missing_parameters.3" @@ -4669,6 +4966,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_copy.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_find.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_check.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_cleanup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_copy.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_ctrl.3" @@ -4677,7 +4975,9 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_encrypt.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_init.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_keygen.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_param_check.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_paramgen.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_public_check.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_sign.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_signctx.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_verify.3" @@ -4713,12 +5013,12 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set_type.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_type.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_sign_init.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_bits.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_security_bits.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_init.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_recover_init.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_SealFinal.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_SealUpdate.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_bits.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_size.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_SignFinal.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_SignInit_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_SignUpdate.3" @@ -4817,11 +5117,9 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_NAME_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OTHERNAME_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OTHERNAME_new.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_cleanup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_copy.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_get_md.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_init.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_reset.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_set_flags.3" @@ -4829,7 +5127,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Init.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Init_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Update.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_cleanup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_size.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/MD4.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/MD4_Final.3" @@ -4841,9 +5138,23 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/NAME_CONSTRAINTS_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_cleanup.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all_sorted.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_get.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_init.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_new_index.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_remove.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_find_sigid_algs.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_find_sigid_by_algs.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_sigid_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_add_object.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_cleanup.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_create_objects.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_new_nid.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/check_defer.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/obj_cleanup_defer.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_cmp.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_create.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_ln2nid.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_nid2ln.3" @@ -5096,6 +5407,9 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_set0_type_other.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_get0_signers.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/PKCS8_PRIV_KEY_INFO_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/PKCS8_pkey_add1_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/PKCS8_pkey_get0.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/PKCS8_pkey_get0_attrs.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/PKEY_USAGE_PERIOD_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_new.3" @@ -5207,6 +5521,9 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/RSA_public_decrypt.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/RSA_private_decrypt.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BN_security_bits.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DH_security_bits.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_security_bits.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/RSA_PKCS1_SSLeay.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/RSA_flags.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/RSA_get_default_method.3" @@ -5345,6 +5662,8 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_info_callback.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_info_callback.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_info_callback.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_keylog_callback.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_keylog_cb_func.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_cert_list.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_max_cert_list.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_max_cert_list.3" @@ -5363,6 +5682,9 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_msg_callback_arg.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback_arg.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_num_tickets.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_num_tickets.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_num_tickets.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_options.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_options.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_options.3" @@ -5376,6 +5698,9 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_read_ahead.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_read_ahead.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_read_ahead.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_security_level.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_security_level.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_security_level.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_session_cache_mode.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_session_id_context.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ssl_method.3" @@ -5483,6 +5808,8 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_peek.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_peek_ex.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_read_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_early_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_early_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_max_early_data.3" @@ -5504,6 +5831,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_rfd.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_wfd.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_send_fragment.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_psk_use_session_cb_func.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_shutdown.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ecdh_auto.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_ecdh.3" @@ -5515,6 +5843,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_read.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_write.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_x509_lookup.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SSL_write_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SXNETID_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SXNETID_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/SXNET_free.3" @@ -5597,12 +5926,25 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set0.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set_md.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_count.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_get0_data.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_get0_type.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_create.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_create_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_create_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_create_by_txt.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_set1_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CINF_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VAL_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VAL_new.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_METHOD_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_meth_data.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set_default_method.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set_meth_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_add0_revoked.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_by_cert.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_REVOKED.3" @@ -5615,6 +5957,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_print_fp.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_NID.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_critical.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_data.3" @@ -5625,9 +5968,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_INFO_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_file.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_mem.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_load_cert_crl_file.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_load_cert_file.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_load_crl_file.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_add_dir.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_add_mem.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_by_alias.3" @@ -5670,13 +6010,16 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_oneline.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_print.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_print_ex_fp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_free_contents.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_get0_X509_CRL.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_get_type.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_idx_by_subject.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_retrieve_by_subject.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_retrieve_match.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_up_ref_count.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_PKEY_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get0.3" @@ -5686,9 +6029,11 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_bio.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_fp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_PUBKEY.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_bio.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_fp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_PUBKEY.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_add.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_cleanup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_get0.3" @@ -5699,15 +6044,33 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_get_count.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_get_id.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_PURPOSE_get_trust.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_add1_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_add1_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_add1_attr_by_txt.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_delete_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_attr_count.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_add_extensions_nid.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_extension_nid.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_extension_nids.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_extensions.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_set_extension_nids.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_new.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_to_X509_REQ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_print.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_print_fp.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_revocationDate.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_serialNumber.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_revocationDate.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_serialNumber.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_SIG_getm.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_SIG_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_chain.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_current_crl.3" @@ -5719,7 +6082,11 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_current_cert.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_error_depth.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_explicit_policy.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_num_untrusted.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_verified_chain.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_current_cert.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error_depth.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_verify_cert_error_string.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_app_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_ex_data.3" @@ -5745,7 +6112,11 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_purpose.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_time.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_trust.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_verify.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_verify_cb.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get1_issuer.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_by_subject.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_obj_by_subject.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get1_certs.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get1_crls.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_add_lookup.3" @@ -5765,7 +6136,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_purpose.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_trust.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_cb.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_func.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_TRUST_add.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_TRUST_cleanup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_TRUST_get0.3" @@ -5774,31 +6144,34 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_TRUST_get_count.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_TRUST_get_flags.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_TRUST_get_trust.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_policy.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_table.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add1_host.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_clear_flags.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_count.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_inherit.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_lookup.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_table_cleanup.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_policy.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add1_host.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_clear_flags.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0_name.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0_peername.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_count.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_depth.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_flags.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_lookup.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_new.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_time.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_email.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_host.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_ip.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_ip_asc.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_name.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_policies.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_auth_level.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_depth.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_hostflags.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_purpose.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_time.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_trust.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_table_cleanup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_add1_reject_object.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_reject_clear.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_trust_clear.3" @@ -5806,6 +6179,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_check_ip.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_check_ip_asc.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_check_private_key.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_TRUST_set_default.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_cmp.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_match.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_cmp.3" @@ -5813,6 +6187,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_issuer_name_cmp.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_subject_name_cmp.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_cmp_current_time.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_gmtime_adj.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_time_adj.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_time_adj_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_digest.3" @@ -5847,7 +6222,10 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_get_signature_type.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_email_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_get1_ocsp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_get_extended_key_usage.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_get_key_usage.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_extract_key.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get0_pubkey.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_pubkey.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_set_pubkey.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_extract_key.3" @@ -5872,11 +6250,15 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_alias_get0.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_alias_set1.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_keyid_get0.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_load_cert_crl_file.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_load_crl_file.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_to_X509.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_chain_up_ref.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_up_ref.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_policy_tree_free.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_policy_tree_get0_user_policies.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_policy_level_get0_node.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_policy_level_node_count.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_policy_node_get0_parent.3" @@ -5896,6 +6278,14 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_sign_ctx.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_verify.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_signature_print.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509at_add1_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509at_add1_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509at_add1_attr_by_txt.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509at_delete_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509at_get0_data_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509at_get_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509at_get_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509at_get_attr_count.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_add_ext.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_delete_ext.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext.3" @@ -6168,6 +6558,8 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_bio.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_fp.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey_bio.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey_fp.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PublicKey.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/d2i_Netscape_RSA.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey.3" @@ -6231,7 +6623,12 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_VAL.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_bio.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_fp.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_re_X509_CRL_tbs.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_re_X509_REQ_tbs.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_re_X509_tbs.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_ALGORS.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_ALGOR.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_ALGORS.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_ATTRIBUTE.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_INFO.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_bio.3" @@ -6282,6 +6679,11 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_3072.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_4096.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_6144.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/a2i_ASN1_ENUMERATED.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/a2i_ASN1_INTEGER.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/a2i_ASN1_STRING.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2a_ASN1_ENUMERATED.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2a_ASN1_INTEGER.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DECLARE_LHASH_OF.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/LHASH_COMP_FN_TYPE.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_ARG_FN_TYPE.3" @@ -6302,6 +6704,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/lh_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/lh_insert.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/lh_retrieve.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/lh_strhash.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/lh_node_stats.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3" diff --git a/man/OBJ_NAME_add.3 b/man/OBJ_NAME_add.3 new file mode 100644 index 00000000..6d574162 --- /dev/null +++ b/man/OBJ_NAME_add.3 @@ -0,0 +1,347 @@ +.\" $OpenBSD: OBJ_NAME_add.3,v 1.3 2022/09/10 10:22:46 jsg Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: September 10 2022 $ +.Dt OBJ_NAME_ADD 3 +.Os +.Sh NAME +.Nm OBJ_NAME_add , +.Nm OBJ_NAME_remove , +.Nm OBJ_NAME_get , +.Nm OBJ_NAME_new_index , +.Nm OBJ_NAME_init , +.Nm OBJ_NAME_cleanup , +.Nm OBJ_NAME_do_all , +.Nm OBJ_NAME_do_all_sorted +.Nd global associative array +.Sh SYNOPSIS +.In openssl/objects.h +.Ft int +.Fo OBJ_NAME_add +.Fa "const char *name" +.Fa "int type" +.Fa "const char *data" +.Fc +.Ft int +.Fo OBJ_NAME_remove +.Fa "const char *name" +.Fa "int type" +.Fc +.Ft const char * +.Fo OBJ_NAME_get +.Fa "const char *name" +.Fa "int type" +.Fc +.Ft int +.Fo OBJ_NAME_new_index +.Fa "unsigned long (*hash_func)(const char *name)" +.Fa "int (*cmp_func)(const char *name1, const char *name2)" +.Fa "void (*free_func)(const char *name, int type, const char *value)" +.Fc +.Ft int +.Fn OBJ_NAME_init void +.Ft void +.Fn OBJ_NAME_cleanup "int type" +.Bd -literal +typedef struct { + int type; + int alias; + const char *name; + const char *data; +} OBJ_NAME; +.Ed +.Pp +.Ft void +.Fo OBJ_NAME_do_all +.Fa "int type" +.Fa "void (*fn)(const OBJ_NAME *pair, void *arg)" +.Fa "void *arg" +.Fc +.Ft void +.Fo OBJ_NAME_do_all_sorted +.Fa "int type" +.Fa "void (*fn)(const OBJ_NAME *pair, void *arg)" +.Fa "void *arg" +.Fc +.Sh DESCRIPTION +These functions implement a single, static associative array +with the following properties: +.Bl -bullet +.It +The keys are ordered pairs consisting of a NUL-terminated string +.Pq called the Fa name +and an +.Vt int +number +.Pq called the Fa type . +Two types are predefined and used internally by the library: +.Dv OBJ_NAME_TYPE_MD_METH +and +.Dv OBJ_NAME_TYPE_CIPHER_METH . +Two additional types are predefined but not used internally: +.Dv OBJ_NAME_TYPE_PKEY_METH +and +.Dv OBJ_NAME_TYPE_COMP_METH . +All predefined types are greater than +.Dv OBJ_NAME_TYPE_UNDEF +and smaller than +.Dv OBJ_NAME_TYPE_NUM . +.It +The values are pointers. +Formally, they are of the type +.Vt const char * , +but in practice, pointers of other types, for example +.Vt EVP_CIPHER * +or +.Vt EVP_MD * , +are often stored as values +and cast back to the correct type on retrieval. +.It +The array supports type-specific aliases for names. +.El +.Pp +.Fn OBJ_NAME_add +removes the key-value pair or alias with the key +.Pq Fa name , type +in the same way as +.Fn OBJ_NAME_remove +and inserts a key-value pair with the specified +.Fa name , +.Fa type , +and +.Fa value . +If the bit +.Dv OBJ_NAME_ALIAS +is set in the +.Fa type +argument, that bit is cleared before using the +.Fa type +and the key +.Pq Fa name , type +becomes an alias for the key +.Pq Fa value , type +instead of setting a value. +It is not checked whether the key +.Pq Fa value , type +already exists. +Consequently, it is possible to define an alias +before setting the associated value. +.Pp +.Fn OBJ_NAME_remove +removes the key-value pair or alias with the key +.Pq Fa name , type +from the array, if it exists. +Otherwise, it has no effect. +If the bit +.Dv OBJ_NAME_ALIAS +is set in the +.Fa type +argument, it is ignored and cleared before using the +.Fa type . +If the +.Fa type +is an application-defined type added with +.Fn OBJ_NAME_new_index +and the +.Fa free_func +associated with the +.Fa type +is not a +.Dv NULL +pointer, it is called with the +.Fa name , +.Fa type , +and +.Fa value +of the key-value pair being removed or with the +.Fa name , +.Fa type , +and alias target name of the alias being removed. +In typical usage, this function might free the +.Fa name , +and it might free the +.Fa value +in a type-specific way. +.Pp +.Fn OBJ_NAME_get +looks up the key +.Pq Fa name , type , +recursively resolving up to ten aliases if needed. +If the bit +.Dv OBJ_NAME_ALIAS +is set in the +.Fa type +argument, it is cleared before using the +.Fa type , +processing of aliases is disabled, and if +.Pq Fa name , type +is an alias, the target name of the alias is returned instead of a value. +.Pp +.Fn OBJ_NAME_new_index +assigns the smallest unassigned positive integer number +to represent a new, application-defined +.Fa type . +The three function pointers will be used, respectively, +to hash a name for this type, to compare two names for this type, +and to free the contents of a key-value pair holding the given +.Fa name , +.Fa type , +and +.Fa value . +If the +.Fa hash_func +argument is a +.Dv NULL +pointer, +.Xr lh_strhash 3 +is used instead. +If the +.Fa cmp_func +argument is a +.Dv NULL +pointer, +.Xr strcmp 3 +is used instead. +If the +.Fa free_func +argument is a +.Dv NULL +pointer, the +.Fa name +and +.Fa value +pointers contained in the key-value pair are not freed, +only the structure representing the pair itself is. +This default behaviour is also used for the built-in types. +.Pp +.Fn OBJ_NAME_init +initializes the array. +After initialization, the array is empty. +Calling +.Fn OBJ_NAME_init +when the array is already initialized has no effect. +Application programs do not need to call this function because +.Fn OBJ_NAME_add +and +.Fn OBJ_NAME_get +automatically call it whenever needed. +.Pp +.Fn OBJ_NAME_cleanup +removes all key-value pairs and aliases of the given +.Fa type +from the array by calling +.Fn OBJ_NAME_remove +on every such pair and alias. +If the +.Fa type +argument is negative, it removes all key-value pairs and aliases +of any type and also reverses all effects of +.Fn OBJ_NAME_new_index +and +.Fn OBJ_NAME_init , +in particular resetting the list of types to the predefined types +and releasing all memory reserved by these functions. +.Pp +The +.Vt OBJ_NAME +structure represents one key-value pair or one alias with the key +.Pq Fa name , type . +If the +.Fa alias +field is 0, the +.Fa data +field contains the value; otherwise, it contains the alias target name. +.Pp +.Fn OBJ_NAME_do_all +calls +.Fa fn +on every +.Fa pair +and alias in the array that has the given +.Fa type , +also passing the +.Fa arg +pointer. +.Fn OBJ_NAME_do_all_sorted +is similar except that it processes the pairs and aliases +in lexicographic order of their names as determined by +.Xr strcmp 3 , +ignoring any +.Fa cmp_func +that may be defined for the +.Fa type . +.Sh RETURN VALUES +.Fn OBJ_NAME_add +and +.Fn OBJ_NAME_init +return 1 on success or 0 if memory allocation fails. +.Pp +.Fn OBJ_NAME_remove +returns 1 if one key-value pair or alias was removed or 0 otherwise. +.Pp +.Fn OBJ_NAME_get +returns the +.Fa value +associated with the key +.Pq Fa name , type +or +.Dv NULL +if +.Fa name +is +.Dv NULL , +if the array does not contain a value for this key, +or if more than ten aliases are encountered before finding a value. +.Pp +.Fn OBJ_NAME_new_index +returns a positive integer greater than or equal to +.Dv OBJ_NAME_TYPE_NUM +representing the new type or 0 if memory allocation fails. +.Sh SEE ALSO +.Xr EVP_cleanup 3 , +.Xr EVP_get_cipherbyname 3 , +.Xr EVP_get_digestbyname 3 , +.Xr lh_new 3 , +.Xr OBJ_add_sigid 3 , +.Xr OBJ_create 3 , +.Xr OBJ_nid2obj 3 +.Sh BUGS +Calling +.Fn OBJ_NAME_get +with the bit +.Dv OBJ_NAME_ALIAS +is not very useful because there is no way to tell +whether the returned pointer points to a value or to a name, +short of calling the function again without setting the bit +and comparing the two returned pointers. +.Pp +The +.Fa free_func +has no way to tell whether its +.Fa value +argument is indeed of the given +.Fa type +or whether it is merely the target name of an alias. +Consequently, to use values of a type +that requires more cleanup than merely calling +.Xr free 3 +on it, instances of the type need to begin with a magic number or string +that cannot occur at the beginning of a name. +.Pp +.Fn OBJ_NAME_do_all_sorted +is unable to report errors. +If memory allocations fails, it does nothing at all +without telling the caller about the problem. diff --git a/man/OBJ_add_sigid.3 b/man/OBJ_add_sigid.3 new file mode 100644 index 00000000..abfe825e --- /dev/null +++ b/man/OBJ_add_sigid.3 @@ -0,0 +1,124 @@ +.\" $OpenBSD: OBJ_add_sigid.3,v 1.1 2021/12/18 17:47:45 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: December 18 2021 $ +.Dt OBJ_ADD_SIGID 3 +.Os +.Sh NAME +.Nm OBJ_add_sigid , +.Nm OBJ_sigid_free , +.Nm OBJ_find_sigid_algs , +.Nm OBJ_find_sigid_by_algs +.Nd signature algorithm mappings +.Sh SYNOPSIS +.In openssl/objects.h +.Ft int +.Fo OBJ_add_sigid +.Fa "int signature" +.Fa "int digest" +.Fa "int encryption" +.Fc +.Ft void +.Fn OBJ_sigid_free void +.Ft int +.Fo OBJ_find_sigid_algs +.Fa "int signature" +.Fa "int *pdigest" +.Fa "int *pencryption" +.Fc +.Ft int +.Fo OBJ_find_sigid_by_algs +.Fa "int *psignature" +.Fa "int digest" +.Fa "int encryption" +.Fc +.Sh DESCRIPTION +.Fn OBJ_add_sigid +defines the +.Fa signature +algorithm to use the specified +.Fa digest +and +.Fa encryption +algorithms. +Making sure that this does not conflict with earlier invocations of +.Fn OBJ_add_sigid +is the responsibility of the caller. +Definitions made with +.Fn OBJ_add_sigid +take precedence over definitions built into the library. +.Pp +.Fn OBJ_sigid_free +deletes all definitions made with +.Fn OBJ_add_sigid . +.Pp +.Fn OBJ_find_sigid_algs +looks up the +.Fa signature +algorithm. +If it is found, the associated digest algorithm is stored in +.Pf * Fa pdigest +unless +.Fa pdigest +is a +.Dv NULL +pointer, and the associated encryption algorithm is stored in +.Pf * Fa pencryption +unless +.Fa pencryption +is a +.Dv NULL +pointer. +.Pp +.Fn OBJ_find_sigid_by_algs +looks up the pair +.Pq Fa digest , encryption . +If it is found, the associated signature algorithm is stored in +.Pf * Fa psignature +unless +.Fa psignature +is a +.Dv NULL +pointer. +.Sh RETURN VALUES +.Fn OBJ_add_sigid +returns 1 on success or 0 if memory allocation fails. +.Pp +.Fn OBJ_find_sigid_algs +returns 1 if a definition of the +.Fa signature +algorithm is found or 0 if a definition of the +.Fa signature +algorithm is neither built into the library nor provided with +.Fn OBJ_add_sigid . +.Pp +.Fn OBJ_find_sigid_by_algs +returns 1 if a signature algorithm using the specified +.Fa digest +and +.Fa encryption +algorithms is defined or 0 if the definition of such an algorithm +is neither built into the library nor provided with +.Fn OBJ_add_sigid . +.Sh SEE ALSO +.Xr EVP_cleanup 3 , +.Xr OBJ_create 3 , +.Xr OBJ_NAME_add 3 , +.Xr OBJ_nid2obj 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.0.0 +and have been available since +.Ox 4.9 . diff --git a/man/OBJ_create.3 b/man/OBJ_create.3 new file mode 100644 index 00000000..e587eb15 --- /dev/null +++ b/man/OBJ_create.3 @@ -0,0 +1,287 @@ +.\" $OpenBSD: OBJ_create.3,v 1.6 2022/01/01 02:06:07 jsg Exp $ +.\" full merge up to: +.\" OpenSSL OBJ_nid2obj.pod 9b86974e Aug 17 15:21:33 2015 -0400 +.\" selective merge up to: +.\" OpenSSL OBJ_nid2obj.pod 35fd9953 May 28 14:49:38 2019 +0200 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2017, 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2006 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: January 1 2022 $ +.Dt OBJ_CREATE 3 +.Os +.Sh NAME +.Nm OBJ_new_nid , +.Nm OBJ_add_object , +.Nm OBJ_create , +.\" OBJ_create_and_add_object is a deprecated, unused alias for OBJ_create(3). +.Nm OBJ_create_objects , +.Nm obj_cleanup_defer , +.Nm OBJ_cleanup , +.Nm check_defer +.Nd modify the table of ASN.1 object identifiers +.Sh SYNOPSIS +.In openssl/objects.h +.Ft int +.Fn OBJ_new_nid "int increment" +.Ft int +.Fn OBJ_add_object "const ASN1_OBJECT *object" +.Ft int +.Fo OBJ_create +.Fa "const char *oid" +.Fa "const char *sn" +.Fa "const char *ln" +.Fc +.Ft int +.Fn OBJ_create_objects "BIO *in_bio" +.Vt extern int obj_cleanup_defer ; +.Ft void +.Fn OBJ_cleanup void +.Ft void +.Fn check_defer "int nid" +.Sh DESCRIPTION +.Fn OBJ_new_nid +returns the smallest currently unassigned ASN.1 numeric +object identifier (NID) and reserves +.Fa increment +consecutive NIDs starting with it. +Passing an argument of 1 is usually recommended. +The return value can be assigned to a new object by passing it as the +.Fa nid +argument to +.Xr ASN1_OBJECT_create 3 +and by passing the resulting object to +.Fn OBJ_add_object . +.Pp +.Fn OBJ_add_object +adds a copy of the +.Fa object +to the internal table of ASN.1 object identifiers for use by +.Xr OBJ_nid2obj 3 +and related functions. +.Pp +.Fn OBJ_create +provides a simpler way to add a new object to the internal table. +.Fa oid +is the numerical form of the object, +.Fa sn +the short name and +.Fa ln +the long name. +A new NID is automatically assigned using +.Fn OBJ_new_nid . +.Pp +.Fn OBJ_create_objects +reads text lines of the form +.Pp +.D1 Fa oid sn ln +.Pp +from +.Fa in_bio +and calls +.Fn OBJ_create oid sn ln +for every line read. +The three fields of the input lines +are separated by one or more whitespace characters. +.Pp +For all three functions, the objects added to the internal table and +all the data contained in them is marked as not dynamically allocated. +Consequently, retrieving them with +.Xr OBJ_nid2obj 3 +or a similar function and then calling +.Xr ASN1_OBJECT_free 3 +on the returned pointer will have no effect. +.Pp +The global variable +.Va obj_cleanup_defer +controls the behaviour of +.Fn OBJ_cleanup +and +.Xr EVP_cleanup 3 . +.Pp +If +.Va obj_cleanup_defer +has the default value of 0, +.Fn OBJ_cleanup +resets the internal object table to its default state, +removing and freeing all objects that were added with +.Fn OBJ_add_object , +.Fn OBJ_create , +or +.Fn OBJ_create_objects . +Otherwise, +.Fn OBJ_cleanup +only sets +.Va obj_cleanup_defer +to 2, which defers the cleanup of the internal object table +to the next call of +.Xr EVP_cleanup 3 . +.Pp +By default, +.Xr EVP_cleanup 3 +has no effect on the internal object table. +Only if +.Va obj_cleanup_defer +is 2, it resets +.Va obj_cleanup_defer +to 0 and calls +.Fn OBJ_cleanup , +which then resets the table to its default state. +.Pp +The function +.Fn check_defer +sets +.Va obj_cleanup_defer +to 1 unless +.Fa nid +is a built-in numeric identifier, but it has no effect if +.Va obj_cleanup_defer +already differs from 0. +This function is called internally by various functions +in the EVP library, in particular by subroutines of +.Xr OpenSSL_add_all_ciphers 3 +and +.Xr OpenSSL_add_all_digests 3 . +.Pp +To reliably reset the internal object table no matter what the +current state may be, an application program needs to call both +.Fn OBJ_cleanup +and +.Xr EVP_cleanup 3 , +in this order. +The opposite order will usually not work. +.Sh RETURN VALUES +.Fn OBJ_new_nid +returns the new NID. +.Pp +.Fn OBJ_add_object +returns the NID associated with the +.Fa object +or +.Dv NID_undef +if memory allocation fails. +.Pp +.Fn OBJ_create +returns the new NID or +.Dv NID_undef +if +.Fa oid +is not a valid representation of an object identifier +or if memory allocation fails. +.Pp +.Fn OBJ_create_objects +returns the number of objects added. +.Pp +In some cases of failure of +.Fn OBJ_add_object , +.Fn OBJ_create , +and +.Fn OBJ_create_objects , +the reason can be determined with +.Xr ERR_get_error 3 . +.Sh EXAMPLES +Create a new NID and initialize an object from it: +.Bd -literal -offset indent +int new_nid; +ASN1_OBJECT *obj; + +new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier"); +obj = OBJ_nid2obj(new_nid); +.Ed +.Sh SEE ALSO +.Xr ASN1_OBJECT_new 3 , +.Xr EVP_cleanup 3 , +.Xr OBJ_add_sigid 3 , +.Xr OBJ_NAME_add 3 , +.Xr OBJ_nid2obj 3 +.Sh HISTORY +.Fn OBJ_new_nid , +.Fn OBJ_add_object , +and +.Fn OBJ_cleanup +first appeared in SSLeay 0.8.0 and +.Fn OBJ_create +in SSLeay 0.9.0. +These functions have been available since +.Ox 2.4 . +.Pp +.Va obj_cleanup_defer +and +.Fn check_defer +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . +.Sh BUGS +.Fn OBJ_new_nid +does not reserve any return value to indicate an error. +Consequently, to avoid conflicting NID assignments and integer overflows, +care must be taken to not pass negative, zero, or large arguments to +.Fn OBJ_new_nid . +.Pp +.Fn OBJ_create_objects +does not distinguish between end of file, I/O errors, temporary +unavailability of data on a non-blocking BIO, invalid input syntax, +and memory allocation failure. +In all these cases, reading is aborted and the number of objects +that were already added is returned. diff --git a/man/OBJ_nid2obj.3 b/man/OBJ_nid2obj.3 index db9cd05c..4b35762d 100644 --- a/man/OBJ_nid2obj.3 +++ b/man/OBJ_nid2obj.3 @@ -1,5 +1,6 @@ -.\" $OpenBSD: OBJ_nid2obj.3,v 1.15 2021/07/05 17:57:16 schwarze Exp $ -.\" OpenSSL c264592d May 14 11:28:00 2006 +0000 +.\" $OpenBSD: OBJ_nid2obj.3,v 1.19 2022/03/31 17:27:17 naddy Exp $ +.\" full merge up to: OpenSSL c264592d May 14 11:28:00 2006 +0000 +.\" selective merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: @@ -19,7 +20,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2006, 2015, 2016 The OpenSSL Project. +.\" Copyright (c) 2002, 2006, 2016 The OpenSSL Project. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -66,7 +67,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 5 2021 $ +.Dd $Mdocdate: March 31 2022 $ .Dt OBJ_NID2OBJ 3 .Os .Sh NAME @@ -81,8 +82,6 @@ .Nm OBJ_obj2txt , .Nm OBJ_cmp , .Nm OBJ_dup , -.Nm OBJ_create , -.Nm OBJ_cleanup , .Nm i2t_ASN1_OBJECT , .Nm i2a_ASN1_OBJECT .Nd inspect and create ASN.1 object identifiers @@ -137,14 +136,6 @@ .Fo OBJ_dup .Fa "const ASN1_OBJECT *o" .Fc -.Ft int -.Fo OBJ_create -.Fa "const char *oid" -.Fa "const char *sn" -.Fa "const char *ln" -.Fc -.Ft void -.Fn OBJ_cleanup void .In openssl/asn1.h .Ft int .Fo i2t_ASN1_OBJECT @@ -215,7 +206,7 @@ is 0 then long names and short names will be interpreted as well as numerical forms. If .Fa no_name -is 1 only the numerical form is acceptable. +is 1, only the numerical form is acceptable. .Pp .Fn OBJ_obj2txt converts the @@ -286,29 +277,6 @@ just returns .Fa o itself. .Pp -.Fn OBJ_create -adds a new object to the internal table. -.Fa oid -is the numerical form of the object, -.Fa sn -the short name and -.Fa ln -the long name. -A new NID is returned for the created object. -.Pp -The new object added to the internal table and all the data -contained in it is marked as not dynamically allocated. -Consequently, retrieving it with -.Fn OBJ_nid2obj -or a similar function and then calling -.Xr ASN1_OBJECT_free 3 -on the returned pointer will have no effect. -.Pp -.Fn OBJ_cleanup -cleans up the internal object table: this should be called before -an application exits if any new objects were added using -.Fn OBJ_create . -.Pp Objects can have a short name, a long name, and a numerical identifier (NID) associated with them. A standard set of objects is represented in an internal table. @@ -323,7 +291,7 @@ For example, the OID for commonName has the following definitions: .Ed .Pp New objects can be added by calling -.Fn OBJ_create . +.Xr OBJ_create 3 . .Pp Table objects have certain advantages over other objects: for example their NIDs can be used in a C language switch statement. @@ -385,11 +353,6 @@ and .Fa b are identical, or non-zero otherwise. .Pp -.Fn OBJ_create -returns the new NID or -.Dv NID_undef -if an error occurs. -.Pp In some cases of failure of .Fn OBJ_nid2obj , .Fn OBJ_nid2ln , @@ -398,7 +361,6 @@ In some cases of failure of .Fn OBJ_txt2obj , .Fn OBJ_obj2txt , .Fn OBJ_dup , -.Fn OBJ_create , .Fn i2t_ASN1_OBJECT , and .Fn i2a_ASN1_OBJECT , @@ -419,14 +381,6 @@ if (OBJ_obj2nid(obj) == NID_commonName) /* Do something */ .Ed .Pp -Create a new NID and initialize an object from it: -.Bd -literal -offset indent -int new_nid; -ASN1_OBJECT *obj; -new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier"); -obj = OBJ_nid2obj(new_nid); -.Ed -.Pp Create a new object directly: .Bd -literal -offset indent obj = OBJ_txt2obj("1.2.3.4", 1); @@ -434,7 +388,10 @@ obj = OBJ_txt2obj("1.2.3.4", 1); .Sh SEE ALSO .Xr ASN1_OBJECT_new 3 , .Xr BIO_new 3 , -.Xr d2i_ASN1_OBJECT 3 +.Xr d2i_ASN1_OBJECT 3 , +.Xr OBJ_add_sigid 3 , +.Xr OBJ_create 3 , +.Xr OBJ_NAME_add 3 .Sh HISTORY .Fn OBJ_nid2obj , .Fn OBJ_nid2ln , @@ -448,11 +405,7 @@ and .Fn OBJ_dup first appeared in SSLeay 0.5.1. .Fn i2a_ASN1_OBJECT -first appeared in SSLeay 0.6.0, -.Fn OBJ_cleanup -in SSLeay 0.8.0, and -.Fn OBJ_create -and +first appeared in SSLeay 0.6.0, and .Fn i2t_ASN1_OBJECT in SSLeay 0.9.0. All these functions have been available since diff --git a/man/OCSP_CRLID_new.3 b/man/OCSP_CRLID_new.3 index 4bb6971c..6feb6086 100644 --- a/man/OCSP_CRLID_new.3 +++ b/man/OCSP_CRLID_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OCSP_CRLID_new.3,v 1.7 2019/06/06 01:06:58 schwarze Exp $ +.\" $OpenBSD: OCSP_CRLID_new.3,v 1.8 2022/01/15 23:38:50 jsg Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: January 15 2022 $ .Dt OCSP_CRLID_NEW 3 .Os .Sh NAME @@ -23,7 +23,7 @@ .Nm OCSP_crlID_new .Nd OCSP CRL extension .Sh SYNOPSIS -.In opsenssl/ocsp.h +.In openssl/ocsp.h .Ft OCSP_CRLID * .Fn OCSP_CRLID_new void .Ft void diff --git a/man/OCSP_REQUEST_new.3 b/man/OCSP_REQUEST_new.3 index 29084a65..a304f601 100644 --- a/man/OCSP_REQUEST_new.3 +++ b/man/OCSP_REQUEST_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OCSP_REQUEST_new.3,v 1.11 2021/08/06 21:45:55 schwarze Exp $ +.\" $OpenBSD: OCSP_REQUEST_new.3,v 1.12 2022/02/19 13:09:36 jsg Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 6 2021 $ +.Dd $Mdocdate: February 19 2022 $ .Dt OCSP_REQUEST_NEW 3 .Os .Sh NAME @@ -173,7 +173,7 @@ object, representing an ASN.1 structure defined in RFC 6960. Such objects are used inside .Vt OCSP_REQINFO . -Each one asks about the validity of one certificiate. +Each one asks about the validity of one certificate. .Fn OCSP_ONEREQ_free frees .Fa onereq . diff --git a/man/OCSP_cert_to_id.3 b/man/OCSP_cert_to_id.3 index f2ed8b11..73a21867 100644 --- a/man/OCSP_cert_to_id.3 +++ b/man/OCSP_cert_to_id.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OCSP_cert_to_id.3,v 1.11 2021/08/06 21:45:55 schwarze Exp $ +.\" $OpenBSD: OCSP_cert_to_id.3,v 1.12 2022/03/31 17:27:17 naddy Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 6 2021 $ +.Dd $Mdocdate: March 31 2022 $ .Dt OCSP_CERT_TO_ID 3 .Os .Sh NAME @@ -180,7 +180,7 @@ and returns the issuer name hash, hash OID, issuer key hash and serial number contained in .Fa cid . -If any of the values are not required the corresponding parameter can be +If any of the values are not required, the corresponding parameter can be set to .Dv NULL . The values returned by diff --git a/man/OCSP_resp_find_status.3 b/man/OCSP_resp_find_status.3 index bcfefb57..06d0354b 100644 --- a/man/OCSP_resp_find_status.3 +++ b/man/OCSP_resp_find_status.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OCSP_resp_find_status.3,v 1.10 2019/08/27 10:00:41 schwarze Exp $ +.\" $OpenBSD: OCSP_resp_find_status.3,v 1.11 2022/03/31 17:27:17 naddy Exp $ .\" full merge up to: OpenSSL c952780c Jun 21 07:03:34 2016 -0400 .\" selective merge up to: OpenSSL 1212818e Sep 11 13:22:14 2018 +0100 .\" @@ -67,7 +67,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 27 2019 $ +.Dd $Mdocdate: March 31 2022 $ .Dt OCSP_RESP_FIND_STATUS 3 .Os .Sh NAME @@ -295,11 +295,11 @@ or .Fn OCSP_single_get0_status . If .Fa sec -is non-zero it indicates how many seconds leeway should be allowed in +is non-zero, it indicates how many seconds leeway should be allowed in the check. If .Fa maxsec -is positive it indicates the maximum age of +is positive, it indicates the maximum age of .Fa thisupd in seconds. .Pp diff --git a/man/OCSP_sendreq_new.3 b/man/OCSP_sendreq_new.3 index c8107c4d..300f7195 100644 --- a/man/OCSP_sendreq_new.3 +++ b/man/OCSP_sendreq_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OCSP_sendreq_new.3,v 1.9 2019/08/27 10:48:41 schwarze Exp $ +.\" $OpenBSD: OCSP_sendreq_new.3,v 1.10 2022/03/31 17:27:17 naddy Exp $ .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 27 2019 $ +.Dd $Mdocdate: March 31 2022 $ .Dt OCSP_SENDREQ_NEW 3 .Os .Sh NAME @@ -159,7 +159,7 @@ should be set to .Fn OCSP_sendreq_nbio performs non-blocking I/O on the OCSP request context .Fa rctx . -When the operation is complete it returns the response in +When the operation is complete, it returns the response in .Pf * Fa presp . If .Fn OCSP_sendreq_nbio diff --git a/man/OpenSSL_add_all_algorithms.3 b/man/OpenSSL_add_all_algorithms.3 index 9ef19e71..908b344f 100644 --- a/man/OpenSSL_add_all_algorithms.3 +++ b/man/OpenSSL_add_all_algorithms.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.8 2019/06/14 13:41:31 schwarze Exp $ +.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.11 2021/12/18 17:47:45 schwarze Exp $ .\" full merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 14 2019 $ +.Dd $Mdocdate: December 18 2021 $ .Dt OPENSSL_ADD_ALL_ALGORITHMS 3 .Os .Sh NAME @@ -98,11 +98,22 @@ If any of the above functions is called more than once, only the first call has an effect. .Pp .Fn EVP_cleanup -removes all ciphers and digests from the table. +removes all ciphers and digests from the table and also calls +.Xr OBJ_NAME_cleanup 3 +with an argument of \-1 and +.Xr OBJ_sigid_free 3 , +thus resetting the global associative array of names +and all signature algorithm definitions to their default states, +removing all application-defined types, key-value pairs, aliases, +and signature algorithm definitions, +including any that are unrelated to the EVP library. .Sh SEE ALSO .Xr evp 3 , .Xr EVP_DigestInit 3 , .Xr EVP_EncryptInit 3 , +.Xr OBJ_cleanup 3 , +.Xr OBJ_NAME_add 3 , +.Xr OBJ_sigid_free 3 , .Xr OPENSSL_config 3 .Sh HISTORY .Fn EVP_cleanup diff --git a/man/PEM_X509_INFO_read.3 b/man/PEM_X509_INFO_read.3 index 0e908b79..b3216a89 100644 --- a/man/PEM_X509_INFO_read.3 +++ b/man/PEM_X509_INFO_read.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: PEM_X509_INFO_read.3,v 1.3 2021/07/31 14:54:33 schwarze Exp $ +.\" $OpenBSD: PEM_X509_INFO_read.3,v 1.4 2021/10/19 10:39:33 schwarze Exp $ .\" .\" Copyright (c) 2020 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 31 2021 $ +.Dd $Mdocdate: October 19 2021 $ .Dt PEM_X509_INFO_READ 3 .Os .Sh NAME @@ -162,7 +162,8 @@ may sometimes return 0 anyway. .Xr X509_CRL_new 3 , .Xr X509_INFO_new 3 , .Xr X509_LOOKUP_new 3 , -.Xr X509_new 3 +.Xr X509_new 3 , +.Xr X509_PKEY_new 3 .Sh HISTORY .Fn PEM_X509_INFO_read first appeared in SSLeay 0.5.1 and diff --git a/man/PEM_read.3 b/man/PEM_read.3 index df1c84ee..48418b9f 100644 --- a/man/PEM_read.3 +++ b/man/PEM_read.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: PEM_read.3,v 1.13 2021/03/12 05:18:00 jsg Exp $ +.\" $OpenBSD: PEM_read.3,v 1.14 2022/01/15 23:38:50 jsg Exp $ .\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100 .\" .\" This file is a derived work. @@ -66,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 12 2021 $ +.Dd $Mdocdate: January 15 2022 $ .Dt PEM_READ 3 .Os .Sh NAME @@ -94,7 +94,7 @@ .Fa "BIO *bp" .Fa "const char *name" .Fa "const char *header" -.Fa "ocnst unsigned char *data" +.Fa "const unsigned char *data" .Fa "long len" .Fc .Ft int diff --git a/man/PEM_write_bio_ASN1_stream.3 b/man/PEM_write_bio_ASN1_stream.3 new file mode 100644 index 00000000..7b965e7b --- /dev/null +++ b/man/PEM_write_bio_ASN1_stream.3 @@ -0,0 +1,90 @@ +.\" $OpenBSD: PEM_write_bio_ASN1_stream.3,v 1.1 2021/12/13 18:55:22 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: December 13 2021 $ +.Dt PEM_WRITE_BIO_ASN1_STREAM 3 +.Os +.Sh NAME +.Nm PEM_write_bio_ASN1_stream +.Nd generic PEM encoder +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft int +.Fo PEM_write_bio_ASN1_stream +.Fa "BIO *out_bio" +.Fa "ASN1_VALUE *val_in" +.Fa "BIO *in_bio" +.Fa "int flags" +.Fa "const char *hdr" +.Fa "const ASN1_ITEM *it" +.Fc +.Sh DESCRIPTION +.Fn PEM_write_bio_ASN1_stream +writes the +.Fa val_in +argument of type +.Fa it +to +.Fa out_bio +in PEM format, that is, BER- and base64-encoded and surrounded by +.Qq -----BEGIN ...----- +and +.Qq -----END ...----- +lines with the +.Fa hdr +argument in place of the ellipses. +.Pp +The +.Fa flags +are passed through to +.Xr i2d_ASN1_bio_stream 3 . +In particular, if the bit +.Dv SMIME_STREAM +is set, streaming is performed, reading the content from +.Fa in_bio . +Streaming is only supported if +.Fa val_in +is of the type +.Vt CMS_ContentInfo +or +.Vt PKCS7 . +.Pp +If the bit +.Dv SMIME_STREAM +is not set, the arguments +.Fa in_bio +and +.Fa flags +are ignored and distinguished encoding rules (DER) are used. +.Sh RETURN VALUES +.Fn PEM_write_bio_ASN1_stream +is intended to return 1 on success or 0 on failure. +.Sh SEE ALSO +.Xr ASN1_item_i2d_bio 3 , +.Xr BIO_f_base64 3 , +.Xr BIO_new 3 , +.Xr i2d_ASN1_bio_stream 3 , +.Xr PEM_write_bio 3 , +.Xr PEM_write_bio_CMS_stream 3 , +.Xr PEM_write_bio_PKCS7_stream 3 +.Sh HISTORY +.Fn PEM_write_bio_ASN1_stream +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . +.Sh BUGS +Many kinds of errors are silently ignored. +This function may return 1 even if it only produced partial output +or no output at all. diff --git a/man/PEM_write_bio_CMS_stream.3 b/man/PEM_write_bio_CMS_stream.3 index 0a6b4d31..bd17e410 100644 --- a/man/PEM_write_bio_CMS_stream.3 +++ b/man/PEM_write_bio_CMS_stream.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: PEM_write_bio_CMS_stream.3,v 1.4 2019/11/02 15:39:46 schwarze Exp $ +.\" $OpenBSD: PEM_write_bio_CMS_stream.3,v 1.5 2021/12/13 18:55:22 schwarze Exp $ .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 2 2019 $ +.Dd $Mdocdate: December 13 2021 $ .Dt PEM_WRITE_BIO_CMS_STREAM 3 .Os .Sh NAME @@ -87,6 +87,7 @@ returns 1 for success or 0 for failure. .Xr ERR_get_error 3 , .Xr i2d_CMS_bio_stream 3 , .Xr PEM_write 3 , +.Xr PEM_write_bio_ASN1_stream 3 , .Xr SMIME_write_CMS 3 .Sh HISTORY .Fn PEM_write_bio_CMS_stream diff --git a/man/PEM_write_bio_PKCS7_stream.3 b/man/PEM_write_bio_PKCS7_stream.3 index dba2a42a..5b4175e4 100644 --- a/man/PEM_write_bio_PKCS7_stream.3 +++ b/man/PEM_write_bio_PKCS7_stream.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: PEM_write_bio_PKCS7_stream.3,v 1.10 2020/06/03 13:41:27 schwarze Exp $ +.\" $OpenBSD: PEM_write_bio_PKCS7_stream.3,v 1.11 2021/12/13 18:55:22 schwarze Exp $ .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 3 2020 $ +.Dd $Mdocdate: December 13 2021 $ .Dt PEM_WRITE_BIO_PKCS7_STREAM 3 .Os .Sh NAME @@ -80,6 +80,7 @@ otherwise 0 is returned and an error code can be retrieved with .Sh SEE ALSO .Xr BIO_new 3 , .Xr i2d_PKCS7_bio_stream 3 , +.Xr PEM_write_bio_ASN1_stream 3 , .Xr PEM_write_PKCS7 3 , .Xr PKCS7_final 3 , .Xr PKCS7_new 3 , diff --git a/man/PKCS12_create.3 b/man/PKCS12_create.3 index 1f44ef9b..bc00d3df 100644 --- a/man/PKCS12_create.3 +++ b/man/PKCS12_create.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: PKCS12_create.3,v 1.10 2021/07/09 12:07:27 schwarze Exp $ +.\" $OpenBSD: PKCS12_create.3,v 1.12 2022/03/31 17:27:17 naddy Exp $ .\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 .\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 .\" @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 9 2021 $ +.Dd $Mdocdate: March 31 2022 $ .Dt PKCS12_CREATE 3 .Os .Sh NAME @@ -137,10 +137,10 @@ should be set to PKCS12_DEFAULT_ITER. adds a flag to the store private key. This is a non-standard extension that is only currently interpreted by MSIE. -If set to zero the flag is omitted; if set to -.Dv KEY_SIG +If set to zero, the flag is omitted; if set to +.Dv KEY_SIG , the key can be used for signing only; and if set to -.Dv KEY_EX +.Dv KEY_EX , it can be used for signing and encryption. This option was useful for old export grade software which could use signing only keys of arbitrary size but had restrictions on the @@ -165,6 +165,7 @@ if an error occurred. .Sh SEE ALSO .Xr crypto 3 , .Xr d2i_PKCS12 3 , +.Xr EVP_PKEY_add1_attr 3 , .Xr PKCS12_new 3 , .Xr PKCS12_newpass 3 , .Xr PKCS12_parse 3 , diff --git a/man/PKCS7_verify.3 b/man/PKCS7_verify.3 index 42c3338e..d091c03d 100644 --- a/man/PKCS7_verify.3 +++ b/man/PKCS7_verify.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: PKCS7_verify.3,v 1.9 2019/06/10 14:58:48 schwarze Exp $ +.\" $OpenBSD: PKCS7_verify.3,v 1.11 2022/03/31 17:27:17 naddy Exp $ .\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 10 2019 $ +.Dd $Mdocdate: March 31 2022 $ .Dt PKCS7_VERIFY 3 .Os .Sh NAME @@ -100,6 +100,8 @@ operation. .Fn PKCS7_get0_signers retrieves the signer's certificates from .Fa p7 . +The signers must be freed with +.Fn sk_X509_free . It does .Sy not check their validity or whether any signatures are valid. @@ -131,13 +133,13 @@ parameter (if it is not and then looking in any certificates contained in the .Fa p7 structure itself. -If any signer's certificates cannot be located the operation fails. +If any signer's certificates cannot be located, the operation fails. .Pp Each signer's certificate is chain verified using the .Sy smimesign purpose and the supplied trusted certificate store. Any internal certificates in the message are used as untrusted CAs. -If any chain verify fails an error code is returned. +If any chain verify fails, an error code is returned. .Pp Finally, the signed content is read (and written to .Fa out @@ -220,6 +222,8 @@ an error occurs. returns all signers or .Dv NULL if an error occurred. +The signers must be freed with +.Fn sk_X509_free . .Pp The error can be obtained from .Xr ERR_get_error 3 . diff --git a/man/PKCS8_PRIV_KEY_INFO_new.3 b/man/PKCS8_PRIV_KEY_INFO_new.3 index 91cd25d4..2eb9aef0 100644 --- a/man/PKCS8_PRIV_KEY_INFO_new.3 +++ b/man/PKCS8_PRIV_KEY_INFO_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: PKCS8_PRIV_KEY_INFO_new.3,v 1.4 2019/06/06 01:06:59 schwarze Exp $ +.\" $OpenBSD: PKCS8_PRIV_KEY_INFO_new.3,v 1.6 2021/10/25 13:48:12 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: October 25 2021 $ .Dt PKCS8_PRIV_KEY_INFO_NEW 3 .Os .Sh NAME @@ -48,10 +48,13 @@ object or .Dv NULL if an error occurs. .Sh SEE ALSO +.Xr d2i_PKCS8_PRIV_KEY_INFO 3 , .Xr d2i_PKCS8PrivateKey_bio 3 , +.Xr EVP_PKCS82PKEY 3 , .Xr EVP_PKEY_asn1_set_private 3 , .Xr PEM_read_PKCS8_PRIV_KEY_INFO 3 , .Xr PKCS12_parse 3 , +.Xr PKCS8_pkey_set0 3 , .Xr X509_ATTRIBUTE_new 3 .Sh STANDARDS RFC 5208: PKCS#8: Private-Key Information Syntax Specification diff --git a/man/PKCS8_pkey_set0.3 b/man/PKCS8_pkey_set0.3 new file mode 100644 index 00000000..975f3fbe --- /dev/null +++ b/man/PKCS8_pkey_set0.3 @@ -0,0 +1,163 @@ +.\" $OpenBSD: PKCS8_pkey_set0.3,v 1.2 2021/10/25 13:48:12 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: October 25 2021 $ +.Dt PKCS8_PKEY_SET0 3 +.Os +.Sh NAME +.Nm PKCS8_pkey_set0 , +.Nm PKCS8_pkey_get0 , +.Nm PKCS8_pkey_add1_attr_by_NID , +.Nm PKCS8_pkey_get0_attrs +.Nd change and inspect PKCS#8 PrivateKeyInfo objects +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo PKCS8_pkey_set0 +.Fa "PKCS8_PRIV_KEY_INFO *keyinfo" +.Fa "ASN1_OBJECT *aobj" +.Fa "int version" +.Fa "int ptype" +.Fa "void *pval" +.Fa "unsigned char *data" +.Fa "int len" +.Fc +.Ft int +.Fo PKCS8_pkey_get0 +.Fa "const ASN1_OBJECT **paobj" +.Fa "const unsigned char **pdata" +.Fa "int *plen" +.Fa "const X509_ALGOR **palgor" +.Fa "const PKCS8_PRIV_KEY_INFO *keyinfo" +.Fc +.Ft int +.Fo PKCS8_pkey_add1_attr_by_NID +.Fa "PKCS8_PRIV_KEY_INFO *keyinfo" +.Fa "int nid" +.Fa "int type" +.Fa "const unsigned char *data" +.Fa "int len" +.Fc +.Ft const STACK_OF(X509_ATTRIBUTE) * +.Fo PKCS8_pkey_get0_attrs +.Fa "const PKCS8_PRIV_KEY_INFO *keyinfo" +.Fc +.Sh DESCRIPTION +.Fn PKCS8_pkey_set0 +initializes the +.Fa keyinfo +object. +The algorithm is set to +.Fa aobj +with the associated parameter type +.Fa ptype +and parameter value +.Fa pval +using +.Xr X509_ALGOR_set0 3 , +replacing any previous information about the algorithm. +Unless +.Fa data +is +.Dv NULL , +the encoded private key is set to the +.Fa len +bytes starting at +.Fa data +using +.Xr ASN1_STRING_set0 3 , +not performing any validation. +If +.Fa data +is +.Dv NULL , +the key data remains unchanged. +If the +.Fa version +argument is greater than or equal to 0, it replaces any existing version; +otherwise, the version remains unchanged. +If +.Fa keyinfo +contains any attributes, they remain unchanged. +.Pp +.Fn PKCS8_pkey_get0 +retrieves some information from the +.Fa keyinfo +object. +Internal pointers to the algorithm OID, the +.Vt AlgorithmIdentifier , +and the encoded private key are stored in +.Pf * Fa paobj , +.Pf * Fa palgor , +and +.Pf * Fa pdata , +respectively. +.Dv NULL +pointers can be passed for any of these three arguments if the respective +information is not needed. +Unless +.Fa pdata +is +.Dv NULL , +.Pf * Fa plen +is set to the number of bytes in +.Pf * Fa pdata . +.Pp +.Fn PKCS8_pkey_add1_attr_by_NID +creates a new X.501 Attribute object using +.Xr X509_ATTRIBUTE_create_by_NID 3 +and appends it to the attributes of +.Fa keyinfo +using +.Xr X509at_add1_attr 3 . +.Sh RETURN VALUES +.Fn PKCS8_pkey_set0 +and +.Fn PKCS8_pkey_add1_attr_by_NID +return 1 for success or 0 for failure. +.Pp +.Fn PKCS8_pkey_get0 +always returns 1. +.Pp +.Fn PKCS8_pkey_get0_attrs +returns an internal pointer to the array of attributes associated with +.Fa keyinfo +or +.Dv NULL +if no attributes are set. +.Sh SEE ALSO +.Xr ASN1_STRING_set0 3 , +.Xr EVP_PKCS82PKEY 3 , +.Xr OBJ_nid2obj 3 , +.Xr PKCS8_PRIV_KEY_INFO_new 3 , +.Xr STACK_OF 3 , +.Xr X509_ALGOR_new 3 , +.Xr X509_ATTRIBUTE_create_by_NID 3 , +.Xr X509_ATTRIBUTE_new 3 , +.Xr X509at_add1_attr 3 , +.Xr X509at_get_attr 3 +.Sh HISTORY +.Fn PKCS8_pkey_set0 +and +.Fn PKCS8_pkey_get0 +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . +.Pp +.Fn PKCS8_pkey_add1_attr_by_NID +and +.Fn PKCS8_pkey_get0_attrs +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 6.4 . diff --git a/man/POLICYINFO_new.3 b/man/POLICYINFO_new.3 index 7938ed59..b5cb6a5c 100644 --- a/man/POLICYINFO_new.3 +++ b/man/POLICYINFO_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: POLICYINFO_new.3,v 1.8 2021/07/26 14:03:43 schwarze Exp $ +.\" $OpenBSD: POLICYINFO_new.3,v 1.9 2021/10/27 11:24:47 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 26 2021 $ +.Dd $Mdocdate: October 27 2021 $ .Dt POLICYINFO_NEW 3 .Os .Sh NAME @@ -178,6 +178,7 @@ if an error occurs. .Xr d2i_POLICYINFO 3 , .Xr NAME_CONSTRAINTS_new 3 , .Xr X509_EXTENSION_new 3 , +.Xr X509_get_extension_flags 3 , .Xr X509_new 3 , .Xr X509_policy_tree_level_count 3 .Sh STANDARDS diff --git a/man/PROXY_POLICY_new.3 b/man/PROXY_POLICY_new.3 index 506b9cb2..c23a6201 100644 --- a/man/PROXY_POLICY_new.3 +++ b/man/PROXY_POLICY_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: PROXY_POLICY_new.3,v 1.5 2019/06/06 17:41:43 schwarze Exp $ +.\" $OpenBSD: PROXY_POLICY_new.3,v 1.6 2021/10/27 11:24:47 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: October 27 2021 $ .Dt PROXY_POLICY_NEW 3 .Os .Sh NAME @@ -86,6 +86,7 @@ if an error occurs. .Xr EXTENDED_KEY_USAGE_new 3 , .Xr POLICYINFO_new 3 , .Xr X509_EXTENSION_new 3 , +.Xr X509_get_extension_flags 3 , .Xr X509_new 3 .Sh STANDARDS RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy diff --git a/man/RSA_get_ex_new_index.3 b/man/RSA_get_ex_new_index.3 index cf3d3f6f..ee1e0e82 100644 --- a/man/RSA_get_ex_new_index.3 +++ b/man/RSA_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: RSA_get_ex_new_index.3,v 1.10 2018/03/23 23:18:17 schwarze Exp $ +.\" $OpenBSD: RSA_get_ex_new_index.3,v 1.11 2022/03/31 17:27:17 naddy Exp $ .\" OpenSSL 35cb565a Nov 19 15:49:30 2015 -0500 .\" .\" This file was written by Ulf Moeller and @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 23 2018 $ +.Dd $Mdocdate: March 31 2022 $ .Dt RSA_GET_EX_NEW_INDEX 3 .Os .Sh NAME @@ -117,7 +117,7 @@ with a structure (for example the hash of some part of the structure) or some additional data (for example a handle to the data in an external library). .Pp -Since the application data can be anything at all it is passed and +Since the application data can be anything at all, it is passed and retrieved as a .Vt void * type. diff --git a/man/RSA_new.3 b/man/RSA_new.3 index 9efcbd0b..b4c595ff 100644 --- a/man/RSA_new.3 +++ b/man/RSA_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: RSA_new.3,v 1.16 2019/11/01 12:02:58 schwarze Exp $ +.\" $OpenBSD: RSA_new.3,v 1.17 2022/07/13 21:51:35 schwarze Exp $ .\" full merge up to: .\" OpenSSL doc/man3/RSA_new.pod e9b77246 Jan 20 19:58:49 2017 +0100 .\" OpenSSL doc/crypto/rsa.pod 35d2e327 Jun 3 16:19:49 2016 -0400 (final) @@ -67,7 +67,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 1 2019 $ +.Dd $Mdocdate: July 13 2022 $ .Dt RSA_NEW 3 .Os .Sh NAME @@ -230,6 +230,7 @@ returns 1 for success or 0 for failure. .Xr RSA_private_encrypt 3 , .Xr RSA_PSS_PARAMS_new 3 , .Xr RSA_public_encrypt 3 , +.Xr RSA_security_bits 3 , .Xr RSA_set_method 3 , .Xr RSA_sign 3 , .Xr RSA_sign_ASN1_OCTET_STRING 3 , diff --git a/man/RSA_security_bits.3 b/man/RSA_security_bits.3 new file mode 100644 index 00000000..f7024a79 --- /dev/null +++ b/man/RSA_security_bits.3 @@ -0,0 +1,137 @@ +.\" $OpenBSD: RSA_security_bits.3,v 1.1 2022/07/13 17:32:16 schwarze Exp $ +.\" +.\" Copyright (c) 2022 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 13 2022 $ +.Dt RSA_SECURITY_BITS 3 +.Os +.Sh NAME +.Nm RSA_security_bits , +.Nm DSA_security_bits , +.Nm DH_security_bits , +.Nm BN_security_bits +.Nd get security strength +.Sh SYNOPSIS +.In openssl/rsa.h +.Ft int +.Fn RSA_security_bits "const RSA *rsa" +.In openssl/dsa.h +.Ft int +.Fn DSA_security_bits "const DSA *dsa" +.In openssl/dh.h +.Ft int +.Fn DH_security_bits "const DH *dh" +.In openssl/bn.h +.Ft int +.Fo BN_security_bits +.Fa "int pubbits" +.Fa "int privbits" +.Fc +.Sh DESCRIPTION +These functions return the security strength of some specific types of +cryptographic keys, measured in bits. +It is approximately the binary logarithm of the number of operations +an attacker has to perform in order to break the key. +.Pp +.Fn RSA_security_bits +uses only the number of significant bits in the public modulus of +.Fa rsa +as returned by +.Xr RSA_bits 3 . +It returns +.Bl -column 256 for 15360 last_column -offset indent +.It 256 Ta for Ta 15360 Ta or more significant bits +.It 192 Ta Ta 7680 Ta +.It 128 Ta Ta 3072 Ta +.It 112 Ta Ta 2048 Ta +.It 80 Ta Ta 1024 Ta +.El +.Pp +or 0 otherwise. +.Pp +.Fn DSA_security_bits +uses the number of significant bits in the public domain parameter +.Fa p +contained in the +.Fa dsa +object, which is equal to the size of the public key, in the same way as +.Fn RSA_security_bits . +In addition, the public domain parameter +.Fa q +contained in the +.Fa dsa +object, which is equal to the size of the private key, is inspected. +The return value is either the security strength according to the above table +or half the size of the private key, whichever is smaller. +If the return value would be smaller than 80, 0 is returned instead. +.Pp +.Fn DH_security_bits +uses the number of significant bits in the shared secret contained in the +.Fa dh +object as returned by +.Xr DH_bits 3 +in the same way as +.Fn RSA_security_bits . +If +.Fa dh +contains the domain parameter +.Fa q , +its number of significant bits is used in the same way as for +.Fn DSA_security_bits +to limit the return value. +Otherwise, if +.Fa dh +contains the length of the secret exponent in bits, +that number is used. +If neither is available, only the above table is used +without calculating a minimum. +.Pp +.Fn BN_security_bits +is a combined function. +If \-1 is passed for the +.Fa privbits +argument, it behaves like +.Fn RSA_security_bits . +Otherwise, it behaves like +.Fn DSA_security_bits . +.Sh RETURN VALUES +All these functions return numbers in the range from 0 to 256 inclusive. +.Pp +.Fn DSA_security_bits +fails and returns \-1 unless both of the +.Fa p +and +.Fa q +domain parameters are present. +.Sh SEE ALSO +.Xr BN_num_bits 3 , +.Xr DH_bits 3 , +.Xr DH_get0_pqg 3 , +.Xr DSA_get0_pqg 3 , +.Xr RSA_bits 3 , +.Xr SSL_CTX_set_security_level 3 +.Rs +.%A Elaine Barker +.%T Recommendation for Key Management +.%I U.S. National Institute of Standards and Technology +.%R NIST Special Publication 800-57 Part 1 Revision 5 +.%U https://doi.org/10.6028/NIST.SP.800-57pt1r5 +.%C Gaithersburg, MD +.%D May 2020 +.Re +.Sh HISTORY +These functions first appeared in OpenSSL 1.1.0 +and have been available since +.Ox 7.2 . diff --git a/man/RSA_set_method.3 b/man/RSA_set_method.3 index 9e700a0c..0169ba59 100644 --- a/man/RSA_set_method.3 +++ b/man/RSA_set_method.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: RSA_set_method.3,v 1.15 2019/06/08 10:40:51 schwarze Exp $ +.\" $OpenBSD: RSA_set_method.3,v 1.16 2022/01/15 23:38:50 jsg Exp $ .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Ulf Moeller @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 8 2019 $ +.Dd $Mdocdate: January 15 2022 $ .Dt RSA_SET_METHOD 3 .Os .Sh NAME @@ -113,7 +113,7 @@ that can be successfully initialized, it overrides the default. .Pp .Fn RSA_get_default_method returns a pointer to the current default method, -even if it is actually overridded by an +even if it is actually overridden by an .Vt ENGINE . .Pp .Fn RSA_set_method diff --git a/man/RSA_size.3 b/man/RSA_size.3 index 7218c2e1..8a552b4e 100644 --- a/man/RSA_size.3 +++ b/man/RSA_size.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: RSA_size.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ +.\" $OpenBSD: RSA_size.3,v 1.10 2022/07/13 21:51:35 schwarze Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Ulf Moeller and @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: July 13 2022 $ .Dt RSA_SIZE 3 .Os .Sh NAME @@ -85,7 +85,8 @@ The size. .Sh SEE ALSO .Xr BN_num_bits 3 , .Xr RSA_get0_key 3 , -.Xr RSA_new 3 +.Xr RSA_new 3 , +.Xr RSA_security_bits 3 .Sh HISTORY .Fn RSA_size first appeared in SSLeay 0.4.4 and has been available since diff --git a/man/SMIME_crlf_copy.3 b/man/SMIME_crlf_copy.3 new file mode 100644 index 00000000..3062634f --- /dev/null +++ b/man/SMIME_crlf_copy.3 @@ -0,0 +1,97 @@ +.\" $OpenBSD: SMIME_crlf_copy.3,v 1.2 2021/12/14 15:22:49 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: December 14 2021 $ +.Dt SMIME_CRLF_COPY 3 +.Os +.Sh NAME +.Nm SMIME_crlf_copy +.Nd buffered copy between BIOs +.Sh SYNOPSIS +.Ft int +.Fo SMIME_crlf_copy +.Fa "BIO *in_bio" +.Fa "BIO *out_bio" +.Fa "int flags" +.Fc +.Sh DESCRIPTION +.Fn SMIME_crlf_copy +copies data from +.Fa in_bio +to +.Fa out_bio . +To avoid many small write operations on +.Fa out_bio , +a buffering BIO created with +.Xr BIO_f_buffer 3 +is temporarily prepended to it. +.Pp +If the bit +.Dv SMIME_BINARY +is set in the +.Fa flags +argument, all the data is copied verbatim using +.Xr BIO_read 3 +and +.Xr BIO_write 3 . +.Pp +Otherwise, the data is read as text. +All trailing carriage return and newline characters are discarded +from every input line and a single pair of carriage return and +newline characters is appended to mark the end of every output line, +except that the last output line will end without such a pair if +the last input line does not have a newline character at the end. +.Pp +If the bit +.Dv SMIME_TEXT +is set in the +.Fa flags +argument and the bit +.Dv SMIME_BINARY +is not set, the line +.Qq Content-Type: text/plain +is prepended to the output +with two pairs of carriage return and newline characters after it. +.Pp +In any case, +.Xr BIO_flush 3 +is called on the output at the end of the function. +.Sh RETURN VALUES +.Fn SMIME_crlf_copy +is intended to return 1 on success or 0 on failure. +.Sh SEE ALSO +.Xr BIO_f_buffer 3 , +.Xr BIO_flush 3 , +.Xr BIO_new 3 , +.Xr BIO_push 3 , +.Xr BIO_read 3 , +.Xr i2d_ASN1_bio_stream 3 , +.Xr SMIME_text 3 , +.Xr SMIME_write_ASN1 3 +.Sh HISTORY +.Fn SMIME_crlf_copy +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . +.Sh BUGS +.Fn SMIME_crlf_copy +silently ignores most errors and may return 1 +even if it lost part or all of the data in transit. +.Pp +Only blocking BIOs are supported. +If any of the +.Vt BIO +arguments is non-blocking, part or all of the data is likely +to be silently lost in transit. diff --git a/man/SMIME_read_ASN1.3 b/man/SMIME_read_ASN1.3 new file mode 100644 index 00000000..32006456 --- /dev/null +++ b/man/SMIME_read_ASN1.3 @@ -0,0 +1,124 @@ +.\" $OpenBSD: SMIME_read_ASN1.3,v 1.2 2021/12/14 15:22:49 schwarze Exp $ +.\" full merge up to: +.\" OpenSSL SMIME_read_PKCS7.pod 83cf7abf May 29 13:07:08 2018 +0100 +.\" OpenSSL SMIME_read_CMS.pod b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2006, 2008 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 14 2021 $ +.Dt SMIME_READ_ASN1 3 +.Os +.Sh NAME +.Nm SMIME_read_ASN1 +.Nd generic S/MIME message parser +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft ASN1_VALUE * +.Fo SMIME_read_ASN1 +.Fa "BIO *in_bio" +.Fa "BIO **out_bio" +.Fa "const ASN1_ITEM *it" +.Fc +.Sh DESCRIPTION +.Fn SMIME_read_ASN1 +reads a message in S/MIME format from +.Fa in_bio . +.Pp +If the message uses cleartext signing, the content is saved in a memory +.Vt BIO +which is written to +.Pf * Fa out_bio . +Otherwise, +.Pf * Fa out_bio +is set to +.Dv NULL . +.Pp +To support future functionality, if +.Fa out_bio +is not +.Dv NULL , +.Pf * Fa out_bio +should be initialized to +.Dv NULL +before calling +.Fn SMIME_read_ASN1 . +.Sh RETURN VALUES +.Fn SMIME_read_ASN1 +returns a newly allocated object of type +.Fa it +or +.Dv NULL +if an error occurred. +The error can be obtained from +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr ASN1_item_d2i_bio 3 , +.Xr BIO_f_base64 3 , +.Xr BIO_new 3 , +.Xr SMIME_read_CMS 3 , +.Xr SMIME_read_PKCS7 3 , +.Xr SMIME_text 3 +.Sh HISTORY +.Fn SMIME_read_ASN1 +first appeared in OpenSSL 0.9.8h and has been available since +.Ox 4.5 . +.Sh BUGS +The MIME parser used by +.Fn SMIME_read_ASN1 +is somewhat primitive. +While it will handle most S/MIME messages, more complex compound +formats may not work. +.Pp +The parser assumes that the +structure is always base64 encoded, and it will not handle the case +where it is in binary format or uses quoted printable format. +.Pp +The use of a memory +to hold the signed content limits the size of the message which can +be processed due to memory restraints: a streaming single pass +option should be available. diff --git a/man/SMIME_read_CMS.3 b/man/SMIME_read_CMS.3 index bbfb1e54..e1b1d074 100644 --- a/man/SMIME_read_CMS.3 +++ b/man/SMIME_read_CMS.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SMIME_read_CMS.3,v 1.6 2019/11/02 15:39:46 schwarze Exp $ +.\" $OpenBSD: SMIME_read_CMS.3,v 1.7 2021/12/14 14:30:50 schwarze Exp $ .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,12 +48,12 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 2 2019 $ +.Dd $Mdocdate: December 14 2021 $ .Dt SMIME_READ_CMS 3 .Os .Sh NAME .Nm SMIME_read_CMS -.Nd parse S/MIME message +.Nd extract CMS ContentInfo from an S/MIME message .Sh SYNOPSIS .In openssl/cms.h .Ft CMS_ContentInfo * @@ -108,6 +108,7 @@ The error can be obtained from .Xr CMS_get0_type 3 , .Xr CMS_verify 3 , .Xr d2i_CMS_ContentInfo 3 , +.Xr SMIME_read_ASN1 3 , .Xr SMIME_write_CMS 3 .Sh HISTORY .Fn SMIME_read_CMS diff --git a/man/SMIME_read_PKCS7.3 b/man/SMIME_read_PKCS7.3 index 8ce739a7..dbe2765b 100644 --- a/man/SMIME_read_PKCS7.3 +++ b/man/SMIME_read_PKCS7.3 @@ -1,5 +1,5 @@ -.\" $OpenBSD: SMIME_read_PKCS7.3,v 1.7 2019/06/10 14:58:48 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" $OpenBSD: SMIME_read_PKCS7.3,v 1.8 2021/12/14 14:30:50 schwarze Exp $ +.\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100 .\" .\" This file was written by Dr. Stephen Henson . .\" Copyright (c) 2002, 2006 The OpenSSL Project. All rights reserved. @@ -48,12 +48,12 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 10 2019 $ +.Dd $Mdocdate: December 14 2021 $ .Dt SMIME_READ_PKCS7 3 .Os .Sh NAME .Nm SMIME_read_PKCS7 -.Nd parse S/MIME message +.Nd extract a PKCS#7 object from an S/MIME message .Sh SYNOPSIS .In openssl/pkcs7.h .Ft PKCS7 * @@ -125,6 +125,7 @@ The error can be obtained from .Xr ERR_get_error 3 . .Sh SEE ALSO .Xr PKCS7_new 3 , +.Xr SMIME_read_ASN1 3 , .Xr SMIME_write_PKCS7 3 .Sh HISTORY .Fn SMIME_read_PKCS7 diff --git a/man/SMIME_text.3 b/man/SMIME_text.3 new file mode 100644 index 00000000..a4c96899 --- /dev/null +++ b/man/SMIME_text.3 @@ -0,0 +1,57 @@ +.\" $OpenBSD: SMIME_text.3,v 1.1 2021/12/14 15:22:49 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: December 14 2021 $ +.Dt SMIME_TEXT 3 +.Os +.Sh NAME +.Nm SMIME_text +.Nd remove text/plain MIME headers +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft int +.Fo SMIME_text +.Fa "BIO *in_bio" +.Fa "BIO *out_bio" +.Fc +.Sh DESCRIPTION +.Fn SMIME_text +reads MIME headers from +.Fa in_bio , +checks that the content type is +.Dq text/plain , +discards the MIME headers, +and copies the text that follows the headers from +.Fa in_bio +to +.Fa out_bio . +.Sh RETURN VALUES +.Fn SMIME_text +returns 1 on success or 0 if memory allocation, reading the input, +or parsing the MIME headers fails, if there is no +.Dq content-type +header, or if the content type is not +.Dq text/plain . +.Sh SEE ALSO +.Xr SMIME_crlf_copy 3 , +.Xr SMIME_read_ASN1 3 +.Sh HISTORY +.Fn SMIME_text +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . +.Sh CAVEATS +.Fn SMIME_text +does not support non-blocking BIOs. diff --git a/man/SMIME_write_ASN1.3 b/man/SMIME_write_ASN1.3 new file mode 100644 index 00000000..971cd226 --- /dev/null +++ b/man/SMIME_write_ASN1.3 @@ -0,0 +1,166 @@ +.\" $OpenBSD: SMIME_write_ASN1.3,v 1.1 2021/12/13 17:24:39 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: December 13 2021 $ +.Dt SMIME_WRITE_ASN1 3 +.Os +.Sh NAME +.Nm SMIME_write_ASN1 +.Nd generate an S/MIME message +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft int +.Fo SMIME_write_ASN1 +.Fa "BIO *out_bio" +.Fa "ASN1_VALUE *val_in" +.Fa "BIO *in_bio" +.Fa "int flags" +.Fa "int ctype_nid" +.Fa "int econt_nid" +.Fa "STACK_OF(X509_ALGOR) *micalg" +.Fa "const ASN1_ITEM *it" +.Fc +.Sh DESCRIPTION +.Fn SMIME_write_ASN1 +generates an S/MIME message on +.Fa out_bio +by writing MIME 1.0 headers +followed by a BER- and base64-encoded serialization of +.Fa val_in , +which can be of the type +.Vt CMS_ContentInfo +or +.Vt PKCS7 +and has to match the +.Fa it +argument. +.Pp +The +.Fa flags +can be the logical OR of zero or more of the following bits: +.Bl -tag -width Ds +.It Dv PKCS7_REUSE_DIGEST +Skip the calls to +.Xr PKCS7_dataInit 3 +and +.Xr PKCS7_dataFinal 3 . +This flag has no effect unless +.Dv SMIME_DETACHED +is also set. +It is normally used if +.Fa out_bio +is already set up to calculate and finalize the digest when written through. +.It Dv SMIME_BINARY +If specified, this flag is passed through to +.Xr SMIME_crlf_copy 3 . +.It Dv SMIME_CRLFEOL +End MIME header lines with pairs of carriage return and newline characters. +By default, no carriage return characters are written +and header lines are ended with newline characters only. +.It Dv SMIME_DETACHED +Use cleartext signing. +Generate a +.Qq multipart/signed +S/MIME message using the +.Fa micalg +argument and ignoring the +.Fa ctype_nid +and +.Fa econt_nid +arguments. +The content is read from +.Fa in_bio . +If +.Fa in_bio +is a +.Dv NULL +pointer, this flag is ignored. +.Pp +If this flag is ignored or not specified, +the smime-type is chosen according to +.Fa ctype_nid +instead: +.Bl -tag -width Ds +.It Dv NID_pkcs7_enveloped +.Qq enveloped-data +.It Dv NID_pkcs7_signed +.Qq signed-receipt +if +.Fa econt_nid +is +.Dv NID_id_smime_ct_receipt +.br +.Qq signed-data +if +.Fa micalg +is not empty +.br +.Qq certs-only +if +.Fa micalg +is empty +.It Dv NID_id_smime_ct_compressedData +.Qq compressed-data +.El +.It Dv SMIME_OLDMIME +In Content-Type headers, use +.Qq application/x-pkcs7-mime +or +.Qq application/x-pkcs7-signature . +By default, +.Qq application/pkcs7-mime +or +.Qq application/pkcs7-signature +are used instead. +.It Dv SMIME_STREAM +Perform streaming by passing this flag through to +.Xr i2d_ASN1_bio_stream 3 +and reading the content from +.Fa in_bio . +This only works if +.Dv SMIME_DETACHED +is not specified. +.It SMIME_TEXT +Prepend the line +.Qq Content-Type: text/plain +to the content. +This only makes sense if +.Dv SMIME_DETACHED +is also set. +It is ignored if the flag +.Dv SMIME_BINARY +is also set. +.El +.Sh RETURN VALUES +.Fn SMIME_write_ASN1 +is intended to return 1 on success or 0 on failure. +.Sh SEE ALSO +.Xr ASN1_item_i2d_bio 3 , +.Xr BIO_f_base64 3 , +.Xr BIO_new 3 , +.Xr i2d_ASN1_bio_stream 3 , +.Xr SMIME_crlf_copy 3 , +.Xr SMIME_write_CMS 3 , +.Xr SMIME_write_PKCS7 3 , +.Xr X509_ALGOR_new 3 +.Sh HISTORY +.Fn SMIME_write_ASN1 +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . +.Sh BUGS +.Fn SMIME_write_ASN1 +ignores most errors and is likely to return 1 +even after producing corrupt or incomplete output. diff --git a/man/SMIME_write_CMS.3 b/man/SMIME_write_CMS.3 index 5a4e607a..c2c6b77e 100644 --- a/man/SMIME_write_CMS.3 +++ b/man/SMIME_write_CMS.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SMIME_write_CMS.3,v 1.5 2019/11/02 15:39:46 schwarze Exp $ +.\" $OpenBSD: SMIME_write_CMS.3,v 1.6 2021/12/13 17:24:39 schwarze Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 2 2019 $ +.Dd $Mdocdate: December 13 2021 $ .Dt SMIME_WRITE_CMS 3 .Os .Sh NAME @@ -120,7 +120,8 @@ returns 1 for success or 0 for failure. .Xr CMS_encrypt 3 , .Xr CMS_sign 3 , .Xr d2i_CMS_ContentInfo 3 , -.Xr ERR_get_error 3 +.Xr ERR_get_error 3 , +.Xr SMIME_write_ASN1 3 .Sh HISTORY .Fn SMIME_write_CMS first appeared in OpenSSL 0.9.8h diff --git a/man/SMIME_write_PKCS7.3 b/man/SMIME_write_PKCS7.3 index 39d8b5d8..c1a9f051 100644 --- a/man/SMIME_write_PKCS7.3 +++ b/man/SMIME_write_PKCS7.3 @@ -1,7 +1,24 @@ -.\" $OpenBSD: SMIME_write_PKCS7.3,v 1.7 2020/06/03 13:41:27 schwarze Exp $ +.\" $OpenBSD: SMIME_write_PKCS7.3,v 1.9 2021/12/14 15:46:48 schwarze Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" -.\" This file was written by Dr. Stephen Henson . +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . .\" Copyright (c) 2002, 2003, 2006, 2007, 2015 The OpenSSL Project. .\" All rights reserved. .\" @@ -49,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 3 2020 $ +.Dd $Mdocdate: December 14 2021 $ .Dt SMIME_WRITE_PKCS7 3 .Os .Sh NAME @@ -115,6 +132,25 @@ was also set in the previous call to or .Xr PKCS7_encrypt 3 . .Pp +The bit +.Dv SMIME_OLDMIME +is inverted before passing on the +.Fa flags +to +.Xr SMIME_write_ASN1 3 . +Consequently, if this bit is set in the +.Fa flags +argument, +.Qq application/pkcs7-mime +or +.Qq application/pkcs7-signature +is used in Content-Type headers. +Otherwise, +.Qq application/x-pkcs7-mime +or +.Qq application/x-pkcs7-signature +is used. +.Pp If cleartext signing is being used and .Dv PKCS7_STREAM is not set, then the data must be read twice: once to compute the @@ -136,7 +172,8 @@ otherwise 0 is returned and an error code can be retrieved with .Xr PEM_write_PKCS7 3 , .Xr PKCS7_final 3 , .Xr PKCS7_new 3 , -.Xr SMIME_read_PKCS7 3 +.Xr SMIME_read_PKCS7 3 , +.Xr SMIME_write_ASN1 3 .Sh HISTORY .Fn SMIME_write_PKCS7 first appeared in OpenSSL 0.9.5 and has been available since diff --git a/man/SSL_CIPHER_get_name.3 b/man/SSL_CIPHER_get_name.3 index d6733729..235ff140 100644 --- a/man/SSL_CIPHER_get_name.3 +++ b/man/SSL_CIPHER_get_name.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_CIPHER_get_name.3,v 1.12 2021/05/12 15:12:35 tb Exp $ +.\" $OpenBSD: SSL_CIPHER_get_name.3,v 1.14 2022/07/17 08:51:07 jsg Exp $ .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 .\" @@ -52,7 +52,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 12 2021 $ +.Dd $Mdocdate: July 17 2022 $ .Dt SSL_CIPHER_GET_NAME 3 .Os .Sh NAME @@ -180,7 +180,7 @@ returns the ID of the given which must not be .Dv NULL . The ID here is an OpenSSL-specific concept, which stores a prefix -of 0x0300 in the higher two bytes and the IANA-specified chipher +of 0x0300 in the higher two bytes and the IANA-specified cipher suite ID in the lower two bytes. For instance, TLS_RSA_WITH_NULL_MD5 has IANA ID "0x00, 0x01", so .Fn SSL_CIPHER_get_id @@ -259,8 +259,8 @@ Encryption method with number of secret bits: .Sy RC4(128) , .Sy AES(128) , .Sy AES(256) , -.Sy AESCGM(128) , -.Sy AESCGM(256) , +.Sy AESGCM(128) , +.Sy AESGCM(256) , .Sy Camellia(128) , .Sy Camellia(256) , .Sy ChaCha20-Poly1305 , diff --git a/man/SSL_CTX_new.3 b/man/SSL_CTX_new.3 index c1c7635d..4b50a03d 100644 --- a/man/SSL_CTX_new.3 +++ b/man/SSL_CTX_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_CTX_new.3,v 1.16 2021/04/15 16:30:14 tb Exp $ +.\" $OpenBSD: SSL_CTX_new.3,v 1.17 2022/07/13 22:05:53 schwarze Exp $ .\" full merge up to: OpenSSL 21cd6e00 Oct 21 14:40:15 2015 +0100 .\" selective merge up to: OpenSSL 8f75443f May 24 14:04:26 2019 +0200 .\" @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 15 2021 $ +.Dd $Mdocdate: July 13 2022 $ .Dt SSL_CTX_NEW 3 .Os .Sh NAME @@ -141,8 +141,8 @@ creates a new .Vt SSL_CTX object as a framework to establish TLS or DTLS enabled connections. It initializes the list of ciphers, the session cache setting, the -callbacks, the keys and certificates, and the options to its default -values. +callbacks, the keys and certificates, the options, and the security +level to its default values. .Pp An .Vt SSL_CTX @@ -284,6 +284,7 @@ functions return pointers to constant static objects. .Xr SSL_CTX_free 3 , .Xr SSL_CTX_set_min_proto_version 3 , .Xr SSL_CTX_set_options 3 , +.Xr SSL_CTX_set_security_level 3 , .Xr SSL_set_connect_state 3 .Sh HISTORY .Fn SSL_CTX_new diff --git a/man/SSL_CTX_sess_set_get_cb.3 b/man/SSL_CTX_sess_set_get_cb.3 index 5b2b4ba9..e99f2be6 100644 --- a/man/SSL_CTX_sess_set_get_cb.3 +++ b/man/SSL_CTX_sess_set_get_cb.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_CTX_sess_set_get_cb.3,v 1.6 2018/04/25 14:07:57 schwarze Exp $ +.\" $OpenBSD: SSL_CTX_sess_set_get_cb.3,v 1.7 2022/03/29 18:15:52 naddy Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Lutz Jaenicke . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 25 2018 $ +.Dd $Mdocdate: March 29 2022 $ .Dt SSL_CTX_SESS_SET_GET_CB 3 .Os .Sh NAME @@ -151,7 +151,7 @@ caching is enabled (see .Xr SSL_CTX_set_session_cache_mode 3 ) . The .Fn new_session_cb -is passed the +function is passed the .Fa ssl connection and the ssl session .Fa sess . @@ -159,7 +159,8 @@ If the callback returns 0, the session will be immediately removed again. .Pp The .Fn remove_session_cb -is called whenever the SSL engine removes a session from the internal cache. +function is called whenever the SSL engine removes a session from the +internal cache. This happens when the session is removed because it is expired or when a connection was not shut down cleanly. It also happens for all sessions in the internal session cache when @@ -184,7 +185,7 @@ The function is always called, also when session caching was disabled. The .Fn get_session_cb -is passed the +function is passed the .Fa ssl connection, the session id of length .Fa length diff --git a/man/SSL_CTX_set_keylog_callback.3 b/man/SSL_CTX_set_keylog_callback.3 new file mode 100644 index 00000000..04c94fa8 --- /dev/null +++ b/man/SSL_CTX_set_keylog_callback.3 @@ -0,0 +1,56 @@ +.\" $OpenBSD: SSL_CTX_set_keylog_callback.3,v 1.2 2021/10/23 13:17:03 schwarze Exp $ +.\" OpenSSL pod checked up to: 61f805c1 Jan 16 01:01:46 2018 +0800 +.\" +.\" Copyright (c) 2021 Bob Beck +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: October 23 2021 $ +.Dt SSL_CTX_SET_KEYLOG_CALLBACK 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_keylog_callback , +.Nm SSL_CTX_get_keylog_callback +.Nd set and get the unused key logging callback +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft typedef void +.Fo (*SSL_CTX_keylog_cb_func) +.Fa "const SSL *ssl" +.Fa "const char *line" +.Fc +.Ft void +.Fn SSL_CTX_set_keylog_callback "SSL_CTX *ctx" "SSL_CTX_keylog_cb_func cb" +.Ft SSL_CTX_keylog_cb_func +.Fn SSL_CTX_get_keylog_callback "const SSL_CTX *ctx" +.Sh DESCRIPTION +.Fn SSL_CTX_set_keylog_callback +sets the TLS key logging callback. +This callback is never called in LibreSSL. +.Pp +.Fn SSL_CTX_set_keylog_callback +retrieves the previously set TLS key logging callback. +.Pp +These functions are provided only for compatibility with OpenSSL. +.Sh RETURN VALUES +.Fn SSL_CTX_get_keylog_callback +returns the previously set TLS key logging callback, or +.Dv NULL +if no callback has been set. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_new 3 +.Sh HISTORY +These function first appeared in OpenSSL 1.1.1 +and have been available since +.Ox 7.1 . diff --git a/man/SSL_CTX_set_num_tickets.3 b/man/SSL_CTX_set_num_tickets.3 new file mode 100644 index 00000000..cb6d7e00 --- /dev/null +++ b/man/SSL_CTX_set_num_tickets.3 @@ -0,0 +1,63 @@ +.\" $OpenBSD: SSL_CTX_set_num_tickets.3,v 1.2 2021/10/23 17:20:50 schwarze Exp $ +.\" OpenSSL pod checked up to: 5402f96a Sep 11 09:58:52 2021 +0100 +.\" +.\" Copyright (c) 2021 Bob Beck +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: October 23 2021 $ +.Dt SSL_CTX_SET_NUM_TICKETS 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_num_tickets , +.Nm SSL_CTX_get_num_tickets , +.Nm SSL_set_num_tickets , +.Nm SSL_get_num_tickets +.Nd set and get the number of TLS 1.3 session tickets to be sent +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_CTX_set_num_tickets "SSL_CTX *ctx" "size_t num_tickets" +.Ft size_t +.Fn SSL_CTX_get_num_tickets "const SSL_CTX *ctx" +.Ft int +.Fn SSL_set_num_tickets "SSL *ssl" "size_t num_tickets" +.Ft size_t +.Fn SSL_get_num_tickets "const SSL *ssl" +.Sh DESCRIPTION +These functions set and retrieve +the configured number of session tickets for +.Fa ctx +and +.Fa ssl , +respectively. +.Pp +They are provided only for compatibility with OpenSSL +and have no effect in LibreSSL. +.Sh RETURN VALUES +.Fn SSL_CTX_set_num_tickets +and +.Fn SSL_set_num_tickets +always return 1. +.Pp +.Fn SSL_CTX_get_num_tickets +and +.Fn SSL_get_num_tickets +return the previously set number of tickets, or 0 if it has not been set. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_new 3 +.Sh HISTORY +These function first appeared in OpenSSL 1.1.1 +and have been available since +.Ox 7.1 . diff --git a/man/SSL_CTX_set_options.3 b/man/SSL_CTX_set_options.3 index 34c3a1ad..5df0b077 100644 --- a/man/SSL_CTX_set_options.3 +++ b/man/SSL_CTX_set_options.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_CTX_set_options.3,v 1.15 2021/06/12 11:02:20 tb Exp $ +.\" $OpenBSD: SSL_CTX_set_options.3,v 1.16 2022/03/31 17:27:18 naddy Exp $ .\" full merge up to: OpenSSL 7946ab33 Dec 6 17:56:41 2015 +0100 .\" selective merge up to: OpenSSL edb79c3a Mar 29 10:07:14 2017 +1000 .\" @@ -52,7 +52,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 12 2021 $ +.Dd $Mdocdate: March 31 2022 $ .Dt SSL_CTX_SET_OPTIONS 3 .Os .Sh NAME @@ -206,7 +206,7 @@ Normally clients and servers using TLSv1.2 and earlier will, where possible, transparently make use of RFC 5077 tickets for stateless session resumption. .Pp -If this option is set this functionality is disabled and tickets will not be +If this option is set, this functionality is disabled and tickets will not be used by clients or servers. .It Dv SSL_OP_NO_TLSv1 Do not use the TLSv1.0 protocol. @@ -273,7 +273,7 @@ server with a .Em no_renegotiation warning alert. .Pp -If the patched OpenSSL server attempts to renegotiate a fatal +If the patched OpenSSL server attempts to renegotiate, a fatal .Em handshake_failure alert is sent. This is because the server code may be unaware of the unpatched nature of the @@ -306,7 +306,7 @@ them initially) and this is clearly not acceptable. Renegotiation is permitted because this does not add any additional security issues: during an attack clients do not see any renegotiations anyway. .Pp -As more servers become patched the option +As more servers become patched, the option .Dv SSL_OP_LEGACY_SERVER_CONNECT will .Em not diff --git a/man/SSL_CTX_set_security_level.3 b/man/SSL_CTX_set_security_level.3 new file mode 100644 index 00000000..529352cf --- /dev/null +++ b/man/SSL_CTX_set_security_level.3 @@ -0,0 +1,159 @@ +.\" $OpenBSD: SSL_CTX_set_security_level.3,v 1.1 2022/07/13 20:52:36 schwarze Exp $ +.\" +.\" Copyright (c) 2022 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 13 2022 $ +.Dt SSL_CTX_SET_SECURITY_LEVEL 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_security_level , +.Nm SSL_set_security_level , +.Nm SSL_CTX_get_security_level , +.Nm SSL_get_security_level +.Nd change security level for TLS +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fo SSL_CTX_set_security_level +.Fa "SSL_CTX *ctx" +.Fa "int level" +.Fc +.Ft void +.Fo SSL_set_security_level +.Fa "SSL *s" +.Fa "int level" +.Fc +.Ft int +.Fo SSL_CTX_get_security_level +.Fa "const SSL_CTX *ctx" +.Fc +.Ft int +.Fo SSL_get_security_level +.Fa "const SSL *s" +.Fc +.Sh DESCRIPTION +A security level is a set of restrictions on algorithms, key lengths, +protocol versions, and other features in TLS connections. +These restrictions apply in addition to those that exist from individually +selecting supported features, for example ciphers, curves, or algorithms. +.Pp +The following table shows properties of the various security levels: +.Bl -column # sec 15360 ECC TLS SHA1 -offset indent +.It # Ta sec Ta \0\0RSA Ta ECC Ta TLS Ta MAC +.It 0 Ta \0\00 Ta \0\0\0\00 Ta \0\00 Ta 1.0 Ta MD5 +.It 1 Ta \080 Ta \01024 Ta 160 Ta 1.0 Ta RC4 +.It 2 Ta 112 Ta \02048 Ta 224 Ta 1.0 Ta +.It 3 Ta 128 Ta \03072 Ta 256 Ta 1.1 Ta SHA1 +.It 4 Ta 192 Ta \07680 Ta 384 Ta 1.2 Ta +.It 5 Ta 256 Ta 15360 Ta 512 Ta 1.2 Ta +.El +.Pp +The meaning of the columns is as follows: +.Pp +.Bl -tag -width features -compact +.It # +The number of the +.Fa level . +.It sec +The minimum security strength measured in bits, which is approximately +the binary logarithm of the number of operations an attacker has +to perform in order to break a cryptographic key. +This minimum strength is enforced for all relevant parameters +including cipher suite encryption algorithms, ECC curves, signature +algorithms, DH parameter sizes, and certificate algorithms and key +sizes. +See SP800-57 below +.Sx SEE ALSO +for details on individual algorithms. +.It RSA +The minimum key length in bits for the RSA, DSA, and DH algorithms. +.It ECC +The minimum key length in bits for ECC algorithms. +.It TLS +The minimum TLS protocol version. +.It MAC +Cipher suites using the given MACs are allowed on this level +and on lower levels, but not on higher levels. +.El +.Pp +Level 0 is only provided for backward compatibility and permits everything. +.Pp +Level 3 and higher disable support for session tickets +and only accept cipher suites that provide forward secrecy. +.Pp +The functions +.Fn SSL_CTX_set_security_level +and +.Fn SSL_set_security_level +choose the security +.Fa level +for +.Fa ctx +or +.Fa s , +respectively. +If not set, security level 1 is used. +.Pp +.Xr SSL_CTX_new 3 +initializes the security level of the new object to 1. +.Pp +.Xr SSL_new 3 +and +.Xr SSL_set_SSL_CTX 3 +copy the security level from the context to the SSL object. +.Pp +.Xr SSL_dup 3 +copies the security level from the old to the new object. +.Sh RETURN VALUES +.Fn SSL_CTX_get_security_level +and +.Fn SSL_get_security_level +return the security level configured in +.Fa ctx +or +.Fa s , +respectively. +.Sh SEE ALSO +.Xr EVP_PKEY_security_bits 3 , +.Xr RSA_security_bits 3 , +.Xr ssl 3 , +.Xr SSL_CTX_new 3 , +.Xr SSL_new 3 +.Rs +.%A Elaine Barker +.%T Recommendation for Key Management +.%I U.S. National Institute of Standards and Technology +.%R NIST Special Publication 800-57 Part 1 Revision 5 +.%U https://doi.org/10.6028/NIST.SP.800-57pt1r5 +.%C Gaithersburg, MD +.%D May 2020 +.Re +.Sh HISTORY +These functions first appeared in OpenSSL 1.1.0 +and have been available since +.Ox 7.2 . +.Sh CAVEATS +Applications which do not check the return values +of configuration functions will misbehave. +For example, if an application does not check the return value +after trying to set a certificate and the certificate is rejected +because of the security level, the application may behave as if +no certificate had been provided at all. +.Pp +While some restrictions may be handled gracefully by negotiations +between the client and the server, other restrictions may be +fatal and abort the TLS handshake. +For example, this can happen if the peer certificate contains a key +that is too short or if the DH parameter size is too small. diff --git a/man/SSL_CTX_set_tlsext_ticket_key_cb.3 b/man/SSL_CTX_set_tlsext_ticket_key_cb.3 index e4756fe7..b6ccabae 100644 --- a/man/SSL_CTX_set_tlsext_ticket_key_cb.3 +++ b/man/SSL_CTX_set_tlsext_ticket_key_cb.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_CTX_set_tlsext_ticket_key_cb.3,v 1.6 2021/06/11 19:41:39 jmc Exp $ +.\" $OpenBSD: SSL_CTX_set_tlsext_ticket_key_cb.3,v 1.8 2022/01/25 18:01:20 tb Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Rich Salz @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 11 2021 $ +.Dd $Mdocdate: January 25 2022 $ .Dt SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 .Os .Sh NAME @@ -93,14 +93,14 @@ The server, through the callback function, either agrees to reuse the session ticket information or it starts a full TLS handshake to create a new session ticket. .Pp -Before the callback function is started, +The callback is called with .Fa ctx and .Fa hctx -have been initialised with -.Xr EVP_CIPHER_CTX_init 3 +which were newly allocated with +.Xr EVP_CIPHER_CTX_new 3 and -.Xr HMAC_CTX_init 3 , +.Xr HMAC_CTX_new 3 , respectively. .Pp For new sessions tickets, when the client doesn't present a session @@ -127,7 +127,7 @@ length is the length of the IV of the corresponding cipher. The maximum IV length is .Dv EVP_MAX_IV_LENGTH bytes defined in -.In opsenssl/evp.h . +.In openssl/evp.h . .Pp The initialization vector .Fa iv diff --git a/man/SSL_CTX_set_tmp_dh_callback.3 b/man/SSL_CTX_set_tmp_dh_callback.3 index 2628c65a..8be504d3 100644 --- a/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/man/SSL_CTX_set_tmp_dh_callback.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.8 2020/03/30 10:28:59 schwarze Exp $ +.\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.10 2022/03/31 17:27:18 naddy Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Lutz Jaenicke . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 30 2020 $ +.Dd $Mdocdate: March 31 2022 $ .Dt SSL_CTX_SET_TMP_DH_CALLBACK 3 .Os .Sh NAME @@ -113,11 +113,11 @@ Anonymous ciphers (without a permanent server key) also use ephemeral DH keys. Using ephemeral DH key exchange yields forward secrecy, as the connection can only be decrypted when the DH key is known. By generating a temporary DH key inside the server application that is lost -when the application is left, it becomes impossible for an attacker to decrypt -past sessions, even if he gets hold of the normal (certified) key, +when the application is left, it becomes impossible for attackers to decrypt +past sessions, even if they get hold of the normal (certified) key, as this key was only used for signing. .Pp -In order to perform a DH key exchange the server must use a DH group +In order to perform a DH key exchange, the server must use a DH group (DH parameters) and generate a DH key. The server will always generate a new DH key during the negotiation. .Pp diff --git a/man/SSL_CTX_set_tmp_rsa_callback.3 b/man/SSL_CTX_set_tmp_rsa_callback.3 index 0181634f..b4c3a3c6 100644 --- a/man/SSL_CTX_set_tmp_rsa_callback.3 +++ b/man/SSL_CTX_set_tmp_rsa_callback.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_CTX_set_tmp_rsa_callback.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" $OpenBSD: SSL_CTX_set_tmp_rsa_callback.3,v 1.9 2022/03/29 14:27:59 naddy Exp $ .\" OpenSSL 0b30fc90 Dec 19 15:23:05 2013 -0500 .\" .\" This file was written by Lutz Jaenicke . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: March 29 2022 $ .Dt SSL_CTX_SET_TMP_RSA_CALLBACK 3 .Os .Sh NAME @@ -106,7 +106,7 @@ and first appeared in SSLeay 0.8.0 and have been available since .Ox 2.4 . .Pp -.Fn SSL_set_tmp_rsa_callback +.Fn SSL_set_tmp_rsa_callback , .Fn SSL_set_tmp_rsa , and .Fn SSL_need_tmp_RSA diff --git a/man/SSL_dup.3 b/man/SSL_dup.3 index 3f396fb9..a83440b4 100644 --- a/man/SSL_dup.3 +++ b/man/SSL_dup.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_dup.3,v 1.4 2019/06/12 09:36:30 schwarze Exp $ +.\" $OpenBSD: SSL_dup.3,v 1.5 2022/07/13 22:05:53 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 12 2019 $ +.Dd $Mdocdate: July 13 2022 $ .Dt SSL_DUP 3 .Os .Sh NAME @@ -54,7 +54,8 @@ on failure. .Xr SSL_clear 3 , .Xr SSL_copy_session_id 3 , .Xr SSL_free 3 , -.Xr SSL_new 3 +.Xr SSL_new 3 , +.Xr SSL_set_security_level 3 .Sh HISTORY .Fn SSL_dup first appeared in SSLeay 0.8.0 and has been available since diff --git a/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 index e30e4de8..a249cda6 100644 --- a/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 +++ b/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_get_ex_data_X509_STORE_CTX_idx.3,v 1.4 2019/06/08 15:25:43 schwarze Exp $ +.\" $OpenBSD: SSL_get_ex_data_X509_STORE_CTX_idx.3,v 1.5 2022/02/06 00:29:02 jsg Exp $ .\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 .\" .\" This file was written by Lutz Jaenicke . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 8 2019 $ +.Dd $Mdocdate: February 6 2022 $ .Dt SSL_GET_EX_DATA_X509_STORE_CTX_IDX 3 .Os .Sh NAME @@ -104,7 +104,7 @@ provides access to object for the connection during the .Fn verify_callback when checking the peer's certificate. -Please check the example in +Check the example in .Xr SSL_CTX_set_verify 3 . .Sh SEE ALSO .Xr CRYPTO_set_ex_data 3 , diff --git a/man/SSL_get_session.3 b/man/SSL_get_session.3 index 4cde129b..2ab43fdd 100644 --- a/man/SSL_get_session.3 +++ b/man/SSL_get_session.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_get_session.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" $OpenBSD: SSL_get_session.3,v 1.8 2022/03/31 17:27:18 naddy Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Lutz Jaenicke . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: March 31 2022 $ .Dt SSL_GET_SESSION 3 .Os .Sh NAME @@ -109,7 +109,7 @@ If the data is to be kept, .Fn SSL_get1_session will increment the reference count, so that the session will not be implicitly removed by other operations but stays in memory. -In order to remove the session +In order to remove the session, .Xr SSL_SESSION_free 3 must be explicitly called once to decrement the reference count again. .Pp diff --git a/man/SSL_new.3 b/man/SSL_new.3 index f84eed7d..22c5dbf2 100644 --- a/man/SSL_new.3 +++ b/man/SSL_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_new.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" $OpenBSD: SSL_new.3,v 1.7 2022/07/13 22:05:53 schwarze Exp $ .\" full merge up to: OpenSSL 1c7ae3dd Mar 29 19:17:55 2017 +1000 .\" .\" This file was written by Richard Levitte @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: July 13 2022 $ .Dt SSL_NEW 3 .Os .Sh NAME @@ -70,7 +70,7 @@ structure which is needed to hold the data for a TLS/SSL connection. The new structure inherits the settings of the underlying context .Fa ctx : connection method, options, verification settings, -timeout settings. +timeout settings, security level. The reference count of the new structure is set to 1. .Pp .Fn SSL_up_ref @@ -97,6 +97,7 @@ returns 1 for success or 0 for failure. .Xr ssl 3 , .Xr SSL_clear 3 , .Xr SSL_CTX_set_options 3 , +.Xr SSL_CTX_set_security_level 3 , .Xr SSL_free 3 , .Xr SSL_get_SSL_CTX 3 .Sh HISTORY diff --git a/man/SSL_read.3 b/man/SSL_read.3 index ea181ce1..bb72a8ed 100644 --- a/man/SSL_read.3 +++ b/man/SSL_read.3 @@ -1,6 +1,6 @@ -.\" $OpenBSD: SSL_read.3,v 1.7 2020/05/26 19:45:58 schwarze Exp $ -.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" partial merge up to: OpenSSL 18bad535 Apr 9 15:13:55 2019 +0100 +.\" $OpenBSD: SSL_read.3,v 1.8 2021/10/24 15:10:13 schwarze Exp $ +.\" full merge up to: OpenSSL 5a2443ae Nov 14 11:37:36 2016 +0000 +.\" partial merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" This file was written by Lutz Jaenicke and .\" Matt Caswell . @@ -51,38 +51,59 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 26 2020 $ +.Dd $Mdocdate: October 24 2021 $ .Dt SSL_READ 3 .Os .Sh NAME +.Nm SSL_read_ex , .Nm SSL_read , +.Nm SSL_peek_ex , .Nm SSL_peek .Nd read bytes from a TLS connection .Sh SYNOPSIS .In openssl/ssl.h .Ft int +.Fn SSL_read_ex "SSL *ssl" "void *buf" "size_t num" "size_t *readbytes" +.Ft int .Fn SSL_read "SSL *ssl" "void *buf" "int num" .Ft int +.Fn SSL_peek_ex "SSL *ssl" "void *buf" "size_t num" "size_t *readbytes" +.Ft int .Fn SSL_peek "SSL *ssl" "void *buf" "int num" .Sh DESCRIPTION +.Fn SSL_read_ex +and .Fn SSL_read -tries to read +try to read .Fa num bytes from the specified .Fa ssl into the buffer .Fa buf . +On success +.Fn SSL_read_ex +stores the number of bytes actually read in +.Pf * Fa readbytes . .Pp +.Fn SSL_peek_ex +and .Fn SSL_peek -is identical to -.Fn SSL_read +are identical to +.Fn SSL_read_ex +and +.Fn SSL_read , +respectively, except that no bytes are removed from the underlying BIO during the read, such that a subsequent call to +.Fn SSL_read_ex +or .Fn SSL_read will yield at least the same bytes once again. .Pp In the following, -.Fn SSL_read +.Fn SSL_read_ex , +.Fn SSL_read , +.Fn SSL_peek_ex , and .Fn SSL_peek are called @@ -107,11 +128,11 @@ or .Xr SSL_set_accept_state 3 before the first call to a read function. .Pp -The read functions works based on the TLS records. +The read functions work based on the TLS records. The data are received in records (with a maximum record size of 16kB). Only when a record has been completely received, it can be processed (decrypted and checked for integrity). -Therefore data that was not retrieved at the last read call can +Therefore, data that was not retrieved at the last read call can still be buffered inside the TLS layer and will be retrieved on the next read call. If @@ -182,7 +203,24 @@ or .Dv SSL_ERROR_WANT_WRITE , it must be repeated with the same arguments. .Sh RETURN VALUES -The following return values can occur: +.Fn SSL_read_ex +and +.Fn SSL_peek_ex +return 1 for success or 0 for failure. +Success means that one or more application data bytes +have been read from the SSL connection. +Failure means that no bytes could be read from the SSL connection. +Failures can be retryable (e.g. we are waiting for more bytes to be +delivered by the network) or non-retryable (e.g. a fatal network error). +In the event of a failure, call +.Xr SSL_get_error 3 +to find out the reason which indicates whether the call is retryable or not. +.Pp +For +.Fn SSL_read +and +.Fn SSL_peek , +the following return values can occur: .Bl -tag -width Ds .It >0 The read operation was successful. @@ -232,3 +270,9 @@ appeared in SSLeay 0.4 or earlier. first appeared in SSLeay 0.6.6. Both functions have been available since .Ox 2.4 . +.Pp +.Fn SSL_read_ex +and +.Fn SSL_peek_ex +first appeared in OpenSSL 1.1.1 and have been available since +.Ox 7.1 . diff --git a/man/SSL_read_early_data.3 b/man/SSL_read_early_data.3 index e08b9545..1435c159 100644 --- a/man/SSL_read_early_data.3 +++ b/man/SSL_read_early_data.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_read_early_data.3,v 1.2 2020/09/21 15:18:13 schwarze Exp $ +.\" $OpenBSD: SSL_read_early_data.3,v 1.4 2021/11/26 13:48:22 jsg Exp $ .\" content checked up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200 .\" .\" Copyright (c) 2020 Ingo Schwarze @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: September 21 2020 $ +.Dd $Mdocdate: November 26 2021 $ .Dt SSL_READ_EARLY_DATA 3 .Os .Sh NAME @@ -87,7 +87,7 @@ and because when they are used, inconspicuous oversights are likely to cause serious security vulnerabilities. .Pp If these functions are used, other TLS implementations -may allow the transfer of application data during the inital handshake. +may allow the transfer of application data during the initial handshake. Even when used as designed, security of the connection is compromised; in particular, application data is exchanged with unauthenticated peers, and there is no forward secrecy. @@ -171,4 +171,4 @@ Replay Attacks on 0-RTT .Sh HISTORY These functions first appeared in OpenSSL 1.1.1 and have been available since -.Ox 6.9 . +.Ox 7.0 . diff --git a/man/SSL_set1_param.3 b/man/SSL_set1_param.3 index b2e69530..cd8ad40a 100644 --- a/man/SSL_set1_param.3 +++ b/man/SSL_set1_param.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_set1_param.3,v 1.5 2019/06/12 09:36:30 schwarze Exp $ +.\" $OpenBSD: SSL_set1_param.3,v 1.6 2022/09/10 10:22:46 jsg Exp $ .\" full merge up to: .\" OpenSSL man3/SSL_CTX_get0_param 99d63d46 Oct 26 13:56:48 2016 -0400 .\" @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 12 2019 $ +.Dd $Mdocdate: September 10 2022 $ .Dt SSL_SET1_PARAM 3 .Os .Sh NAME @@ -88,7 +88,7 @@ or .Fa ssl , respectively. The returned pointer must not be freed by the calling application, -but the application can modify the parameters pointed to +but the application can modify the parameters pointed to, to suit its needs: for example to add a hostname check. .Pp .Fn SSL_CTX_set1_param diff --git a/man/SSL_set_SSL_CTX.3 b/man/SSL_set_SSL_CTX.3 index 9b667347..2abaefb2 100644 --- a/man/SSL_set_SSL_CTX.3 +++ b/man/SSL_set_SSL_CTX.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_set_SSL_CTX.3,v 1.3 2020/09/22 13:27:08 schwarze Exp $ +.\" $OpenBSD: SSL_set_SSL_CTX.3,v 1.4 2022/07/13 22:05:53 schwarze Exp $ .\" .\" Copyright (c) 2020 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: September 22 2020 $ +.Dd $Mdocdate: July 13 2022 $ .Dt SSL_SET_SSL_CTX 3 .Os .Sh NAME @@ -59,7 +59,8 @@ if memory allocation fails. .Xr SSL_clear 3 , .Xr SSL_CTX_new 3 , .Xr SSL_get_SSL_CTX 3 , -.Xr SSL_new 3 +.Xr SSL_new 3 , +.Xr SSL_set_security_level 3 .Sh HISTORY .Fn SSL_set_SSL_CTX first appeared in OpenSSL 0.9.8f and has been available since diff --git a/man/SSL_set_tmp_ecdh.3 b/man/SSL_set_tmp_ecdh.3 index e906bfdd..8fd2d9fd 100644 --- a/man/SSL_set_tmp_ecdh.3 +++ b/man/SSL_set_tmp_ecdh.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_set_tmp_ecdh.3,v 1.5 2018/03/23 14:28:16 schwarze Exp $ +.\" $OpenBSD: SSL_set_tmp_ecdh.3,v 1.6 2021/11/30 15:58:08 jsing Exp $ .\" .\" Copyright (c) 2017 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 23 2018 $ +.Dd $Mdocdate: November 30 2021 $ .Dt SSL_SET_TMP_ECDH 3 .Os .Sh NAME @@ -60,7 +60,7 @@ .Sh DESCRIPTION Automatic EC curve selection and generation is always enabled in LibreSSL, and applications cannot manually provide EC keys for use -with ECDHE key exchange. +with ECDH key exchange. .Pp The only remaining effect of .Fn SSL_set_tmp_ecdh diff --git a/man/SSL_write.3 b/man/SSL_write.3 index 16be55f2..2c6fbcef 100644 --- a/man/SSL_write.3 +++ b/man/SSL_write.3 @@ -1,8 +1,11 @@ -.\" $OpenBSD: SSL_write.3,v 1.6 2020/10/08 16:02:38 tb Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" $OpenBSD: SSL_write.3,v 1.7 2021/10/24 15:10:13 schwarze Exp $ +.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" partial merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" -.\" This file was written by Lutz Jaenicke . -.\" Copyright (c) 2000, 2001, 2002 The OpenSSL Project. All rights reserved. +.\" This file was written by Lutz Jaenicke +.\" and Matt Caswell . +.\" Copyright (c) 2000, 2001, 2002, 2016 The OpenSSL Project. +.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -48,59 +51,67 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: October 8 2020 $ +.Dd $Mdocdate: October 24 2021 $ .Dt SSL_WRITE 3 .Os .Sh NAME +.Nm SSL_write_ex , .Nm SSL_write -.Nd write bytes to a TLS/SSL connection +.Nd write bytes to a TLS connection .Sh SYNOPSIS .In openssl/ssl.h .Ft int +.Fn SSL_write_ex "SSL *ssl" "const void *buf" "size_t num" "size_t *written" +.Ft int .Fn SSL_write "SSL *ssl" "const void *buf" "int num" .Sh DESCRIPTION +.Fn SSL_write_ex +and .Fn SSL_write -writes +write .Fa num bytes from the buffer .Fa buf into the specified .Fa ssl connection. +On success +.Fn SSL_write_ex +stores the number of bytes written in +.Pf * Fa written . .Pp -If necessary, +In the following, +.Fn SSL_write_ex +and .Fn SSL_write -will negotiate a TLS/SSL session, if not already explicitly performed by +are called +.Dq write functions . +.Pp +If necessary, a write function negotiates a TLS session, +if not already explicitly performed by .Xr SSL_connect 3 or .Xr SSL_accept 3 . If the peer requests a re-negotiation, it will be performed transparently during the -.Fn SSL_write -operation. -The behaviour of -.Fn SSL_write -depends on the underlying +write function operation. +The behaviour of the write functions depends on the underlying .Vt BIO . .Pp For the transparent negotiation to succeed, the .Fa ssl must have been initialized to client or server mode. -This is being done by calling +This is done by calling .Xr SSL_set_connect_state 3 or .Xr SSL_set_accept_state 3 -before the first call to an -.Xr SSL_read 3 -or -.Fn SSL_write -function. +before the first call to a write function. .Pp If the underlying .Vt BIO is .Em blocking , -.Fn SSL_write +the write function will only return once the write operation has been finished or an error occurred, except when a renegotiation takes place, in which case a .Dv SSL_ERROR_WANT_READ @@ -115,26 +126,19 @@ If the underlying .Vt BIO is .Em non-blocking , -.Fn SSL_write -will also return when the underlying +the write function will also return when the underlying .Vt BIO -could not satisfy the needs of -.Fn SSL_write -to continue the operation. +could not satisfy the needs of the function to continue the operation. In this case a call to .Xr SSL_get_error 3 -with the return value of -.Fn SSL_write -will yield +with the return value of the write function will yield .Dv SSL_ERROR_WANT_READ or .Dv SSL_ERROR_WANT_WRITE . As at any time a re-negotiation is possible, a call to -.Fn SSL_write -can also cause read operations! +a write function can also cause read operations. The calling process then must repeat the call after taking appropriate action -to satisfy the needs of -.Fn SSL_write . +to satisfy the needs of the write function. The action depends on the underlying .Vt BIO . When using a non-blocking socket, nothing is to be done, but @@ -147,7 +151,7 @@ like a pair, data must be written into or retrieved out of the BIO before being able to continue. .Pp -.Fn SSL_write +The write functions will only return with success when the complete contents of .Fa buf of length @@ -157,23 +161,15 @@ This default behaviour can be changed with the .Dv SSL_MODE_ENABLE_PARTIAL_WRITE option of .Xr SSL_CTX_set_mode 3 . -When this flag is set, -.Fn SSL_write -will also return with success when a partial write has been successfully -completed. -In this case the -.Fn SSL_write -operation is considered completed. -The bytes are sent and a new -.Fn SSL_write -operation with a new buffer (with the already sent bytes removed) must be -started. +When this flag is set, the write functions will also return with +success when a partial write has been successfully completed. +In this case the write function operation is considered completed. +The bytes are sent and a new write call with a new buffer (with the +already sent bytes removed) must be started. A partial write is performed with the size of a message block, which is 16kB. .Pp -When an -.Fn SSL_write -operation has to be repeated because +When a write function call has to be repeated because .Xr SSL_get_error 3 returned .Dv SSL_ERROR_WANT_READ @@ -186,12 +182,37 @@ When calling with .Fa num Ns =0 bytes to be sent, the behaviour is undefined. +.Fn SSL_write_ex +can be called with +.Fa num Ns =0 , +but will not send application data to the peer. .Sh RETURN VALUES -The following return values can occur: +.Fn SSL_write_ex +returns 1 for success or 0 for failure. +Success means that all requested application data bytes have been +written to the TLS connection or, if +.Dv SSL_MODE_ENABLE_PARTIAL_WRITE +is in use, at least one application data byte has been written +to the TLS connection. +Failure means that not all the requested bytes have been written yet (if +.Dv SSL_MODE_ENABLE_PARTIAL_WRITE +is not in use) or no bytes could be written to the TLS connection (if +.Dv SSL_MODE_ENABLE_PARTIAL_WRITE +is in use). +Failures can be retryable (e.g. the network write buffer has temporarily +filled up) or non-retryable (e.g. a fatal network error). +In the event of a failure, call +.Xr SSL_get_error 3 +to find out the reason +which indicates whether the call is retryable or not. +.Pp +For +.Fn SSL_write , +the following return values can occur: .Bl -tag -width Ds .It >0 The write operation was successful. -The return value is the number of bytes actually written to the TLS/SSL +The return value is the number of bytes actually written to the TLS connection. .It 0 The write operation was not successful. @@ -222,3 +243,7 @@ with the return value to find out the reason. .Fn SSL_write appeared in SSLeay 0.4 or earlier and has been available since .Ox 2.4 . +.Pp +.Fn SSL_write_ex +first appeared in OpenSSL 1.1.1 and has been available since +.Ox 7.1 . diff --git a/man/STACK_OF.3 b/man/STACK_OF.3 index 8b849000..4c627eed 100644 --- a/man/STACK_OF.3 +++ b/man/STACK_OF.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: STACK_OF.3,v 1.4 2019/06/10 09:49:48 schwarze Exp $ +.\" $OpenBSD: STACK_OF.3,v 1.5 2021/10/24 13:10:46 schwarze Exp $ .\" .\" Copyright (c) 2018 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 10 2019 $ +.Dd $Mdocdate: October 24 2021 $ .Dt STACK_OF 3 .Os .Sh NAME @@ -98,33 +98,50 @@ all the types listed below. Using the above may make sense for the following types because public API functions exist that take stacks of these types as arguments or return them: -.Vt ACCESS_DESCRIPTION , .Vt ASN1_INTEGER , .Vt ASN1_OBJECT , -.Vt ASN1_TYPE , .Vt ASN1_UTF8STRING , +.Vt CMS_RecipientInfo , +.Vt CMS_SignerInfo , .Vt CONF_VALUE , -.Vt DIST_POINT , -.Vt GENERAL_NAME , +.Vt GENERAL_NAMES , .Vt GENERAL_SUBTREE , +.Vt OPENSSL_STRING Pq which is just Vt char * , .Vt PKCS12_SAFEBAG , .Vt PKCS7 , .Vt PKCS7_RECIP_INFO , .Vt PKCS7_SIGNER_INFO , -.Vt POLICY_MAPPING , -.Vt POLICYINFO , .Vt POLICYQUALINFO , +.Vt SRTP_PROTECTION_PROFILE , +.Vt SSL_CIPHER , +.Vt SSL_COMP , .Vt X509 , .Vt X509_ALGOR , .Vt X509_ATTRIBUTE , .Vt X509_CRL , .Vt X509_EXTENSION , .Vt X509_INFO , +.Vt X509_NAME , .Vt X509_OBJECT , .Vt X509_POLICY_NODE , -.Vt X509_PURPOSE , .Vt X509_REVOKED . .Pp +Additionally, some public API functions use the following types +which are declared with +.Sy typedef : +.Bl -column STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS +.It Vt STACK_OF(ACCESS_DESCRIPTION) Ta Vt AUTHORITY_INFO_ACCESS +.It Vt STACK_OF(ASN1_OBJECT) Ta Vt EXTENDED_KEY_USAGE +.It Vt STACK_OF(ASN1_TYPE) Ta Vt ASN1_SEQUENCE_ANY +.It Vt STACK_OF(DIST_POINT) Ta Vt CRL_DIST_POINTS +.It Vt STACK_OF(GENERAL_NAME) Ta Vt GENERAL_NAMES +.It Vt STACK_OF(IPAddressFamily) Ta Vt IPAddrBlocks +.It Vt STACK_OF(POLICY_MAPPING) Ta Vt POLICY_MAPPINGS +.It Vt STACK_OF(POLICYINFO) Ta Vt CERTIFICATEPOLICIES +.It Vt STACK_OF(X509_ALGOR) Ta Vt X509_ALGORS +.It Vt STACK_OF(X509_EXTENSION) Ta Vt X509_EXTENSIONS +.El +.Pp Even though the OpenSSL headers declare wrapper functions for many more types and even though the OpenSSL documentation says that users can declare their own stack types, using diff --git a/man/X25519.3 b/man/X25519.3 index 64eda4bf..8d8006fe 100644 --- a/man/X25519.3 +++ b/man/X25519.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X25519.3,v 1.5 2019/08/19 13:08:26 schwarze Exp $ +.\" $OpenBSD: X25519.3,v 1.6 2022/02/18 10:24:32 jsg Exp $ .\" contains some text from: BoringSSL curve25519.h, curve25519.c .\" content also checked up to: OpenSSL f929439f Mar 15 12:19:16 2018 +0000 .\" @@ -17,7 +17,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 19 2019 $ +.Dd $Mdocdate: February 18 2022 $ .Dt X25519 3 .Os .Sh NAME @@ -95,7 +95,7 @@ Failure can occur when the input is a point of small order. .%A D. J. Bernstein .%R A state-of-the-art Diffie-Hellman function:\ How do I use Curve25519 in my own software? -.%U http://cr.yp.to/ecdh.html +.%U https://cr.yp.to/ecdh.html .Re .Sh STANDARDS RFC 7748: Elliptic Curves for Security diff --git a/man/X509V3_extensions_print.3 b/man/X509V3_extensions_print.3 index ad5b02a8..8c43fe9b 100644 --- a/man/X509V3_extensions_print.3 +++ b/man/X509V3_extensions_print.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509V3_extensions_print.3,v 1.1 2021/07/12 14:54:00 schwarze Exp $ +.\" $OpenBSD: X509V3_extensions_print.3,v 1.2 2021/11/26 13:48:21 jsg Exp $ .\" .\" Copyright (c) 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 12 2021 $ +.Dd $Mdocdate: November 26 2021 $ .Dt X509V3_EXTENSIONS_PRINT 3 .Os .Sh NAME @@ -56,7 +56,7 @@ the BER-encoded data of the extension is dumped with without decoding it first. In both cases, an .Fa indent -incremented by 4 space characaters is used. +incremented by 4 space characters is used. .El .Pp If diff --git a/man/X509_ATTRIBUTE_get0_object.3 b/man/X509_ATTRIBUTE_get0_object.3 new file mode 100644 index 00000000..4212e27d --- /dev/null +++ b/man/X509_ATTRIBUTE_get0_object.3 @@ -0,0 +1,136 @@ +.\" $OpenBSD: X509_ATTRIBUTE_get0_object.3,v 1.2 2021/10/21 16:26:34 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: October 21 2021 $ +.Dt X509_ATTRIBUTE_GET0_OBJECT 3 +.Os +.Sh NAME +.Nm X509_ATTRIBUTE_get0_object , +.Nm X509_ATTRIBUTE_count , +.Nm X509_ATTRIBUTE_get0_type , +.Nm X509_ATTRIBUTE_get0_data +.\" In the following line, "X.501" and "Attribute" are not typos. +.\" The "Attribute" type is defined in X.501, not in X.509. +.\" The type is called "Attribute" with capital "A", not "attribute". +.Nd X.501 Attribute read accessors +.Sh SYNOPSIS +.In openssl/x509.h +.Ft ASN1_OBJECT * +.Fo X509_ATTRIBUTE_get0_object +.Fa "X509_ATTRIBUTE *attr" +.Fc +.Ft int +.Fo X509_ATTRIBUTE_count +.Fa "const X509_ATTRIBUTE *attr" +.Fc +.Ft ASN1_TYPE * +.Fo X509_ATTRIBUTE_get0_type +.Fa "X509_ATTRIBUTE *attr" +.Fa "int index" +.Fc +.Ft void * +.Fo X509_ATTRIBUTE_get0_data +.Fa "X509_ATTRIBUTE *attr" +.Fa "int index" +.Fa "int type" +.Fa "void *data" +.Fc +.Sh DESCRIPTION +These functions provide read access to the X.501 Attribute object +.Fa attr . +.Pp +For +.Fn X509_ATTRIBUTE_get0_data , +the +.Fa type +argument usually is one of the +.Dv V_ASN1_* +constants defined in +.In openssl/asn1.h . +For example, if a return value of the type +.Vt ASN1_OCTET_STRING +is expected, pass +.Dv V_ASN1_OCTET_STRING +as the +.Fa type +argument. +The +.Fa data +argument is ignored; passing +.Dv NULL +is recommended. +.Sh RETURN VALUES +.Fn X509_ATTRIBUTE_get0_object +returns an internal pointer to the type of +.Fa attr +or +.Dv NULL +if +.Fa attr +is +.Dv NULL +or if its type is not set. +.Pp +.Fn X509_ATTRIBUTE_count +returns the number of values stored in +.Fa attr +or 0 if no value or values are set. +.Pp +.Fn X509_ATTRIBUTE_get0_type +returns an internal pointer to the ASN.1 ANY object +representing the value with the given zero-based +.Fa index +or +.Dv NULL +if +.Fa attr +is +.Dv NULL , +if the +.Fa index +is larger than or equal to the number of values stored in +.Fa attr , +or if no value or values are set. +.Pp +.Fn X509_ATTRIBUTE_get0_data +returns an internal pointer to the data +contained in the value with the given zero-based +.Fa index +or +.Dv NULL +if +.Fa attr +is +.Dv NULL , +if the +.Fa index +is larger than or equal to the number of values stored in +.Fa attr , +if no value or values are set, +or if the ASN.1 ANY object representing the value with the given +.Fa index +is not of the requested +.Fa type . +.Sh SEE ALSO +.Xr ASN1_OBJECT_new 3 , +.Xr ASN1_TYPE_new 3 , +.Xr OPENSSL_sk_new 3 , +.Xr X509_ATTRIBUTE_new 3 , +.Xr X509_ATTRIBUTE_set1_object 3 +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.5 +and have been available since +.Ox 2.7 . diff --git a/man/X509_ATTRIBUTE_new.3 b/man/X509_ATTRIBUTE_new.3 index 66779d63..5dcdc6e2 100644 --- a/man/X509_ATTRIBUTE_new.3 +++ b/man/X509_ATTRIBUTE_new.3 @@ -1,6 +1,6 @@ -.\" $OpenBSD: X509_ATTRIBUTE_new.3,v 1.8 2020/06/04 10:24:27 schwarze Exp $ +.\" $OpenBSD: X509_ATTRIBUTE_new.3,v 1.16 2021/10/26 12:56:48 schwarze Exp $ .\" -.\" Copyright (c) 2016 Ingo Schwarze +.\" Copyright (c) 2016, 2021 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -14,20 +14,26 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 4 2020 $ +.Dd $Mdocdate: October 26 2021 $ .Dt X509_ATTRIBUTE_NEW 3 .Os .Sh NAME .Nm X509_ATTRIBUTE_new , +.Nm X509_ATTRIBUTE_create , +.Nm X509_ATTRIBUTE_dup , .Nm X509_ATTRIBUTE_free .\" In the following line, "X.501" and "Attribute" are not typos. .\" The "Attribute" type is defined in X.501, not in X.509. -.\" The type in called "Attribute" with capital "A", not "attribute". +.\" The type is called "Attribute" with capital "A", not "attribute". .Nd generic X.501 Attribute .Sh SYNOPSIS .In openssl/x509.h .Ft X509_ATTRIBUTE * .Fn X509_ATTRIBUTE_new void +.Ft X509_ATTRIBUTE * +.Fn X509_ATTRIBUTE_create "int nid" "int type" "void *value" +.Ft X509_ATTRIBUTE * +.Fn X509_ATTRIBUTE_dup "X509_ATTRIBUTE *attr" .Ft void .Fn X509_ATTRIBUTE_free "X509_ATTRIBUTE *attr" .Sh DESCRIPTION @@ -52,24 +58,73 @@ container object described in allocates and initializes an empty .Vt X509_ATTRIBUTE object. +.Pp +.Fn X509_ATTRIBUTE_create +allocates a new multi-valued +.Vt X509_ATTRIBUTE +object of the type +.Fa nid +and initializes its set of values +to contain one new ASN.1 ANY object with the given +.Fa value +and +.Fa type . +The +.Fa type +usually is one of the +.Dv V_ASN1_* +constants defined in +.In openssl/asn1.h ; +it is stored without validating it. +If the function succeeds, ownership of the +.Fa value +is transferred to the new +.Vt X509_ATTRIBUTE +object. +.Pp +Be careful to not confuse the type of the attribute +and the type of the value. +.Pp +.Fn X509_ATTRIBUTE_dup +creates a deep copy of +.Fa attr . +.Pp .Fn X509_ATTRIBUTE_free frees .Fa attr . .Sh RETURN VALUES -.Fn X509_ATTRIBUTE_new -returns the new +.Fn X509_ATTRIBUTE_new , +.Fn X509_ATTRIBUTE_create , +and +.Fn X509_ATTRIBUTE_dup +return the new .Vt X509_ATTRIBUTE object or .Dv NULL if an error occurs. +.Pp +In particular, these functions fail if memory allocation fails. +.Fn X509_ATTRIBUTE_create +also fails if +.Xr OBJ_nid2obj 3 +fails on +.Fa nid . .Sh SEE ALSO .Xr d2i_X509_ATTRIBUTE 3 , +.Xr EVP_PKEY_add1_attr 3 , +.Xr OBJ_nid2obj 3 , .Xr PKCS12_SAFEBAG_new 3 , .Xr PKCS7_add_attribute 3 , +.Xr PKCS8_pkey_get0_attrs 3 , .Xr PKCS8_PRIV_KEY_INFO_new 3 , +.Xr X509_ATTRIBUTE_get0_object 3 , +.Xr X509_ATTRIBUTE_set1_object 3 , .Xr X509_EXTENSION_new 3 , .Xr X509_new 3 , -.Xr X509_REQ_new 3 +.Xr X509_REQ_add1_attr 3 , +.Xr X509_REQ_new 3 , +.Xr X509at_add1_attr 3 , +.Xr X509at_get_attr 3 .Sh STANDARDS .Bl -ohang .It Xo @@ -96,6 +151,12 @@ and .Fn X509_ATTRIBUTE_free first appeared in SSLeay 0.5.1 and have been available since .Ox 2.4 . +.Pp +.Fn X509_ATTRIBUTE_create +and +.Fn X509_ATTRIBUTE_dup +first appeared in SSLeay 0.9.1 and have been available since +.Ox 2.6 . .Sh BUGS A data type designed to hold arbitrary data is an oxymoron. .Pp diff --git a/man/X509_ATTRIBUTE_set1_object.3 b/man/X509_ATTRIBUTE_set1_object.3 new file mode 100644 index 00000000..3555d4b1 --- /dev/null +++ b/man/X509_ATTRIBUTE_set1_object.3 @@ -0,0 +1,267 @@ +.\" $OpenBSD: X509_ATTRIBUTE_set1_object.3,v 1.3 2021/11/26 13:48:21 jsg Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 26 2021 $ +.Dt X509_ATTRIBUTE_SET1_OBJECT 3 +.Os +.Sh NAME +.Nm X509_ATTRIBUTE_set1_object , +.Nm X509_ATTRIBUTE_set1_data , +.Nm X509_ATTRIBUTE_create_by_OBJ , +.Nm X509_ATTRIBUTE_create_by_NID , +.Nm X509_ATTRIBUTE_create_by_txt +.\" In the following line, "X.501" and "Attribute" are not typos. +.\" The "Attribute" type is defined in X.501, not in X.509. +.\" The type is called "Attribute" with capital "A", not "attribute". +.Nd modify an X.501 Attribute +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo X509_ATTRIBUTE_set1_object +.Fa "X509_ATTRIBUTE *attr" +.Fa "const ASN1_OBJECT *obj" +.Fc +.Ft int +.Fo X509_ATTRIBUTE_set1_data +.Fa "X509_ATTRIBUTE *attr" +.Fa "int type" +.Fa "const void *data" +.Fa "int len" +.Fc +.Ft X509_ATTRIBUTE * +.Fo X509_ATTRIBUTE_create_by_OBJ +.Fa "X509_ATTRIBUTE **pattr" +.Fa "const ASN1_OBJECT *obj" +.Fa "int type" +.Fa "const void *data" +.Fa "int len" +.Fc +.Ft X509_ATTRIBUTE * +.Fo X509_ATTRIBUTE_create_by_NID +.Fa "X509_ATTRIBUTE **pattr" +.Fa "int nid" +.Fa "int type" +.Fa "const void *data" +.Fa "int len" +.Fc +.Ft X509_ATTRIBUTE * +.Fo X509_ATTRIBUTE_create_by_txt +.Fa "X509_ATTRIBUTE **pattr" +.Fa "const char *name" +.Fa "int type" +.Fa "const unsigned char *data" +.Fa "int len" +.Fc +.Sh DESCRIPTION +.Fn X509_ATTRIBUTE_set1_object +sets the type of +.Fa attr +to +.Fa obj . +If +.Fa obj +is dynamically allocated, a deep copy is created. +If the type of +.Fa attr +was already set, the old type is freed +as far as it was dynamically allocated. +After calling this function, +.Fa attr +may be in an inconsistent state +because its values may not agree with the new attribute type. +.Pp +.Fn X509_ATTRIBUTE_set1_data +sets +.Fa attr +to be multi-valued and initializes its set of values +to contain a single new ASN.1 ANY object representing the +.Fa data . +.Pp +The interpretation of the +.Fa data +depends on the values of the +.Fa type +and +.Fa len +arguments; there are four different cases. +.Pp +If the +.Fa type +argument has the bit +.Dv MBSTRING_FLAG +set, +.Fa data +is expected to point to a multibyte character string that is +.Fa len +bytes long and uses the encoding specified by the +.Fa type +argument, and it is expected that an attribute type was already assigned to +.Fa attr , +for example by calling +.Fn X509_ATTRIBUTE_set1_object +before calling +.Fn X509_ATTRIBUTE_set1_data . +In this case, an appropriate ASN.1 multibyte string type is chosen and +a new object of that type is allocated and populated to represent the +.Fa data +by calling +.Xr ASN1_STRING_set_by_NID 3 . +The type of that new ASN.1 string object is subsequently used instead of the +.Fa type +argument. +.Pp +If the +.Fa type +argument does not have the bit +.Dv MBSTRING_FLAG +set and the +.Fa len argument +is not \-1, the +.Fa type +argument is expected to be one of the types documented in +.Xr ASN1_STRING_new 3 +and +.Fa data +is expected to point to a buffer of +.Fa len +bytes. +In this case, a new object is allocated with +.Xr ASN1_STRING_type_new 3 +and populated with +.Xr ASN1_STRING_set 3 . +.Pp +If the +.Fa type +argument does not have the bit +.Dv MBSTRING_FLAG +set and the +.Fa len argument +is \-1, +.Fa data +is expected to point to an object of the given +.Fa type +rather than to a buffer. +In this case, a deep copy of the existing object +into the new ASN.1 ANY object is performed with +.Xr ASN1_TYPE_set1 3 . +.Pp +If the +.Fa type +argument is 0, the +.Fa data +and +.Fa len +arguments are ignored and the set of values is left empty +instead of adding a single ASN.1 ANY object to it. +This violates section 8.2 of the X.501 standard, which requires +every attribute to contain at least one value, but some attribute +types used by the library use empty sets of values anyway. +.Pp +.Fn X509_ATTRIBUTE_create_by_OBJ +sets the type of +.Pf ** Fa attr +to +.Fa obj +using +.Fn X509_ATTRIBUTE_set1_object +and copies the +.Fa data +into it using +.Fn X509_ATTRIBUTE_set1_data . +If +.Fa attr +or +.Pf * Fa attr +is +.Dv NULL , +a new +.Vt X509_ATTRIBUTE +object is allocated, populated, and returned. +.Pp +.Fn X509_ATTRIBUTE_create_by_NID +is a wrapper around +.Fn X509_ATTRIBUTE_create_by_OBJ +that obtains the required +.Fa obj +argument by calling +.Xr OBJ_nid2obj 3 +on the +.Fa nid +argument. +.Pp +.Fn X509_ATTRIBUTE_create_by_txt +is a similar wrapper that obtains +.Fa obj +by calling +.Xr OBJ_txt2obj 3 +with the arguments +.Fa name +and 0, which means that long names, short names, and numerical OID +strings are all acceptable. +.Sh RETURN VALUES +.Fn X509_ATTRIBUTE_set1_object +returns 1 if successful or 0 if +.Fa attr +or +.Fa obj +is +.Dv NULL +or if memory allocation fails. +.Pp +.Fn X509_ATTRIBUTE_set1_data +returns 1 if successful or 0 if +.Fa attr +is +.Dv NULL +or if +.Xr ASN1_STRING_set_by_NID 3 , +.Xr ASN1_STRING_set 3 , +.Xr ASN1_TYPE_set1 3 , +or memory allocation fails. +.Pp +.Fn X509_ATTRIBUTE_create_by_OBJ , +.Fn X509_ATTRIBUTE_create_by_NID , +and +.Fn X509_ATTRIBUTE_create_by_txt +return a pointer to the changed or new object or +.Dv NULL +if obtaining +.Fa obj , +allocating memory, or copying fails. +.Sh SEE ALSO +.Xr ASN1_OBJECT_new 3 , +.Xr ASN1_STRING_new 3 , +.Xr ASN1_STRING_set 3 , +.Xr ASN1_STRING_set_by_NID 3 , +.Xr ASN1_TYPE_new 3 , +.Xr OBJ_nid2obj 3 , +.Xr X509_ATTRIBUTE_get0_object 3 , +.Xr X509_ATTRIBUTE_new 3 +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.5 +and have been available since +.Ox 2.7 . +.Sh BUGS +If +.Fa attr +already contains one or more values, +.Fn X509_ATTRIBUTE_set1_data , +.Fn X509_ATTRIBUTE_create_by_OBJ , +.Fn X509_ATTRIBUTE_create_by_NID , +and +.Fn X509_ATTRIBUTE_create_by_txt +silently overwrite the pointers to the old values +and leak the memory used for them. diff --git a/man/X509_CRL_METHOD_new.3 b/man/X509_CRL_METHOD_new.3 new file mode 100644 index 00000000..f80ce743 --- /dev/null +++ b/man/X509_CRL_METHOD_new.3 @@ -0,0 +1,182 @@ +.\" $OpenBSD: X509_CRL_METHOD_new.3,v 1.1 2021/10/30 16:20:35 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: October 30 2021 $ +.Dt X509_CRL_METHOD_NEW 3 +.Os +.Sh NAME +.Nm X509_CRL_METHOD_new , +.Nm X509_CRL_METHOD_free , +.Nm X509_CRL_set_default_method , +.Nm X509_CRL_set_meth_data , +.Nm X509_CRL_get_meth_data +.Nd customize CRL handling +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_CRL_METHOD * +.Fo X509_CRL_METHOD_new +.Fa "int (*crl_init)(X509_CRL *crl)" +.Fa "int (*crl_free)(X509_CRL *crl)" +.Fa "int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,\ + ASN1_INTEGER *ser, X509_NAME *issuer)" +.Fa "int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk)" +.Fc +.Ft void +.Fn X509_CRL_METHOD_free "X509_CRL_METHOD *method" +.Ft void +.Fn X509_CRL_set_default_method "const X509_CRL_METHOD *method" +.Ft void +.Fn X509_CRL_set_meth_data "X509_CRL *crl" "void *data" +.Ft void * +.Fn X509_CRL_get_meth_data "X509_CRL *crl" +.Sh DESCRIPTION +These functions customize BER decoding and signature verification +of X.509 certificate revocation lists, +as well as retrieval of revoked entries from such lists. +.Pp +.Fn X509_CRL_METHOD_new +allocates and initializes a new +.Vt X509_CRL_METHOD +object, storing the four pointers to callback functions in it +that are provided as arguments. +.Pp +.Fn X509_CRL_METHOD_free +frees the given +.Fa method +object. +If +.Fa method +is a +.Dv NULL +pointer or points to the static object built into the library, +no action occurs. +.Pp +.Fn X509_CRL_set_default_method +designates the given +.Fa method +to be used for objects that will be created with +.Xr X509_CRL_new 3 +in the future. +It has no effect on +.Vt X509_CRL +objects that already exist. +If +.Fa method +is +.Dv NULL , +any previously installed method will no longer be used for new +.Vt X509_CRL +objects created in the future, and those future objects will adhere +to the default behaviour instead. +.Pp +The optional function +.Fn crl_init +will be called at the end of +.Xr d2i_X509_CRL 3 , +the optional function +.Fn crl_free +near the end of +.Xr X509_CRL_free 3 , +immediately before freeing +.Fa crl +itself. +The function +.Fn crl_lookup +will be called by +.Xr X509_CRL_get0_by_serial 3 , +setting +.Fa issuer +to +.Dv NULL , +and by +.Xr X509_CRL_get0_by_cert 3 , +both instead of performing the default action. +The function +.Fn crl_verify +will be called by +.Xr X509_CRL_verify 3 +instead of performing the default action. +.Pp +.Fn X509_CRL_set_meth_data +stores the pointer to the auxiliary +.Fa data +inside the +.Fa crl +object. +The pointer is expected to remain valid during the whole lifetime of the +.Fa crl +object but is not automatically freed when the +.Fa crl +object is freed. +.Pp +.Fn X509_CRL_get_meth_data +retrieves the +.Fa data +from +.Fa crl +the was added with +.Fn X509_CRL_set_meth_data . +This may for example be useful inside the four callback methods +installed with +.Fn X509_CRL_METHOD_new . +.Sh RETURN VALUES +.Fn X509_CRL_METHOD_new +returns a pointer to the new object or +.Dv NULL +if memory allocation fails. +.Pp +.Fn X509_CRL_get_meth_data +returns the pointer previously installed with +.Fn X509_CRL_set_meth_data +or +.Dv NULL +if +.Fn X509_CRL_set_meth_data +was not called on +.Fa crl . +.Pp +The callback functions +.Fn crl_init +and +.Fn crl_free +are supposed to return 1 for success or 0 for failure. +.Pp +The callback function +.Fn crl_lookup +is supposed to return 0 for failure or 1 for success, +except if the revoked entry has the reason +.Qq removeFromCRL , +in which case it is supposed to return 2. +.Pp +The callback function +.Fn crl_verify +is supposed to return 1 if the signature is valid +or 0 if the signature check fails. +If the signature could not be checked at all because it was invalid +or some other error occurred, \-1 may be returned. +.Sh SEE ALSO +.Xr ASN1_INTEGER_new 3 , +.Xr d2i_X509_CRL 3 , +.Xr EVP_PKEY_new 3 , +.Xr X509_CRL_get0_by_serial 3 , +.Xr X509_CRL_new 3 , +.Xr X509_CRL_verify 3 , +.Xr X509_NAME_new 3 , +.Xr X509_REVOKED_new 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.0.0 +and have been available since +.Ox 4.9 . diff --git a/man/X509_CRL_get0_by_serial.3 b/man/X509_CRL_get0_by_serial.3 index 8db04605..865e86fe 100644 --- a/man/X509_CRL_get0_by_serial.3 +++ b/man/X509_CRL_get0_by_serial.3 @@ -1,5 +1,5 @@ -.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.11 2020/10/21 17:17:43 tb Exp $ -.\" OpenSSL X509_CRL_get0_by_serial.pod cdd6c8c5 Mar 20 12:29:37 2017 +0100 +.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.12 2021/10/30 16:20:35 schwarze Exp $ +.\" full merge up to: OpenSSL cdd6c8c5 Mar 20 12:29:37 2017 +0100 .\" .\" This file was written by Dr. Stephen Henson . .\" Copyright (c) 2015, 2017 The OpenSSL Project. All rights reserved. @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: October 21 2020 $ +.Dd $Mdocdate: October 30 2021 $ .Dt X509_CRL_GET0_BY_SERIAL 3 .Os .Sh NAME @@ -105,6 +105,18 @@ except that it looks for a revoked entry using the serial number of certificate .Fa x . .Pp +If +.Xr X509_CRL_set_default_method 3 +was in effect at the time the +.Fa crl +object was created, +.Fn X509_CRL_get0_by_serial +and +.Fn X509_CRL_get0_by_cert +invoke the +.Fn crl_lookup +callback function instead of performing the default action. +.Pp .Fn X509_CRL_get_REVOKED returns an internal pointer to a stack of all revoked entries for .Fa crl . @@ -158,6 +170,7 @@ returns a STACK of revoked entries. .Xr X509_CRL_get_ext 3 , .Xr X509_CRL_get_issuer 3 , .Xr X509_CRL_get_version 3 , +.Xr X509_CRL_METHOD_new 3 , .Xr X509_CRL_new 3 , .Xr X509_REVOKED_new 3 , .Xr X509V3_get_d2i 3 diff --git a/man/X509_CRL_new.3 b/man/X509_CRL_new.3 index 4d3f97af..82ba1826 100644 --- a/man/X509_CRL_new.3 +++ b/man/X509_CRL_new.3 @@ -1,6 +1,6 @@ -.\" $OpenBSD: X509_CRL_new.3,v 1.12 2021/08/02 16:21:11 schwarze Exp $ +.\" $OpenBSD: X509_CRL_new.3,v 1.13 2021/10/30 16:20:35 schwarze Exp $ .\" -.\" Copyright (c) 2016, 2018 Ingo Schwarze +.\" Copyright (c) 2016, 2018, 2021 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 2 2021 $ +.Dd $Mdocdate: October 30 2021 $ .Dt X509_CRL_NEW 3 .Os .Sh NAME @@ -67,6 +67,19 @@ decrements the reference count of by 1. If the reference count reaches 0, it frees .Fa crl . +If +.Xr X509_CRL_set_default_method 3 +was in effect at the time +.Fa crl +was created and the +.Fn crl_free +callback is not +.Dv NULL , +that callback is invoked near the end of +.Fn X509_CRL_free , +right before freeing +.Fa crl +itself. .Pp .Fn X509_CRL_INFO_new allocates and initializes an empty @@ -112,6 +125,7 @@ returns 1 on success or 0 on error. .Xr X509_CRL_get_issuer 3 , .Xr X509_CRL_get_version 3 , .Xr X509_CRL_match 3 , +.Xr X509_CRL_METHOD_new 3 , .Xr X509_CRL_print 3 , .Xr X509_CRL_sign 3 , .Xr X509_EXTENSION_new 3 , diff --git a/man/X509_EXTENSION_set_object.3 b/man/X509_EXTENSION_set_object.3 index ef14f7cc..6a5b4e09 100644 --- a/man/X509_EXTENSION_set_object.3 +++ b/man/X509_EXTENSION_set_object.3 @@ -1,10 +1,10 @@ -.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.12 2021/07/12 14:54:00 schwarze Exp $ -.\" OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 +.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.15 2021/10/29 10:22:00 schwarze Exp $ +.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" -.\" Copyright (c) 2016 Ingo Schwarze +.\" Copyright (c) 2016, 2021 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -65,11 +65,12 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 12 2021 $ +.Dd $Mdocdate: October 29 2021 $ .Dt X509_EXTENSION_SET_OBJECT 3 .Os .Sh NAME .Nm X509_EXTENSION_new , +.Nm X509_EXTENSION_dup , .Nm X509_EXTENSION_free , .Nm X509_EXTENSION_create_by_NID , .Nm X509_EXTENSION_create_by_OBJ , @@ -86,6 +87,8 @@ .In openssl/x509.h .Ft X509_EXTENSION * .Fn X509_EXTENSION_new void +.Ft X509_EXTENSION * +.Fn X509_EXTENSION_dup "X509_EXTENSION *ex" .Ft void .Fn X509_EXTENSION_free "X509_EXTENSION *ex" .Ft X509_EXTENSION * @@ -98,7 +101,7 @@ .Ft X509_EXTENSION * .Fo X509_EXTENSION_create_by_OBJ .Fa "X509_EXTENSION **ex" -.Fa "ASN1_OBJECT *obj" +.Fa "const ASN1_OBJECT *obj" .Fa "int crit" .Fa "ASN1_OCTET_STRING *data" .Fc @@ -127,7 +130,7 @@ .Fc .Ft ASN1_OCTET_STRING * .Fo X509_EXTENSION_get_data -.Fa "X509_EXTENSION *ne" +.Fa "X509_EXTENSION *ex" .Fc .Sh DESCRIPTION .Fn X509_EXTENSION_new @@ -148,6 +151,12 @@ and .Vt X509_REVOKED objects. .Pp +.Fn X509_EXTENSION_dup +creates a deep copy of +.Fa ex +using +.Xr ASN1_item_dup 3 . +.Pp .Fn X509_EXTENSION_free frees .Fa ex @@ -240,6 +249,7 @@ associated with an extension is the extension encoding in an structure. .Sh RETURN VALUES .Fn X509_EXTENSION_new , +.Fn X509_EXTENSION_dup , .Fn X509_EXTENSION_create_by_NID , and .Fn X509_EXTENSION_create_by_OBJ @@ -287,6 +297,8 @@ pointer. .Xr X509_check_ca 3 , .Xr X509_check_host 3 , .Xr X509_check_issued 3 , +.Xr X509_get_extension_flags 3 , +.Xr X509_REQ_add_extensions 3 , .Xr X509V3_EXT_print 3 , .Xr X509V3_extensions_print 3 , .Xr X509V3_get_d2i 3 , @@ -298,7 +310,9 @@ Certificate Revocation List (CRL) Profile .Fn X509_EXTENSION_new and .Fn X509_EXTENSION_free -first appeared in SSLeay 0.6.2. +first appeared in SSLeay 0.6.2, +.Fn X509_EXTENSION_dup +in SSLeay 0.6.5, and .Fn X509_EXTENSION_create_by_NID , .Fn X509_EXTENSION_create_by_OBJ , .Fn X509_EXTENSION_set_object , @@ -308,6 +322,6 @@ first appeared in SSLeay 0.6.2. .Fn X509_EXTENSION_get_critical , and .Fn X509_EXTENSION_get_data -first appeared in SSLeay 0.8.0. +in SSLeay 0.8.0. These functions have been available since .Ox 2.4 . diff --git a/man/X509_INFO_new.3 b/man/X509_INFO_new.3 index 9c601ccb..1e9bb832 100644 --- a/man/X509_INFO_new.3 +++ b/man/X509_INFO_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_INFO_new.3,v 1.2 2020/07/23 17:34:53 schwarze Exp $ +.\" $OpenBSD: X509_INFO_new.3,v 1.3 2021/10/19 10:39:33 schwarze Exp $ .\" Copyright (c) 2019 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 23 2020 $ +.Dd $Mdocdate: October 19 2021 $ .Dt X509_INFO_NEW 3 .Os .Sh NAME @@ -62,7 +62,8 @@ if an error occurs. .Sh SEE ALSO .Xr PEM_X509_INFO_read 3 , .Xr X509_CRL_new 3 , -.Xr X509_new 3 +.Xr X509_new 3 , +.Xr X509_PKEY_new 3 .Sh HISTORY .Fn X509_INFO_new and diff --git a/man/X509_LOOKUP_hash_dir.3 b/man/X509_LOOKUP_hash_dir.3 index 14e49f3a..f6321351 100644 --- a/man/X509_LOOKUP_hash_dir.3 +++ b/man/X509_LOOKUP_hash_dir.3 @@ -1,5 +1,6 @@ -.\" $OpenBSD: X509_LOOKUP_hash_dir.3,v 1.10 2021/07/31 14:54:33 schwarze Exp $ +.\" $OpenBSD: X509_LOOKUP_hash_dir.3,v 1.12 2021/11/12 14:05:28 schwarze Exp $ .\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 +.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: @@ -20,7 +21,7 @@ .\" .\" The original file was written by Victor B. Wagner .\" and Claus Assmann. -.\" Copyright (c) 2015, 2016, 2017 The OpenSSL Project. All rights reserved. +.\" Copyright (c) 2015, 2016 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -66,17 +67,14 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 31 2021 $ +.Dd $Mdocdate: November 12 2021 $ .Dt X509_LOOKUP_HASH_DIR 3 .Os .Sh NAME .Nm X509_LOOKUP_hash_dir , .Nm X509_LOOKUP_file , -.Nm X509_LOOKUP_mem , -.Nm X509_load_cert_file , -.Nm X509_load_crl_file , -.Nm X509_load_cert_crl_file -.Nd default certificate lookup methods +.Nm X509_LOOKUP_mem +.Nd certificate lookup methods .Sh SYNOPSIS .In openssl/x509_vfy.h .Ft X509_LOOKUP_METHOD * @@ -85,24 +83,6 @@ .Fn X509_LOOKUP_file void .Ft X509_LOOKUP_METHOD * .Fn X509_LOOKUP_mem void -.Ft int -.Fo X509_load_cert_file -.Fa "X509_LOOKUP *ctx" -.Fa "const char *file" -.Fa "int type" -.Fc -.Ft int -.Fo X509_load_crl_file -.Fa "X509_LOOKUP *ctx" -.Fa "const char *file" -.Fa "int type" -.Fc -.Ft int -.Fo X509_load_cert_crl_file -.Fa "X509_LOOKUP *ctx" -.Fa "const char *file" -.Fa "int type" -.Fc .Sh DESCRIPTION .Fn X509_LOOKUP_hash_dir , .Fn X509_LOOKUP_file , @@ -119,54 +99,6 @@ They are automatically used by the or .Xr SSL_CTX_load_verify_locations 3 functions. -.Pp -Internally, loading of certificates and CRLs is implemented via the functions -.Fn X509_load_cert_crl_file , -.Fn X509_load_cert_file -and -.Fn X509_load_crl_file . -These functions support a parameter -.Fa type , -which can be one of the constants -.Dv FILETYPE_PEM , -.Dv FILETYPE_ASN1 , -and -.Dv FILETYPE_DEFAULT . -They load certificates and/or CRLs from the specified file into a -memory cache of -.Vt X509_STORE -objects which the given -.Fa ctx -parameter is associated with. -.Pp -The functions -.Fn X509_load_cert_file -and -.Fn X509_load_crl_file -can load both PEM and DER formats depending on the -.Fa type -value. -Because DER format cannot contain more than one certificate or CRL -object (while PEM can contain several concatenated PEM objects), -.Fn X509_load_cert_crl_file -with -.Dv FILETYPE_ASN1 -is equivalent to -.Fn X509_load_cert_file . -.Pp -The constant -.Dv FILETYPE_DEFAULT -with -.Dv NULL -filename causes these functions to load the default certificate -store file (see -.Xr X509_STORE_set_default_paths 3 ) . -.Pp -All three methods support adding several certificate locations into one -.Sy X509_STORE . -.Pp -This page documents certificate store formats used by these methods and -caching policy. .Ss File Method The .Fn X509_LOOKUP_file @@ -186,7 +118,7 @@ As of OpenSSL 1.0.0, it also checks for newer CRLs upon each lookup, so that newer CRLs are used as soon as they appear in the directory. .Pp The directory should contain one certificate or CRL per file in PEM -format, with a file name of the form +format, with a filename of the form .Ar hash . Ns Ar N for a certificate, or .Ar hash . Ns Sy r Ns Ar N @@ -238,44 +170,19 @@ that are already stored in memory, using the function This is particularly useful in processes using .Xr chroot 2 . .Sh RETURN VALUES -.Fn X509_LOOKUP_hash_dir , -.Fn X509_LOOKUP_file , -and -.Fn X509_LOOKUP_mem -always return a pointer to a static -.Vt X509_LOOKUP_METHOD -object. -.Pp -.Fn X509_load_cert_file , -.Fn X509_load_crl_file , -and -.Fn X509_load_cert_crl_file -return the number of objects loaded from the -.Fa file -or 0 on error. +These functions always return a pointer to a static object. .Sh SEE ALSO -.Xr d2i_X509_bio 3 , -.Xr PEM_read_PrivateKey 3 , .Xr SSL_CTX_load_verify_locations 3 , .Xr X509_LOOKUP_new 3 , -.Xr X509_OBJECT_get0_X509 3 , .Xr X509_STORE_load_locations 3 , .Xr X509_STORE_new 3 .Sh HISTORY -.Fn X509_LOOKUP_hash_dir , -.Fn X509_LOOKUP_file , +.Fn X509_LOOKUP_hash_dir and -.Fn X509_load_cert_file -first appeared in SSLeay 0.8.0. -.Fn X509_load_crl_file -first appeared in SSLeay 0.9.0. -These functions have been available since +.Fn X509_LOOKUP_file +first appeared in SSLeay 0.8.0 and have been available since .Ox 2.4 . .Pp -.Fn X509_load_cert_crl_file -first appeared in OpenSSL 0.9.5 and has been available since -.Ox 2.7 . -.Pp .Fn X509_LOOKUP_mem first appeared in .Ox 5.7 . diff --git a/man/X509_LOOKUP_new.3 b/man/X509_LOOKUP_new.3 index 02420d66..f368cbb6 100644 --- a/man/X509_LOOKUP_new.3 +++ b/man/X509_LOOKUP_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_LOOKUP_new.3,v 1.4 2021/08/06 19:09:56 schwarze Exp $ +.\" $OpenBSD: X509_LOOKUP_new.3,v 1.9 2021/11/12 14:05:28 schwarze Exp $ .\" .\" Copyright (c) 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 6 2021 $ +.Dd $Mdocdate: November 12 2021 $ .Dt X509_LOOKUP_NEW 3 .Os .Sh NAME @@ -73,7 +73,7 @@ .Ft int .Fo X509_LOOKUP_by_subject .Fa "X509_LOOKUP *lookup" -.Fa "int type" +.Fa "X509_LOOKUP_TYPE type" .Fa "X509_NAME *name" .Fa "X509_OBJECT *object" .Fc @@ -84,7 +84,7 @@ .Ft int .Fo X509_LOOKUP_by_issuer_serial .Fa "X509_LOOKUP *lookup" -.Fa "int type" +.Fa "X509_LOOKUP_TYPE type" .Fa "X509_NAME *name" .Fa "ASN1_INTEGER *serial" .Fa "X509_OBJECT *object" @@ -92,7 +92,7 @@ .Ft int .Fo X509_LOOKUP_by_fingerprint .Fa "X509_LOOKUP *lookup" -.Fa "int type" +.Fa "X509_LOOKUP_TYPE type" .Fa "const unsigned char *bytes" .Fa "int length" .Fa "X509_OBJECT *object" @@ -100,7 +100,7 @@ .Ft int .Fo X509_LOOKUP_by_alias .Fa "X509_LOOKUP *lookup" -.Fa "int type" +.Fa "X509_LOOKUP_TYPE type" .Fa "const char *string" .Fa "int length" .Fa "X509_OBJECT *object" @@ -120,7 +120,7 @@ allocates a new, empty .Vt X509_LOOKUP object and associates it with the .Fa method -which is a static objects returned from either +which is a static object returned from either .Xr X509_LOOKUP_hash_dir 3 or .Xr X509_LOOKUP_file 3 @@ -286,16 +286,13 @@ set to .Dv NULL . .El .Pp +With LibreSSL, .Fn X509_LOOKUP_ctrl always ignores the .Fa ret -argument when the built-in -.Vt X509_LOOKUP_METHOD -objects are used. +argument. .Pp -When using built-in -.Vt X509_LOOKUP_METHOD -objects, +With LibreSSL, .Fn X509_LOOKUP_by_subject is only useful if .Fa lookup @@ -336,9 +333,7 @@ In case of success, the first match is returned in the .Pf * Fa object provided by the caller, overwriting any previous content. .Pp -Unless an application program manually constructs its own -.Vt X509_LOOKUP_METHOD -object containing its own callback functions, +With LibreSSL, .Fn X509_LOOKUP_init , .Fn X509_LOOKUP_shutdown , .Fn X509_LOOKUP_by_issuer_serial , @@ -346,15 +341,6 @@ object containing its own callback functions, and .Fn X509_LOOKUP_by_alias have no effect. -.Fn X509_LOOKUP_init -is supposed to be called after -.Fn X509_LOOKUP_new -and before using the -.Fa lookup -object, -.Fn X509_LOOKUP_shutdown -after using it and before -.Fn X509_LOOKUP_free . .Sh RETURN VALUES .Fn X509_LOOKUP_new returns the new object or @@ -363,18 +349,11 @@ if memory allocation fails. .Pp .Fn X509_LOOKUP_ctrl returns 1 for success or 0 for failure. -If -.Fa lookup -uses a user-defined -.Vt X509_LOOKUP_METHOD -object, it might also return \-1 for internal errors. +With library implementations other than LibreSSL, +it might also return \-1 for internal errors. .Pp .Fn X509_LOOKUP_by_subject -returns -.Dv X509_LU_X509 -for success or -.Dv X509_LU_FAIL -for failure. +returns 1 for success or 0 for failure. In particular, it fails if .Fa lookup uses @@ -392,29 +371,21 @@ is neither nor .Dv X509_LU_CRL , if no match is found, or if memory allocation fails. -If -.Fa lookup -uses a user-defined -.Vt X509_LOOKUP_METHOD -object, it might also return negative values for internal errors. +With library implementations other than LibreSSL, +it might also return negative values for internal errors. .Pp .Fn X509_LOOKUP_init and .Fn X509_LOOKUP_shutdown are supposed to return 1 for success and 0 for failure. -When using the built-in -.Vt X509_LOOKUP_METHOD -objects, they always return 1. +With LibreSSL, they always return 1. .Pp +With LibreSSL, .Fn X509_LOOKUP_by_issuer_serial , .Fn X509_LOOKUP_by_fingerprint , and .Fn X509_LOOKUP_by_alias -always return -.Dv X509_LU_FAIL -when using the built-in -.Vt X509_LOOKUP_METHOD -objects. +always return 0. .Pp .Fn X509_get_default_cert_dir returns a pointer to the constant string @@ -539,6 +510,7 @@ causes failure but provides no diagnostics. .Xr d2i_X509_bio 3 , .Xr PEM_read_bio_X509_AUX 3 , .Xr PEM_X509_INFO_read_bio 3 , +.Xr X509_load_cert_file 3 , .Xr X509_LOOKUP_hash_dir 3 , .Xr X509_NAME_hash 3 , .Xr X509_NAME_new 3 , diff --git a/man/X509_NAME_ENTRY_get_object.3 b/man/X509_NAME_ENTRY_get_object.3 index 7437ee82..2eadec7b 100644 --- a/man/X509_NAME_ENTRY_get_object.3 +++ b/man/X509_NAME_ENTRY_get_object.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_NAME_ENTRY_get_object.3,v 1.14 2021/07/02 16:13:56 schwarze Exp $ +.\" $OpenBSD: X509_NAME_ENTRY_get_object.3,v 1.16 2021/12/10 16:58:20 schwarze Exp $ .\" full merge up to: OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400 .\" selective merge up to: OpenSSL ca34e08d Dec 12 07:38:07 2018 +0100 .\" @@ -67,7 +67,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 2 2021 $ +.Dd $Mdocdate: December 10 2021 $ .Dt X509_NAME_ENTRY_GET_OBJECT 3 .Os .Sh NAME @@ -232,12 +232,34 @@ to .Fn X509_NAME_ENTRY_set_data sets the field value of .Fa ne -to string type +to the given string .Fa type and the value determined by .Fa bytes and .Fa len . +If the +.Fa type +argument is positive and includes the +.Fa MBSTRING_FLAG +bit, +.Xr ASN1_STRING_set_by_NID 3 +is used for setting the value, passing the +.Fa type +as the +.Fa inform +argument and using the +.Fa nid +corresponding to +.Fa ne . +Otherwise, if the +.Fa type +argument is +.Dv V_ASN1_APP_CHOOSE , +the type of +.Fa ne +is set to the return value of +.Xr ASN1_PRINTABLE_type 3 . .Pp .Fn X509_NAME_ENTRY_create_by_txt , .Fn X509_NAME_ENTRY_create_by_NID , diff --git a/man/X509_NAME_add_entry_by_txt.3 b/man/X509_NAME_add_entry_by_txt.3 index 56e1564a..3c1237d2 100644 --- a/man/X509_NAME_add_entry_by_txt.3 +++ b/man/X509_NAME_add_entry_by_txt.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_NAME_add_entry_by_txt.3,v 1.14 2019/06/14 13:59:32 schwarze Exp $ +.\" $OpenBSD: X509_NAME_add_entry_by_txt.3,v 1.16 2022/03/31 17:27:17 naddy Exp $ .\" OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 14 2019 $ +.Dd $Mdocdate: March 31 2022 $ .Dt X509_NAME_ADD_ENTRY_BY_TXT 3 .Os .Sh NAME @@ -205,11 +205,11 @@ if it is -1 it is appended. .Pp .Fa set determines how the new type is added. -If it is zero a new RDN is created. +If it is zero, a new RDN is created. .Pp If .Fa set -is -1 or 1 it is added to the previous or next RDN structure +is -1 or 1, it is added to the previous or next RDN structure respectively. This will then be a multivalued RDN: since multivalue RDNs are very seldom used, @@ -275,7 +275,9 @@ first appeared in OpenSSL 0.9.5 and have been available since .Fa type can still be set to .Dv V_ASN1_APP_CHOOSE -to use a different algorithm to determine field types. +to use +.Xr ASN1_PRINTABLE_type 3 +to determine field types. Since this form does not understand multicharacter types, performs no length checks, and can result in invalid field types, its use is strongly discouraged. diff --git a/man/X509_NAME_get_index_by_NID.3 b/man/X509_NAME_get_index_by_NID.3 index ce0247b2..71dd98ce 100644 --- a/man/X509_NAME_get_index_by_NID.3 +++ b/man/X509_NAME_get_index_by_NID.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_NAME_get_index_by_NID.3,v 1.12 2019/06/14 13:59:32 schwarze Exp $ +.\" $OpenBSD: X509_NAME_get_index_by_NID.3,v 1.13 2022/07/02 17:09:09 jsing Exp $ .\" OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 14 2019 $ +.Dd $Mdocdate: July 2 2022 $ .Dt X509_NAME_GET_INDEX_BY_NID 3 .Os .Sh NAME @@ -157,10 +157,9 @@ All relevant .Dv NID_* and .Dv OBJ_* -codes can be found in the header files -.In openssl/obj_mac.h -and -.In openssl/objects.h . +codes can be found in the +.In openssl/objects.h +header file. .Pp Applications which could pass invalid NIDs to .Fn X509_NAME_get_index_by_NID diff --git a/man/X509_NAME_print_ex.3 b/man/X509_NAME_print_ex.3 index 494066ff..8024d838 100644 --- a/man/X509_NAME_print_ex.3 +++ b/man/X509_NAME_print_ex.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_NAME_print_ex.3,v 1.11 2018/05/19 22:05:58 schwarze Exp $ +.\" $OpenBSD: X509_NAME_print_ex.3,v 1.12 2021/11/11 15:58:49 schwarze Exp $ .\" full merge up to: OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400 .\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 .\" @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 19 2018 $ +.Dd $Mdocdate: November 11 2021 $ .Dt X509_NAME_PRINT_EX 3 .Os .Sh NAME @@ -189,6 +189,8 @@ this is more readable that plain comma and plus. uses spaced semicolon and plus. .Dv XN_FLAG_SEP_MULTILINE uses spaced newline and plus respectively. +.Dv XN_FLAG_SEP_MASK +contains the bits used to represent these four options. .Pp If .Dv XN_FLAG_DN_REV @@ -204,6 +206,8 @@ determine how a field name is displayed. It will use the short name (e.g. CN), the long name (e.g. commonName), always use OID numerical form (normally OIDs are only used if the field name is not recognised) and no field name, respectively. +.Dv XN_FLAG_FN_MASK +contains the bits used to represent these four options. .Pp If .Dv XN_FLAG_SPC_EQ diff --git a/man/X509_OBJECT_get0_X509.3 b/man/X509_OBJECT_get0_X509.3 index ef3dbd1b..099e8658 100644 --- a/man/X509_OBJECT_get0_X509.3 +++ b/man/X509_OBJECT_get0_X509.3 @@ -1,5 +1,6 @@ -.\" $OpenBSD: X509_OBJECT_get0_X509.3,v 1.11 2021/08/02 16:21:11 schwarze Exp $ -.\" Copyright (c) 2018 Ingo Schwarze +.\" $OpenBSD: X509_OBJECT_get0_X509.3,v 1.14 2022/01/15 23:38:50 jsg Exp $ +.\" +.\" Copyright (c) 2018, 2021 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -13,13 +14,15 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 2 2021 $ +.Dd $Mdocdate: January 15 2022 $ .Dt X509_OBJECT_GET0_X509 3 .Os .Sh NAME .Nm X509_OBJECT_get_type , +.Nm X509_OBJECT_new , .Nm X509_OBJECT_up_ref_count , .Nm X509_OBJECT_free_contents , +.Nm X509_OBJECT_free , .Nm X509_OBJECT_get0_X509 , .Nm X509_OBJECT_get0_X509_CRL , .Nm X509_OBJECT_idx_by_subject , @@ -28,10 +31,14 @@ .Nd certificate, CRL, private key, and string wrapper for certificate stores .Sh SYNOPSIS .In openssl/x509_vfy.h -.Ft int +.Ft X509_LOOKUP_TYPE .Fo X509_OBJECT_get_type .Fa "const X509_OBJECT *obj" .Fc +.Ft X509_OBJECT * +.Fo X509_OBJECT_new +.Fa void +.Fc .Ft int .Fo X509_OBJECT_up_ref_count .Fa "X509_OBJECT *obj" @@ -40,6 +47,10 @@ .Fo X509_OBJECT_free_contents .Fa "X509_OBJECT *obj" .Fc +.Ft void +.Fo X509_OBJECT_free +.Fa "X509_OBJECT *obj" +.Fc .Ft X509 * .Fo X509_OBJECT_get0_X509 .Fa "const X509_OBJECT *obj" @@ -51,13 +62,13 @@ .Ft int .Fo X509_OBJECT_idx_by_subject .Fa "STACK_OF(X509_OBJECT) *stack" -.Fa "int type" +.Fa "X509_LOOKUP_TYPE type" .Fa "X509_NAME *name" .Fc .Ft X509_OBJECT * .Fo X509_OBJECT_retrieve_by_subject .Fa "STACK_OF(X509_OBJECT) *stack" -.Fa "int type" +.Fa "X509_LOOKUP_TYPE type" .Fa "X509_NAME *name" .Fc .Ft X509_OBJECT * @@ -70,13 +81,9 @@ The .Vt X509_OBJECT structure is a shallow wrapper around one .Vt X509 -certificate object, one +certificate object or one .Vt X509_CRL -certificate revocation list object, one -.Vt EVP_PKEY -private key object, or one -.Vt char * -string. +certificate revocation list object. The type of object stored at any given time can be inspected with .Fn X509_OBJECT_get_type . .Pp @@ -86,6 +93,15 @@ object uses one stack of .Vt X509_OBJECT structures as its main storage area. .Pp +.Fn X509_OBJECT_new +allocates a new +.Vt X509_OBJECT +structure. +It sets the object type to +.Dv X509_LU_NONE +and the pointer to the certificate or CRL to +.Dv NULL . +.Pp If .Fa obj contains an @@ -119,6 +135,13 @@ does not free .Fa obj itself. .Pp +.Fn X509_OBJECT_free +calls +.Fn X509_OBJECT_free_contents +and then frees the storage used for the +.Fa obj +itself. +.Pp If .Fa type is @@ -158,12 +181,18 @@ if .Fa obj contains a certificate, .Dv X509_LU_CRL -if it contains a certificate revocation list, -or 0 if an error occurs. +if it contains a certificate revocation list, or +.Dv X509_LU_NONE +if it contains neither. .Pp .Fn X509_OBJECT_up_ref_count returns 1 on success and 0 on failure. .Pp +.Fn X509_OBJECT_new +returns the new object or +.Dv NULL +if memory allocation fails. +.Pp .Fn X509_OBJECT_get0_X509 returns an internal pointer to the certificate contained in .Fa obj @@ -212,7 +241,7 @@ nor or if no match is found. .Pp .Fn X509_OBJECT_retrieve_match -returns the first mathching +returns the first matching .Vt X509_OBJECT or .Dv NULL @@ -224,9 +253,11 @@ is .Dv NULL or no match is found. .Sh SEE ALSO +.Xr STACK_OF 3 , .Xr X509_CRL_new 3 , .Xr X509_LOOKUP_new 3 , .Xr X509_NAME_new 3 , +.Xr X509_new 3 , .Xr X509_STORE_get0_objects 3 , .Xr X509_STORE_get_by_subject 3 , .Xr X509_STORE_load_locations 3 , @@ -251,3 +282,9 @@ and .Fn X509_OBJECT_get0_X509_CRL first appeared in OpenSSL 1.1.0 and have been available since .Ox 6.3 . +.Pp +.Fn X509_OBJECT_new +and +.Fn X509_OBJECT_free +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 7.1 . diff --git a/man/X509_PKEY_new.3 b/man/X509_PKEY_new.3 new file mode 100644 index 00000000..253b0f6d --- /dev/null +++ b/man/X509_PKEY_new.3 @@ -0,0 +1,92 @@ +.\" $OpenBSD: X509_PKEY_new.3,v 1.1 2021/10/19 10:39:33 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: October 19 2021 $ +.Dt X509_PKEY_NEW 3 +.Os +.Sh NAME +.Nm X509_PKEY_new , +.Nm X509_PKEY_free +.Nd X.509 private key wrapper object +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_PKEY * +.Fn X509_PKEY_new void +.Ft void +.Fn X509_PKEY_free "X509_PKEY *wrapper" +.Sh DESCRIPTION +.Vt X509_PKEY +is a reference-counted wrapper object that can store +.Bl -bullet -width 1n +.It +a pointer to an encrypted and ASN.1-encoded private key +.It +a pointer to an +.Vt EVP_PKEY +object representing the same key in decrypted form +.It +a pointer to an +.Vt X509_ALGOR +object identifying the algorithm used by the key +.El +.Pp +The object may contain only the encrypted key or only the decrypted +key or both. +.Pp +.Vt X509_PKEY +is used as a sub-object of the +.Vt X509_INFO +object created by +.Xr PEM_X509_INFO_read_bio 3 +if the PEM file contains any RSA, DSA, or EC PRIVATE KEY object. +.Pp +.Fn X509_PKEY_new +allocates and initializes an empty +.Vt X509_PKEY +object and sets its reference count to 1. +.Pp +.Fn X509_PKEY_free +decrements the reference count of the +.Fa wrapper +object by 1. +If the reference count reaches 0, +it frees all internal objects allocated by the +.Fa wrapper +as well as the storage needed for the +.Fa wrapper +object itself. +If +.Fa wrapper +is a +.Dv NULL +pointer, no action occurs. +.Sh RETURN VALUES +.Fn X509_PKEY_new +returns a pointer to the new +.Vt X509_PKEY +object or +.Dv NULL +if memory allocation fails. +.Sh SEE ALSO +.Xr EVP_PKEY_new 3 , +.Xr PEM_X509_INFO_read 3 , +.Xr X509_INFO_new 3 +.Sh HISTORY +.Fn X509_PKEY_new +and +.Fn X509_PKEY_free +first appeared in SSLeay 0.6.0 and have been available since +.Ox 2.4 . diff --git a/man/X509_PUBKEY_new.3 b/man/X509_PUBKEY_new.3 index 69afcb5a..648b028d 100644 --- a/man/X509_PUBKEY_new.3 +++ b/man/X509_PUBKEY_new.3 @@ -1,10 +1,10 @@ -.\" $OpenBSD: X509_PUBKEY_new.3,v 1.16 2020/06/19 14:04:25 schwarze Exp $ +.\" $OpenBSD: X509_PUBKEY_new.3,v 1.17 2021/10/26 10:01:23 schwarze Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" -.\" Copyright (c) 2020 Ingo Schwarze +.\" Copyright (c) 2020, 2021 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 19 2020 $ +.Dd $Mdocdate: October 26 2021 $ .Dt X509_PUBKEY_NEW 3 .Os .Sh NAME @@ -74,6 +74,8 @@ .Nm X509_PUBKEY_set , .Nm X509_PUBKEY_get0 , .Nm X509_PUBKEY_get , +.Nm d2i_X509_PUBKEY , +.Nm i2d_X509_PUBKEY , .Nm d2i_PUBKEY , .Nm i2d_PUBKEY , .Nm d2i_PUBKEY_bio , @@ -104,36 +106,47 @@ .Fo X509_PUBKEY_get .Fa "X509_PUBKEY *key" .Fc +.Ft X509_PUBKEY * +.Fo d2i_X509_PUBKEY +.Fa "X509_PUBKEY **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_X509_PUBKEY +.Fa "X509_PUBKEY *val_in" +.Fa "unsigned char **der_out" +.Fc .Ft EVP_PKEY * .Fo d2i_PUBKEY -.Fa "EVP_PKEY **a" -.Fa "const unsigned char **pp" +.Fa "EVP_PKEY **val_out" +.Fa "const unsigned char **der_in" .Fa "long length" .Fc .Ft int .Fo i2d_PUBKEY -.Fa "EVP_PKEY *a" -.Fa "unsigned char **pp" +.Fa "EVP_PKEY *val_in" +.Fa "unsigned char **der_out" .Fc .Ft EVP_PKEY * .Fo d2i_PUBKEY_bio .Fa "BIO *bp" -.Fa "EVP_PKEY **a" +.Fa "EVP_PKEY **val_out" .Fc .Ft EVP_PKEY * .Fo d2i_PUBKEY_fp .Fa "FILE *fp" -.Fa "EVP_PKEY **a" +.Fa "EVP_PKEY **val_out" .Fc .Ft int .Fo i2d_PUBKEY_fp .Fa "FILE *fp" -.Fa "EVP_PKEY *pkey" +.Fa "EVP_PKEY *val_in" .Fc .Ft int .Fo i2d_PUBKEY_bio .Fa "BIO *bp" -.Fa "EVP_PKEY *pkey" +.Fa "EVP_PKEY *val_in" .Fc .Ft int .Fo X509_PUBKEY_set0_param @@ -202,14 +215,18 @@ count on the returned key is incremented so it must be freed using .Xr EVP_PKEY_free 3 after use. .Pp -.Fn d2i_PUBKEY +.Fn d2i_X509_PUBKEY , +.Fn i2d_X509_PUBKEY , +.Fn d2i_PUBKEY , and .Fn i2d_PUBKEY -decode and encode an -.Vt EVP_PKEY -structure using +decode and encode an ASN.1 .Vt SubjectPublicKeyInfo -format. +structure using either the +.Vt X509_PUBKEY +or the +.Vt EVP_PKEY +object type, respectively. For details about the semantics, examples, caveats, and bugs, see .Xr ASN1_item_d2i 3 . .Fn d2i_PUBKEY_bio , @@ -217,7 +234,11 @@ For details about the semantics, examples, caveats, and bugs, see .Fn i2d_PUBKEY_bio and .Fn i2d_PUBKEY_fp -are similar except they decode or encode using a +are similar to +.Fn d2i_PUBKEY +and +.Fn i2d_PUBKEY +except they decode or encode using a .Vt BIO or .Vt FILE @@ -267,20 +288,29 @@ and sets an error code that can be obtained by .Xr ERR_get_error 3 . Otherwise it returns a pointer to the newly allocated structure. .Pp -.Fn X509_PUBKEY_get0 , -.Fn X509_PUBKEY_get , +.Fn X509_PUBKEY_get0 +returns an internal pointer or +.Dv NULL +if an error occurs. +.Pp +.Fn X509_PUBKEY_get +returns a pointer to an object that had its reference count incremented or +.Dv NULL +if an error occurs. +.Pp +.Fn d2i_X509_PUBKEY , .Fn d2i_PUBKEY , .Fn d2i_PUBKEY_bio , and .Fn d2i_PUBKEY_fp -return a pointer to an -.Vt EVP_PKEY -structure or +return a pointer to a valid object or .Dv NULL if an error occurs. .Pp +.Fn i2d_X509_PUBKEY +and .Fn i2d_PUBKEY -returns the number of bytes successfully encoded or a negative value +return the number of bytes successfully encoded or a negative value if an error occurs. .Pp .Fn X509_PUBKEY_set , @@ -336,6 +366,10 @@ Certificate Revocation List (CRL) Profile and .Fn X509_PUBKEY_free appeared in SSLeay 0.4 or earlier. +.Fn d2i_X509_PUBKEY +and +.Fn i2d_X509_PUBKEY +first appeared in SSLeay 0.5.1. .Fn X509_PUBKEY_set and .Fn X509_PUBKEY_get diff --git a/man/X509_REQ_add1_attr.3 b/man/X509_REQ_add1_attr.3 new file mode 100644 index 00000000..26eb4f14 --- /dev/null +++ b/man/X509_REQ_add1_attr.3 @@ -0,0 +1,186 @@ +.\" $OpenBSD: X509_REQ_add1_attr.3,v 1.2 2021/10/26 18:50:38 jmc Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: October 26 2021 $ +.Dt X509_REQ_ADD1_ATTR 3 +.Os +.Sh NAME +.Nm X509_REQ_add1_attr , +.Nm X509_REQ_add1_attr_by_OBJ , +.Nm X509_REQ_add1_attr_by_NID , +.Nm X509_REQ_add1_attr_by_txt , +.Nm X509_REQ_delete_attr , +.Nm X509_REQ_get_attr , +.Nm X509_REQ_get_attr_count , +.Nm X509_REQ_get_attr_by_OBJ , +.Nm X509_REQ_get_attr_by_NID +.Nd X.501 Attributes of PKCS#10 certification requests +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo X509_REQ_add1_attr +.Fa "X509_REQ *req" +.Fa "X509_ATTRIBUTE *attr" +.Fc +.Ft int +.Fo X509_REQ_add1_attr_by_OBJ +.Fa "X509_REQ *req" +.Fa "const ASN1_OBJECT *obj" +.Fa "int type" +.Fa "const unsigned char *data" +.Fa "int len" +.Fc +.Ft int +.Fo X509_REQ_add1_attr_by_NID +.Fa "X509_REQ *req" +.Fa "int nid" +.Fa "int type" +.Fa "const unsigned char *data" +.Fa "int len" +.Fc +.Ft int +.Fo X509_REQ_add1_attr_by_txt +.Fa "X509_REQ *req" +.Fa "const char *name" +.Fa "int type" +.Fa "const unsigned char *data" +.Fa "int len" +.Fc +.Ft X509_ATTRIBUTE * +.Fo X509_REQ_delete_attr +.Fa "X509_REQ *req" +.Fa "int index" +.Fc +.Ft X509_ATTRIBUTE * +.Fo X509_REQ_get_attr +.Fa "const X509_REQ *req" +.Fa "int index" +.Fc +.Ft int +.Fo X509_REQ_get_attr_count +.Fa "const X509_REQ *req" +.Fc +.Ft int +.Fo X509_REQ_get_attr_by_OBJ +.Fa "const X509_REQ *req" +.Fa "const ASN1_OBJECT *obj" +.Fa "int start_after" +.Fc +.Ft int +.Fo X509_REQ_get_attr_by_NID +.Fa "const X509_REQ *req" +.Fa "int nid" +.Fa "int start_after" +.Fc +.Sh DESCRIPTION +These functions support associating an array of X.501 Attributes +with a PKCS#10 certification request. +.Pp +.Fn X509_REQ_add1_attr +appends a deep copy of the +.Fa attr +using +.Xr X509at_add1_attr 3 . +.Pp +.Fn X509_REQ_add1_attr_by_OBJ , +.Fn X509_REQ_add1_attr_by_NID , +and +.Fn X509_REQ_add1_attr_by_txt +create a new X.501 Attribute object using +.Xr X509_ATTRIBUTE_create_by_OBJ 3 , +.Xr X509_ATTRIBUTE_create_by_NID 3 , +or +.Xr X509_ATTRIBUTE_create_by_txt 3 , +respectively, and append it using +.Xr X509at_add1_attr 3 . +.Pp +.Fn X509_REQ_delete_attr +deletes the attribute with the zero-based +.Fa index +using +.Xr X509at_delete_attr 3 . +.Pp +.Fn X509_REQ_get_attr +returns the attribute with the zero-based +.Fa index +using +.Xr X509at_get_attr 3 . +.Pp +.Fn X509_REQ_get_attr_count +returns the number of attributes currently associated with +.Fa req +using +.Xr X509at_get_attr_count 3 . +.Pp +.Fn X509_REQ_get_attr_by_OBJ +and +.Fn X509_REQ_get_attr_by_NID +search for an attribute of the type +.Fa obj +or +.Fa nid +using +.Xr X509at_get_attr_by_OBJ 3 +or +.Xr X509at_get_attr_by_NID 3 , +respectively. +.Sh RETURN VALUES +.Fn X509_REQ_add1_attr , +.Fn X509_REQ_add1_attr_by_OBJ , +.Fn X509_REQ_add1_attr_by_NID , +and +.Fn X509_REQ_add1_attr_by_txt +return 1 for success or 0 for failure. +.Pp +.Fn X509_REQ_delete_attr +and +.Fn X509_REQ_get_attr +return the deleted or requested attribute or +.Dv NULL +if the requested index is negative or greater than or equal to +the current number of attributes associated with +.Fa req . +.Pp +.Fn X509_REQ_get_attr_count +returns the current number of attributes. +.Pp +.Fn X509_REQ_get_attr_by_OBJ +and +.Fn X509_REQ_get_attr_by_NID +return the index of the first attribute that has an index greater than +.Fa start_after +and a type matching +.Fa obj +or +.Fa nid , +respectively, or \-1 on failure. +In addition, +.Fn X509_REQ_get_attr_by_NID +returns \-2 if +.Xr OBJ_nid2obj 3 +fails on the requested +.Fa nid . +.Sh SEE ALSO +.Xr OBJ_nid2obj 3 , +.Xr X509_ATTRIBUTE_create_by_OBJ 3 , +.Xr X509_ATTRIBUTE_new 3 , +.Xr X509_REQ_new 3 , +.Xr X509at_add1_attr 3 , +.Xr X509at_get_attr 3 +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.5 +and have been available since +.Ox 2.7 . diff --git a/man/X509_REQ_add_extensions.3 b/man/X509_REQ_add_extensions.3 new file mode 100644 index 00000000..8610edf8 --- /dev/null +++ b/man/X509_REQ_add_extensions.3 @@ -0,0 +1,141 @@ +.\" $OpenBSD: X509_REQ_add_extensions.3,v 1.1 2021/10/27 14:54:07 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: October 27 2021 $ +.Dt X509_REQ_ADD_EXTENSIONS 3 +.Os +.Sh NAME +.Nm X509_REQ_add_extensions , +.Nm X509_REQ_add_extensions_nid , +.Nm X509_REQ_get_extensions , +.Nm X509_REQ_set_extension_nids , +.Nm X509_REQ_get_extension_nids , +.Nm X509_REQ_extension_nid +.Nd extensions in certification requests +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo X509_REQ_add_extensions +.Fa "X509_REQ *req" +.Fa "STACK_OF(X509_EXTENSION) *extensions" +.Fc +.Ft int +.Fo X509_REQ_add_extensions_nid +.Fa "X509_REQ *req" +.Fa "STACK_OF(X509_EXTENSION) *extensions" +.Fa "int nid" +.Fc +.Ft STACK_OF(X509_EXTENSION) * +.Fn X509_REQ_get_extensions "X509_REQ *req" +.Ft void +.Fn X509_REQ_set_extension_nids "int *nids" +.Ft int * +.Fn X509_REQ_get_extension_nids void +.Ft int +.Fn X509_REQ_extension_nid "int nid" +.Sh DESCRIPTION +.Fn X509_REQ_add_extensions +encodes the array of +.Fa extensions +using +.Xr i2d_X509_EXTENSIONS 3 +and adds a new X.501 Attribute object of the type +.Dv NID_ext_req +to +.Fa req +using the equivalent of +.Xr X509_ATTRIBUTE_create_by_NID 3 +with a +.Fa type +of +.Dv V_ASN1_SEQUENCE . +.Pp +.Fn X509_REQ_add_extensions_nid +is identical except that the specified +.Fa nid +is used as the X.501 Attribute type instead of +.Dv NID_ext_req . +.Pp +.Fn X509_REQ_get_extensions +retrieves the first value of the first X.501 Attribute of appropriate type. +By default, the attribute types +.Dv NID_ext_req +and +.Dv NID_ms_ext_req +are considered appropriate. +.Pp +.Fn X509_REQ_set_extension_nids +replaces the list of attribute types that +.Fn X509_REQ_get_extensions +considers appropriate for storing extensions. +The +.Fa nids +argument is interpreted as a pointer to the first element +of a variable-sized array of +.Vt int . +The last element of the array has to be +.Dv NID_undef . +The array needs to remain valid until +.Fn X509_REQ_set_extension_nids +is called again with a different argument. +.Pp +.Fn X509_REQ_extension_nid +checks whether +.Fn X509_REQ_get_extensions +regards the +.Fa nid +argument as a type appropriate for storing extensions. +.Sh RETURN VALUES +.Fn X509_REQ_add_extensions +and +.Fn X509_REQ_add_extensions_nid +returns 1 for success or 0 for failure. +.Pp +.Fn X509_REQ_get_extensions +returns a newly allocated array of ASN.1 +.Vt Extension +objects or +.Dv NULL +if +.Fa req +is +.Dv NULL , +does not contain +.Vt CertificationRequestInfo , +contains no attribute of an appropriate type, +or if decoding or memory allocation fails. +.Pp +.Fn X509_REQ_get_extension_nids +returns the pointer installed with +.Fn X509_REQ_set_extension_nids +or a pointer to a static array +.Brq Dv NID_ext_req , NID_ms_ext_req , NID_undef +by default. +.Pp +.Fn X509_REQ_extension_nid +returns 1 if +.Fa nid +is considered appropriate or 0 otherwise. +.Sh SEE ALSO +.Xr d2i_X509_EXTENSION 3 , +.Xr STACK_OF 3 , +.Xr X509_EXTENSION_new 3 , +.Xr X509_REQ_new 3 , +.Xr X509V3_extensions_print 3 +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.5 +and have been available since +.Ox 2.7 . diff --git a/man/X509_REQ_new.3 b/man/X509_REQ_new.3 index 26460048..0a5828d5 100644 --- a/man/X509_REQ_new.3 +++ b/man/X509_REQ_new.3 @@ -1,6 +1,6 @@ -.\" $OpenBSD: X509_REQ_new.3,v 1.6 2019/06/06 01:06:59 schwarze Exp $ +.\" $OpenBSD: X509_REQ_new.3,v 1.11 2021/10/29 09:42:07 schwarze Exp $ .\" -.\" Copyright (c) 2016 Ingo Schwarze +.\" Copyright (c) 2016, 2021 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -14,11 +14,13 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: October 29 2021 $ .Dt X509_REQ_NEW 3 .Os .Sh NAME .Nm X509_REQ_new , +.Nm X509_REQ_dup , +.Nm X509_to_X509_REQ , .Nm X509_REQ_free , .Nm X509_REQ_INFO_new , .Nm X509_REQ_INFO_free @@ -27,6 +29,10 @@ .In openssl/x509.h .Ft X509_REQ * .Fn X509_REQ_new void +.Ft X509_REQ * +.Fn X509_REQ_dup "X509_REQ *req" +.Ft X509_REQ * +.Fn X509_to_X509_REQ "X509 *x" "EVP_PKEY *pkey" "const EVP_MD *md" .Ft void .Fn X509_REQ_free "X509_REQ *req" .Ft X509_REQ_INFO * @@ -44,6 +50,30 @@ It can hold a pointer to an .Vt X509_REQ_INFO object discussed below together with a cryptographic signature and information about the signature algorithm used. +.Pp +.Fn X509_REQ_dup +creates a deep copy of +.Fa req +using +.Xr ASN1_item_dup 3 , +setting the reference count of the copy to 1. +.Pp +.Fn X509_to_X509_REQ +allocates a new certification request object, copies +the subject name and the public key into it from the certificate +.Fa x , +and sets the version to zero. +Unless +.Fa pkey +is +.Dv NULL , +it also signs the request with +.Xr X509_REQ_sign 3 +using +.Fa pkey +and +.Fa md . +.Pp .Fn X509_REQ_free frees .Fa req . @@ -72,7 +102,9 @@ is a .Dv NULL pointer, no action occurs. .Sh RETURN VALUES -.Fn X509_REQ_new +.Fn X509_REQ_new , +.Fn X509_REQ_dup , +.Fn X509_to_X509_REQ , and .Fn X509_REQ_INFO_new return the new @@ -86,12 +118,15 @@ if an error occurs. .Xr d2i_X509_REQ 3 , .Xr PEM_read_X509_REQ 3 , .Xr X509_new 3 , +.Xr X509_REQ_add1_attr 3 , +.Xr X509_REQ_add_extensions 3 , .Xr X509_REQ_check_private_key 3 , .Xr X509_REQ_digest 3 , .Xr X509_REQ_get0_signature 3 , .Xr X509_REQ_get_pubkey 3 , .Xr X509_REQ_get_subject_name 3 , .Xr X509_REQ_get_version 3 , +.Xr X509_REQ_print_ex 3 , .Xr X509_REQ_sign 3 .Sh STANDARDS RFC 2986: PKCS #10: Certification Request Syntax Specification @@ -101,5 +136,10 @@ RFC 2986: PKCS #10: Certification Request Syntax Specification .Fn X509_REQ_INFO_new , and .Fn X509_REQ_INFO_free -first appeared in SSLeay 0.4.4 and have been available since +first appeared in SSLeay 0.4.4, +.Fn X509_REQ_dup +in SSLeay 0.5.1, and +.Fn X509_to_X509_REQ +in SSLeay 0.6.0. +These functions have been available since .Ox 2.4 . diff --git a/man/X509_REQ_print_ex.3 b/man/X509_REQ_print_ex.3 new file mode 100644 index 00000000..b8fb690c --- /dev/null +++ b/man/X509_REQ_print_ex.3 @@ -0,0 +1,175 @@ +.\" $OpenBSD: X509_REQ_print_ex.3,v 1.2 2021/11/19 15:50:46 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 19 2021 $ +.Dt X509_REQ_PRINT_EX 3 +.Os +.Sh NAME +.Nm X509_REQ_print_ex , +.Nm X509_REQ_print , +.Nm X509_REQ_print_fp +.Nd pretty-print a PKCS#10 certification request +.Sh SYNOPSIS +.Ft int +.Fo X509_REQ_print_ex +.Fa "BIO *bio" +.Fa "X509_REQ *req" +.Fa "unsigned long nameflags" +.Fa "unsigned long skipflags" +.Fc +.Ft int +.Fo X509_REQ_print +.Fa "BIO *bio" +.Fa "X509_REQ *req" +.Fc +.Ft int +.Fo X509_REQ_print_fp +.Fa "FILE *fp" +.Fa "X509_REQ *req" +.Fc +.Sh DESCRIPTION +.Fn X509_REQ_print_ex +prints information contained in +.Fa req +to +.Fa bio +in human-readable form. +Printing is aborted as soon as any operation fails, with the exception +that failures while attempting to decode or print the public key +are not considered as errors. +.Pp +By default, the following blocks of information +are printed in the following order. +Each block can be skipped by setting the corresponding bit in +.Fa skipflags , +provided in parentheses after each block description. +.Bl -bullet +.It +A pair of lines reading +.Qq Certificate Request:\& +and +.Qq Data:\& +containing no information. +.Pq Dv X509_FLAG_NO_HEADER +.It +The value contained in the version field +in decimal and hexadecimal notation. +.Pq Dv X509_FLAG_NO_VERSION +.It +The subject name is printed with +.Xr X509_NAME_print_ex 3 . +.Pq Dv X509_FLAG_NO_SUBJECT +.It +The public key algorithm is printed with +.Xr i2a_ASN1_OBJECT 3 , +and the public key returned from +.Xr X509_REQ_get_pubkey 3 +with +.Xr EVP_PKEY_print_public 3 . +.Pq Dv X509_FLAG_NO_PUBKEY +.It +For each X.501 attribute that is not a requested extension according to +.Xr X509_REQ_extension_nid 3 , +the object identifier is printed with +.Xr i2a_ASN1_OBJECT 3 , +and all values of the types +.Dv V_ASN1_PRINTABLESTRING , +.Dv V_ASN1_T61STRING , +and +.Dv V_ASN1_IA5STRING +are printed with +.Xr BIO_write 3 . +.Pq Dv X509_FLAG_NO_ATTRIBUTES +.It +The requested extensions are retrieved with +.Xr X509_REQ_get_extensions 3 +and their types and values are printed with +.Xr i2a_ASN1_OBJECT 3 +and +.Xr X509V3_EXT_print 3 , +or, if the latter fails, with +.Xr ASN1_STRING_print 3 . +.Pq Dv X509_FLAG_NO_EXTENSIONS +.It +The signature is printed with +.Xr X509_signature_print 3 . +.Pq Dv X509_FLAG_NO_SIGDUMP +.El +.Pp +The +.Fa nameflags +argument modifies the format for printing X.501 +.Vt Name +objects contained in +.Fa req . +It is passed through to +.Xr X509_NAME_print_ex 3 . +If +.Fa nameflags +is +.Dv X509_FLAG_COMPAT , +the +.Fa indent +argument of +.Xr X509_NAME_print_ex 3 +is set to 16 spaces and the traditional SSLeay format generated by +.Xr X509_NAME_print 3 +is used. +Otherwise, if the only bit set in +.Dv XN_FLAG_SEP_MASK +is +.Dv XN_FLAG_SEP_MULTILINE , +.Fa indent +is set to 12 spaces. +Otherwise, indent is set to zero. +.Pp +.Fn X509_REQ_print +is a wrapper function setting the +.Fa nameflags +to +.Dv XN_FLAG_COMPAT +and the +.Fa skipflags +to +.Dv X509_FLAG_COMPAT . +.Pp +.Fn X509_REQ_print_fp +is similar to +.Fn X509_REQ_print +except that it prints to +.Fa fp . +.Sh RETURN VALUES +These functions return 1 if all requested information was successfully +printed, even if failures occurred while attempting to decode or +print the public key, or 0 if any operation fails. +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr X509_print_ex 3 , +.Xr X509_REQ_new 3 +.Sh HISTORY +.Fn X509_REQ_print +first appeared in SSLeay 0.4.4 and +.Fn X509_REQ_print_fp +in SSLeay 0.6.0. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn X509_REQ_print_ex +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.2 . +.Sh BUGS +Some printing failures are silently ignored while printing extensions, +which may result in incomplete data being printed. diff --git a/man/X509_SIG_get0.3 b/man/X509_SIG_get0.3 new file mode 100644 index 00000000..456261ca --- /dev/null +++ b/man/X509_SIG_get0.3 @@ -0,0 +1,90 @@ +.\" $OpenBSD: X509_SIG_get0.3,v 1.1 2021/10/23 15:39:06 tb Exp $ +.\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: October 23 2021 $ +.Dt X509_SIG_GET0 3 +.Os +.Sh NAME +.Nm X509_SIG_get0 , +.Nm X509_SIG_getm +.Nd DigestInfo functions +.Sh SYNOPSIS +.In openssl/x509.h +.Ft void +.Fo X509_SIG_get0 +.Fa "const X509_SIG *sig" +.Fa "const X509_ALGOR **palg" +.Fa "const ASN1_OCTET_STRING **pdigest" +.Fc +.Ft void +.Fo X509_SIG_getm +.Fa "X509_SIG *sig" +.Fa "X509_ALGOR **palg" +.Fa "ASN1_OCTET_STRING **pdigest" +.Fc +.Sh DESCRIPTION +.Fn X509_SIG_get0 +returns pointers to the algorithm identifier and digest value in +.Fa sig . +.Fn X509_SIG_getm +is identical to +.Fn X509_SIG_get0 , +except the pointers returned are not constant and can be modified, +for example to initialise them. +.Sh SEE ALSO +.Xr d2i_X509 3 , +.Xr X509_SIG_new 3 +.Sh HISTORY +.Fn X509_SIG_get0 +and +.Fn X509_SIG_getm +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 7.1 . diff --git a/man/X509_SIG_new.3 b/man/X509_SIG_new.3 index 79a71252..8e6b29de 100644 --- a/man/X509_SIG_new.3 +++ b/man/X509_SIG_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_SIG_new.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" $OpenBSD: X509_SIG_new.3,v 1.5 2021/10/27 11:24:47 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: October 27 2021 $ .Dt X509_SIG_NEW 3 .Os .Sh NAME @@ -52,7 +52,8 @@ if an error occurs. .Xr d2i_X509_SIG 3 , .Xr PEM_read_PKCS8 3 , .Xr RSA_sign 3 , -.Xr X509_new 3 +.Xr X509_new 3 , +.Xr X509_SIG_get0 3 .Sh STANDARDS RFC 2315: PKCS #7: Cryptographic Message Syntax, section 9: Signed-data content type diff --git a/man/X509_STORE_CTX_get_error.3 b/man/X509_STORE_CTX_get_error.3 index c97e6033..dda35ac4 100644 --- a/man/X509_STORE_CTX_get_error.3 +++ b/man/X509_STORE_CTX_get_error.3 @@ -1,7 +1,5 @@ -.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.18 2021/07/29 09:14:23 schwarze Exp $ +.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.23 2022/05/19 07:04:41 tb Exp $ .\" full merge up to: -.\" OpenSSL crypto/X509_STORE_CTX_get_error f0e0fd51 Apr 14 23:59:26 2016 -0400 -.\" selective merge up to: .\" OpenSSL man3/X509_STORE_CTX_get_error 24a535ea Sep 22 13:14:20 2020 +0100 .\" OpenSSL man3/X509_STORE_CTX_new 24a535ea Sep 22 13:14:20 2020 +0100 .\" @@ -70,20 +68,24 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 29 2021 $ +.Dd $Mdocdate: May 19 2022 $ .Dt X509_STORE_CTX_GET_ERROR 3 .Os .Sh NAME .Nm X509_STORE_CTX_get_error , .Nm X509_STORE_CTX_set_error , .Nm X509_STORE_CTX_get_error_depth , +.Nm X509_STORE_CTX_set_error_depth , .Nm X509_STORE_CTX_get_current_cert , +.Nm X509_STORE_CTX_set_current_cert , .Nm X509_STORE_CTX_get0_current_issuer , .Nm X509_STORE_CTX_get0_current_crl , .Nm X509_STORE_CTX_get0_parent_ctx , +.Nm X509_STORE_CTX_get_num_untrusted , .Nm X509_STORE_CTX_get0_chain , .Nm X509_STORE_CTX_get_chain , .Nm X509_STORE_CTX_get1_chain , +.Nm X509_STORE_CTX_set0_verified_chain , .Nm X509_STORE_CTX_get0_policy_tree , .Nm X509_STORE_CTX_get_explicit_policy , .Nm X509_verify_cert_error_string @@ -103,10 +105,20 @@ .Fo X509_STORE_CTX_get_error_depth .Fa "X509_STORE_CTX *ctx" .Fc +.Ft void +.Fo X509_STORE_CTX_set_error_depth +.Fa "X509_STORE_CTX *ctx" +.Fa "int depth" +.Fc .Ft X509 * .Fo X509_STORE_CTX_get_current_cert .Fa "X509_STORE_CTX *ctx" .Fc +.Ft void +.Fo X509_STORE_CTX_set_current_cert +.Fa "X509_STORE_CTX *ctx" +.Fa "X509 *cert" +.Fc .Ft X509 * .Fo X509_STORE_CTX_get0_current_issuer .Fa "X509_STORE_CTX *ctx" @@ -119,6 +131,10 @@ .Fo X509_STORE_CTX_get0_parent_ctx .Fa "X509_STORE_CTX *ctx" .Fc +.Ft int +.Fo X509_STORE_CTX_get_num_untrusted +.Fa "X509_STORE_CTX *ctx" +.Fc .Ft STACK_OF(X509) * .Fo X509_STORE_CTX_get0_chain .Fa "X509_STORE_CTX *ctx" @@ -131,6 +147,11 @@ .Fo X509_STORE_CTX_get1_chain .Fa "X509_STORE_CTX *ctx" .Fc +.Ft void +.Fo X509_STORE_CTX_set0_verified_chain +.Fa "X509_STORE_CTX *ctx" +.Fa "STACK_OF(X509) *chain" +.Fc .Ft X509_POLICY_TREE * .Fo X509_STORE_CTX_get0_policy_tree .Fa "X509_STORE_CTX *ctx" @@ -173,6 +194,12 @@ chain the error occurred. If it is zero, it occurred in the end entity certificate, one if it is the certificate which signed the end entity certificate, and so on. .Pp +.Fn X509_STORE_CTX_set_error_depth +sets the error depth. +This can be used in combination with +.Fn X509_STORE_CTX_set_error +to set the depth at which an error condition was detected. +.Pp .Fn X509_STORE_CTX_get_current_cert returns the certificate in .Fa ctx @@ -180,6 +207,22 @@ which caused the error or .Dv NULL if no certificate is relevant. .Pp +.Fn X509_STORE_CTX_set_current_cert +sets the certificate which caused the error in +.Fa ctx +to the given +.Fa cert . +This value is not intended to remain valid for very long, +and remains owned by the caller. +It may be examined by a verification callback invoked to handle +each error encountered during chain verification and is no longer +required after such a callback. +If a callback wishes the save the certificate for use after it returns, +it needs to increment its reference count via +.Xr X509_up_ref 3 . +Once such a saved certificate is no longer needed, it can be freed with +.Xr X509_free 3 . +.Pp .Fn X509_STORE_CTX_get0_current_issuer returns the certificate that caused issuer validation to fail or .Dv NULL @@ -224,6 +267,17 @@ structure is freed. When it is no longer needed, it should be freed using .Fn sk_X509_pop_free chain X509_free . .Pp +.Fn X509_STORE_CTX_set0_verified_chain +frees the validate chain generated by if a previous call to +.Xr X509_verify_cert 3 , +if any, and replaces it with the given +.Fa chain . +Ownership of the +.Fa chain +is transferred to the +.Fa ctx , +so it should not be freed by the caller. +.Pp .Fn X509_verify_cert_error_string returns a human readable error string for verification error .Fa n . @@ -270,6 +324,11 @@ if is not a temporary child context used for path validation of a CRL issuer certificate. .Pp +.Fn X509_STORE_CTX_get_num_untrusted +returns the number of untrusted certificates +that were used in building the chain during a call to +.Xr X509_verify_cert 3 . +.Pp .Fn X509_STORE_CTX_get0_chain , .Fn X509_STORE_CTX_get_chain , and @@ -332,7 +391,7 @@ could not be read. .It Dv X509_V_ERR_CERT_SIGNATURE_FAILURE : No certificate signature failure The signature of the certificate is invalid. .It Dv X509_V_ERR_CRL_SIGNATURE_FAILURE : No CRL signature failure -The signature of the certificate is invalid. +The signature of the CRL is invalid. .It Dv X509_V_ERR_CERT_NOT_YET_VALID : No certificate is not yet valid The certificate is not yet valid: the notBefore date is after the current time. @@ -407,7 +466,7 @@ status notification and is .Sy not in itself an error. .It Dv X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH : \ - Noauthority and issuer serial number mismatch + No authority and issuer serial number mismatch The current candidate issuer certificate was rejected because its issuer name and serial number was present and did not match the authority key identifier of the current certificate. @@ -450,6 +509,13 @@ A name constraint violation occurred in the excluded subtrees. No name constraints minimum and maximum not supported A certificate name constraints extension included a minimum or maximum field: this is not supported. +.It Dv X509_V_ERR_UNNESTED_RESOURCE : \ + RFC 3779 resource not subset of parent's resources +When walking up a certificate chain, all resources specified in +RFC 3779 extensions must be contained in the resources delegated in +the issuer's RFC 3779 extensions. +The error indicates that this is not the case or that the trust anchor +has inheritance. .It Dv X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE : \ No unsupported name constraint type An unsupported name constraint type was encountered. @@ -473,6 +539,9 @@ This will never be returned unless explicitly set by an application. .Xr X509_policy_check 3 , .Xr X509_policy_tree_level_count 3 , .Xr X509_STORE_CTX_new 3 , +.Xr X509_STORE_CTX_set_verify 3 , +.Xr X509_STORE_CTX_set_verify_cb 3 , +.Xr X509_STORE_set_verify_cb 3 , .Xr X509_up_ref 3 , .Xr X509_verify_cert 3 .Sh HISTORY @@ -506,3 +575,11 @@ first appeared in OpenSSL 1.0.0 and have been available since .Fn X509_STORE_CTX_get0_chain first appeared in OpenSSL 1.1.0 and has been available since .Ox 6.3 . +.Pp +.Fn X509_STORE_CTX_set_error_depth , +.Fn X509_STORE_CTX_set_current_cert , +.Fn X509_STORE_CTX_get_num_untrusted , +and +.Fn X509_STORE_CTX_set0_verified_chain +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 7.1 . diff --git a/man/X509_STORE_CTX_new.3 b/man/X509_STORE_CTX_new.3 index f2850451..a10742ff 100644 --- a/man/X509_STORE_CTX_new.3 +++ b/man/X509_STORE_CTX_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.24 2021/08/02 16:21:11 schwarze Exp $ +.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.26 2021/11/17 16:08:32 schwarze Exp $ .\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" @@ -67,7 +67,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 2 2021 $ +.Dd $Mdocdate: November 17 2021 $ .Dt X509_STORE_CTX_NEW 3 .Os .Sh NAME @@ -182,6 +182,10 @@ not freeing them before .Fn X509_STORE_CTX_free is called on .Fa ctx . +If a +.Fa store +is provided, the verification parameters contained in it are copied using +.Xr X509_VERIFY_PARAM_inherit 3 . .Pp .Fn X509_STORE_CTX_cleanup internally cleans up @@ -319,10 +323,14 @@ if no set of additional certificates was provided. .Xr X509_STORE_CTX_get_error 3 , .Xr X509_STORE_CTX_get_ex_new_index 3 , .Xr X509_STORE_CTX_set_flags 3 , +.Xr X509_STORE_CTX_set_verify 3 , +.Xr X509_STORE_CTX_set_verify_cb 3 , .Xr X509_STORE_get_by_subject 3 , .Xr X509_STORE_new 3 , .Xr X509_STORE_set1_param 3 , +.Xr X509_STORE_set_verify_cb 3 , .Xr X509_verify_cert 3 , +.Xr X509_VERIFY_PARAM_inherit 3 , .Xr X509_VERIFY_PARAM_set_flags 3 .Sh HISTORY .Fn X509_STORE_CTX_init , diff --git a/man/X509_STORE_CTX_set_flags.3 b/man/X509_STORE_CTX_set_flags.3 index 72479273..2ac76951 100644 --- a/man/X509_STORE_CTX_set_flags.3 +++ b/man/X509_STORE_CTX_set_flags.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_CTX_set_flags.3,v 1.3 2021/07/25 14:05:03 schwarze Exp $ +.\" $OpenBSD: X509_STORE_CTX_set_flags.3,v 1.6 2021/11/17 16:08:32 schwarze Exp $ .\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" @@ -67,7 +67,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 25 2021 $ +.Dd $Mdocdate: November 17 2021 $ .Dt X509_STORE_CTX_SET_FLAGS 3 .Os .Sh NAME @@ -286,7 +286,9 @@ looks up and sets the default verification method to This uses the function .Xr X509_VERIFY_PARAM_lookup 3 to find an appropriate set of parameters from -.Fa name . +.Fa name +and copies them using +.Xr X509_VERIFY_PARAM_inherit 3 . .Sh RETURN VALUES .Fn X509_STORE_CTX_set_trust returns 1 if the @@ -390,9 +392,13 @@ The other functions provide no diagnostics. .Sh SEE ALSO .Xr X509_STORE_CTX_get_error 3 , .Xr X509_STORE_CTX_new 3 , +.Xr X509_STORE_CTX_set_verify 3 , +.Xr X509_STORE_CTX_set_verify_cb 3 , .Xr X509_STORE_new 3 , .Xr X509_STORE_set1_param 3 , +.Xr X509_STORE_set_verify_cb 3 , .Xr X509_verify_cert 3 , +.Xr X509_VERIFY_PARAM_new 3 , .Xr X509_VERIFY_PARAM_set_flags 3 .Sh HISTORY .Fn X509_STORE_CTX_set_depth diff --git a/man/X509_STORE_CTX_set_verify.3 b/man/X509_STORE_CTX_set_verify.3 new file mode 100644 index 00000000..ccce6a0e --- /dev/null +++ b/man/X509_STORE_CTX_set_verify.3 @@ -0,0 +1,167 @@ +.\" $OpenBSD: X509_STORE_CTX_set_verify.3,v 1.2 2021/11/23 17:06:05 tb Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 23 2021 $ +.Dt X509_STORE_CTX_SET_VERIFY 3 +.Os +.\" ds LIBRESSL_NEXT_API +.Sh NAME +.if dLIBRESSL_NEXT_API \{\ +.Nm X509_STORE_CTX_verify_fn , +.\} +.Nm X509_STORE_CTX_set_verify , +.ie dLIBRESSL_NEXT_API \{\ +.Nm X509_STORE_CTX_get_verify , +.Nm X509_STORE_set_verify , +.Nm X509_STORE_set_verify_func +.\} +.el \{\ +.Nm X509_STORE_CTX_get_verify +.\} +.Nd user-defined certificate chain verification function +.Sh SYNOPSIS +.In openssl/x509_vfy.h +.if dLIBRESSL_NEXT_API \{\ +.Ft typedef int +.Fo "(*X509_STORE_CTX_verify_fn)" +.Fa "X509_STORE_CTX *ctx" +.Fc +.\} +.Ft void +.Fo X509_STORE_CTX_set_verify +.Fa "X509_STORE_CTX *ctx" +.ie dLIBRESSL_NEXT_API \{\ +.Fa "X509_STORE_CTX_verify_fn verify" +.\} +.el \{\ +.Fa "int (*verify)(X509_STORE_CTX *)" +.\} +.Fc +.ie dLIBRESSL_NEXT_API \{\ +.Ft X509_STORE_CTX_verify_fn +.Fo X509_STORE_CTX_get_verify +.\} +.el \{\ +.Ft int +.Fo "(*X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx))" +.\} +.Fa "X509_STORE_CTX *ctx" +.Fc +.if dLIBRESSL_NEXT_API \{\ +.Ft void +.Fo X509_STORE_set_verify +.Fa "X509_STORE *store" +.Fa "X509_STORE_CTX_verify_fn verify" +.Fc +.Ft void +.Fo X509_STORE_set_verify_func +.Fa "X509_STORE *store" +.Fa "X509_STORE_CTX_verify_fn verify" +.Fc +.\} +.Sh DESCRIPTION +.Fn X509_STORE_CTX_set_verify +configures +.Fa ctx +to use the +.Fa verify +argument as the X.509 certificate chain verification function instead +of the default verification function built into the library when +.Xr X509_verify_cert 3 +is called. +.Pp +The +.Fa verify +function provided by the user is only called if the +.Dv X509_V_FLAG_LEGACY_VERIFY +or +.Dv X509_V_FLAG_NO_ALT_CHAINS +flag was set on +.Fa ctx +using +.Xr X509_STORE_CTX_set_flags 3 +or +.Xr X509_VERIFY_PARAM_set_flags 3 . +Otherwise, it is ignored and a different algorithm is used that does +not support replacing the verification function. +.if dLIBRESSL_NEXT_API \{\ +.Pp +.Fn X509_STORE_set_verify +saves the function pointer +.Fa verify +in the given +.Fa store +object. +That pointer will be copied to an +.Vt X509_STORE_CTX +object when +.Fa store +is later passed as an argument to +.Xr X509_STORE_CTX_init 3 . +.Pp +.Fn X509_STORE_set_verify_func +is an alias for +.Fn X509_STORE_set_verify +implemented as a macro. +.\} +.Sh RETURN VALUES +.if dLIBRESSL_NEXT_API \{\ +.Fn X509_STORE_CTX_verify_fn +is supposed to return 1 to indicate that the chain is valid +or 0 if it is not or if an error occurred. +.Pp +.\} +.Fn X509_STORE_CTX_get_verify +returns a function pointer to the function previously set with +.Fn X509_STORE_CTX_set_verify +or +.Xr X509_STORE_CTX_init 3 , +or +.Dv NULL +if +.Fa ctx +is uninitialized. +.Sh SEE ALSO +.Xr X509_STORE_CTX_init 3 , +.Xr X509_STORE_CTX_set_error 3 , +.Xr X509_STORE_CTX_set_flags 3 , +.Xr X509_STORE_CTX_set_verify_cb 3 , +.Xr X509_STORE_new 3 , +.Xr X509_STORE_set_flags 3 , +.Xr X509_STORE_set_verify_cb 3 , +.Xr X509_verify_cert 3 , +.Xr X509_VERIFY_PARAM_set_flags 3 +.Sh HISTORY +.if dLIBRESSL_NEXT_API \{\ +.Fn X509_STORE_set_verify_func +first appeared in SSLeay 0.8.0 and has been available since +.Ox 2.4 . +.Pp +.\} +.Fn X509_STORE_CTX_set_verify +and +.Fn X509_STORE_CTX_get_verify +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 7.1 . +.if dLIBRESSL_NEXT_API \{\ +.Pp +.Fn X509_STORE_CTX_verify_fn +and +.Fn X509_STORE_set_verify +first appeared in OpenSSL 1.1.0 and have been available since +.reminder Check the version number! +.Ox 7.1 . +.\} diff --git a/man/X509_STORE_CTX_set_verify_cb.3 b/man/X509_STORE_CTX_set_verify_cb.3 index 5a4bb333..c4afb893 100644 --- a/man/X509_STORE_CTX_set_verify_cb.3 +++ b/man/X509_STORE_CTX_set_verify_cb.3 @@ -1,8 +1,26 @@ -.\" $OpenBSD: X509_STORE_CTX_set_verify_cb.3,v 1.5 2020/03/29 17:05:02 schwarze Exp $ -.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 +.\" $OpenBSD: X509_STORE_CTX_set_verify_cb.3,v 1.8 2022/01/02 21:00:37 tb Exp $ +.\" full merge up to: OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 +.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" -.\" This file was written by Dr. Stephen Henson . -.\" Copyright (c) 2009, 2016 The OpenSSL Project. All rights reserved. +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . +.\" Copyright (c) 2009 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -48,12 +66,13 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 29 2020 $ +.Dd $Mdocdate: January 2 2022 $ .Dt X509_STORE_CTX_SET_VERIFY_CB 3 .Os .Sh NAME -.Nm X509_STORE_CTX_set_verify_cb -.Nd set verification callback +.Nm X509_STORE_CTX_set_verify_cb , +.Nm X509_STORE_CTX_get_verify_cb +.Nd set and retrieve verification callback .Sh SYNOPSIS .In openssl/x509_vfy.h .Ft void @@ -61,6 +80,11 @@ .Fa "X509_STORE_CTX *ctx" .Fa "int (*verify_cb)(int ok, X509_STORE_CTX *ctx)" .Fc +.Ft int +.Fo "(*X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx))" +.Fa "int ok" +.Fa "X509_STORE_CTX *ctx" +.Fc .Sh DESCRIPTION .Fn X509_STORE_CTX_set_verify_cb sets the verification callback of @@ -73,7 +97,7 @@ The verification callback can be used to customise the operation of certificate verification, either by overriding error conditions or logging errors for debugging purposes. .Pp -However a verification callback is +However, a verification callback is .Sy not essential and the default operation is often sufficient. .Pp @@ -108,12 +132,23 @@ In some cases (such as S/MIME verification) the structure is created and destroyed internally and the only way to set a custom verification callback is by inheriting it from the associated .Vt X509_STORE . +.Sh RETURN VALUES +.Fn X509_STORE_CTX_get_verify_cb +returns a pointer to the current callback function +used by the specified +.Fa ctx . +If no callback was set using +.Fn X509_STORE_CTX_set_verify_cb , +that is a pointer to a built-in static function +which does nothing except returning the +.Fa ok +argument passed to it. .Sh EXAMPLES Default callback operation: .Bd -literal int verify_callback(int ok, X509_STORE_CTX *ctx) - { +{ return ok; } .Ed @@ -218,11 +253,20 @@ verify_callback(int ok, X509_STORE_CTX *ctx) .Sh SEE ALSO .Xr X509_STORE_CTX_get_error 3 , .Xr X509_STORE_CTX_get_ex_new_index 3 , -.Xr X509_STORE_set_verify_cb_func 3 +.Xr X509_STORE_CTX_new 3 , +.Xr X509_STORE_CTX_set_error 3 , +.Xr X509_STORE_CTX_set_flags 3 , +.Xr X509_STORE_set_verify_cb 3 , +.Xr X509_verify_cert 3 , +.Xr X509_VERIFY_PARAM_set_flags 3 .Sh HISTORY .Fn X509_STORE_CTX_set_verify_cb first appeared in OpenSSL 0.9.6c and has been available since .Ox 3.2 . +.Pp +.Fn X509_STORE_CTX_get_verify_cb +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 7.1 . .Sh CAVEATS In general a verification callback should .Sy NOT diff --git a/man/X509_STORE_get_by_subject.3 b/man/X509_STORE_get_by_subject.3 index f9da13fb..6c8b8f8b 100644 --- a/man/X509_STORE_get_by_subject.3 +++ b/man/X509_STORE_get_by_subject.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_get_by_subject.3,v 1.1 2021/08/02 16:21:11 schwarze Exp $ +.\" $OpenBSD: X509_STORE_get_by_subject.3,v 1.3 2021/11/12 14:05:28 schwarze Exp $ .\" .\" Copyright (c) 2021 Ingo Schwarze .\" @@ -14,10 +14,12 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 2 2021 $ +.Dd $Mdocdate: November 12 2021 $ .Dt X509_STORE_GET_BY_SUBJECT 3 .Os .Sh NAME +.Nm X509_STORE_CTX_get_by_subject , +.Nm X509_STORE_CTX_get_obj_by_subject , .Nm X509_STORE_get_by_subject , .Nm X509_STORE_get1_certs , .Nm X509_STORE_get1_crls , @@ -26,9 +28,22 @@ .Sh SYNOPSIS .In openssl/x509_vfy.h .Ft int +.Fo X509_STORE_CTX_get_by_subject +.Fa "X509_STORE_CTX *ctx" +.Fa "X509_LOOKUP_TYPE type" +.Fa "X509_NAME *name" +.Fa "X509_OBJECT *object" +.Fc +.Ft X509_OBJECT * +.Fo X509_STORE_CTX_get_obj_by_subject +.Fa "X509_STORE_CTX *ctx" +.Fa "X509_LOOKUP_TYPE type" +.Fa "X509_NAME *name" +.Fc +.Ft int .Fo X509_STORE_get_by_subject .Fa "X509_STORE_CTX *ctx" -.Fa "int type" +.Fa "X509_LOOKUP_TYPE type" .Fa "X509_NAME *name" .Fa "X509_OBJECT *object" .Fc @@ -49,7 +64,7 @@ .Fa "X509 *certificate" .Fc .Sh DESCRIPTION -.Fn X509_STORE_get_by_subject +.Fn X509_STORE_CTX_get_by_subject retrieves the first object having a matching .Fa type and @@ -83,6 +98,13 @@ Avoiding a memory leak by making sure the provided .Fa object is empty is the responsibility of the caller. .Pp +.Fn X509_STORE_CTX_get_obj_by_subject +is similar except that a new object is allocated and returned. +.Pp +.Fn X509_STORE_get_by_subject +is a deprecated alias for +.Fn X509_STORE_CTX_get_by_subject . +.Pp .Fn X509_STORE_get1_certs retrieves all certificates matching the subject .Vt name @@ -130,18 +152,20 @@ encourage checking of validity times, CAs with a valid time are preferred, but if no matching CA has a valid time, one with an invalid time is accepted anyway. .Sh RETURN VALUES +.Fn X509_STORE_CTX_get_by_subject +and .Fn X509_STORE_get_by_subject -returns 1 if a match is found or 0 on failure. +return 1 if a match is found or 0 on failure. In addition to simply not finding a match, -it may also fail due to memory allocation failure in +they may also fail due to memory allocation failure in .Xr X509_LOOKUP_by_subject 3 . -If -.Fa ctx -contains any -.Vt X509_LOOKUP -object using a user-defined -.Vt X509_LOOKUP_METHOD , -it might also return negative values for internal errors. +With library implementations other than LibreSSL, +they might also return negative values for internal errors. +.Pp +.Fn X509_STORE_CTX_get_obj_by_subject +returns the new object or +.Dv NULL +on failure, in particular if no match is found or memory allocation fails. .Pp .Fn X509_STORE_get1_certs returns a newly allocated and populated array of certificates or @@ -165,12 +189,7 @@ already contains matching CRLs, or if memory allocation fails. returns 1 if a matching .Fa issuer CA certificate is found or 0 otherwise. -If -.Fa ctx -contains any -.Vt X509_LOOKUP -object using a user-defined -.Vt X509_LOOKUP_METHOD , +With library implementations other than LibreSSL, it might also return negative values for internal errors. .Sh SEE ALSO .Xr STACK_OF 3 , @@ -197,3 +216,9 @@ and .Fn X509_STORE_get1_crls first appeared in OpenSSL 1.0.0 and have been available since .Ox 4.9 . +.Pp +.Fn X509_STORE_CTX_get_by_subject +and +.Fn X509_STORE_CTX_get_obj_by_subject +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 7.1 . diff --git a/man/X509_STORE_load_locations.3 b/man/X509_STORE_load_locations.3 index 4dbfb5fc..f38eeb66 100644 --- a/man/X509_STORE_load_locations.3 +++ b/man/X509_STORE_load_locations.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_load_locations.3,v 1.8 2021/08/01 15:37:53 schwarze Exp $ +.\" $OpenBSD: X509_STORE_load_locations.3,v 1.10 2021/11/12 14:05:28 schwarze Exp $ .\" full merge up to: .\" OpenSSL X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000 .\" @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 1 2021 $ +.Dd $Mdocdate: November 12 2021 $ .Dt X509_STORE_LOAD_LOCATIONS 3 .Os .Sh NAME @@ -148,9 +148,7 @@ In particular, parse errors or lack of memory can cause failure. returns the existing or new lookup object or .Dv NULL on failure. -When using the built-in -.Vt X509_LOOKUP_METHOD -objects, the only reason for failure is lack of memory. +With LibreSSL, the only reason for failure is lack of memory. .Sh FILES .Bl -tag -width Ds .It Pa /etc/ssl/cert.pem @@ -162,6 +160,7 @@ default directory for .El .Sh SEE ALSO .Xr SSL_CTX_load_verify_locations 3 , +.Xr X509_load_cert_file 3 , .Xr X509_LOOKUP_hash_dir 3 , .Xr X509_LOOKUP_new 3 , .Xr X509_STORE_new 3 , diff --git a/man/X509_STORE_new.3 b/man/X509_STORE_new.3 index 71b88f99..a17da03a 100644 --- a/man/X509_STORE_new.3 +++ b/man/X509_STORE_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_new.3,v 1.5 2019/06/06 01:06:59 schwarze Exp $ +.\" $OpenBSD: X509_STORE_new.3,v 1.7 2021/11/17 16:08:32 schwarze Exp $ .\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 .\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" @@ -67,7 +67,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: November 17 2021 $ .Dt X509_STORE_NEW 3 .Os .Sh NAME @@ -124,13 +124,15 @@ returns 1 for success and 0 for failure. .Sh SEE ALSO .Xr PKCS7_verify 3 , .Xr SSL_CTX_set_cert_store 3 , +.Xr X509_load_cert_file 3 , .Xr X509_LOOKUP_hash_dir 3 , .Xr X509_OBJECT_get0_X509 3 , .Xr X509_STORE_CTX_new 3 , .Xr X509_STORE_get_ex_new_index 3 , .Xr X509_STORE_load_locations 3 , .Xr X509_STORE_set1_param 3 , -.Xr X509_STORE_set_verify_cb 3 +.Xr X509_STORE_set_verify_cb 3 , +.Xr X509_verify_cert 3 .Sh HISTORY .Fn X509_STORE_new and diff --git a/man/X509_STORE_set1_param.3 b/man/X509_STORE_set1_param.3 index b4429396..354d8738 100644 --- a/man/X509_STORE_set1_param.3 +++ b/man/X509_STORE_set1_param.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_set1_param.3,v 1.17 2021/07/31 14:54:34 schwarze Exp $ +.\" $OpenBSD: X509_STORE_set1_param.3,v 1.19 2021/10/18 18:20:39 schwarze Exp $ .\" content checked up to: .\" OpenSSL man3/X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000 .\" OpenSSL man3/X509_STORE_get0_param e90fc053 Jul 15 09:39:45 2017 -0400 @@ -17,7 +17,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 31 2021 $ +.Dd $Mdocdate: October 18 2021 $ .Dt X509_STORE_SET1_PARAM 3 .Os .Sh NAME @@ -102,6 +102,8 @@ .Fn X509_STORE_set1_param copies the verification parameters from .Fa pm +using +.Xr X509_VERIFY_PARAM_set1 3 into the verification parameter object contained in the .Fa store . .Pp @@ -197,6 +199,7 @@ on failure. .Xr X509_STORE_CTX_set0_param 3 , .Xr X509_STORE_load_locations 3 , .Xr X509_STORE_new 3 , +.Xr X509_VERIFY_PARAM_new 3 , .Xr X509_VERIFY_PARAM_set_flags 3 .Sh HISTORY .Fn X509_STORE_add_cert diff --git a/man/X509_STORE_set_verify_cb_func.3 b/man/X509_STORE_set_verify_cb_func.3 index 59b1feff..f6d534bb 100644 --- a/man/X509_STORE_set_verify_cb_func.3 +++ b/man/X509_STORE_set_verify_cb_func.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.10 2021/07/29 10:13:45 schwarze Exp $ +.\" $OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.11 2021/11/17 16:08:32 schwarze Exp $ .\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 .\" selective merge up to: OpenSSL 315c47e0 Dec 1 14:22:16 2020 +0100 .\" @@ -49,13 +49,12 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 29 2021 $ +.Dd $Mdocdate: November 17 2021 $ .Dt X509_STORE_SET_VERIFY_CB_FUNC 3 .Os .Sh NAME .Nm X509_STORE_set_verify_cb , -.Nm X509_STORE_set_verify_cb_func , -.Nm X509_STORE_set_verify_func +.Nm X509_STORE_set_verify_cb_func .Nd set verification callback .Sh SYNOPSIS .In openssl/x509_vfy.h @@ -69,11 +68,6 @@ .Fa "X509_STORE *st" .Fa "int (*verify_cb)(int ok, X509_STORE_CTX *ctx)" .Fc -.Ft void -.Fo X509_STORE_set_verify_func -.Fa "X509_STORE *st" -.Fa "int (*verify_func)(X509_STORE_CTX *ctx)" -.Fc .Sh DESCRIPTION .Fn X509_STORE_set_verify_cb sets the verification callback of @@ -93,32 +87,16 @@ structure when it is initialized. This can be used to set the verification callback when the .Vt X509_STORE_CTX is otherwise inaccessible (for example during S/MIME verification). -.Pp -.Fn X509_STORE_set_verify_func -sets the final chain verification function for -.Fa st -to -.Fa verify_func . -Its purpose is to go through the chain of certificates and check -that all signatures are valid and that the current time is within -the limits of each certificate's first and last validity time. -The final chain verification function -must return 0 on failure and 1 on success. -If -.Fn X509_STORE_set_verify_func -is not called or called with -.Fa verify_func -set to a -.Dv NULL -pointer, the built-in default function is used. .Sh SEE ALSO +.Xr X509_STORE_CTX_new 3 , +.Xr X509_STORE_CTX_set_verify 3 , .Xr X509_STORE_CTX_set_verify_cb 3 , -.Xr X509_STORE_new 3 +.Xr X509_STORE_new 3 , +.Xr X509_STORE_set_flags 3 , +.Xr X509_verify_cert 3 .Sh HISTORY .Fn X509_STORE_set_verify_cb_func -and -.Fn X509_STORE_set_verify_func -first appeared in SSLeay 0.8.0 and have been available since +first appeared in SSLeay 0.8.0 and has been available since .Ox 2.4 . .Pp .Fn X509_STORE_set_verify_cb diff --git a/man/X509_VERIFY_PARAM_new.3 b/man/X509_VERIFY_PARAM_new.3 new file mode 100644 index 00000000..1f1b1e07 --- /dev/null +++ b/man/X509_VERIFY_PARAM_new.3 @@ -0,0 +1,309 @@ +.\" $OpenBSD: X509_VERIFY_PARAM_new.3,v 1.4 2022/09/10 10:22:46 jsg Exp $ +.\" +.\" Copyright (c) 2018, 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: September 10 2022 $ +.Dt X509_VERIFY_PARAM_NEW 3 +.Os +.Sh NAME +.Nm X509_VERIFY_PARAM_new , +.Nm X509_VERIFY_PARAM_inherit , +.Nm X509_VERIFY_PARAM_set1 , +.Nm X509_VERIFY_PARAM_free , +.Nm X509_VERIFY_PARAM_add0_table , +.Nm X509_VERIFY_PARAM_lookup , +.Nm X509_VERIFY_PARAM_get_count , +.Nm X509_VERIFY_PARAM_get0 , +.Nm X509_VERIFY_PARAM_table_cleanup +.\" The following constants defined in the public header +.\" are intentionally undocumented because X509_VERIFY_PARAM is an opaque +.\" struct and LibreSSL provides neither X509_VERIFY_PARAM_set_inh_flags(3) +.\" nor X509_VERIFY_PARAM_get_inh_flags(3): +.\" X509_VP_FLAG_DEFAULT +.\" X509_VP_FLAG_OVERWRITE +.\" X509_VP_FLAG_RESET_FLAGS +.\" X509_VP_FLAG_LOCKED +.\" X509_VP_FLAG_ONCE +.Nd X509 verification parameter objects +.Sh SYNOPSIS +.In openssl/x509_vfy.h +.Ft X509_VERIFY_PARAM * +.Fo X509_VERIFY_PARAM_new +.Fa void +.Fc +.Ft int +.Fo X509_VERIFY_PARAM_inherit +.Fa "X509_VERIFY_PARAM *destination" +.Fa "const X509_VERIFY_PARAM *source" +.Fc +.Ft int +.Fo X509_VERIFY_PARAM_set1 +.Fa "X509_VERIFY_PARAM *destination" +.Fa "const X509_VERIFY_PARAM *source" +.Fc +.Ft void +.Fo X509_VERIFY_PARAM_free +.Fa "X509_VERIFY_PARAM *param" +.Fc +.Ft int +.Fo X509_VERIFY_PARAM_add0_table +.Fa "X509_VERIFY_PARAM *param" +.Fc +.Ft const X509_VERIFY_PARAM * +.Fo X509_VERIFY_PARAM_lookup +.Fa "const char *name" +.Fc +.Ft int +.Fo X509_VERIFY_PARAM_get_count +.Fa void +.Fc +.Ft const X509_VERIFY_PARAM * +.Fo X509_VERIFY_PARAM_get0 +.Fa "int id" +.Fc +.Ft void +.Fo X509_VERIFY_PARAM_table_cleanup +.Fa void +.Fc +.Sh DESCRIPTION +.Fn X509_VERIFY_PARAM_new +allocates and initializes an empty +.Vt X509_VERIFY_PARAM +object. +.Pp +.Fn X509_VERIFY_PARAM_inherit +copies some data from the +.Fa source +object to the +.Fa destination +object. +.Pp +The verification flags set with +.Xr X509_VERIFY_PARAM_set_flags 3 +in the +.Fa source +object are always OR'ed into the verification flags of the +.Fa destination +object. +.Pp +Fields having their default value in the +.Fa source +object are not copied. +.Pp +By default, fields in the +.Fa destination +object already having a non-default value are not overwritten. +However, if at least one of the +.Fa source +or +.Fa destination +objects was created during a call to +.Xr X509_STORE_CTX_init 3 +that did not have a +.Fa store +argument, and if that object was not previously used as the +.Fa destination +in an earlier call to +.Fn X509_VERIFY_PARAM_inherit , +this restriction is waived and even non-default fields in the +.Fa destination +object get overwritten. +If fields overwritten in this way contain pointers to allocated memory, +that memory is freed. +.Pp +As far as permitted by the above rules, the following fields are copied: +.Bl -bullet -width 1n +.It +the verification purpose identifier set with +.Xr X509_VERIFY_PARAM_set_purpose 3 +.It +the trust setting set with +.Xr X509_VERIFY_PARAM_set_trust 3 +.It +the verification time set with +.Xr X509_VERIFY_PARAM_set_time 3 ; +in this case, the only condition is that +.Dv X509_V_FLAG_USE_CHECK_TIME +is not set in the +.Fa destination +object, whereas the time value in the +.Fa destination +object is not inspected before overwriting it +.It +the acceptable policy set with +.Xr X509_VERIFY_PARAM_set1_policies 3 +.It +the maximum verification depth set with +.Xr X509_VERIFY_PARAM_set_depth 3 +.It +the list of expected DNS hostnames built with +.Xr X509_VERIFY_PARAM_set1_host 3 +and +.Xr X509_VERIFY_PARAM_add1_host 3 ; +if this list is copied, any flags that were set with +.Xr X509_VERIFY_PARAM_set_hostflags 3 +are copied together with the list, without inspecting any such flags +that may already be present in the +.Fa destination +object before overwriting them +.It +the expected RFC 822 email address set with +.Xr X509_VERIFY_PARAM_set1_email 3 +.It +the expected IP address set with +.Xr X509_VERIFY_PARAM_set1_ip 3 +or +.Xr X509_VERIFY_PARAM_set1_ip_asc 3 +.El +.Pp +Some data that may be contained in the +.Fa source +object is never copied, for example the subject name of the peer +certificate that can be retrieved with +.Xr X509_VERIFY_PARAM_get0_peername 3 . +.Pp +If +.Fa source +is a +.Dv NULL +pointer, the function has no effect but returns successfully. +.Pp +.Fn X509_VERIFY_PARAM_set1 +is identical to +.Fn X509_VERIFY_PARAM_inherit +except that fields in the +.Fa destination +object are overwritten even if they do not match their default values. +Still, fields having their default value in the +.Fa source +object are not copied. +.Pp +If +.Fn X509_VERIFY_PARAM_inherit +or +.Fn X509_VERIFY_PARAM_set1 +fail, partial copying may have occurred, so all data in the +.Fa destination +object should be regarded as invalid. +.Pp +.Fn X509_VERIFY_PARAM_inherit +is used internally by +.Xr X509_STORE_CTX_init 3 +and by +.Xr X509_STORE_CTX_set_default 3 , +and +.Fn X509_VERIFY_PARAM_set1 +is used internally by +.Xr X509_STORE_set1_param 3 . +.Pp +.Fn X509_VERIFY_PARAM_free +clears all data contained in +.Fa param +and releases all memory used by it. +If +.Fa param +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn X509_VERIFY_PARAM_add0_table +adds +.Fa param +to a static list of +.Vt X509_VERIFY_PARAM +objects maintained by the library. +This function is extremely dangerous because contrary to the name +of the function, if the list already contains an object that happens +to have the same name, that old object is not only silently removed +from the list, but also silently freed, which may silently invalidate +various pointers existing elsewhere in the program. +.Pp +.Fn X509_VERIFY_PARAM_lookup +searches this list for an object of the given +.Fa name . +If no match is found, the predefined objects built-in to the library +are also inspected. +.Pp +.Fn X509_VERIFY_PARAM_get_count +returns the sum of the number of objects on this list and the number +of predefined objects built-in to the library. +Note that this is not necessarily the total number of +.Vt X509_VERIFY_PARAM +objects existing in the program because there may be additional such +objects that were never added to the list. +.Pp +.Fn X509_VERIFY_PARAM_get0 +accesses predefined and user-defined objects using +.Fa id +as an index, useful for looping over objects without knowing their names. +An argument less than the number of predefined objects selects +one of the predefined objects; a higher argument selects an object +from the list. +.Pp +.Fn X509_VERIFY_PARAM_table_cleanup +deletes all objects from this list. +It is extremely dangerous because it also invalidates all data that +was contained in all objects that were on the list and because it +frees all these objects, which may invalidate various pointers +existing elsewhere in the program. +.Sh RETURN VALUES +.Fn X509_VERIFY_PARAM_new +returns a pointer to the new object, or +.Dv NULL +on allocation failure. +.Pp +.Fn X509_VERIFY_PARAM_inherit , +.Fn X509_VERIFY_PARAM_set1 , +and +.Fn X509_VERIFY_PARAM_add0_table +return 1 for success or 0 for failure. +.Pp +.Fn X509_VERIFY_PARAM_lookup +and +.Fn X509_VERIFY_PARAM_get0 +return a pointer to an existing built-in or user-defined object, or +.Dv NULL +if no object with the given +.Fa name +is found, or if +.Fa id +is at least +.Fn X509_VERIFY_PARAM_get_count . +.Pp +.Fn X509_VERIFY_PARAM_get_count +returns a number of objects. +.Sh SEE ALSO +.Xr SSL_set1_param 3 , +.Xr X509_STORE_CTX_set0_param 3 , +.Xr X509_STORE_set1_param 3 , +.Xr X509_verify_cert 3 , +.Xr X509_VERIFY_PARAM_set_flags 3 +.Sh HISTORY +.Fn X509_VERIFY_PARAM_new , +.Fn X509_VERIFY_PARAM_inherit , +.Fn X509_VERIFY_PARAM_set1 , +.Fn X509_VERIFY_PARAM_free , +.Fn X509_VERIFY_PARAM_add0_table , +.Fn X509_VERIFY_PARAM_lookup , +and +.Fn X509_VERIFY_PARAM_table_cleanup +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . +.Pp +.Fn X509_VERIFY_PARAM_get_count +and +.Fn X509_VERIFY_PARAM_get0 +first appeared in OpenSSL 1.0.2 and have been available since +.Ox 6.3 . diff --git a/man/X509_VERIFY_PARAM_set_flags.3 b/man/X509_VERIFY_PARAM_set_flags.3 index ea3c867b..7a39050c 100644 --- a/man/X509_VERIFY_PARAM_set_flags.3 +++ b/man/X509_VERIFY_PARAM_set_flags.3 @@ -1,11 +1,11 @@ -.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.17 2021/07/23 16:43:56 schwarze Exp $ +.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.26 2022/07/13 21:17:03 schwarze Exp $ .\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" -.\" Copyright (c) 2018, 2021 Ingo Schwarze +.\" Copyright (c) 2018, 2021, 2022 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -68,12 +68,10 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 23 2021 $ +.Dd $Mdocdate: July 13 2022 $ .Dt X509_VERIFY_PARAM_SET_FLAGS 3 .Os .Sh NAME -.Nm X509_VERIFY_PARAM_new , -.Nm X509_VERIFY_PARAM_free , .Nm X509_VERIFY_PARAM_get0_name , .Nm X509_VERIFY_PARAM_set1_name , .Nm X509_VERIFY_PARAM_set_flags , @@ -82,33 +80,22 @@ .Nm X509_VERIFY_PARAM_set_purpose , .Nm X509_VERIFY_PARAM_set_trust , .Nm X509_VERIFY_PARAM_set_time , +.Nm X509_VERIFY_PARAM_get_time , .Nm X509_VERIFY_PARAM_add0_policy , .Nm X509_VERIFY_PARAM_set1_policies , .Nm X509_VERIFY_PARAM_set_depth , .Nm X509_VERIFY_PARAM_get_depth , +.Nm X509_VERIFY_PARAM_set_auth_level , .Nm X509_VERIFY_PARAM_set1_host , .Nm X509_VERIFY_PARAM_add1_host , .Nm X509_VERIFY_PARAM_set_hostflags , .Nm X509_VERIFY_PARAM_get0_peername , .Nm X509_VERIFY_PARAM_set1_email , .Nm X509_VERIFY_PARAM_set1_ip , -.Nm X509_VERIFY_PARAM_set1_ip_asc , -.Nm X509_VERIFY_PARAM_add0_table , -.Nm X509_VERIFY_PARAM_lookup , -.Nm X509_VERIFY_PARAM_get_count , -.Nm X509_VERIFY_PARAM_get0 , -.Nm X509_VERIFY_PARAM_table_cleanup +.Nm X509_VERIFY_PARAM_set1_ip_asc .Nd X509 verification parameters .Sh SYNOPSIS .In openssl/x509_vfy.h -.Ft X509_VERIFY_PARAM * -.Fo X509_VERIFY_PARAM_new -.Fa void -.Fc -.Ft void -.Fo X509_VERIFY_PARAM_free -.Fa "X509_VERIFY_PARAM *param" -.Fc .Ft const char * .Fo X509_VERIFY_PARAM_get0_name .Fa "const X509_VERIFY_PARAM *param" @@ -147,6 +134,10 @@ .Fa "X509_VERIFY_PARAM *param" .Fa "time_t t" .Fc +.Ft time_t +.Fo X509_VERIFY_PARAM_get_time +.Fa const X509_VERIFY_PARAM *param" +.Fc .Ft int .Fo X509_VERIFY_PARAM_add0_policy .Fa "X509_VERIFY_PARAM *param" @@ -166,6 +157,11 @@ .Fo X509_VERIFY_PARAM_get_depth .Fa "const X509_VERIFY_PARAM *param" .Fc +.Ft void +.Fo X509_VERIFY_PARAM_set_auth_level +.Fa "X509_VERIFY_PARAM *param" +.Fa "int auth_level" +.Fc .Ft int .Fo X509_VERIFY_PARAM_set1_host .Fa "X509_VERIFY_PARAM *param" @@ -204,46 +200,11 @@ .Fa "X509_VERIFY_PARAM *param" .Fa "const char *ipasc" .Fc -.Ft int -.Fo X509_VERIFY_PARAM_add0_table -.Fa "X509_VERIFY_PARAM *param" -.Fc -.Ft const X509_VERIFY_PARAM * -.Fo X509_VERIFY_PARAM_lookup -.Fa "const char *name" -.Fc -.Ft int -.Fo X509_VERIFY_PARAM_get_count -.Fa void -.Fc -.Ft const X509_VERIFY_PARAM * -.Fo X509_VERIFY_PARAM_get0 -.Fa "int id" -.Fc -.Ft void -.Fo X509_VERIFY_PARAM_table_cleanup -.Fa void -.Fc .Sh DESCRIPTION These functions manipulate an .Vt X509_VERIFY_PARAM object associated with a certificate verification operation. .Pp -.Fn X509_VERIFY_PARAM_new -allocates and initializes an empty -.Vt X509_VERIFY_PARAM -object. -.Pp -.Fn X509_VERIFY_PARAM_free -clears all data contained in -.Fa param -and releases all memory used by it. -If -.Fa param -is a -.Dv NULL -pointer, no action occurs. -.Pp .Fn X509_VERIFY_PARAM_get0_name returns the name of the given .Fa param @@ -281,16 +242,42 @@ section for a complete description of values the .Fa flags parameter can take. .Pp +If the +.Fa flags +argument includes any of the flags contained in +.Dv X509_V_FLAG_POLICY_MASK , +that is, any of +.Dv X509_V_FLAG_POLICY_CHECK , +.Dv X509_V_FLAG_EXPLICIT_POLICY , +.Dv X509_V_FLAG_INHIBIT_ANY , +and +.Dv X509_V_FLAG_INHIBIT_MAP , +then +.Dv X509_V_FLAG_POLICY_CHECK +is set in addition to the flags contained in the +.Fa flags +argument. +.Pp .Fn X509_VERIFY_PARAM_get_flags returns the flags in .Fa param . .Pp .Fn X509_VERIFY_PARAM_clear_flags -clears the flags +clears the specified .Fa flags in .Fa param . .Pp +Calling this function can result in unusual internal states of the +.Fa param +object, for example having a verification time configured but having +.Dv X509_V_FLAG_USE_CHECK_TIME +unset, or having +.Dv X509_V_FLAG_EXPLICIT_POLICY +set but +.Dv X509_V_FLAG_POLICY_CHECK +unset, which may have surprising effects. +.Pp .Fn X509_VERIFY_PARAM_set_purpose sets the verification .Fa purpose @@ -312,11 +299,17 @@ to .Fa trust . .Pp .Fn X509_VERIFY_PARAM_set_time -sets the verification time in +sets the flag +.Dv X509_V_FLAG_USE_CHECK_TIME +in .Fa param -to +in addition to the flags already set and sets the verification time to .Fa t . -Normally the current time is used. +If this function is not called, the current time is used instead, +or the UNIX Epoch (January 1, 1970) if +.Dv X509_V_FLAG_USE_CHECK_TIME +is manually set using +.Fn X509_VERIFY_PARAM_set_flags . .Pp .Fn X509_VERIFY_PARAM_add0_policy enables policy checking (it is disabled by default) and adds @@ -340,6 +333,23 @@ sets the maximum verification depth to That is the maximum number of untrusted CA certificates that can appear in a chain. .Pp +.Fn X509_VERIFY_PARAM_set_auth_level +sets the security level as defined in +.Xr SSL_CTX_set_security_level 3 +for certificate chain validation. +For a certificate chain to validate, the public keys of all the +certificates must meet the specified security level. +The signature algorithm security level is not enforced for the +chain's trust anchor certificate, which is either directly trusted +or validated by means other than its signature. +.Pp +From the point of view of the X.509 library, +the default security level is 0. +However, the SSL library +uses a different default security level of 1 and calls +.Fn X509_VERIFY_PARAM_set_auth_level +with its own level before validating a certificate chain. +.Pp .Fn X509_VERIFY_PARAM_set1_host sets the expected DNS hostname to .Fa name @@ -458,62 +468,15 @@ The condensed "::" notation is supported for IPv6 addresses. will fail if .Fa ipasc is unparsable. -.Pp -.Fn X509_VERIFY_PARAM_add0_table -adds -.Fa param -to a static list of -.Vt X509_VERIFY_PARAM -objects maintained by the library. -This function is extremely dangerous because contrary to the name -of the function, if the list already contains an object that happens -to have the same name, that old object is not only silently removed -from the list, but also silently freed, which may silently invalidate -various pointers existing elsewhere in the program. -.Pp -.Fn X509_VERIFY_PARAM_lookup -searches this list for an object of the given -.Fa name . -If no match is found, the predefined objects built-in to the library -are also inspected. -.Pp -.Fn X509_VERIFY_PARAM_get_count -returns the sum of the number of objects on this list and the number -of predefined objects built-in to the library. -Note that this is not necessarily the total number of -.Vt X509_VERIFY_PARAM -objects existing in the program because there may be additional such -objects that were never added to the list. -.Pp -.Fn X509_VERIFY_PARAM_get0 -accesses predefined and user-defined objects using -.Fa id -as an index, useful for looping over objects without knowing their names. -An argument less than the number of predefined objects selects -one of the predefined objects; a higher argument selects an object -from the list. -.Pp -.Fn X509_VERIFY_PARAM_table_cleanup -deletes all objects from this list. -It is extremely dangerous because it also invalidates all data that -was contained in all objects that were on the list and because it -frees all these objects, which may invalidate various pointers -existing elsewhere in the program. .Sh RETURN VALUES -.Fn X509_VERIFY_PARAM_new -returns a pointer to the new object, or -.Dv NULL -on allocation failure. -.Pp .Fn X509_VERIFY_PARAM_set1_name , .Fn X509_VERIFY_PARAM_set_flags , .Fn X509_VERIFY_PARAM_clear_flags , .Fn X509_VERIFY_PARAM_set_purpose , .Fn X509_VERIFY_PARAM_set_trust , .Fn X509_VERIFY_PARAM_add0_policy , -.Fn X509_VERIFY_PARAM_set1_policies , and -.Fn X509_VERIFY_PARAM_add0_table +.Fn X509_VERIFY_PARAM_set1_policies return 1 for success or 0 for failure. .Pp .Fn X509_VERIFY_PARAM_set1_host , @@ -521,7 +484,7 @@ return 1 for success or 0 for failure. .Fn X509_VERIFY_PARAM_set1_email , .Fn X509_VERIFY_PARAM_set1_ip , and -.Fn X509_VERIFY_PARAM_set1_ip_asc , +.Fn X509_VERIFY_PARAM_set1_ip_asc return 1 for success or 0 for failure. A failure from these routines will poison the @@ -533,6 +496,12 @@ using the poisoned object will fail. .Fn X509_VERIFY_PARAM_get_flags returns the current verification flags. .Pp +.Fn X509_VERIFY_PARAM_get_time +always returns the configured verification time. +It does so even if the returned time will not be used because the flag +.Dv X509_V_FLAG_USE_CHECK_TIME +is unset. +.Pp .Fn X509_VERIFY_PARAM_get_depth returns the current verification depth. .Pp @@ -543,21 +512,6 @@ return pointers to strings that are only valid during the lifetime of the given .Fa param object and that must not be freed by the application program. -.Pp -.Fn X509_VERIFY_PARAM_lookup -and -.Fn X509_VERIFY_PARAM_get0 -return a pointer to an existing built-in or user-defined object, or -.Dv NULL -if no object with the given -.Fa name -is found, or if -.Fa id -is at least -.Fn X509_VERIFY_PARAM_get_count . -.Pp -.Fn X509_VERIFY_PARAM_get_count -returns a number of objects. .Sh VERIFICATION FLAGS The verification flags consists of zero or more of the following flags OR'ed together. @@ -573,7 +527,7 @@ enables CRL checking for the entire certificate chain. disables critical extension checking. By default any unhandled critical extensions in certificates or (if checked) CRLs results in a fatal error. -If this flag is set unhandled critical extensions are ignored. +If this flag is set, unhandled critical extensions are ignored. .Sy WARNING : setting this option for anything other than debugging purposes can be a security risk. @@ -604,12 +558,14 @@ set the and .Dq inhibit policy mapping flags, respectively, as defined in RFC 3280. -Policy checking is automatically enabled if any of these flags are set. +These three flags are ignored unless +.Dv X509_V_FLAG_POLICY_CHECK +is also set. .Pp If .Dv X509_V_FLAG_NOTIFY_POLICY -is set and the policy checking is successful a special status code is -set to the verification callback. +is set and policy checking is successful, a special status code is +sent to the verification callback. This permits it to examine the valid policy tree and perform additional checks or simply log it for debugging purposes. .Pp @@ -617,7 +573,7 @@ By default some additional features such as indirect CRLs and CRLs signed by different keys are disabled. If .Dv X509_V_FLAG_EXTENDED_CRL_SUPPORT -is set they are enabled. +is set, they are enabled. .Pp If .Dv X509_V_FLAG_USE_DELTAS @@ -677,13 +633,42 @@ certificates. This makes it possible to trust certificates issued by an intermediate CA without having to trust its ancestor root CA. .Pp -The +If +.Dv X509_V_FLAG_USE_CHECK_TIME +is set, the validity period of certificates and CRLs is checked. +In this case, .Dv X509_V_FLAG_NO_CHECK_TIME -flag suppresses checking the validity period of certificates and CRLs -against the current time. +is ignored. +If the validation time was set with +.Fn X509_VERIFY_PARAM_set_time , +that time is used. If .Fn X509_VERIFY_PARAM_set_time -is used to specify a verification time, the check is not suppressed. +was not called, the UNIX Epoch (January 1, 1970) is used. +.Pp +If neither +.Dv X509_V_FLAG_USE_CHECK_TIME +nor +.Dv X509_V_FLAG_NO_CHECK_TIME +is set, the validity period of certificates and CRLs is checked +using the current time. +This is the default behaviour. +In this case, if a validation time was set with +.Fn X509_VERIFY_PARAM_set_time +but +.Dv X509_V_FLAG_USE_CHECK_TIME +was later cleared with +.Fn X509_VERIFY_PARAM_clear_flags , +the configured validation time is ignored +and the current time is used anyway. +.Pp +If +.Dv X509_V_FLAG_USE_CHECK_TIME +is not set but +.Dv X509_V_FLAG_NO_CHECK_TIME +is set, the validity period of certificates and CRLs is not checked +at all, and like in the previous case, any configured validation +time is ignored. .Sh EXAMPLES Enable CRL checking when performing certificate verification during SSL connections associated with an @@ -702,12 +687,11 @@ X509_VERIFY_PARAM_free(param); .Xr SSL_set1_host 3 , .Xr SSL_set1_param 3 , .Xr X509_check_host 3 , -.Xr X509_STORE_CTX_set0_param 3 , -.Xr X509_STORE_set1_param 3 , -.Xr X509_verify_cert 3 +.Xr X509_STORE_CTX_new 3 , +.Xr X509_STORE_new 3 , +.Xr X509_verify_cert 3 , +.Xr X509_VERIFY_PARAM_new 3 .Sh HISTORY -.Fn X509_VERIFY_PARAM_new , -.Fn X509_VERIFY_PARAM_free , .Fn X509_VERIFY_PARAM_set1_name , .Fn X509_VERIFY_PARAM_set_flags , .Fn X509_VERIFY_PARAM_set_purpose , @@ -716,11 +700,8 @@ X509_VERIFY_PARAM_free(param); .Fn X509_VERIFY_PARAM_add0_policy , .Fn X509_VERIFY_PARAM_set1_policies , .Fn X509_VERIFY_PARAM_set_depth , -.Fn X509_VERIFY_PARAM_get_depth , -.Fn X509_VERIFY_PARAM_add0_table , -.Fn X509_VERIFY_PARAM_lookup , and -.Fn X509_VERIFY_PARAM_table_cleanup +.Fn X509_VERIFY_PARAM_get_depth first appeared in OpenSSL 0.9.8. .Fn X509_VERIFY_PARAM_clear_flags and @@ -729,19 +710,24 @@ first appeared in OpenSSL 0.9.8a. All these functions have been available since .Ox 4.5 . .Pp -.Fn X509_VERIFY_PARAM_get0_name +.Fn X509_VERIFY_PARAM_get0_name , .Fn X509_VERIFY_PARAM_set1_host , .Fn X509_VERIFY_PARAM_add1_host , .Fn X509_VERIFY_PARAM_set_hostflags , .Fn X509_VERIFY_PARAM_get0_peername , .Fn X509_VERIFY_PARAM_set1_email , .Fn X509_VERIFY_PARAM_set1_ip , -.Fn X509_VERIFY_PARAM_set1_ip_asc , -.Fn X509_VERIFY_PARAM_get_count , and -.Fn X509_VERIFY_PARAM_get0 +.Fn X509_VERIFY_PARAM_set1_ip_asc first appeared in OpenSSL 1.0.2 and have been available since .Ox 6.3 . +.Pp +.Fn X509_VERIFY_PARAM_set_auth_level +first appeared in OpenSSL 1.1.0 and +.Fn X509_VERIFY_PARAM_get_time +in OpenSSL 1.1.0d. +Both functions have been available since +.Ox 7.2 . .Sh BUGS Delta CRL checking is currently primitive. Only a single delta can be used and (partly due to limitations of diff --git a/man/X509_check_ca.3 b/man/X509_check_ca.3 index 70b0d20f..114bac69 100644 --- a/man/X509_check_ca.3 +++ b/man/X509_check_ca.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_check_ca.3,v 1.5 2019/06/06 01:06:59 schwarze Exp $ +.\" $OpenBSD: X509_check_ca.3,v 1.7 2022/05/10 19:44:29 tb Exp $ .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Victor B. Wagner . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: May 10 2022 $ .Dt X509_CHECK_CA 3 .Os .Sh NAME @@ -61,12 +61,14 @@ .Fa "X509 *cert" .Fc .Sh DESCRIPTION -This function checks whether the given certificate is a CA certificate, +The +.Fn X509_check_ca +function checks whether the given certificate is a CA certificate, that is, whether it can be used to sign other certificates. .Sh RETURN VALUES -This functions returns non-zero if +If .Fa cert -is a CA certificate or 0 otherwise. +is a CA certificate, a non-zero value is returned; 0 otherwise. .Pp The following return values identify specific kinds of CA certificates: .Bl -tag -width 2n @@ -91,6 +93,7 @@ that it is a CA certificate .Xr BASIC_CONSTRAINTS_new 3 , .Xr EXTENDED_KEY_USAGE_new 3 , .Xr X509_check_issued 3 , +.Xr X509_check_purpose 3 , .Xr X509_EXTENSION_new 3 , .Xr X509_new 3 , .Xr X509_verify_cert 3 @@ -98,3 +101,17 @@ that it is a CA certificate .Fn X509_check_ca first appeared in OpenSSL 0.9.7f and has been available since .Ox 3.8 . +.Sh BUGS +If +.Fn X509_check_ca +fails to cache X509v3 extension values, the return value may +be incorrect. +An application should +call +.Xr X509_check_purpose 3 +with a +.Fa purpose +argument of \-1, +ensuring that the X509v3 extensions are cached, +before calling +.Fn X509_check_ca . diff --git a/man/X509_check_purpose.3 b/man/X509_check_purpose.3 index fdb58d5b..e0737251 100644 --- a/man/X509_check_purpose.3 +++ b/man/X509_check_purpose.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_check_purpose.3,v 1.6 2021/07/27 13:27:46 schwarze Exp $ +.\" $OpenBSD: X509_check_purpose.3,v 1.7 2021/10/29 14:29:24 schwarze Exp $ .\" .\" Copyright (c) 2019, 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 27 2021 $ +.Dd $Mdocdate: October 29 2021 $ .Dt X509_CHECK_PURPOSE 3 .Os .Sh NAME @@ -40,6 +40,8 @@ is intended to be used for the given which can be one of the following integer constants. The check succeeds if none of the conditions given in the list below are violated. +It always fails if parsing fails for any extension contained in the +.Fa certificate . .Bl -tag -width 1n .It Dv X509_PURPOSE_SSL_CLIENT .Bl -dash -width 1n -compact @@ -173,10 +175,12 @@ contains a Key Usage extension, the bit is set. .El .It Dv X509_PURPOSE_ANY -The check always succeeds. +Nothing is required except that, if any extensions are present, +parsing them needs to succeed. .It Dv X509_PURPOSE_OCSP_HELPER .\" ocsp_helper, "OCSP helper" -The check always succeeds. +Nothing is required except that, if any extensions are present, +parsing them needs to succeed. The application program is expected to do the actual checking by other means. .It Dv X509_PURPOSE_TIMESTAMP_SIGN @@ -216,6 +220,10 @@ conditions are violated: .It If the .Fa certificate +contains any extensions, parsing them succeeds. +.It +If the +.Fa certificate contains a Key Usage extension, the .Dv keyCertSign bit is set. @@ -320,13 +328,15 @@ or bits set. .El .It Dv X509_PURPOSE_ANY -The check always succeeds, even if the three common conditions +Nothing is required except that, if any extensions are present, +parsing them needs to succeed. +The check even succeeds if the three other common conditions cited above this list are violated. .El .Pp -If the +If parsing of any extensions that are present succeeds and the .Fa purpose -is -1, +argument is \-1, .Fn X509_check_purpose always succeeds, no matter whether or not the .Fa ca @@ -345,7 +355,7 @@ identifiers not listed above. .Fn X509_check_purpose returns the following values: .Bl -column -1 Failure -compact -.It -1 Ta Error Ta The +.It \-1 Ta Error Ta Parsing of certificate extensions failed or the .Fa purpose is invalid. .It 0 Ta Failure Ta The diff --git a/man/X509_check_trust.3 b/man/X509_check_trust.3 index c34f7f73..286dcdd5 100644 --- a/man/X509_check_trust.3 +++ b/man/X509_check_trust.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_check_trust.3,v 1.3 2021/07/28 07:37:04 jmc Exp $ +.\" $OpenBSD: X509_check_trust.3,v 1.6 2022/09/10 10:22:46 jsg Exp $ .\" .\" Copyright (c) 2021 Ingo Schwarze .\" @@ -14,11 +14,12 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 28 2021 $ +.Dd $Mdocdate: September 10 2022 $ .Dt X509_CHECK_TRUST 3 .Os .Sh NAME -.Nm X509_check_trust +.Nm X509_check_trust , +.Nm X509_TRUST_set_default .Nd check whether a certificate is trusted .Sh SYNOPSIS .In openssl/x509.h @@ -28,6 +29,12 @@ .Fa "int trust" .Fa "int flags" .Fc +.Ft int +.Fo "(*X509_TRUST_set_default(int (*handler)(int, X509 *, int)))" +.Fa "int trust" +.Fa "X509 *certificate" +.Fa "int flags" +.Fc .Sh DESCRIPTION .Fn X509_check_trust checks whether the @@ -100,7 +107,7 @@ By default, the following identifiers are supported. The .Dq ASN.1 NID -column indicates the correspondig ASN.1 object identifier; +column indicates the corresponding ASN.1 object identifier; for the relationship between ASN.1 NIDs and OIDs, see the .Xr OBJ_nid2obj 3 manual page. @@ -176,6 +183,27 @@ identifiers listed above, or it may have installed additional, user-supplied checking functions for user-defined .Fa trust identifiers not listed above. +.Pp +If the function +.Fn X509_TRUST_set_default +was called, the +.Fa handler +function passed to it is used instead of the standard algorithm, +but only in the case where the +.Fa trust +argument of +.Fn X509_check_trust +is invalid. +The compatibility step is not used in this case. +.Pp +If the return value of the first call to +.Fn X509_TRUST_set_default +is saved and passed back to +.Fn X509_TRUST_set_default +later on, the standard behaviour +of using the standard algorithm for invalid +.Fa trust +arguments is restored. .Sh RETURN VALUES .Fn X509_check_trust returns the following values: @@ -194,6 +222,16 @@ The is neither trusted nor explicitly rejected, which implies that it is not trusted. .El +.Pp +.Fn X509_TRUST_set_default +returns a pointer to the handler function for invalid +.Fa trust +that was installed before the call, which may either be a pointer +to a function installed by a previous call to +.Fn X509_TRUST_set_default +or a pointer to the built-in function implementing the standard algorithm if +.Fn X509_TRUST_set_default +was never called before. .Sh SEE ALSO .Xr PEM_read_X509_AUX 3 , .Xr X509_add1_trust_object 3 , @@ -205,5 +243,7 @@ which implies that it is not trusted. .Xr X509_VERIFY_PARAM_set_trust 3 .Sh HISTORY .Fn X509_check_trust +and +.Fn X509_TRUST_set_default first appeared in OpenSSL 0.9.5 and has been available since .Ox 2.7 . diff --git a/man/X509_cmp_time.3 b/man/X509_cmp_time.3 index 96b671f3..0f2afdad 100644 --- a/man/X509_cmp_time.3 +++ b/man/X509_cmp_time.3 @@ -1,7 +1,24 @@ -.\" $OpenBSD: X509_cmp_time.3,v 1.9 2019/06/06 01:06:59 schwarze Exp $ -.\" OpenSSL X509_cmp_time.pod 24053693 Mar 28 14:27:37 2017 +0200 +.\" $OpenBSD: X509_cmp_time.3,v 1.11 2021/11/12 14:34:57 schwarze Exp $ +.\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100 .\" -.\" This file was written by Emilia Kasper +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2017, 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Emilia Kasper .\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -48,14 +65,15 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: November 12 2021 $ .Dt X509_CMP_TIME 3 .Os .Sh NAME .Nm X509_cmp_time , .Nm X509_cmp_current_time , .Nm X509_time_adj_ex , -.Nm X509_time_adj +.Nm X509_time_adj , +.Nm X509_gmtime_adj .Nd ASN.1 Time utilities .Sh SYNOPSIS .In openssl/x509.h @@ -70,16 +88,21 @@ .Fc .Ft ASN1_TIME * .Fo X509_time_adj_ex -.Fa "ASN1_TIME *asn1_time" +.Fa "ASN1_TIME *out_time" .Fa "int offset_day" .Fa "long offset_sec" -.Fa "time_t *in_tm" +.Fa "time_t *in_time" .Fc .Ft ASN1_TIME * .Fo X509_time_adj -.Fa "ASN1_TIME *asn1_time" +.Fa "ASN1_TIME *out_time" +.Fa "long offset_sec" +.Fa "time_t *in_time" +.Fc +.Ft ASN1_TIME * +.Fo X509_gmtime_adj +.Fa "ASN1_TIME *out_time" .Fa "long offset_sec" -.Fa "time_t *in_tm" .Fc .Sh DESCRIPTION .Fn X509_cmp_time @@ -88,34 +111,56 @@ parses with .Xr ASN1_time_parse 3 and compares it to -.Fa cmp_time . +.Fa cmp_time , +or to the current time if +.Fa cmp_time +is +.Dv NULL . .Fn X509_cmp_current_time compares it to the current time. .Pp .Fn X509_time_adj_ex sets -.Fa asn1_time +.Fa out_time to a time .Fa offset_day and .Fa offset_sec later than -.Fa in_tm . -.Fn X509_time_adj -does the same with a 0 day offset. +.Fa in_time . +The values of +.Fa offset_day +and +.Fa offset_sec +can be negative to set a time before +.Fa in_time . +The +.Fa offset_sec +value can also exceed the number of seconds in a day. If -.Fa asn1_time +.Fa in_time +is +.Dv NULL , +the current time is used instead. +If +.Fa out_time is .Dv NULL , a new .Vt ASN1_TIME structure is allocated and returned. .Pp -In all functions, if -.Fa in_tm -is -.Dv NULL , -the current time is used. +.Fn X509_time_adj +does the same with a 0 day offset. +.Pp +.Fn X509_gmtime_adj +does the same using the current time instead of +.Fa in_time , +that is, it sets +.Fa out_time +to a time +.Fa offset_sec +seconds later than the current time. .Sh RETURN VALUES .Fn X509_cmp_time and @@ -126,10 +171,11 @@ is earlier than or equal to .Fa cmp_time , 1 if it is later, or 0 on error. .Pp -.Fn X509_time_adj_ex +.Fn X509_time_adj_ex , +.Fn X509_time_adj , and -.Fn X509_time_adj -return a pointer to the updated +.Fn X509_gmtime_adj +return a pointer to the updated or newly allocated .Vt ASN1_TIME structure or .Dv NULL @@ -141,7 +187,9 @@ on error. .Xr time 3 .Sh HISTORY .Fn X509_cmp_current_time -first appeared in SSLeay 0.6.0 and has been available since +and +.Fn X509_gmtime_adj +first appeared in SSLeay 0.6.0 and have been available since .Ox 2.4 . .Pp .Fn X509_cmp_time diff --git a/man/X509_get_extension_flags.3 b/man/X509_get_extension_flags.3 new file mode 100644 index 00000000..1f63c6a9 --- /dev/null +++ b/man/X509_get_extension_flags.3 @@ -0,0 +1,234 @@ +.\" $OpenBSD: X509_get_extension_flags.3,v 1.3 2021/11/11 13:58:59 schwarze Exp $ +.\" full merge up to: OpenSSL 361136f4 Sep 1 18:56:58 2015 +0100 +.\" selective merge up to: OpenSSL 2b2e3106f Feb 16 15:04:45 2021 +0000 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: November 11 2021 $ +.Dt X509_GET_EXTENSION_FLAGS 3 +.Os +.Sh NAME +.Nm X509_get_extension_flags , +.Nm X509_get_key_usage , +.Nm X509_get_extended_key_usage +.Nd retrieve certificate extension data +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft uint32_t +.Fo X509_get_extension_flags +.Fa "X509 *x" +.Fc +.Ft uint32_t +.Fo X509_get_key_usage +.Fa "X509 *x" +.Fc +.Ft uint32_t +.Fo X509_get_extended_key_usage +.Fa "X509 *x" +.Fc +.Sh DESCRIPTION +These functions retrieve information related to commonly used +certificate extensions. +.Pp +.Fn X509_get_extension_flags +retrieves general information about a certificate. +It returns one or more of the following flags OR'ed together. +.Bl -tag -width Ds +.It Dv EXFLAG_V1 +The certificate is an obsolete version 1 certificate. +.It Dv EXFLAG_BCONS +The certificate contains a basic constraints extension. +.It Dv EXFLAG_CA +The certificate contains basic constraints and asserts the CA flag. +.It Dv EXFLAG_PROXY +The certificate is a valid proxy certificate. +.It Dv EXFLAG_SI +The certificate is self issued (that is subject and issuer names match). +.It Dv EXFLAG_SS +The subject and issuer names match and extension values imply it is self +signed. +.It Dv EXFLAG_FRESHEST +The freshest CRL extension is present in the certificate. +.It Dv EXFLAG_CRITICAL +The certificate contains an unhandled critical extension. +.It Dv EXFLAG_INVALID +Some certificate extension values are invalid or inconsistent. +The certificate should be rejected. +This bit may also be raised after an out-of-memory error while +processing the X509 object, so it may not be related to the processed +ASN1 object itself. +.\" EXFLAG_NO_FINGERPRINT is not available in LibreSSL. Do we need +.\" https://github.com/openssl/openssl/issues/13698 and the fix it fixes? +.\".It Dv EXFLAG_NO_FINGERPRINT +.\" Failed to compute the internal SHA1 hash value of the certificate. +.\" This may be due to malloc failure or because no SHA1 implementation was +.\" found. +.It Dv EXFLAG_INVALID_POLICY +The +.Dv NID_certificate_policies +certificate extension is invalid or inconsistent. +The certificate should be rejected. +This bit may also be raised after an out-of-memory error while +processing the X509 object, so it may not be related to the processed +ASN1 object itself. +.It Dv EXFLAG_KUSAGE +The certificate contains a key usage extension. +The value can be retrieved using +.Fn X509_get_key_usage . +.It Dv EXFLAG_XKUSAGE +The certificate contains an extended key usage extension. +The value can be retrieved using +.Fn X509_get_extended_key_usage . +.El +.Pp +.Fn X509_get_key_usage +returns the value of the key usage extension. +If key usage is present, it returns zero or more of these flags: +.Dv KU_DIGITAL_SIGNATURE , +.Dv KU_NON_REPUDIATION , +.Dv KU_KEY_ENCIPHERMENT , +.Dv KU_DATA_ENCIPHERMENT , +.Dv KU_KEY_AGREEMENT , +.Dv KU_KEY_CERT_SIGN , +.Dv KU_CRL_SIGN , +.Dv KU_ENCIPHER_ONLY , +or +.Dv KU_DECIPHER_ONLY , +corresponding to individual key usage bits. +If key usage is absent, +.Dv UINT32_MAX +is returned. +.Pp +The following aliases for these flags are defined in +.In openssl/x509.h : +.Dv X509v3_KU_DIGITAL_SIGNATURE , +.Dv X509v3_KU_NON_REPUDIATION , +.Dv X509v3_KU_KEY_ENCIPHERMENT , +.Dv X509v3_KU_DATA_ENCIPHERMENT , +.Dv X509v3_KU_KEY_AGREEMENT , +.Dv X509v3_KU_KEY_CERT_SIGN , +.Dv X509v3_KU_CRL_SIGN , +.Dv X509v3_KU_ENCIPHER_ONLY , +and +.Dv X509v3_KU_DECIPHER_ONLY . +.\" X509v3_KU_UNDEF is intentionally undocumented because nothing uses it. +.Pp +.Fn X509_get_extended_key_usage +returns the value of the extended key usage extension. +If extended key usage is present, it returns zero or more of these +flags: +.Dv XKU_SSL_SERVER , +.Dv XKU_SSL_CLIENT , +.Dv XKU_SMIME , +.Dv XKU_CODE_SIGN +.Dv XKU_OCSP_SIGN , +.Dv XKU_TIMESTAMP , +.Dv XKU_DVCS , +or +.Dv XKU_ANYEKU . +These correspond to the OIDs +.Qq id-kp-serverAuth , +.Qq id-kp-clientAuth , +.Qq id-kp-emailProtection , +.Qq id-kp-codeSigning , +.Qq id-kp-OCSPSigning , +.Qq id-kp-timeStamping , +.Qq id-kp-dvcs , +and +.Qq anyExtendedKeyUsage , +respectively. +Additionally, +.Dv XKU_SGC +is set if either Netscape or Microsoft SGC OIDs are present. +.Pp +The value of the flags correspond to extension values which are cached +in the +.Vt X509 +structure. +If the flags returned do not provide sufficient information, +an application should examine extension values directly, +for example using +.Xr X509_get_ext_d2i 3 . +.Pp +If the key usage or extended key usage extension is absent then +typically usage is unrestricted. +For this reason +.Fn X509_get_key_usage +and +.Fn X509_get_extended_key_usage +return +.Dv UINT32_MAX +when the corresponding extension is absent. +Applications can additionally check the return value of +.Fn X509_get_extension_flags +and take appropriate action if an extension is absent. +.Sh RETURN VALUES +.Fn X509_get_extension_flags , +.Fn X509_get_key_usage +and +.Fn X509_get_extended_key_usage +return sets of flags corresponding to the certificate extension values. +.Sh SEE ALSO +.Xr BASIC_CONSTRAINTS_new 3 , +.Xr EXTENDED_KEY_USAGE_new 3 , +.Xr POLICYINFO_new 3 , +.Xr PROXY_CERT_INFO_EXTENSION_new 3 , +.Xr X509_check_ca 3 , +.Xr X509_check_purpose 3 , +.Xr X509_EXTENSION_new 3 , +.Xr X509_get_ext_d2i 3 , +.Xr X509_get_subject_name 3 , +.Xr X509_get_version 3 , +.Xr X509_new 3 +.Sh HISTORY +.Nm X509_get_extension_flags , +.Nm X509_get_key_usage , +and +.Nm X509_get_extended_key_usage +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 7.1 . diff --git a/man/X509_get_pubkey.3 b/man/X509_get_pubkey.3 index dc1f6a99..08293979 100644 --- a/man/X509_get_pubkey.3 +++ b/man/X509_get_pubkey.3 @@ -1,6 +1,5 @@ -.\" $OpenBSD: X509_get_pubkey.3,v 1.9 2021/06/30 10:06:43 schwarze Exp $ +.\" $OpenBSD: X509_get_pubkey.3,v 1.13 2022/03/31 17:27:17 naddy Exp $ .\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 -.\" X509_REQ_get0_pubkey and X509_REQ_get_X509_PUBKEY not yet in LibreSSL .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: @@ -66,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 30 2021 $ +.Dd $Mdocdate: March 31 2022 $ .Dt X509_GET_PUBKEY 3 .Os .Sh NAME @@ -76,6 +75,7 @@ .Nm X509_get_X509_PUBKEY , .Nm X509_get0_pubkey_bitstr , .Nm X509_REQ_get_pubkey , +.Nm X509_REQ_get0_pubkey , .Nm X509_REQ_set_pubkey , .Nm X509_extract_key , .Nm X509_REQ_extract_key @@ -97,7 +97,7 @@ .Fc .Ft X509_PUBKEY * .Fo X509_get_X509_PUBKEY -.Fa "X509 *x" +.Fa "const X509 *x" .Fc .Ft ASN1_BIT_STRING * .Fo X509_get0_pubkey_bitstr @@ -107,6 +107,10 @@ .Fo X509_REQ_get_pubkey .Fa "X509_REQ *req" .Fc +.Ft EVP_PKEY * +.Fo X509_REQ_get0_pubkey +.Fa "X509_REQ *req" +.Fc .Ft int .Fo X509_REQ_set_pubkey .Fa "X509_REQ *x" @@ -124,7 +128,7 @@ .Fn X509_get_pubkey attempts to decode the public key for certificate .Fa x . -If successful it returns the public key as an +If successful, it returns the public key as an .Vt EVP_PKEY pointer with its reference count incremented: this means the returned key must be freed up after use. @@ -140,8 +144,6 @@ returns an internal pointer to the structure contained in .Fa x . The returned value must not be freed up after use. -.Fn X509_get_X509_PUBKEY -is implemented as a macro. .Pp .Fn X509_get0_pubkey_bitstr returns an internal pointer to just the public key contained in this @@ -157,7 +159,8 @@ The key .Fa pkey should be freed up after use. .Pp -.Fn X509_REQ_get_pubkey +.Fn X509_REQ_get_pubkey , +.Fn X509_REQ_get0_pubkey , and .Fn X509_REQ_set_pubkey are similar but operate on certificate request @@ -183,6 +186,7 @@ respectively, implemented as macros. .Fn X509_get_X509_PUBKEY , .Fn X509_get0_pubkey_bitstr , .Fn X509_REQ_get_pubkey , +.Fn X509_REQ_get0_pubkey , .Fn X509_extract_key , and .Fn X509_REQ_extract_key @@ -199,6 +203,7 @@ In some cases of failure of .Fn X509_get0_pubkey , .Fn X509_set_pubkey , .Fn X509_REQ_get_pubkey , +.Fn X509_REQ_get0_pubkey , and .Fn X509_REQ_set_pubkey , the reason can be determined with @@ -286,3 +291,6 @@ first appeared in OpenSSL 0.9.7 and has been available since .Fn X509_get0_pubkey first appeared in OpenSSL 1.1.0 and has been available since .Ox 6.3 . +.Fn X509_REQ_get0_pubkey +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 7.1 . diff --git a/man/X509_get_pubkey_parameters.3 b/man/X509_get_pubkey_parameters.3 new file mode 100644 index 00000000..18136147 --- /dev/null +++ b/man/X509_get_pubkey_parameters.3 @@ -0,0 +1,99 @@ +.\" $OpenBSD: X509_get_pubkey_parameters.3,v 1.2 2021/11/26 13:35:10 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 26 2021 $ +.Dt X509_GET_PUBKEY_PARAMETERS 3 +.Os +.Sh NAME +.Nm X509_get_pubkey_parameters +.Nd copy public key parameters from a chain +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo X509_get_pubkey_parameters +.Fa "EVP_PKEY *pkey" +.Fa "STACK_OF(X509) *chain" +.Fc +.Sh DESCRIPTION +.Fn X509_get_pubkey_parameters +copies public key parameters from the first appropriate certificate in the +.Fa chain . +.Pp +If +.Fa pkey +is not +.Dv NULL +and already contains complete public key parameters or uses an +algorithm that does not use any parameters, no action occurs and +the function indicates success without inspecting the existing +parameters, without inspecting the +.Fa chain , +and without comparing any parameters. +.Pp +Otherwise, all public key parameters are copied +from the first certificate in the +.Fa chain +that contains complete public key parameters +to each certificate preceding it in the +.Fa chain . +Unless +.Fa pkey +is a +.Dv NULL +pointer, the same parameters are also copied to +.Fa pkey . +.Sh RETURN VALUES +.Fn X509_get_pubkey_parameters +returns 1 for success or 0 for failure. +.Sh ERRORS +The following diagnostics can be retrieved with +.Xr ERR_get_error 3 , +.Xr ERR_GET_REASON 3 , +and +.Xr ERR_reason_error_string 3 : +.Bl -tag -width Ds +.It Dv X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY Qq unable to get certs public key +Retrieving the public key from a certificate in the +.Fa chain +failed before a certificate containing complete public key parameters +could be found. +.It Xo +.Dv X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN +.Qq unable to find parameters in chain +.Xc +None of the certificates in the chain +contain complete public key parameters. +.El +.Sh SEE ALSO +.Xr EVP_PKEY_copy_parameters 3 , +.Xr EVP_PKEY_new 3 , +.Xr X509_get_pubkey 3 , +.Xr X509_new 3 +.Sh HISTORY +.Fn X509_get_pubkey_parameters +first appeared in SSLeay 0.8.0 and has been available since +.Ox 2.4 . +.Sh CAVEATS +If +.Fn X509_get_pubkey_parameters +fails and returns 0, a part of the parameters may or may not have +been copied before the failure was detected, whereas other parts of +.Fa pkey +and +.Fa chain +may remain unchanged. +So in case of failure, the state of the arguments may change +and possibly become inconsistent. diff --git a/man/X509_load_cert_file.3 b/man/X509_load_cert_file.3 new file mode 100644 index 00000000..95a83dd0 --- /dev/null +++ b/man/X509_load_cert_file.3 @@ -0,0 +1,133 @@ +.\" $OpenBSD: X509_load_cert_file.3,v 1.1 2021/11/09 16:23:04 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 9 2021 $ +.Dt X509_LOAD_CERT_FILE 3 +.Os +.Sh NAME +.Nm X509_load_cert_file , +.Nm X509_load_crl_file , +.Nm X509_load_cert_crl_file +.Nd read, decode, and cache certificates and CRLs +.Sh SYNOPSIS +.In openssl/x509_vfy.h +.Ft int +.Fo X509_load_cert_file +.Fa "X509_LOOKUP *ctx" +.Fa "const char *file" +.Fa "int type" +.Fc +.Ft int +.Fo X509_load_crl_file +.Fa "X509_LOOKUP *ctx" +.Fa "const char *file" +.Fa "int type" +.Fc +.Ft int +.Fo X509_load_cert_crl_file +.Fa "X509_LOOKUP *ctx" +.Fa "const char *file" +.Fa "int type" +.Fc +.Sh DESCRIPTION +.Fn X509_load_cert_file +with a +.Fa type +of +.Dv X509_FILETYPE_PEM +reads one or more certificates in PEM format from the given +.Fa file +using +.Xr PEM_read_bio_X509_AUX 3 ; +with a type of +.Dv X509_FILETYPE_ASN1 , +if reads one certificate in DER format using +.Xr d2i_X509_bio 3 . +The certificates read are added to the +.Vt X509_STORE +memory cache object associated with the given +.Fa ctx +using +.Xr X509_STORE_add_cert 3 . +.Pp +.Fn X509_load_crl_file +with a +.Fa type +of +.Dv X509_FILETYPE_PEM +reads one or more certificate revocation lists in PEM format from the given +.Fa file +using +.Xr PEM_read_bio_X509_CRL 3 ; +with a type of +.Dv X509_FILETYPE_ASN1 , +if reads one certificate revocation lists in DER format using +.Xr d2i_X509_CRL_bio 3 . +The certificate revocation lists read are added to the +.Vt X509_STORE +memory cache object associated with the given +.Fa ctx +using +.Xr X509_STORE_add_crl 3 . +.Pp +.Fn X509_load_cert_crl_file +with a +.Fa type +of +.Dv X509_FILETYPE_PEM +read one or more certificates and/or certificate revocation lists +in PEM format from the given +.Fa file +using +.Xr PEM_X509_INFO_read_bio 3 +and adds them to the +.Vt X509_STORE +memory cache object associated with the given +.Fa ctx +using +.Xr X509_STORE_add_cert 3 +and +.Xr X509_STORE_add_crl 3 , +respectively. +.Pp +.Fn X509_load_cert_crl_file +with a +.Fa type +of +.Dv X509_FILETYPE_ASN1 +is equivalent to +.Fn X509_load_cert_file +and cannot be used to read a certificate revocation list. +.Sh RETURN VALUES +These functions return the number of objects loaded or 0 on error. +.Sh SEE ALSO +.Xr d2i_X509_bio 3 , +.Xr PEM_read_PrivateKey 3 , +.Xr X509_LOOKUP_new 3 , +.Xr X509_OBJECT_get0_X509 3 , +.Xr X509_STORE_load_locations 3 , +.Xr X509_STORE_new 3 +.Sh HISTORY +.Fn X509_load_cert_file +first appeared in SSLeay 0.8.0 and +.Fn X509_load_crl_file +in SSLeay 0.9.0. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn X509_load_cert_crl_file +first appeared in OpenSSL 0.9.5 and has been available since +.Ox 2.7 . diff --git a/man/X509_new.3 b/man/X509_new.3 index 0afbae37..4b85f67e 100644 --- a/man/X509_new.3 +++ b/man/X509_new.3 @@ -1,10 +1,10 @@ -.\" $OpenBSD: X509_new.3,v 1.30 2021/08/02 16:21:11 schwarze Exp $ +.\" $OpenBSD: X509_new.3,v 1.36 2021/11/18 10:09:24 schwarze Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" -.\" Copyright (c) 2016, 2018, 2019 Ingo Schwarze +.\" Copyright (c) 2016, 2018, 2019, 2021 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -66,12 +66,13 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 2 2021 $ +.Dd $Mdocdate: November 18 2021 $ .Dt X509_NEW 3 .Os .Sh NAME .Nm X509_new , .Nm X509_dup , +.Nm X509_REQ_to_X509 , .Nm X509_free , .Nm X509_up_ref , .Nm X509_chain_up_ref @@ -84,6 +85,12 @@ .Fo X509_dup .Fa "X509 *a" .Fc +.Ft X509 * +.Fo X509_REQ_to_X509 +.Fa "X509_REQ *req" +.Fa "int days" +.Fa "EVP_PKEY *pkey" +.Fc .Ft void .Fo X509_free .Fa "X509 *a" @@ -114,6 +121,27 @@ using .Xr ASN1_item_dup 3 , setting the reference count of the copy to 1. .Pp +.Fn X509_REQ_to_X509 +allocates a new certificate object, copies the public key from +.Fa req +into it, copies the subject name of +.Fa req +to both the subject and issuer names of the new certificate, sets the +.Fa notBefore +field to the current time and the +.Fa notAfter +field to the given number of +.Fa days +in the future, and signs the new certificate with +.Xr X509_sign 3 +using +.Fa pkey +and the MD5 algorithm. +If +.Fa req +contains at least one attribute, +the version of the new certificate is set to 2. +.Pp .Fn X509_free decrements the reference count of the .Vt X509 @@ -146,9 +174,10 @@ Its purpose is similar to .Fn X509_up_ref : The returned chain persists after the original is freed. .Sh RETURN VALUES -.Fn X509_new +.Fn X509_new , +.Fn X509_dup , and -.Fn X509_dup +.Fn X509_REQ_to_X509 return a pointer to the newly allocated object or .Dv NULL if an error occurs; an error code can be obtained by @@ -187,14 +216,19 @@ if an error occurs. .Xr X509_get0_signature 3 , .Xr X509_get1_email 3 , .Xr X509_get_ex_new_index 3 , +.Xr X509_get_extension_flags 3 , .Xr X509_get_pubkey 3 , +.Xr X509_get_pubkey_parameters 3 , .Xr X509_get_serialNumber 3 , .Xr X509_get_subject_name 3 , .Xr X509_get_version 3 , .Xr X509_INFO_new 3 , +.Xr X509_load_cert_file 3 , .Xr X509_LOOKUP_hash_dir 3 , .Xr X509_LOOKUP_new 3 , .Xr X509_NAME_new 3 , +.Xr X509_OBJECT_new 3 , +.Xr X509_PKEY_new 3 , .Xr X509_policy_check 3 , .Xr X509_policy_tree_level_count 3 , .Xr X509_print_ex 3 , @@ -214,9 +248,11 @@ Certificate Revocation List (CRL) Profile .Fn X509_new and .Fn X509_free -appeared in SSLeay 0.4 or earlier. +appeared in SSLeay 0.4 or earlier, .Fn X509_dup -first appeared in SSLeay 0.4.4. +in SSLeay 0.4.4, and +.Fn X509_REQ_to_X509 +in SSLeay 0.6.0 . These functions have been available since .Ox 2.4 . .Pp diff --git a/man/X509_policy_check.3 b/man/X509_policy_check.3 index e4b3be0d..5ea774a3 100644 --- a/man/X509_policy_check.3 +++ b/man/X509_policy_check.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_policy_check.3,v 1.5 2021/07/30 15:01:40 schwarze Exp $ +.\" $OpenBSD: X509_policy_check.3,v 1.6 2021/11/11 12:06:25 schwarze Exp $ .\" .\" Copyright (c) 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 30 2021 $ +.Dd $Mdocdate: November 11 2021 $ .Dt X509_POLICY_CHECK 3 .Os .Sh NAME @@ -177,6 +177,7 @@ to 0. .Xr X509_check_purpose 3 , .Xr X509_check_trust 3 , .Xr X509_new 3 , +.Xr X509_policy_tree_get0_policies 3 , .Xr X509_policy_tree_level_count 3 , .Xr X509_verify_cert 3 .Sh STANDARDS diff --git a/man/X509_policy_tree_get0_policies.3 b/man/X509_policy_tree_get0_policies.3 new file mode 100644 index 00000000..cb0715d6 --- /dev/null +++ b/man/X509_policy_tree_get0_policies.3 @@ -0,0 +1,101 @@ +.\" $OpenBSD: X509_policy_tree_get0_policies.3,v 1.1 2021/11/11 12:06:25 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 11 2021 $ +.Dt X509_POLICY_TREE_GET0_POLICIES 3 +.Os +.Sh NAME +.Nm X509_policy_tree_get0_policies , +.Nm X509_policy_tree_get0_user_policies +.Nd retrieve arrays of policy tree nodes +.Sh SYNOPSIS +.In openssl/x509_vfy.h +.Ft STACK_OF(X509_POLICY_NODE) * +.Fn X509_policy_tree_get0_policies "const X509_POLICY_TREE *tree" +.Ft STACK_OF(X509_POLICY_NODE) * +.Fn X509_policy_tree_get0_user_policies "const X509_POLICY_TREE *tree" +.Sh DESCRIPTION +The +.Em authority set +and the +.Em user set +are arrays of nodes from a policy +.Fa tree . +.Pp +If the last level of a +.Fa tree , +or equivalently, all levels of it, contain an +.Sy anyPolicy +node, the authority set contains +only this anyPolicy node from the last level. +Unless the array of +.Fa policy_oids +passed to +.Xr X509_policy_check 3 +contained an anyPolicy object, +the user set contains one node for each of the +.Fa policy_oids ; +specifically, the first matching node that is a child of an anyPolicy node. +.Pp +If the last level of the +.Fa tree +does not contain an +.Sy anyPolicy +node, the authority set contains +all non-anyPolicy nodes that are children of anyPolicy nodes. +For each element of the +.Fa policy_oids , +the user set contains the first node from the authority set +matching it, if any. +.Pp +These functions are intended to be called after +.Xr X509_policy_check 3 +was called either directly or indirectly through +.Xr X509_verify_cert 3 . +.Sh RETURN VALUES +.Fn X509_policy_tree_get0_policies +returns an internal pointer to the authority set +or +.Dv NULL +if the +.Fa tree +argument is +.Dv NULL . +.Pp +.Fn X509_policy_tree_get0_user_policies +returns an internal pointer to the user set or +.Dv NULL +if the +.Fa tree +argument is +.Dv NULL +or if the array of +.Fa policy_oids +passed to +.Xr X509_policy_check 3 +was empty or contained an anyPolicy object. +.Sh SEE ALSO +.Xr STACK_OF 3 , +.Xr X509_policy_check 3 , +.Xr X509_policy_level_get0_node 3 , +.Xr X509_STORE_CTX_get0_policy_tree 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate +and Certificate Revocation List (CRL) Profile, +section 6.1: Basic Path Validation +.Sh HISTORY +These function first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . diff --git a/man/X509_policy_tree_level_count.3 b/man/X509_policy_tree_level_count.3 index f74754c3..ff2036c4 100644 --- a/man/X509_policy_tree_level_count.3 +++ b/man/X509_policy_tree_level_count.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_policy_tree_level_count.3,v 1.3 2021/07/28 13:47:21 schwarze Exp $ +.\" $OpenBSD: X509_policy_tree_level_count.3,v 1.5 2022/09/10 08:50:53 jsg Exp $ .\" .\" Copyright (c) 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 28 2021 $ +.Dd $Mdocdate: September 10 2022 $ .Dt X509_POLICY_TREE_LEVEL_COUNT 3 .Os .Sh NAME @@ -157,7 +157,7 @@ if the argument is .Dv NULL or located on level 0. -Otherwise, it returns an an internal pointer to the parent node of the +Otherwise, it returns an internal pointer to the parent node of the .Fa node argument. The parent node is always located on the previous level. @@ -167,7 +167,8 @@ The parent node is always located on the previous level. .Xr POLICYQUALINFO_new 3 , .Xr STACK_OF 3 , .Xr X509_new 3 , -.Xr X509_policy_check 3 +.Xr X509_policy_check 3 , +.Xr X509_policy_tree_get0_policies 3 .Sh STANDARDS RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, diff --git a/man/X509_print_ex.3 b/man/X509_print_ex.3 index 85e82709..1a2e0edb 100644 --- a/man/X509_print_ex.3 +++ b/man/X509_print_ex.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_print_ex.3,v 1.3 2021/07/23 06:02:39 jmc Exp $ +.\" $OpenBSD: X509_print_ex.3,v 1.4 2021/10/29 09:42:07 schwarze Exp $ .\" .\" Copyright (c) 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 23 2021 $ +.Dd $Mdocdate: October 29 2021 $ .Dt X509_PRINT_EX 3 .Os .Sh NAME @@ -252,7 +252,8 @@ always returns 1 and silently ignores write errors. .Xr BIO_new 3 , .Xr X509_CERT_AUX_new 3 , .Xr X509_CRL_print 3 , -.Xr X509_new 3 +.Xr X509_new 3 , +.Xr X509_REQ_print_ex 3 .Sh HISTORY .Fn X509_print first appeared in SSLeay 0.5.1 and was changed to print to a diff --git a/man/X509_sign.3 b/man/X509_sign.3 index ca4c5192..eb69874c 100644 --- a/man/X509_sign.3 +++ b/man/X509_sign.3 @@ -1,5 +1,5 @@ -.\" $OpenBSD: X509_sign.3,v 1.8 2019/06/14 13:59:32 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" $OpenBSD: X509_sign.3,v 1.9 2021/10/30 16:20:35 schwarze Exp $ +.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 .\" .\" This file was written by Dr. Stephen Henson . .\" Copyright (c) 2015, 2016 The OpenSSL Project. All rights reserved. @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 14 2019 $ +.Dd $Mdocdate: October 30 2021 $ .Dt X509_SIGN 3 .Os .Sh NAME @@ -145,6 +145,16 @@ and .Fn X509_CRL_verify sign and verify certificate requests and CRLs, respectively. .Pp +If +.Xr X509_CRL_set_default_method 3 +was in effect at the time the +.Vt X509_CRL +object was created, +.Fn X509_CRL_verify +calls the +.Fn crl_verify +callback function instead of performing the default action. +.Pp .Fn X509_sign_ctx is used where the default parameters for the corresponding public key and digest are not suitable. @@ -181,6 +191,7 @@ In some cases of failure, the reason can be determined with .Xr d2i_X509 3 , .Xr EVP_DigestInit 3 , .Xr X509_CRL_get0_by_serial 3 , +.Xr X509_CRL_METHOD_new 3 , .Xr X509_CRL_new 3 , .Xr X509_get_pubkey 3 , .Xr X509_get_subject_name 3 , diff --git a/man/X509_signature_dump.3 b/man/X509_signature_dump.3 index 8fff79ce..bc41cc8b 100644 --- a/man/X509_signature_dump.3 +++ b/man/X509_signature_dump.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_signature_dump.3,v 1.1 2021/07/06 16:05:44 schwarze Exp $ +.\" $OpenBSD: X509_signature_dump.3,v 1.2 2021/12/18 17:47:45 schwarze Exp $ .\" .\" Copyright (c) 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 6 2021 $ +.Dd $Mdocdate: December 18 2021 $ .Dt X509_SIGNATURE_DUMP 3 .Os .Sh NAME @@ -72,6 +72,7 @@ They fail and return as soon as any write operation fails. .Xr ASN1_STRING_print_ex 3 , .Xr BIO_new 3 , .Xr EVP_PKEY_asn1_new 3 , +.Xr OBJ_find_sigid_algs 3 , .Xr X509_ALGOR_new 3 , .Xr X509_get0_signature 3 .Sh HISTORY diff --git a/man/X509at_add1_attr.3 b/man/X509at_add1_attr.3 new file mode 100644 index 00000000..3d29c56e --- /dev/null +++ b/man/X509at_add1_attr.3 @@ -0,0 +1,134 @@ +.\" $OpenBSD: X509at_add1_attr.3,v 1.5 2021/10/26 12:56:48 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: October 26 2021 $ +.Dt X509AT_ADD1_ATTR 3 +.Os +.Sh NAME +.Nm X509at_add1_attr , +.Nm X509at_add1_attr_by_OBJ , +.Nm X509at_add1_attr_by_NID , +.Nm X509at_add1_attr_by_txt , +.Nm X509at_delete_attr +.Nd change an array of X.501 Attribute objects +.Sh SYNOPSIS +.In openssl/x509.h +.Ft STACK_OF(X509_ATTRIBUTE) * +.Fo X509at_add1_attr +.Fa "STACK_OF(X509_ATTRIBUTE) **pattrs" +.Fa "X509_ATTRIBUTE *attr" +.Fc +.Ft STACK_OF(X509_ATTRIBUTE) * +.Fo X509at_add1_attr_by_OBJ +.Fa "STACK_OF(X509_ATTRIBUTE) **pattrs" +.Fa "const ASN1_OBJECT *obj" +.Fa "int type" +.Fa "const unsigned char *data" +.Fa "int len" +.Fc +.Ft STACK_OF(X509_ATTRIBUTE) * +.Fo X509at_add1_attr_by_NID +.Fa "STACK_OF(X509_ATTRIBUTE) **pattrs" +.Fa "int nid" +.Fa "int type" +.Fa "const unsigned char *data" +.Fa "int len" +.Fc +.Ft STACK_OF(X509_ATTRIBUTE) * +.Fo X509at_add1_attr_by_txt +.Fa "STACK_OF(X509_ATTRIBUTE) **pattrs" +.Fa "const char *name" +.Fa "int type" +.Fa "const unsigned char *data" +.Fa "int len" +.Fc +.Ft X509_ATTRIBUTE * +.Fo X509at_delete_attr +.Fa "STACK_OF(X509_ATTRIBUTE) *attrs" +.Fa "int index" +.Fc +.Sh DESCRIPTION +.Fn X509at_add1_attr +appends a deep copy of +.Fa attr +to the end of +.Pf ** Fa pattrs . +If +.Pf * Fa pattrs +is +.Dv NULL , +a new array is allocated, and in case of success, +a pointer to it is assigned to +.Pf * Fa pattrs . +.Pp +.Fn X509at_add1_attr_by_OBJ , +.Fn X509at_add1_attr_by_NID , +and +.Fn X509at_add1_attr_by_txt +create a new X.501 Attribute object using +.Xr X509_ATTRIBUTE_create_by_OBJ 3 , +.Xr X509_ATTRIBUTE_create_by_NID 3 , +or +.Xr X509_ATTRIBUTE_create_by_txt 3 , +respectively, and append it to +.Pf ** Fa pattrs +using +.Fn X509at_add1_attr . +.Pp +.Fn X509at_delete_attr +deletes the element with the zero-based +.Fa index +from the array +.Pf * Fa attrs . +.Sh RETURN VALUES +.Fn X509at_add1_attr , +.Fn X509at_add1_attr_by_OBJ , +.Fn X509at_add1_attr_by_NID , +and +.Fn X509at_add1_attr_by_txt +return a pointer to the modified or new array or +.Dv NULL +if the +.Fa pattrs +argument is +.Dv NULL +or if creating or copying the X.501 Attribute object +or memory allocation fails. +.Pp +.Fn X509at_delete_attr +returns the deleted element or +.Dv NULL +if +.Fa attrs +is +.Dv NULL +or if the requested +.Fa index +is negative or greater than or equal to the number of objects in +.Pf * Fa attrs . +.Sh SEE ALSO +.Xr EVP_PKEY_add1_attr 3 , +.Xr OBJ_nid2obj 3 , +.Xr PKCS8_pkey_add1_attr_by_NID 3 , +.Xr STACK_OF 3 , +.Xr X509_ATTRIBUTE_create_by_OBJ 3 , +.Xr X509_ATTRIBUTE_new 3 , +.Xr X509_REQ_add1_attr 3 , +.Xr X509at_get_attr 3 +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.5 +and have been available since +.Ox 2.7 . diff --git a/man/X509at_get_attr.3 b/man/X509at_get_attr.3 new file mode 100644 index 00000000..82f786a4 --- /dev/null +++ b/man/X509at_get_attr.3 @@ -0,0 +1,160 @@ +.\" $OpenBSD: X509at_get_attr.3,v 1.7 2022/03/28 08:18:13 claudio Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 28 2022 $ +.Dt X509AT_GET_ATTR 3 +.Os +.Sh NAME +.Nm X509at_get_attr , +.Nm X509at_get_attr_count , +.Nm X509at_get_attr_by_OBJ , +.Nm X509at_get_attr_by_NID , +.Nm X509at_get0_data_by_OBJ +.\" In the following line, "X.501" and "Attribute" are not typos. +.\" The "Attribute" type is defined in X.501, not in X.509. +.\" The type is called "Attribute" with capital "A", not "attribute". +.Nd X.501 Attribute array read accessors +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_ATTRIBUTE * +.Fo X509at_get_attr +.Fa "const STACK_OF(X509_ATTRIBUTE) *attrs" +.Fa "int index" +.Fc +.Ft int +.Fo X509at_get_attr_count +.Fa "const STACK_OF(X509_ATTRIBUTE) *attrs" +.Fc +.Ft int +.Fo X509at_get_attr_by_OBJ +.Fa "const STACK_OF(X509_ATTRIBUTE) *attrs" +.Fa "const ASN1_OBJECT *obj" +.Fa "int start_after" +.Fc +.Ft int +.Fo X509at_get_attr_by_NID +.Fa "const STACK_OF(X509_ATTRIBUTE) *attrs" +.Fa "int nid" +.Fa "int start_after" +.Fc +.Ft void * +.Fo X509at_get0_data_by_OBJ +.Fa "STACK_OF(X509_ATTRIBUTE) *attrs" +.Fa "const ASN1_OBJECT *obj" +.Fa "int start_after" +.Fa "int type" +.Fc +.Sh DESCRIPTION +These functions retrieve information from the +.Fa attrs +array of X.501 Attribute objects. +They all fail if +.Fa attrs +is a +.Dv NULL +pointer. +.Pp +.Fn X509at_get_attr +returns the array element at the zero-based +.Fa index . +It fails if the +.Fa index +is negative or greater than or equal to the number of objects in the array. +.Pp +.Fn X509at_get_attr_count +returns the number of objects currently stored in the array. +.Pp +The three remaining functions search the array starting after the index +.Fa start_after . +They fail if no matching object is found. +.Fn X509at_get0_data_by_OBJ +also fails if the data is not of the requested +.Fa type . +.Pp +Additionally, the +.Fa start_after +argument of +.Fn X509at_get0_data_by_OBJ +is interpreted in a special way. +If +.Fa start_after +is \-2 or smaller, +.Fn X509at_get0_data_by_OBJ +also fails if +.Fa attrs +contains more than one matching object. +If +.Fa start_after +is \-3 or smaller, it also fails unless the matching object +contains exactly one value. +.Sh RETURN VALUES +.Fn X509at_get_attr +returns an internal pointer or +.Dv NULL +on failure. +.Pp +.Fn X509at_get_attr_count +returns the number of array elements or \-1 on failure. +.Pp +.Fn X509at_get_attr_by_OBJ +and +.Fn X509at_get_attr_by_NID +return the index of the first object in the array +that has an index greater than +.Fa start_after +and a type matching +.Fa obj +or +.Fa nid , +respectively, or \-1 on failure. +In addition, +.Fn X509at_get_attr_by_NID +returns \-2 +if +.Xr OBJ_nid2obj 3 +fails on the requested +.Fa nid . +.Pp +.Fn X509at_get0_data_by_OBJ +returns an internal pointer to the data contained in the value +of the first object that has an index greater than +.Fa start_after +and a type matching +.Fa obj , +or +.Dv NULL +on failure. +.Sh SEE ALSO +.Xr EVP_PKEY_get_attr 3 , +.Xr OBJ_nid2obj 3 , +.Xr PKCS8_pkey_get0_attrs 3 , +.Xr STACK_OF 3 , +.Xr X509_ATTRIBUTE_get0_data 3 , +.Xr X509_ATTRIBUTE_new 3 , +.Xr X509_REQ_get_attr 3 , +.Xr X509at_add1_attr 3 +.Sh HISTORY +.Fn X509at_get_attr , +.Fn X509at_get_attr_count , +.Fn X509at_get_attr_by_OBJ , +and +.Fn X509at_get_attr_by_NID +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . +.Pp +.Fn X509at_get0_data_by_OBJ +first appeared in OpenSSL 0.9.8h and has been available since +.Ox 4.5 . diff --git a/man/a2d_ASN1_OBJECT.3 b/man/a2d_ASN1_OBJECT.3 new file mode 100644 index 00000000..274d93cb --- /dev/null +++ b/man/a2d_ASN1_OBJECT.3 @@ -0,0 +1,83 @@ +.\" $OpenBSD: a2d_ASN1_OBJECT.3,v 1.2 2022/01/01 02:06:07 jsg Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: January 1 2022 $ +.Dt A2D_ASN1_OBJECT 3 +.Os +.Sh NAME +.Nm a2d_ASN1_OBJECT +.Nd DER content octets of an ASN.1 object identifier +.Sh SYNOPSIS +.Ft int +.Fo a2d_ASN1_OBJECT +.Fa "unsigned char *der_out" +.Fa "int olen" +.Fa "const char *val_in" +.Fa "int ilen" +.Fc +.Sh DESCRIPTION +.Fn a2d_ASN1_OBJECT +accepts an ASCII string +.Fa val_in +of +.Fa ilen +bytes and interprets it as the numerical form of an ASN.1 object identifier. +It writes the content octets of the DER encoding of the object identifier +to the buffer +.Fa der_out +which is +.Fa olen +bytes long. +The identifier and length octets of the DER encoding are not written. +.Pp +If +.Fa ilen +is \-1, the +.Xr strlen 3 +of +.Fa val_in +is used instead. +.Pp +If +.Fa der_out +is a +.Dv NULL +pointer, writing the content objects is skipped +and only the return value is calculated. +.Sh RETURN VALUES +.Fn a2d_ASN1_OBJECT +returns the number of content octets that were or would be written or 0 if +.Fa ilen +is 0, if +.Fa val_in +is not a valid representation of an object identifier, +if memory allocation fails, or if the number of content octets +would be larger than +.Fa olen . +.Sh SEE ALSO +.Xr ASN1_OBJECT_new 3 , +.Xr i2d_ASN1_OBJECT 3 , +.Xr OBJ_create 3 +.Sh STANDARDS +ITU-T Recommendation X.690, also known as ISO/IEC 8825-1: +Information technology - ASN.1 encoding rules: +Specification of Basic Encoding Rules (BER), Canonical Encoding +Rules (CER) and Distinguished Encoding Rules (DER), +section 8.19: Encoding of an object identifier value +.Sh HISTORY +.Fn a2d_ASN1_OBJECT +first appeared in SSLeay 0.8.0 and has been available since +.Ox 2.4 . diff --git a/man/crypto.3 b/man/crypto.3 index 6e98f643..f809347a 100644 --- a/man/crypto.3 +++ b/man/crypto.3 @@ -1,7 +1,24 @@ -.\" $OpenBSD: crypto.3,v 1.25 2020/06/24 17:00:38 schwarze Exp $ +.\" $OpenBSD: crypto.3,v 1.28 2022/02/04 00:55:52 tb Exp $ .\" OpenSSL a9c85cea Nov 11 09:33:55 2016 +0100 .\" -.\" This file was written by Ulf Moeller and +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Ulf Moeller and .\" Dr. Stephen Henson . .\" Copyright (c) 2000, 2002 The OpenSSL Project. All rights reserved. .\" @@ -49,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 24 2020 $ +.Dd $Mdocdate: February 4 2022 $ .Dt CRYPTO 3 .Os .Sh NAME @@ -63,7 +80,7 @@ implementations of TLS and S/MIME, and they have also been used to implement SSH, OpenPGP, and other cryptographic standards. .Pp .Sy Symmetric ciphers -including AES, Blowfish, CAST, Chacha20, IDEA, DES, RC2, and RC4 +including AES, Blowfish, CAST, ChaCha20, IDEA, DES, RC2, and RC4 are provided by the generic interface .Xr EVP_EncryptInit 3 . Low-level stand-alone interfaces include @@ -139,43 +156,275 @@ include .Xr lh_new 3 , and .Xr STACK_OF 3 . +.Sh NAMING CONVENTIONS +Elements used in the names of API functions include the following: +.Bl -tag -width Ds +.It add0 +See +.Dq set0 +below. +.It add1 +See +.Dq set1 +below. +.It BIO +basic input and/or output abstraction: +The function manipulates objects of the idiosyncratic OpenSSL +.Vt BIO +object type. +See +.Xr BIO_new 3 . +.It bio +The function uses a +.Vt BIO +object for input or output. +In many cases, simpler variants of the function are available +that operate directly on +.In stdio.h +.Vt FILE +objects or directly in RAM, usually using byte arrays. +.It BIO_f_ +filter BIO: +The function returns a pointer to a static built-in object that, +when passed to +.Xr BIO_new 3 , +results in the creation of a BIO object that can write data to +and/or read data from another +.Vt BIO +object. +.It BIO_s_ +source and/or sink BIO: +The function returns a pointer to a static built-in object that, +when passed to +.Xr BIO_new 3 , +results in the creation of a BIO object +that can write data to an external destination +and/or read data from an external source, +for example a file descriptor or object, a memory buffer, or the network. +.It BN +big number: +The function operates on +.Vt BIGNUM +objects representing integer numbers of variable, almost unlimited size. +See +.Xr BN_new 3 . +.It cb +callback: +The function takes or returns a function pointer +that is called by API functions from inside the library. +The function pointed to may be defined by the application program. +In some cases, API functions with +.Dq cb +in their name may return function pointers to internal functions +defined inside the library that are not API functions. +The element +.Dq cb +is also used in the names of some function pointer datatypes +declared with +.Sy typedef . +In a small number of cases, the all caps form +.Dq CB +is used with the same meaning. +.It CTX +context: +The function operates on a wrapper object around another object. +The purposes and properties of such +.Dq CTX +wrapper objects vary wildly depending on the objects in question. +A few function names use the lower case form +.Dq ctx +in the same sense. +.It d2i +DER to internal: +The function decodes input conforming to ASN.1 basic encoding rules (BER) +and either stores the result in an existing object +or in a newly allocated object. +The latter is usually preferable because +creating a new object is more robust and less error prone. +In spite of the name, the input usually does not need to conform to ASN.1 +distinguished encoding rules (DER), which are more restrictive than BER. +.It EVP +digital EnVeloPe library: +See +.Xr evp 3 . +.It ex +This name element is used for two completely unrelated purposes. .Pp -Some of the newer functions follow a naming convention using the numbers -.Sq 0 -and -.Sq 1 . -For example consider the names of these functions: +extended version: +The function is similar to an older function without the +.Dq ex +in its name, but takes one or more additional arguments +in order to make it more versatile. +In several cases, the older version is now deprecated. .Pp -.Ft int -.Fo X509_CRL_add0_revoked -.Fa "X509_CRL *crl" -.Fa "X509_REVOKED *rev" -.Fc -.br -.Ft int -.Fo X509_add1_trust_object -.Fa "X509 *x" -.Fa "ASN1_OBJECT *obj" -.Fc +extra data: +Some object types support storing additional, application-specific data +inside objects in addition to the data the object is designed to hold. +The function sets, retrieves, or prepares for using such extra data. +Related function names usually contain +.Dq ex_data +or +.Dq ex_new_index . +See +.Xr CRYPTO_set_ex_data 3 . +.It fp +file pointer: +The function takes a +.Vt FILE * +argument. +Usually, the function is a variant of another function taking a +.Vt BIO * +argument instead. +.It i2d +internal to DER: +The function encodes an object passed as an argument +according to ASN.1 distinguished encoding rules (DER). +There are a few rare exceptions of functions that have +.Dq i2d +in their name but produce output anyway +that only conforms to ASN.1 basic encoding rules (BER) and not to DER. +.It get0 +The function returns an internal pointer +owned by the object passed as an argument. +The returned pointer must not be freed by the calling code. +It will be freed automatically +when the object owning the pointer will be freed. +.It get1 +The function returns a copy of a sub-object +of an object passed as an argument. +The caller is responsible for freeing the returned object +when it is no longer needed. .Pp -The -.Sq 0 -version uses the supplied structure pointer directly in the parent and -it will be freed up when the parent is freed. -In the above example -.Fa crl -would be freed but -.Fa rev -would not. +If the object type is reference counted, usually the reference count +is incremented instead of copying the object. +Consequently, modifying the returned object may still impact all +objects containing references to it. +The caller is responsible for freeing the returned object +when it is no longer needed; for reference-counted objects still +referenced elsewhere, this will merely decrement the reference count. +.It get +Functions containing +.Dq get +in their name without a following digit may behave in +.Dq get0 +or, more rarely, in +.Dq get1 +style. +To find out which is the case, refer to the individual manual pages. +.It lh +linear hash: +The function manipulates a dynamic hash table. +See +.Xr lh_new 3 . +.It md +message digest. +Some function names use the all caps form +.Dq MD +in the same sense. +.It meth +The function manipulates an object holding a function table. +Usually, such function tables allow the application program +to implement additional cryptographic or I/O algorithms +and to use them with the same high-level API functions as the +algorithms provided by the library itself, or to replace the +implementations of algorithms provided by the library with +custom implementations provided by the application program. +Some API functions use the name elements +.Dq method +or +.Dq METHOD +in the same sense. +See also the +.Dq cb +entry in the present list. +.It ndef +indefinite length form: +The function encodes according to ASN.1 basic encoding rules (BER) +using the indefinite length form. +Even if the function name also includes +.Dq i2d , +the output does not conform to ASN.1 distinguished encoding rules (DER). +See +.Xr ASN1_item_ndef_i2d 3 . +Some function names contain the all caps version +.Dq NDEF +with the same meaning. +.It nid +numerical identifier: +A non-standard, LibreSSL-specific +.Vt int +number associated with an ASN.1 object identifier. +In several cases, the all caps form +.Dq NID +is used in the same sense. +See +.Xr OBJ_nid2obj 3 . +.It obj +This name element and its all caps form +.Dq OBJ +usually refer to ASN.1 object identifiers represented by the +.Vt ASN1_OBJECT +data type. +See +.Xr ASN1_OBJECT_new 3 . +.It PKEY +In most cases, this name element and its lower case form +.Dq pkey +mean +.Dq private key , +but for both forms, there are some cases where they mean +.Dq public key +instead. +.It set0 +The function transfers ownership of a pointer passed as an argument +to an object passed as another argument, +by storing the pointer inside the object. +The transferred pointer must not be freed by the calling code. +It will be freed automatically +when the object now owning the pointer will be freed. +.It set1 +The function copies the content of one object passed as an argument +into another object also passed as an argument. +When the calling code no longer needs the copied object, +it can free that object. .Pp -The -.Sq 1 -function uses a copy of the supplied structure pointer (or in some cases -increases its link count) in the parent and so both -.Pf ( Fa x -and -.Fa obj -above) should be freed up. +In some cases, if the object to be copied is reference counted, +the function does not actually copy the object but merely increments +its reference count and stores the pointer to it in the other object. +When the calling code no longer needs its original pointer to +the now inner object, it can free the original pointer, thus +decrementing the reference count of the inner object +and transferring ownership of the inner object to the outer object. +The inner object will then be freed automatically +when the outer object is freed later on. +.It set +Functions containing +.Dq set +in their name without a following digit may behave in +.Dq set0 +or, more rarely, in +.Dq set1 +style. +To find out which is the case, refer to the individual manual pages. +.It sk +stack: +The function manipulates a variable-sized array of pointers +in the idiosyncratic style described in +.Xr OPENSSL_sk_new 3 . +.It TS +X.509 time-stamp protocol: +See +.Xr TS_REQ_new 3 . +.It up_ref +The function increments the reference count of the argument by one. +Only a minority of object types support reference counting. +For those that do, if the reference count is greater than one, +the corresponding +.Dq free +function reverses the effect of one call to the +.Dq up_ref +function rather than freeing the object. +.El .Sh SEE ALSO .Xr openssl 1 , .Xr ssl 3 diff --git a/man/d2i_ASN1_NULL.3 b/man/d2i_ASN1_NULL.3 index 7d10f1ba..bc7c85e7 100644 --- a/man/d2i_ASN1_NULL.3 +++ b/man/d2i_ASN1_NULL.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: d2i_ASN1_NULL.3,v 1.3 2019/06/06 01:06:59 schwarze Exp $ +.\" $OpenBSD: d2i_ASN1_NULL.3,v 1.4 2021/11/22 16:19:54 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: November 22 2021 $ .Dt D2I_ASN1_NULL 3 .Os .Sh NAME @@ -76,6 +76,7 @@ returns 2 if successful or 0 if an error occurs. .Sh SEE ALSO .Xr ASN1_item_d2i 3 , .Xr ASN1_item_new 3 , +.Xr ASN1_NULL_new 3 , .Xr ASN1_TYPE_get 3 .Sh STANDARDS ITU-T Recommendation X.690, also known as ISO/IEC 8825-1: diff --git a/man/d2i_ASN1_OBJECT.3 b/man/d2i_ASN1_OBJECT.3 index 09a17ced..a555490f 100644 --- a/man/d2i_ASN1_OBJECT.3 +++ b/man/d2i_ASN1_OBJECT.3 @@ -1,7 +1,6 @@ -.\" $OpenBSD: d2i_ASN1_OBJECT.3,v 1.9 2018/04/25 15:17:52 schwarze Exp $ -.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 +.\" $OpenBSD: d2i_ASN1_OBJECT.3,v 1.13 2022/09/12 14:33:47 tb Exp $ .\" -.\" Copyright (c) 2017 Ingo Schwarze +.\" Copyright (c) 2017, 2022 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -15,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: April 25 2018 $ +.Dd $Mdocdate: September 12 2022 $ .Dt D2I_ASN1_OBJECT 3 .Os .Sh NAME @@ -40,40 +39,51 @@ These functions decode and encode ASN.1 object identifiers. For details about the semantics, examples, caveats, and bugs, see .Xr ASN1_item_d2i 3 . .Pp +The LibreSSL implementation of +.Fn d2i_ASN1_OBJECT +always calls +.Xr ASN1_OBJECT_free 3 +if an existing object is passed in via +.Fa val_out +and it always creates a new object from scratch. +Other implementations may attempt to reuse an existing object, +which is fragile and prone to bugs. +Consequently, always passing +.Dv NULL +for the +.Fa val_out +argument is recommended. +.Pp The objects returned from .Fn d2i_ASN1_OBJECT and the data contained in them are always marked as dynamically allocated, so when they are no longer needed, .Xr ASN1_OBJECT_free 3 can be called on them. -.Pp -If reusing an existing object is attempted but the -.Pf * Fa val_out -passed in points to an object that is not marked as dynamically -allocated, then the existing object is left untouched and -.Fn d2i_ASN1_OBJECT -behaves as if -.Pf * Fa val_out -would have been -.Dv NULL : -A new object is allocated and a pointer to it is both stored in -.Pf * Fa val_out -and returned. .Sh RETURN VALUES .Fn d2i_ASN1_OBJECT -returns an +returns a pointer to the new .Vt ASN1_OBJECT object or .Dv NULL if an error occurs. +With other implementations, it might return a pointer to the reused +.Vt ASN1_OBJECT . .Pp .Fn i2d_ASN1_OBJECT returns the number of bytes successfully encoded or a value <= 0 if an error occurs. .Sh SEE ALSO +.Xr a2d_ASN1_OBJECT 3 , .Xr ASN1_item_d2i 3 , .Xr ASN1_OBJECT_new 3 , .Xr OBJ_nid2obj 3 +.Sh STANDARDS +ITU-T Recommendation X.690, also known as ISO/IEC 8825-1: +Information technology - ASN.1 encoding rules: +Specification of Basic Encoding Rules (BER), Canonical Encoding +Rules (CER) and Distinguished Encoding Rules (DER), +section 8.19: Encoding of an object identifier value .Sh HISTORY .Fn d2i_ASN1_OBJECT and @@ -92,7 +102,3 @@ on the returned object, and then and .Xr OBJ_nid2ln 3 on the result. -.Sh BUGS -When reusing a dynamically allocated object that contains dynamically -allocated names, the old names are not freed and the memory containing -them is leaked. diff --git a/man/d2i_ASN1_OCTET_STRING.3 b/man/d2i_ASN1_OCTET_STRING.3 index c985bc8b..6d79ae40 100644 --- a/man/d2i_ASN1_OCTET_STRING.3 +++ b/man/d2i_ASN1_OCTET_STRING.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: d2i_ASN1_OCTET_STRING.3,v 1.12 2018/03/27 17:35:50 schwarze Exp $ +.\" $OpenBSD: d2i_ASN1_OCTET_STRING.3,v 1.19 2022/09/12 14:36:09 tb Exp $ .\" .\" Copyright (c) 2017 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: September 12 2022 $ .Dt D2I_ASN1_OCTET_STRING 3 .Os .Sh NAME @@ -270,10 +270,9 @@ objects. For details about the semantics, examples, caveats, and bugs, see .Xr ASN1_item_d2i 3 . .Pp -The format consists of one identifier octet, -one or more length octets, -and one or more content octets. -The identifier octets and corresponding ASN.1 types are as follows: +The format consists of one identifier byte, one or more length bytes, +and one or more content bytes. +The identifier bytes and corresponding ASN.1 types are as follows: .Bl -column ASN1_GENERALIZEDTIME identifier .It Em OpenSSL type Ta Em identifier Ta Em ASN.1 type .It Ta @@ -317,7 +316,7 @@ and .Fn i2d_DIRECTORYSTRING that also accept IA5String, NumericString, BIT STRING, and SEQUENCE ASN.1 values as well as ASN.1 values with unknown identifier -octets (0x07, 0x08, 0x09, 0x0b, 0x0d, 0x0e, 0x0f, 0x1d, and 0x1f). +bytes (0x07, 0x08, 0x09, 0x0b, 0x0d, 0x0e, 0x0f, 0x1d, and 0x1f). Even though the standard requires the use of .Vt DirectoryString in the relative distinguished names described in @@ -354,6 +353,21 @@ They are also used for certificate revocation lists; see When decoding, it accepts either GeneralizedTime or UTCTime. When encoding, it writes out the time type that is actually passed in. .Pp +The following constants describe the ASN.1 tags that are valid +when decoding with the above functions. +See +.Xr ASN1_tag2bit 3 +for more details about the +.Dv B_ASN1_* +constants. +.Bl -column d2i_DIRECTORYSTRING() B_ASN1_DIRECTORYSTRING -offset indent +.It decoding function Ta mask constant +.It Fn d2i_DIRECTORYSTRING Ta Dv B_ASN1_DIRECTORYSTRING +.It Fn d2i_ASN1_PRINTABLE Ta Dv B_ASN1_PRINTABLE +.It Fn d2i_DISPLAYTEXT Ta Dv B_ASN1_DISPLAYTEXT +.It Fn d2i_ASN1_TIME Ta Dv B_ASN1_TIME +.El +.Pp .Fn d2i_ASN1_UINTEGER is similar to .Fn d2i_ASN1_INTEGER @@ -396,7 +410,7 @@ Certificate Revocation List (CRL) Profile .Fn d2i_ASN1_T61STRING , .Fn i2d_ASN1_T61STRING , .Fn d2i_ASN1_PRINTABLESTRING , -.Fn i2d_ASN1_PRINTABLESTRING +.Fn i2d_ASN1_PRINTABLESTRING , .Fn d2i_ASN1_PRINTABLE , .Fn i2d_ASN1_PRINTABLE , .Fn d2i_ASN1_UTCTIME , diff --git a/man/d2i_ASN1_SEQUENCE_ANY.3 b/man/d2i_ASN1_SEQUENCE_ANY.3 index 0c4b6d72..654f0b1e 100644 --- a/man/d2i_ASN1_SEQUENCE_ANY.3 +++ b/man/d2i_ASN1_SEQUENCE_ANY.3 @@ -1,6 +1,6 @@ -.\" $OpenBSD: d2i_ASN1_SEQUENCE_ANY.3,v 1.2 2018/03/23 04:34:23 schwarze Exp $ +.\" $OpenBSD: d2i_ASN1_SEQUENCE_ANY.3,v 1.3 2021/12/09 19:05:09 schwarze Exp $ .\" -.\" Copyright (c) 2017 Ingo Schwarze +.\" Copyright (c) 2017, 2021 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 23 2018 $ +.Dd $Mdocdate: December 9 2021 $ .Dt D2I_ASN1_SEQUENCE_ANY 3 .Os .Sh NAME @@ -48,7 +48,12 @@ .Fa "unsigned char **der_out" .Fc .Sh DESCRIPTION -These functions decode and encode ASN.1 sequences and sets. +These functions decode and encode ASN.1 sequences and sets, +which are also represented by the +.Dv V_ASN1_SEQUENCE +and +.Dv V_ASN1_SET +type identifier constants, respectively. For details about the semantics, examples, caveats, and bugs, see .Xr ASN1_item_d2i 3 . .Pp diff --git a/man/d2i_PrivateKey.3 b/man/d2i_PrivateKey.3 index 588bda87..86454143 100644 --- a/man/d2i_PrivateKey.3 +++ b/man/d2i_PrivateKey.3 @@ -1,10 +1,10 @@ -.\" $OpenBSD: d2i_PrivateKey.3,v 1.9 2019/06/06 01:06:59 schwarze Exp $ -.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" $OpenBSD: d2i_PrivateKey.3,v 1.10 2021/10/19 12:03:46 schwarze Exp $ +.\" full merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" -.\" Copyright (c) 2016 Ingo Schwarze +.\" Copyright (c) 2016, 2021 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -65,15 +65,17 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: October 19 2021 $ .Dt D2I_PRIVATEKEY 3 .Os .Sh NAME .Nm d2i_PrivateKey , .Nm d2i_AutoPrivateKey , -.Nm i2d_PrivateKey , .Nm d2i_PrivateKey_bio , .Nm d2i_PrivateKey_fp , +.Nm i2d_PrivateKey , +.Nm i2d_PrivateKey_bio , +.Nm i2d_PrivateKey_fp , .Nm i2d_PKCS8PrivateKeyInfo_bio , .Nm i2d_PKCS8PrivateKeyInfo_fp , .Nm d2i_PublicKey , @@ -94,11 +96,6 @@ .Fa "const unsigned char **des_in" .Fa "long length" .Fc -.Ft int -.Fo i2d_PrivateKey -.Fa "EVP_PKEY *val_in" -.Fa "unsigned char **des_out" -.Fc .Ft EVP_PKEY * .Fo d2i_PrivateKey_bio .Fa "BIO *in_bio" @@ -110,6 +107,21 @@ .Fa "EVP_PKEY **val_out" .Fc .Ft int +.Fo i2d_PrivateKey +.Fa "EVP_PKEY *val_in" +.Fa "unsigned char **des_out" +.Fc +.Ft int +.Fo i2d_PrivateKey_bio +.Fa "BIO *out_bio" +.Fa "EVP_PKEY *val_in" +.Fc +.Ft int +.Fo i2d_PrivateKey_fp +.Fa "FILE *out_fp" +.Fa "EVP_PKEY *val_in" +.Fc +.Ft int .Fo i2d_PKCS8PrivateKeyInfo_bio .Fa "BIO *out_bio" .Fa "EVP_PKEY *val_in" @@ -174,6 +186,17 @@ that key type, the PKCS#8 unencrypted .Vt PrivateKeyInfo format. .Pp +.Fn i2d_PrivateKey_bio +and +.Fn i2d_PrivateKey_fp +are similar to +.Fn i2d_PrivateKey +except that they write to a +.Vt BIO +or +.Vt FILE +pointer and use a different convention for their return values. +.Pp .Fn i2d_PKCS8PrivateKeyInfo_bio and .Fn i2d_PKCS8PrivateKeyInfo_fp @@ -249,7 +272,9 @@ and return the number of bytes successfully encoded or a negative value if an error occurs. .Pp -.Fn i2d_PKCS8PrivateKeyInfo_bio +.Fn i2d_PrivateKey_bio , +.Fn i2d_PrivateKey_fp , +.Fn i2d_PKCS8PrivateKeyInfo_bio , and .Fn i2d_PKCS8PrivateKeyInfo_fp return 1 for success or 0 if an error occurs. @@ -277,8 +302,8 @@ first appeared in SSLeay 0.6.0 and have been available since .Pp .Fn d2i_AutoPrivateKey , .Fn d2i_PrivateKey_bio , -.Fn i2d_PrivateKey_bio , .Fn d2i_PrivateKey_fp , +.Fn i2d_PrivateKey_bio , .Fn i2d_PrivateKey_fp , .Fn i2d_PKCS8PrivateKeyInfo_bio , and diff --git a/man/d2i_X509.3 b/man/d2i_X509.3 index 94b136a0..6102e49e 100644 --- a/man/d2i_X509.3 +++ b/man/d2i_X509.3 @@ -1,5 +1,8 @@ -.\" $OpenBSD: d2i_X509.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 94480b57 Sep 12 23:34:41 2009 +0000 +.\" $OpenBSD: d2i_X509.3,v 1.11 2021/10/27 10:35:43 schwarze Exp $ +.\" OpenSSL d2i_X509.pod checked up to: +.\" 256989ce4 Jun 19 15:00:32 2020 +0200 +.\" OpenSSL i2d_re_X509_tbs.pod checked up to: +.\" 61f805c1 Jan 16 01:01:46 2018 +0800 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: @@ -18,8 +21,10 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.\" The original file was written by Dr. Stephen Henson . -.\" Copyright (c) 2002, 2003, 2005, 2009, 2016 The OpenSSL Project. +.\" The original files were written by Dr. Stephen Henson , +.\" Emilia Kasper , Viktor Dukhovni , +.\" and Rich Salz . +.\" Copyright (c) 2002, 2014, 2016 The OpenSSL Project. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -66,7 +71,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: October 27 2021 $ .Dt D2I_X509 3 .Os .Sh NAME @@ -83,7 +88,10 @@ .Nm d2i_X509_CINF , .Nm i2d_X509_CINF , .Nm d2i_X509_VAL , -.Nm i2d_X509_VAL +.Nm i2d_X509_VAL , +.Nm i2d_re_X509_tbs , +.Nm i2d_re_X509_CRL_tbs , +.Nm i2d_re_X509_REQ_tbs .Nd decode and encode X.509 certificates .Sh SYNOPSIS .In openssl/x509.h @@ -162,6 +170,21 @@ .Fa "X509_VAL *val_in" .Fa "unsigned char **der_out" .Fc +.Ft int +.Fo i2d_re_X509_tbs +.Fa "X509 *x" +.Fa "unsigned char **out" +.Fc +.Ft int +.Fo i2d_re_X509_CRL_tbs +.Fa "X509_CRL *crl" +.Fa "unsigned char **pp" +.Fc +.Ft int +.Fo i2d_re_X509_REQ_tbs +.Fa "X509_REQ *req" +.Fa "unsigned char **pp" +.Fc .Sh DESCRIPTION These functions decode and encode X.509 certificates and some of their substructures. @@ -221,6 +244,36 @@ and decode and encode an ASN.1 .Vt Validity structure defined in RFC 5280 section 4.1. +.Pp +.Fn i2d_re_X509_tbs +is similar to +.Fn i2d_X509 , +except it encodes only the TBSCertificate portion of the certificate. +.Fn i2d_re_X509_CRL_tbs +and +.Fn i2d_re_X509_REQ_tbs +are analogous for CRL and certificate request, respectively. +The "re" in +.Fn i2d_re_X509_tbs +stands for "re-encode", and ensures that a fresh encoding is generated +in case the object has been modified after creation. +.Pp +The encoding of the TBSCertificate portion of a certificate is cached in +the +.Vt X509 +structure internally to improve encoding performance and to ensure +certificate signatures are verified correctly in some certificates with +broken (non-DER) encodings. +.Pp +If, after modification, the +.Vt X509 +object is re-signed with +.Xr X509_sign 3 , +the encoding is automatically renewed. +Otherwise, the encoding of the TBSCertificate portion of the +.Vt X509 +can be manually renewed by calling +.Fn i2d_re_X509_tbs . .Sh RETURN VALUES .Fn d2i_X509 , .Fn d2i_X509_bio , @@ -260,6 +313,12 @@ and .Fn i2d_X509_fp return 1 for success or 0 if an error occurs. .Pp +.Fn i2d_re_X509_tbs , +.Fn i2d_re_X509_CRL_tbs , +and +.Fn i2d_re_X509_REQ_tbs +return the number of bytes successfully encoded or 0 if an error occurs. +.Pp For all functions, the error code can be obtained by .Xr ERR_get_error 3 . .Sh SEE ALSO @@ -294,3 +353,10 @@ and .Fn i2d_X509_CERT_AUX first appeared in OpenSSL 0.9.5 and have been available since .Ox 2.7 . +.Pp +.Fn i2d_re_X509_tbs , +.Fn i2d_re_X509_CRL_tbs , +and +.Fn i2d_re_X509_REQ_tbs +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 7.1 . diff --git a/man/d2i_X509_ALGOR.3 b/man/d2i_X509_ALGOR.3 index 530ae86c..7c53d5ae 100644 --- a/man/d2i_X509_ALGOR.3 +++ b/man/d2i_X509_ALGOR.3 @@ -1,7 +1,6 @@ -.\" $OpenBSD: d2i_X509_ALGOR.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700 +.\" $OpenBSD: d2i_X509_ALGOR.3,v 1.10 2021/11/03 15:02:14 schwarze Exp $ .\" -.\" Copyright (c) 2016 Ingo Schwarze +.\" Copyright (c) 2016, 2021 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -15,12 +14,14 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: November 3 2021 $ .Dt D2I_X509_ALGOR 3 .Os .Sh NAME .Nm d2i_X509_ALGOR , -.Nm i2d_X509_ALGOR +.Nm i2d_X509_ALGOR , +.Nm d2i_X509_ALGORS , +.Nm i2d_X509_ALGORS .Nd decode and encode algorithm identifiers .Sh SYNOPSIS .In openssl/x509.h @@ -35,6 +36,17 @@ .Fa "X509_ALGOR *val_in" .Fa "unsigned char **der_out" .Fc +.Ft X509_ALGORS * +.Fo d2i_X509_ALGORS +.Fa "X509_ALGORS **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_X509_ALGORS +.Fa "X509_ALGORS *val_in" +.Fa "unsigned char **der_out" +.Fc .Sh DESCRIPTION .Fn d2i_X509_ALGOR and @@ -42,10 +54,23 @@ and decode and encode an ASN.1 .Vt AlgorithmIdentifier structure defined in RFC 5280 section 4.1.1.2. +.Pp +.Fn d2i_X509_ALGORS +and +.Fn i2d_X509_ALGORS +decode and encode an ASN.1 sequence of +.Vt AlgorithmIdentifier +structures. +The data type +.Vt X509_ALGORS +is defined as +.Vt STACK_OF(X509_ALGOR) . +.Pp For details about the semantics, examples, caveats, and bugs, see .Xr ASN1_item_d2i 3 . .Sh SEE ALSO .Xr ASN1_item_d2i 3 , +.Xr STACK_OF 3 , .Xr X509_ALGOR_new 3 .Sh STANDARDS RFC 5280: Internet X.509 Public Key Infrastructure Certificate and @@ -56,3 +81,9 @@ and .Fn i2d_X509_ALGOR first appeared in SSLeay 0.5.1 and have been available since .Ox 2.4 . +.Pp +.Fn d2i_X509_ALGORS +and +.Fn i2d_X509_ALGORS +first appeared in OpenSSL 0.9.8h and have been available since +.Ox 4.5 . diff --git a/man/d2i_X509_CRL.3 b/man/d2i_X509_CRL.3 index 920be4aa..a0a19b4f 100644 --- a/man/d2i_X509_CRL.3 +++ b/man/d2i_X509_CRL.3 @@ -1,7 +1,6 @@ -.\" $OpenBSD: d2i_X509_CRL.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ -.\" OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 +.\" $OpenBSD: d2i_X509_CRL.3,v 1.8 2021/10/30 16:20:35 schwarze Exp $ .\" -.\" Copyright (c) 2016 Ingo Schwarze +.\" Copyright (c) 2016, 2021 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -15,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: October 30 2021 $ .Dt D2I_X509_CRL 3 .Os .Sh NAME @@ -96,6 +95,16 @@ and decode and encode an ASN.1 .Vt CertificateList structure defined in RFC 5280 section 5.1. +.Pp +If +.Xr X509_CRL_set_default_method 3 +is in effect and the +.Fn crl_init +callback is not +.Dv NULL , +that callback is invoked at the end of +.Fn d2i_X509_CRL . +.Pp .Fn d2i_X509_CRL_bio , .Fn d2i_X509_CRL_fp , .Fn i2d_X509_CRL_bio , @@ -123,6 +132,7 @@ the revokedCertificates field of the ASN.1 structure. .Sh SEE ALSO .Xr ASN1_item_d2i 3 , +.Xr X509_CRL_METHOD_new 3 , .Xr X509_CRL_new 3 , .Xr X509_REVOKED_new 3 .Sh STANDARDS diff --git a/man/d2i_X509_NAME.3 b/man/d2i_X509_NAME.3 index 6e3e4a7f..97b18e9c 100644 --- a/man/d2i_X509_NAME.3 +++ b/man/d2i_X509_NAME.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: d2i_X509_NAME.3,v 1.16 2021/07/20 17:31:32 schwarze Exp $ +.\" $OpenBSD: d2i_X509_NAME.3,v 1.17 2021/12/11 17:25:10 jmc Exp $ .\" checked up to: .\" OpenSSL crypto/d2i_X509_NAME 4692340e Jun 7 15:49:08 2016 -0400 and .\" OpenSSL man3/X509_NAME_get0_der 99d63d46 Oct 26 13:56:48 2016 -0400 @@ -17,7 +17,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 20 2021 $ +.Dd $Mdocdate: December 11 2021 $ .Dt D2I_X509_NAME 3 .Os .Sh NAME @@ -129,7 +129,7 @@ using .Fn X509_NAME_dup , and in case of success, it frees .Pf * Fa val_out -and sets it to a pointer to the the new object. +and sets it to a pointer to the new object. When the function fails, it never changes anything. In any case, .Fa val_in diff --git a/man/get_rfc3526_prime_8192.3 b/man/get_rfc3526_prime_8192.3 index b26e28be..eec4d27f 100644 --- a/man/get_rfc3526_prime_8192.3 +++ b/man/get_rfc3526_prime_8192.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: get_rfc3526_prime_8192.3,v 1.4 2018/03/23 23:18:17 schwarze Exp $ +.\" $OpenBSD: get_rfc3526_prime_8192.3,v 1.6 2022/01/15 23:38:50 jsg Exp $ .\" checked up to: OpenSSL DH_get_1024_160 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" Copyright (c) 2017 Ingo Schwarze @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 23 2018 $ +.Dd $Mdocdate: January 15 2022 $ .Dt GET_RFC3526_PRIME_8192 3 .Os .Sh NAME @@ -29,12 +29,13 @@ .Nm get_rfc3526_prime_8192 , .Nm BN_get_rfc2409_prime_768 , .Nm BN_get_rfc2409_prime_1024 , +.Nm BN_get_rfc3526_prime_1536 , .Nm BN_get_rfc3526_prime_2048 , .Nm BN_get_rfc3526_prime_3072 , .Nm BN_get_rfc3526_prime_4096 , .Nm BN_get_rfc3526_prime_6144 , .Nm BN_get_rfc3526_prime_8192 -.Nd standard moduli for Diffie-Hellmann key exchange +.Nd standard moduli for Diffie-Hellman key exchange .Sh SYNOPSIS .In openssl/bn.h .Ft BIGNUM * @@ -124,10 +125,10 @@ smaller than .Fa p , where the group operation is defined as multiplication modulo .Fa p , -is used for Diffie-Hellmann key exchange. +is used for Diffie-Hellman key exchange. The first two of these groups are called the First Oakley Group and the Second Oakley Group. -Obiviously, all these groups are cyclic groups of order +Obviously, all these groups are cyclic groups of order .Fa p , respectively, and the numbers returned by these functions are not secrets. diff --git a/man/i2a_ASN1_STRING.3 b/man/i2a_ASN1_STRING.3 new file mode 100644 index 00000000..daa74ca6 --- /dev/null +++ b/man/i2a_ASN1_STRING.3 @@ -0,0 +1,253 @@ +.\" $OpenBSD: i2a_ASN1_STRING.3,v 1.4 2022/09/10 12:36:18 jsg Exp $ +.\" +.\" Copyright (c) 2019, 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: September 10 2022 $ +.Dt I2A_ASN1_STRING 3 +.Os +.Sh NAME +.Nm i2a_ASN1_STRING , +.Nm i2a_ASN1_INTEGER , +.Nm i2a_ASN1_ENUMERATED , +.Nm a2i_ASN1_STRING , +.Nm a2i_ASN1_INTEGER , +.Nm a2i_ASN1_ENUMERATED +.Nd hexadecimal dump of an ASN.1 string +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft int +.Fo i2a_ASN1_STRING +.Fa "BIO *out_bio" +.Fa "const ASN1_STRING *a" +.Fa "int type" +.Fc +.Ft int +.Fo i2a_ASN1_INTEGER +.Fa "BIO *out_bio" +.Fa "const ASN1_INTEGER *a" +.Fc +.Ft int +.Fo i2a_ASN1_ENUMERATED +.Fa "BIO *out_bio" +.Fa "const i2a_ASN1_ENUMERATED *a" +.Fc +.Ft int +.Fo a2i_ASN1_STRING +.Fa "BIO *in_bio" +.Fa "ASN1_STRING *out_string" +.Fa "char *buffer" +.Fa "int size" +.Fc +.Ft int +.Fo a2i_ASN1_INTEGER +.Fa "BIO *in_bio" +.Fa "ASN1_INTEGER *out_string" +.Fa "char *buffer" +.Fa "int size" +.Fc +.Ft int +.Fo a2i_ASN1_ENUMERATED +.Fa "BIO *in_bio" +.Fa "ASN1_ENUMERATED *out_string" +.Fa "char *buffer" +.Fa "int size" +.Fc +.Sh DESCRIPTION +The functions +.Fn i2a_ASN1_STRING , +.Fn i2a_ASN1_INTEGER , +and +.Fn i2a_ASN1_ENUMERATED +write a hexadecimal representation of +.Fa a +to +.Fa out_bio . +The +.Fa type +argument is ignored. +.Pp +Each byte of +.Xr ASN1_STRING_get0_data 3 +is written as a number consisting of two upper-case hexadecimal digits. +After each group of 70 digits, a backslash and a linefeed +are inserted before the next digit. +.Pp +If the +.Xr ASN1_STRING_length 3 +of +.Fa a +is 0, instead a pair of zero digits +.Pq Qq 00 +is written by +.Fn i2a_ASN1_INTEGER +and +.Fn i2a_ASN1_ENUMERATED +and a single zero digit +.Pq Qq 0 +by +.Fn i2a_ASN1_STRING . +If +.Fa a +is a +.Dv NULL +pointer, nothing is written. +.Pp +If +.Fa a +represents a negative integer, +.Fn i2a_ASN1_INTEGER +prepends a minus sign to the output. +.Pp +The functions +.Fn a2i_ASN1_STRING , +.Fn a2i_ASN1_INTEGER , +and +.Fn a2i_ASN1_ENUMERATED +parse a hexadecimal representation of an ASN.1 string into +.Fa out_string . +Both lower-case and upper-case hexadecimal digits are accepted. +Every pair of input digits is converted into one output byte. +.Pp +On every input line, the trailing newline character and an optional +carriage return character preceding it are ignored. +The trailing newline need not be present on the last line. +If there is a backslash character before the newline character, +parsing is continued on the next input line. +.Pp +At least one pair of input digits is required by +.Fn a2i_ASN1_INTEGER +and +.Fn a2i_ASN1_ENUMERATED , +whereas +.Fn a2i_ASN1_STRING +converts empty input to an empty string. +.Pp +These functions are able to parse the output of +.Fn i2a_ASN1_ENUMERATED . +They can parse the output of +.Fn i2a_ASN1_INTEGER +unless +.Fa a +was negative, and they can parse the output of +.Fn i2a_ASN1_STRING +unless the +.Xr ASN1_STRING_length 3 +of +.Fa a +was 0. +.Pp +Parsing fails if an input line contains an odd number of input +digits or if memory allocation fails. +.Pp +These functions use the +.Fa buffer +provided by the caller and assume it is at least +.Fa size +bytes long. +It is unspecified what the buffer contains after the functions return. +.Sh RETURN VALUES +The functions +.Fn i2a_ASN1_STRING , +.Fn i2a_ASN1_INTEGER , +and +.Fn i2a_ASN1_ENUMERATED +return the number of bytes written or \-1 if +.Xr BIO_write 3 +fails. +In particular, they all return 0 when +.Fa a +is a +.Dv NULL +pointer. +.Fn i2a_ASN1_STRING +returns 1 for an empty string or an even number greater than 1 +for a string that is not empty. +.Fn i2a_ASN1_INTEGER +returns an even number greater than 1 for positive input +or an odd number greater than 2 for negative input. +.Fn i2a_ASN1_ENUMERATED +always returns a non-negative even number when successful. +.Pp +The functions +.Fn a2i_ASN1_STRING , +.Fn a2i_ASN1_INTEGER , +and +.Fn a2i_ASN1_ENUMERATED +are intended to return 1 for success or 0 for failure, but see the +.Sx BUGS +section for a number of traps. +.Sh SEE ALSO +.Xr ASN1_STRING_length 3 , +.Xr ASN1_STRING_new 3 , +.Xr ASN1_STRING_print_ex 3 , +.Xr i2a_ASN1_OBJECT 3 +.Sh HISTORY +.Fn i2a_ASN1_INTEGER +and +.Fn a2i_ASN1_INTEGER +first appeared in SSLeay 0.6.0. +.Fn i2a_ASN1_STRING +and +.Fn a2i_ASN1_STRING +first appeared in SSLeay 0.6.5. +.Fn a2i_ASN1_STRING +has been part of the public API since SSLeay 0.6.5 and +.Fn i2a_ASN1_STRING +since SSLeay 0.8.0. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn i2a_ASN1_ENUMERATED +and +.Fn a2i_ASN1_ENUMERATED +first appeared in OpenSSL 0.9.2 and have been available since +.Ox 2.6 . +.Sh BUGS +If the first call to +.Xr BIO_gets 3 +does not return any data, even if that is caused by a fatal I/O error, +if the BIO type does not support the +.Dq gets +operation, or if it is caused by the BIO being non-blocking, +.Fn a2i_ASN1_STRING +immediately succeeds and returns an empty +.Fa out_string . +.Pp +If +.Fn BIO_gets 3 +returns a partial line, for example because the given +.Fa size +is insufficient to contain one of the input lines +or for reasons specific to the BIO type, +.Fn a2i_ASN1_STRING , +.Fn a2i_ASN1_INTEGER , +and +.Fn a2i_ASN1_ENUMERATED +may fail or silently return a truncated result. +The caller is responsible for providing a +.Fa buffer +of sufficient size to contain the longest possible input line +and for choosing a BIO of a type that only returns complete +input lines and does not perform partial reads. +.Pp +The functions +.Fn a2i_ASN1_STRING , +.Fn a2i_ASN1_INTEGER , +and +.Fn a2i_ASN1_ENUMERATED +do not support non-blocking BIOs. +Reading is terminated as soon as +.Xr BIO_gets 3 +returns a value less than 1. diff --git a/man/i2d_ASN1_bio_stream.3 b/man/i2d_ASN1_bio_stream.3 new file mode 100644 index 00000000..17ac9577 --- /dev/null +++ b/man/i2d_ASN1_bio_stream.3 @@ -0,0 +1,96 @@ +.\" $OpenBSD: i2d_ASN1_bio_stream.3,v 1.3 2021/12/13 18:55:22 schwarze Exp $ +.\" +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: December 13 2021 $ +.Dt I2D_ASN1_BIO_STREAM 3 +.Os +.Sh NAME +.Nm i2d_ASN1_bio_stream +.Nd generic BER streamer +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft int +.Fo i2d_ASN1_bio_stream +.Fa "BIO *out_bio" +.Fa "ASN1_VALUE *val_in" +.Fa "BIO *in_bio" +.Fa "int flags" +.Fa "const ASN1_ITEM *it" +.Fc +.Sh DESCRIPTION +If the bit +.Dv SMIME_STREAM +is not set in the +.Fa flags +argument, +.Fn i2d_ASN1_bio_stream +does the same as +.Xr ASN1_item_i2d_bio 3 , +ignoring the +.Fa in_bio +and +.Fa flags +arguments. +.Pp +If the bit +.Dv SMIME_STREAM +is set, it creates a streaming BIO with +.Xr BIO_new_NDEF 3 , +copies the data from +.Fa in_bio +to it using +.Xr SMIME_crlf_copy 3 , +finalizes the output with +.Xr BIO_flush 3 , +and frees the newly created BIOs up to but not including +.Fa out_bio . +.Pp +If +.Fa it +is +.Va PKCS7_it , +this function behaves exactly as +.Xr i2d_PKCS7_bio_stream 3 ; +for +.Va CMS_ContentInfo_it , +it behaves exactly as +.Xr i2d_CMS_bio_stream 3 . +For other values of +.Fa it , +the function fails. +.Sh RETURN VALUES +.Fn i2d_ASN1_bio_stream +is intended to return 1 on success or 0 on failure. +.Sh SEE ALSO +.Xr ASN1_item_i2d_bio 3 , +.Xr ASN1_item_ndef_i2d 3 , +.Xr BIO_flush 3 , +.Xr BIO_new 3 , +.Xr BIO_new_NDEF 3 , +.Xr BIO_push 3 , +.Xr i2d_CMS_bio_stream 3 , +.Xr i2d_PKCS7_bio_stream 3 , +.Xr PEM_write_bio_ASN1_stream 3 , +.Xr SMIME_crlf_copy 3 , +.Xr SMIME_write_ASN1 3 +.Sh HISTORY +.Fn i2d_ASN1_bio_stream +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . +.Sh BUGS +Many kinds of errors are silently ignored. +This function may return 1 even if it only produced partial output +or no output at all. diff --git a/man/i2d_CMS_bio_stream.3 b/man/i2d_CMS_bio_stream.3 index efb8902f..b3c29af3 100644 --- a/man/i2d_CMS_bio_stream.3 +++ b/man/i2d_CMS_bio_stream.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: i2d_CMS_bio_stream.3,v 1.4 2019/11/02 15:39:46 schwarze Exp $ +.\" $OpenBSD: i2d_CMS_bio_stream.3,v 1.5 2021/12/13 13:46:09 schwarze Exp $ .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 2 2019 $ +.Dd $Mdocdate: December 13 2021 $ .Dt I2D_CMS_BIO_STREAM 3 .Os .Sh NAME @@ -83,6 +83,7 @@ returns 1 for success or 0 for failure. .Xr CMS_encrypt 3 , .Xr CMS_sign 3 , .Xr ERR_get_error 3 , +.Xr i2d_ASN1_bio_stream 3 , .Xr PEM_write_bio_CMS_stream 3 , .Xr SMIME_write_CMS 3 .Sh HISTORY diff --git a/man/i2d_PKCS7_bio_stream.3 b/man/i2d_PKCS7_bio_stream.3 index 3d5df72b..b3416f5d 100644 --- a/man/i2d_PKCS7_bio_stream.3 +++ b/man/i2d_PKCS7_bio_stream.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: i2d_PKCS7_bio_stream.3,v 1.8 2020/06/03 13:41:27 schwarze Exp $ +.\" $OpenBSD: i2d_PKCS7_bio_stream.3,v 1.10 2021/12/13 13:46:09 schwarze Exp $ .\" OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 3 2020 $ +.Dd $Mdocdate: December 13 2021 $ .Dt I2D_PKCS7_BIO_STREAM 3 .Os .Sh NAME @@ -72,7 +72,7 @@ structure in BER format. It is otherwise identical to the function .Xr SMIME_write_PKCS7 3 . This function is effectively a version of -.Xr d2i_PKCS7_bio 3 +.Xr i2d_PKCS7_bio 3 supporting streaming. .Sh RETURN VALUES .Fn i2d_PKCS7_bio_stream @@ -80,6 +80,7 @@ returns 1 for success or 0 for failure. .Sh SEE ALSO .Xr BIO_new 3 , .Xr ERR_get_error 3 , +.Xr i2d_ASN1_bio_stream 3 , .Xr PEM_write_bio_PKCS7_stream 3 , .Xr PEM_write_PKCS7 3 , .Xr PKCS7_final 3 , diff --git a/man/lh_new.3 b/man/lh_new.3 index 1c37347e..c848eed8 100644 --- a/man/lh_new.3 +++ b/man/lh_new.3 @@ -1,5 +1,8 @@ -.\" $OpenBSD: lh_new.3,v 1.7 2020/03/28 22:40:58 schwarze Exp $ -.\" OpenSSL 1bc74519 May 20 08:11:46 2016 -0400 +.\" $OpenBSD: lh_new.3,v 1.9 2022/03/31 17:27:17 naddy Exp $ +.\" full merge up to: +.\" OpenSSL doc/crypto/lhash.pod 1bc74519 May 20 08:11:46 2016 -0400 +.\" selective merge up to: +.\" OpenSSL doc/man3/OPENSSL_LH_COMPFUNC.pod 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" -------------------------------------------------------------------------- .\" Major patches to this file were contributed by @@ -115,7 +118,7 @@ .\" copied and put under another distribution licence .\" [including the GNU Public Licence.] .\" -.Dd $Mdocdate: March 28 2020 $ +.Dd $Mdocdate: March 31 2022 $ .Dt LH_NEW 3 .Os .Sh NAME @@ -126,7 +129,12 @@ .Nm lh_retrieve , .Nm lh_doall , .Nm lh_doall_arg , -.Nm lh_error +.Nm lh_error , +.Nm LHASH_COMP_FN_TYPE , +.Nm LHASH_HASH_FN_TYPE , +.Nm LHASH_DOALL_FN_TYPE , +.Nm LHASH_DOALL_ARG_FN_TYPE , +.Nm lh_strhash .Nd dynamic hash table .Sh SYNOPSIS .In openssl/lhash.h @@ -149,7 +157,7 @@ .Fc .Ft * .Fo lh__retrieve -.Fa "LHASH_OF) *table" +.Fa "LHASH_OF() *table" .Fa " *data" .Fc .Ft void @@ -186,6 +194,10 @@ .Fa "const void *" .Fa "const void *" .Fc +.Ft unsigned long +.Fo lh_strhash +.Fa "const char *c" +.Fc .Sh DESCRIPTION This library implements type-checked dynamic hash tables. The hash table entries can be arbitrary structures. @@ -476,7 +488,7 @@ The load is the number of items in the hash table divided by the size of the hash table. The default values are as follows. If (hash->up_load < load) => expand. -if (hash->down_load > load) => contract. +If (hash->down_load > load) => contract. The .Fa up_load has a default value of 1 and @@ -491,12 +503,12 @@ variables. The 'load' is kept in a form which is multiplied by 256. So hash->up_load=8*256 will cause a load of 8 to be set. .Pp -If you are interested in performance the field to watch is +If you are interested in performance, the field to watch is .Fa num_comp_calls . The hash library keeps track of the 'hash' value for each item so when a lookup is done, the 'hashes' are compared, if there is a match, then a full compare is done, and hash->num_comp_calls is incremented. -If num_comp_calls is not equal to num_delete plus num_retrieve it means +If num_comp_calls is not equal to num_delete plus num_retrieve, it means that your hash function is generating hashes that are the same for different values. It is probably worth changing your hash function if this is the case @@ -507,10 +519,7 @@ compares and 10 linked list traverses. This will be much less expensive that 10 calls to your compare function. .Pp .Fn lh_strhash -is a demo string hashing function: -.Pp -.Dl unsigned long lh_strhash(const char *c); -.Pp +is a demo string hashing function. Since the LHASH routines would normally be passed structures, this routine would not normally be passed to .Fn lh__new , @@ -525,8 +534,9 @@ rather it would be used in the function passed to .Fn lh_insert , .Fn lh_delete , .Fn lh_retrieve , +.Fn lh_doall , and -.Fn lh_doall +.Fn lh_strhash appeared in SSLeay 0.4 or earlier. .Fn lh_doall_arg first appeared in SSLeay 0.5.1. diff --git a/man/openssl.cnf.5 b/man/openssl.cnf.5 index ae56869b..48ca66cf 100644 --- a/man/openssl.cnf.5 +++ b/man/openssl.cnf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: openssl.cnf.5,v 1.7 2020/02/17 12:52:42 inoguchi Exp $ +.\" $OpenBSD: openssl.cnf.5,v 1.8 2022/03/31 17:27:17 naddy Exp $ .\" full merge up to: OpenSSL man5/config b53338cb Feb 28 12:30:28 2017 +0100 .\" selective merge up to: OpenSSL a8c5ed81 Jul 18 13:57:25 2017 -0400 .\" @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: February 17 2020 $ +.Dd $Mdocdate: March 31 2022 $ .Dt OPENSSL.CNF 5 .Os .Sh NAME @@ -265,7 +265,7 @@ bar = bar_section The command .Ic engine_id is used to give the ENGINE name. -If used this command must be first. +If used, this command must be first. For example: .Bd -literal -offset indent [engine_section] @@ -305,7 +305,7 @@ The command sets the default algorithms an ENGINE will supply using the functions .Xr ENGINE_set_default_string 3 . .Pp -If the name matches none of the above command names it is assumed +If the name matches none of the above command names, it is assumed to be a ctrl command which is sent to the ENGINE. The value of the command is the argument to the ctrl command. If the value is the string diff --git a/man/ssl.3 b/man/ssl.3 index 81778df7..4dd3d23f 100644 --- a/man/ssl.3 +++ b/man/ssl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssl.3,v 1.20 2020/09/21 08:53:56 schwarze Exp $ +.\" $OpenBSD: ssl.3,v 1.22 2022/09/17 16:03:21 kn Exp $ .\" full merge up to: OpenSSL e330f55d Nov 11 00:51:04 2016 +0100 .\" selective merge up to: OpenSSL 322755cc Sep 1 08:40:51 2018 +0800 .\" @@ -51,7 +51,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 21 2020 $ +.Dd $Mdocdate: September 17 2022 $ .Dt SSL 3 .Os .Sh NAME @@ -233,6 +233,7 @@ Protocol and algorithm configuration: .Xr SSL_CTX_set_cipher_list 3 , .Xr SSL_CTX_set_min_proto_version 3 , .Xr SSL_CTX_set_options 3 , +.Xr SSL_CTX_set_security_level 3 , .Xr SSL_CTX_set_tlsext_use_srtp 3 , .Xr SSL_CTX_set_tmp_dh_callback 3 , .Xr SSL_CTX_set1_groups 3 @@ -318,7 +319,7 @@ To transmit data: .Xr SSL_connect 3 , .Xr SSL_do_handshake 3 , .Xr SSL_read 3 , -.\" XXX enable after the 6.8 release: Xr SSL_read_early_data 3 , +.Xr SSL_read_early_data 3 , .Xr SSL_renegotiate 3 , .Xr SSL_shutdown 3 , .Xr SSL_write 3 diff --git a/man/tls_load_file.3 b/man/tls_load_file.3 index 6f82759d..cf33b575 100644 --- a/man/tls_load_file.3 +++ b/man/tls_load_file.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: tls_load_file.3,v 1.13 2021/06/22 20:01:19 jmc Exp $ +.\" $OpenBSD: tls_load_file.3,v 1.14 2022/01/01 02:18:28 jsg Exp $ .\" .\" Copyright (c) 2014 Ted Unangst .\" Copyright (c) 2015 Reyk Floeter @@ -17,7 +17,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 22 2021 $ +.Dd $Mdocdate: January 1 2022 $ .Dt TLS_LOAD_FILE 3 .Os .Sh NAME @@ -357,7 +357,7 @@ appeared in .Ox 6.2 . .Sh AUTHORS .An Joel Sing Aq Mt jsing@openbsd.org -with contibutions from +with contributions from .An Ted Unangst Aq Mt tedu@openbsd.org and .An Bob Beck Aq Mt beck@openbsd.org . diff --git a/man/x509v3.cnf.5 b/man/x509v3.cnf.5 index 392c44d4..89f52d6a 100644 --- a/man/x509v3.cnf.5 +++ b/man/x509v3.cnf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: x509v3.cnf.5,v 1.7 2020/06/11 18:03:19 jmc Exp $ +.\" $OpenBSD: x509v3.cnf.5,v 1.8 2022/03/31 17:27:17 naddy Exp $ .\" full merge up to: .\" OpenSSL man5/x509v3_config a41815f0 Mar 17 18:43:53 2017 -0700 .\" selective merge up to: OpenSSL 36cf10cf Oct 4 02:11:08 2017 -0400 @@ -51,7 +51,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 11 2020 $ +.Dd $Mdocdate: March 31 2022 $ .Dt X509V3.CNF 5 .Os .Sh NAME @@ -163,7 +163,7 @@ parameter indicates the maximum number of CAs that can appear below this one in a chain. So if you have a CA with a .Ic pathlen -of zero it can only be used to sign end user certificates and not +of zero, it can only be used to sign end user certificates and not further CAs. .Ss Key usage Key usage is a multi-valued extension consisting of a list of names of diff --git a/missing b/missing index 8d0eaad2..1fe1611f 100644 --- a/missing +++ b/missing @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1996-2020 Free Software Foundation, Inc. +# Copyright (C) 1996-2021 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify diff --git a/scripts/test b/scripts/test index 80fa988f..f2f0cb84 100644 --- a/scripts/test +++ b/scripts/test @@ -20,24 +20,24 @@ if [ "x$ARCH" = "xnative" ]; then # test cmake and ninja if [ `uname` = "Darwin" ]; then cmake .. - make + make -j 4 make test cd ../build-shared cmake -DBUILD_SHARED_LIBS=ON .. - make + make -j 4 make test else sudo apt-get update sudo apt-get install -y cmake ninja-build cmake -GNinja .. - ninja + ninja -j 4 ninja test cd ../build-shared cmake -GNinja -DBUILD_SHARED_LIBS=ON .. - ninja + ninja -j 4 ninja test fi @@ -58,21 +58,21 @@ elif [ "x$ARCH" = "xmingw32" -o "x$ARCH" = "xmingw64" ]; then fi ./configure --host=$CPU-w64-mingw32 - make -j + make -j 4 ( rm -fr build-static mkdir build-static cd build-static cmake -GNinja -DCMAKE_TOOLCHAIN_FILE=../scripts/$CPU-w64-mingw32.cmake .. - ninja + ninja -j 4 ) ( rm -fr build-shared mkdir build-shared cd build-shared cmake -GNinja -DCMAKE_TOOLCHAIN_FILE=../scripts/$CPU-w64-mingw32.cmake -DBUILD_SHARED_LIBS=ON .. - ninja + ninja -j 4 ) elif [ "x$ARCH" = "xarm32" -o "x$ARCH" = "xarm64" ]; then diff --git a/ssl/CMakeLists.txt b/ssl/CMakeLists.txt index a772d122..8e974a84 100644 --- a/ssl/CMakeLists.txt +++ b/ssl/CMakeLists.txt @@ -1,9 +1,6 @@ set( SSL_SRC bio_ssl.c - bs_ber.c - bs_cbb.c - bs_cbs.c d1_both.c d1_lib.c d1_pkt.c @@ -26,6 +23,7 @@ set( ssl_packet.c ssl_pkt.c ssl_rsa.c + ssl_seclevel.c ssl_sess.c ssl_sigalgs.c ssl_srvr.c @@ -36,39 +34,53 @@ set( ssl_versions.c t1_enc.c t1_lib.c + tls_buffer.c tls_content.c + tls_key_share.c + tls_lib.c tls12_key_schedule.c tls12_lib.c tls12_record_layer.c - tls13_buffer.c tls13_client.c tls13_error.c tls13_handshake.c tls13_handshake_msg.c tls13_key_schedule.c - tls13_key_share.c tls13_legacy.c tls13_lib.c + tls13_quic.c tls13_record.c tls13_record_layer.c tls13_server.c ) +set( + BS_SRC + bs_ber.c + bs_cbb.c + bs_cbs.c +) + add_library(ssl_obj OBJECT ${SSL_SRC}) target_include_directories(ssl_obj PRIVATE . + ../crypto/bio ../include/compat PUBLIC ../include) -add_library(ssl $) -target_include_directories(ssl +add_library(bs_obj OBJECT ${BS_SRC}) +target_include_directories(bs_obj PRIVATE . - ../include/compat - PUBLIC - ../include) + ../include/compat) + +if(BUILD_SHARED_LIBS) + add_library(ssl $ $) +else() + add_library(ssl $) +endif() export_symbol(ssl ${CMAKE_CURRENT_SOURCE_DIR}/ssl.sym) target_link_libraries(ssl crypto ${PLATFORM_LIBS}) @@ -89,3 +101,10 @@ if(ENABLE_LIBRESSL_INSTALL) RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} ) endif(ENABLE_LIBRESSL_INSTALL) + +# build static library for regression test +if(BUILD_SHARED_LIBS) + add_library(ssl-static STATIC $) + target_link_libraries(ssl-static crypto-static ${PLATFORM_LIBS}) +endif() + diff --git a/ssl/Makefile.am b/ssl/Makefile.am index f2661220..d5c04665 100644 --- a/ssl/Makefile.am +++ b/ssl/Makefile.am @@ -1,11 +1,17 @@ include $(top_srcdir)/Makefile.am.common +AM_CPPFLAGS += -I$(top_srcdir)/crypto/bio + +noinst_LTLIBRARIES = libbs.la + if ENABLE_LIBTLS_ONLY -noinst_LTLIBRARIES = libssl.la +noinst_LTLIBRARIES += libssl.la else lib_LTLIBRARIES = libssl.la endif +noinst_DATA = remove_bs_objects + EXTRA_DIST = VERSION EXTRA_DIST += CMakeLists.txt EXTRA_DIST += ssl.sym @@ -19,13 +25,21 @@ libssl_la_objects.mk: Makefile | sed 's/ */ $$\(abs_top_builddir\)\/ssl\//g' \ > libssl_la_objects.mk +.PHONY: remove_bs_objects +remove_bs_objects: libssl.la + -$(AR) dv $(abs_top_builddir)/ssl/.libs/libssl.a \ + bs_ber.o bs_cbb.o bs_cbs.o + libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined -export-symbols $(top_srcdir)/ssl/ssl.sym libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la $(PLATFORM_LDADD) +libssl_la_LIBADD += libbs.la + +libbs_la_SOURCES = bs_ber.c +libbs_la_SOURCES += bs_cbb.c +libbs_la_SOURCES += bs_cbs.c +noinst_HEADERS = bytestring.h libssl_la_SOURCES = bio_ssl.c -libssl_la_SOURCES += bs_ber.c -libssl_la_SOURCES += bs_cbb.c -libssl_la_SOURCES += bs_cbs.c libssl_la_SOURCES += d1_both.c libssl_la_SOURCES += d1_lib.c libssl_la_SOURCES += d1_pkt.c @@ -48,6 +62,7 @@ libssl_la_SOURCES += ssl_methods.c libssl_la_SOURCES += ssl_packet.c libssl_la_SOURCES += ssl_pkt.c libssl_la_SOURCES += ssl_rsa.c +libssl_la_SOURCES += ssl_seclevel.c libssl_la_SOURCES += ssl_sess.c libssl_la_SOURCES += ssl_sigalgs.c libssl_la_SOURCES += ssl_srvr.c @@ -58,30 +73,32 @@ libssl_la_SOURCES += ssl_txt.c libssl_la_SOURCES += ssl_versions.c libssl_la_SOURCES += t1_enc.c libssl_la_SOURCES += t1_lib.c +libssl_la_SOURCES += tls_buffer.c libssl_la_SOURCES += tls_content.c +libssl_la_SOURCES += tls_key_share.c +libssl_la_SOURCES += tls_lib.c libssl_la_SOURCES += tls12_key_schedule.c libssl_la_SOURCES += tls12_lib.c libssl_la_SOURCES += tls12_record_layer.c -libssl_la_SOURCES += tls13_buffer.c libssl_la_SOURCES += tls13_client.c libssl_la_SOURCES += tls13_error.c libssl_la_SOURCES += tls13_handshake.c libssl_la_SOURCES += tls13_handshake_msg.c libssl_la_SOURCES += tls13_key_schedule.c -libssl_la_SOURCES += tls13_key_share.c libssl_la_SOURCES += tls13_legacy.c libssl_la_SOURCES += tls13_lib.c +libssl_la_SOURCES += tls13_quic.c libssl_la_SOURCES += tls13_record.c libssl_la_SOURCES += tls13_record_layer.c libssl_la_SOURCES += tls13_server.c -noinst_HEADERS = bytestring.h noinst_HEADERS += srtp.h noinst_HEADERS += dtls_locl.h noinst_HEADERS += ssl_locl.h noinst_HEADERS += ssl_sigalgs.h noinst_HEADERS += ssl_tlsext.h noinst_HEADERS += tls_content.h +noinst_HEADERS += tls_internal.h noinst_HEADERS += tls13_internal.h noinst_HEADERS += tls13_handshake.h noinst_HEADERS += tls13_record.h diff --git a/ssl/Makefile.in b/ssl/Makefile.in index c452fbff..12b52459 100644 --- a/ssl/Makefile.in +++ b/ssl/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.3 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2020 Free Software Foundation, Inc. +# Copyright (C) 1994-2021 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,6 +15,7 @@ @SET_MAKE@ + VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ @@ -89,6 +90,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ +@ENABLE_LIBTLS_ONLY_TRUE@am__append_1 = libssl.la subdir = ssl ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_add_fortify_source.m4 \ @@ -136,27 +138,31 @@ am__uninstall_files_from_dir = { \ } am__installdirs = "$(DESTDIR)$(libdir)" LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES) -am__DEPENDENCIES_1 = -libssl_la_DEPENDENCIES = $(abs_top_builddir)/crypto/libcrypto.la \ - $(am__DEPENDENCIES_1) -am_libssl_la_OBJECTS = bio_ssl.lo bs_ber.lo bs_cbb.lo bs_cbs.lo \ - d1_both.lo d1_lib.lo d1_pkt.lo d1_srtp.lo pqueue.lo s3_cbc.lo \ - s3_lib.lo ssl_algs.lo ssl_asn1.lo ssl_both.lo ssl_cert.lo \ - ssl_ciph.lo ssl_ciphers.lo ssl_clnt.lo ssl_err.lo ssl_init.lo \ - ssl_kex.lo ssl_lib.lo ssl_methods.lo ssl_packet.lo ssl_pkt.lo \ - ssl_rsa.lo ssl_sess.lo ssl_sigalgs.lo ssl_srvr.lo ssl_stat.lo \ - ssl_tlsext.lo ssl_transcript.lo ssl_txt.lo ssl_versions.lo \ - t1_enc.lo t1_lib.lo tls_content.lo tls12_key_schedule.lo \ - tls12_lib.lo tls12_record_layer.lo tls13_buffer.lo \ - tls13_client.lo tls13_error.lo tls13_handshake.lo \ - tls13_handshake_msg.lo tls13_key_schedule.lo \ - tls13_key_share.lo tls13_legacy.lo tls13_lib.lo \ - tls13_record.lo tls13_record_layer.lo tls13_server.lo -libssl_la_OBJECTS = $(am_libssl_la_OBJECTS) +libbs_la_LIBADD = +am_libbs_la_OBJECTS = bs_ber.lo bs_cbb.lo bs_cbs.lo +libbs_la_OBJECTS = $(am_libbs_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = +am__DEPENDENCIES_1 = +libssl_la_DEPENDENCIES = $(abs_top_builddir)/crypto/libcrypto.la \ + $(am__DEPENDENCIES_1) libbs.la +am_libssl_la_OBJECTS = bio_ssl.lo d1_both.lo d1_lib.lo d1_pkt.lo \ + d1_srtp.lo pqueue.lo s3_cbc.lo s3_lib.lo ssl_algs.lo \ + ssl_asn1.lo ssl_both.lo ssl_cert.lo ssl_ciph.lo ssl_ciphers.lo \ + ssl_clnt.lo ssl_err.lo ssl_init.lo ssl_kex.lo ssl_lib.lo \ + ssl_methods.lo ssl_packet.lo ssl_pkt.lo ssl_rsa.lo \ + ssl_seclevel.lo ssl_sess.lo ssl_sigalgs.lo ssl_srvr.lo \ + ssl_stat.lo ssl_tlsext.lo ssl_transcript.lo ssl_txt.lo \ + ssl_versions.lo t1_enc.lo t1_lib.lo tls_buffer.lo \ + tls_content.lo tls_key_share.lo tls_lib.lo \ + tls12_key_schedule.lo tls12_lib.lo tls12_record_layer.lo \ + tls13_client.lo tls13_error.lo tls13_handshake.lo \ + tls13_handshake_msg.lo tls13_key_schedule.lo tls13_legacy.lo \ + tls13_lib.lo tls13_quic.lo tls13_record.lo \ + tls13_record_layer.lo tls13_server.lo +libssl_la_OBJECTS = $(am_libssl_la_OBJECTS) libssl_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libssl_la_LDFLAGS) $(LDFLAGS) -o $@ @@ -190,21 +196,23 @@ am__depfiles_remade = ./$(DEPDIR)/bio_ssl.Plo ./$(DEPDIR)/bs_ber.Plo \ ./$(DEPDIR)/ssl_kex.Plo ./$(DEPDIR)/ssl_lib.Plo \ ./$(DEPDIR)/ssl_methods.Plo ./$(DEPDIR)/ssl_packet.Plo \ ./$(DEPDIR)/ssl_pkt.Plo ./$(DEPDIR)/ssl_rsa.Plo \ - ./$(DEPDIR)/ssl_sess.Plo ./$(DEPDIR)/ssl_sigalgs.Plo \ - ./$(DEPDIR)/ssl_srvr.Plo ./$(DEPDIR)/ssl_stat.Plo \ - ./$(DEPDIR)/ssl_tlsext.Plo ./$(DEPDIR)/ssl_transcript.Plo \ - ./$(DEPDIR)/ssl_txt.Plo ./$(DEPDIR)/ssl_versions.Plo \ - ./$(DEPDIR)/t1_enc.Plo ./$(DEPDIR)/t1_lib.Plo \ - ./$(DEPDIR)/tls12_key_schedule.Plo ./$(DEPDIR)/tls12_lib.Plo \ - ./$(DEPDIR)/tls12_record_layer.Plo \ - ./$(DEPDIR)/tls13_buffer.Plo ./$(DEPDIR)/tls13_client.Plo \ - ./$(DEPDIR)/tls13_error.Plo ./$(DEPDIR)/tls13_handshake.Plo \ + ./$(DEPDIR)/ssl_seclevel.Plo ./$(DEPDIR)/ssl_sess.Plo \ + ./$(DEPDIR)/ssl_sigalgs.Plo ./$(DEPDIR)/ssl_srvr.Plo \ + ./$(DEPDIR)/ssl_stat.Plo ./$(DEPDIR)/ssl_tlsext.Plo \ + ./$(DEPDIR)/ssl_transcript.Plo ./$(DEPDIR)/ssl_txt.Plo \ + ./$(DEPDIR)/ssl_versions.Plo ./$(DEPDIR)/t1_enc.Plo \ + ./$(DEPDIR)/t1_lib.Plo ./$(DEPDIR)/tls12_key_schedule.Plo \ + ./$(DEPDIR)/tls12_lib.Plo ./$(DEPDIR)/tls12_record_layer.Plo \ + ./$(DEPDIR)/tls13_client.Plo ./$(DEPDIR)/tls13_error.Plo \ + ./$(DEPDIR)/tls13_handshake.Plo \ ./$(DEPDIR)/tls13_handshake_msg.Plo \ ./$(DEPDIR)/tls13_key_schedule.Plo \ - ./$(DEPDIR)/tls13_key_share.Plo ./$(DEPDIR)/tls13_legacy.Plo \ - ./$(DEPDIR)/tls13_lib.Plo ./$(DEPDIR)/tls13_record.Plo \ + ./$(DEPDIR)/tls13_legacy.Plo ./$(DEPDIR)/tls13_lib.Plo \ + ./$(DEPDIR)/tls13_quic.Plo ./$(DEPDIR)/tls13_record.Plo \ ./$(DEPDIR)/tls13_record_layer.Plo \ - ./$(DEPDIR)/tls13_server.Plo ./$(DEPDIR)/tls_content.Plo + ./$(DEPDIR)/tls13_server.Plo ./$(DEPDIR)/tls_buffer.Plo \ + ./$(DEPDIR)/tls_content.Plo ./$(DEPDIR)/tls_key_share.Plo \ + ./$(DEPDIR)/tls_lib.Plo am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -224,13 +232,14 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = $(libssl_la_SOURCES) -DIST_SOURCES = $(libssl_la_SOURCES) +SOURCES = $(libbs_la_SOURCES) $(libssl_la_SOURCES) +DIST_SOURCES = $(libbs_la_SOURCES) $(libssl_la_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac +DATA = $(noinst_DATA) HEADERS = $(noinst_HEADERS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, @@ -249,8 +258,6 @@ am__define_uniq_tagged_files = \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags am__DIST_COMMON = $(srcdir)/Makefile.in \ $(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -270,6 +277,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ @@ -280,6 +289,7 @@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ +ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ @@ -381,29 +391,32 @@ top_srcdir = @top_srcdir@ AM_CFLAGS = AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \ -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \ - -D__END_HIDDEN_DECLS= -@ENABLE_LIBTLS_ONLY_TRUE@noinst_LTLIBRARIES = libssl.la + -D__END_HIDDEN_DECLS= -I$(top_srcdir)/crypto/bio +noinst_LTLIBRARIES = libbs.la $(am__append_1) @ENABLE_LIBTLS_ONLY_FALSE@lib_LTLIBRARIES = libssl.la +noinst_DATA = remove_bs_objects EXTRA_DIST = VERSION CMakeLists.txt ssl.sym CLEANFILES = libssl_la_objects.mk EXTRA_libssl_la_DEPENDENCIES = libssl_la_objects.mk libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined -export-symbols $(top_srcdir)/ssl/ssl.sym -libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la $(PLATFORM_LDADD) -libssl_la_SOURCES = bio_ssl.c bs_ber.c bs_cbb.c bs_cbs.c d1_both.c \ - d1_lib.c d1_pkt.c d1_srtp.c pqueue.c s3_cbc.c s3_lib.c \ - ssl_algs.c ssl_asn1.c ssl_both.c ssl_cert.c ssl_ciph.c \ - ssl_ciphers.c ssl_clnt.c ssl_err.c ssl_init.c ssl_kex.c \ - ssl_lib.c ssl_methods.c ssl_packet.c ssl_pkt.c ssl_rsa.c \ - ssl_sess.c ssl_sigalgs.c ssl_srvr.c ssl_stat.c ssl_tlsext.c \ - ssl_transcript.c ssl_txt.c ssl_versions.c t1_enc.c t1_lib.c \ - tls_content.c tls12_key_schedule.c tls12_lib.c \ - tls12_record_layer.c tls13_buffer.c tls13_client.c \ - tls13_error.c tls13_handshake.c tls13_handshake_msg.c \ - tls13_key_schedule.c tls13_key_share.c tls13_legacy.c \ - tls13_lib.c tls13_record.c tls13_record_layer.c tls13_server.c +libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la \ + $(PLATFORM_LDADD) libbs.la +libbs_la_SOURCES = bs_ber.c bs_cbb.c bs_cbs.c noinst_HEADERS = bytestring.h srtp.h dtls_locl.h ssl_locl.h \ - ssl_sigalgs.h ssl_tlsext.h tls_content.h tls13_internal.h \ - tls13_handshake.h tls13_record.h + ssl_sigalgs.h ssl_tlsext.h tls_content.h tls_internal.h \ + tls13_internal.h tls13_handshake.h tls13_record.h +libssl_la_SOURCES = bio_ssl.c d1_both.c d1_lib.c d1_pkt.c d1_srtp.c \ + pqueue.c s3_cbc.c s3_lib.c ssl_algs.c ssl_asn1.c ssl_both.c \ + ssl_cert.c ssl_ciph.c ssl_ciphers.c ssl_clnt.c ssl_err.c \ + ssl_init.c ssl_kex.c ssl_lib.c ssl_methods.c ssl_packet.c \ + ssl_pkt.c ssl_rsa.c ssl_seclevel.c ssl_sess.c ssl_sigalgs.c \ + ssl_srvr.c ssl_stat.c ssl_tlsext.c ssl_transcript.c ssl_txt.c \ + ssl_versions.c t1_enc.c t1_lib.c tls_buffer.c tls_content.c \ + tls_key_share.c tls_lib.c tls12_key_schedule.c tls12_lib.c \ + tls12_record_layer.c tls13_client.c tls13_error.c \ + tls13_handshake.c tls13_handshake_msg.c tls13_key_schedule.c \ + tls13_legacy.c tls13_lib.c tls13_quic.c tls13_record.c \ + tls13_record_layer.c tls13_server.c all: all-am .SUFFIXES: @@ -485,6 +498,9 @@ clean-noinstLTLIBRARIES: rm -f $${locs}; \ } +libbs.la: $(libbs_la_OBJECTS) $(libbs_la_DEPENDENCIES) $(EXTRA_libbs_la_DEPENDENCIES) + $(AM_V_CCLD)$(LINK) $(libbs_la_OBJECTS) $(libbs_la_LIBADD) $(LIBS) + libssl.la: $(libssl_la_OBJECTS) $(libssl_la_DEPENDENCIES) $(EXTRA_libssl_la_DEPENDENCIES) $(AM_V_CCLD)$(libssl_la_LINK) $(am_libssl_la_rpath) $(libssl_la_OBJECTS) $(libssl_la_LIBADD) $(LIBS) @@ -520,6 +536,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_packet.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_pkt.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_rsa.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_seclevel.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_sess.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_sigalgs.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_srvr.Plo@am__quote@ # am--include-marker @@ -533,19 +550,21 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls12_key_schedule.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls12_lib.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls12_record_layer.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_buffer.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_client.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_error.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_handshake.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_handshake_msg.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_key_schedule.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_key_share.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_legacy.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_lib.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_quic.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_record.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_record_layer.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_server.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls_buffer.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls_content.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls_key_share.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls_lib.Plo@am__quote@ # am--include-marker $(am__depfiles_remade): @$(MKDIR_P) $(@D) @@ -634,7 +653,6 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am @@ -670,7 +688,7 @@ distdir-am: $(DISTFILES) done check-am: all-am check: check-am -all-am: Makefile $(LTLIBRARIES) $(HEADERS) +all-am: Makefile $(LTLIBRARIES) $(DATA) $(HEADERS) installdirs: for dir in "$(DESTDIR)$(libdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ @@ -738,6 +756,7 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/ssl_packet.Plo -rm -f ./$(DEPDIR)/ssl_pkt.Plo -rm -f ./$(DEPDIR)/ssl_rsa.Plo + -rm -f ./$(DEPDIR)/ssl_seclevel.Plo -rm -f ./$(DEPDIR)/ssl_sess.Plo -rm -f ./$(DEPDIR)/ssl_sigalgs.Plo -rm -f ./$(DEPDIR)/ssl_srvr.Plo @@ -751,19 +770,21 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/tls12_key_schedule.Plo -rm -f ./$(DEPDIR)/tls12_lib.Plo -rm -f ./$(DEPDIR)/tls12_record_layer.Plo - -rm -f ./$(DEPDIR)/tls13_buffer.Plo -rm -f ./$(DEPDIR)/tls13_client.Plo -rm -f ./$(DEPDIR)/tls13_error.Plo -rm -f ./$(DEPDIR)/tls13_handshake.Plo -rm -f ./$(DEPDIR)/tls13_handshake_msg.Plo -rm -f ./$(DEPDIR)/tls13_key_schedule.Plo - -rm -f ./$(DEPDIR)/tls13_key_share.Plo -rm -f ./$(DEPDIR)/tls13_legacy.Plo -rm -f ./$(DEPDIR)/tls13_lib.Plo + -rm -f ./$(DEPDIR)/tls13_quic.Plo -rm -f ./$(DEPDIR)/tls13_record.Plo -rm -f ./$(DEPDIR)/tls13_record_layer.Plo -rm -f ./$(DEPDIR)/tls13_server.Plo + -rm -f ./$(DEPDIR)/tls_buffer.Plo -rm -f ./$(DEPDIR)/tls_content.Plo + -rm -f ./$(DEPDIR)/tls_key_share.Plo + -rm -f ./$(DEPDIR)/tls_lib.Plo -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -835,6 +856,7 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/ssl_packet.Plo -rm -f ./$(DEPDIR)/ssl_pkt.Plo -rm -f ./$(DEPDIR)/ssl_rsa.Plo + -rm -f ./$(DEPDIR)/ssl_seclevel.Plo -rm -f ./$(DEPDIR)/ssl_sess.Plo -rm -f ./$(DEPDIR)/ssl_sigalgs.Plo -rm -f ./$(DEPDIR)/ssl_srvr.Plo @@ -848,19 +870,21 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/tls12_key_schedule.Plo -rm -f ./$(DEPDIR)/tls12_lib.Plo -rm -f ./$(DEPDIR)/tls12_record_layer.Plo - -rm -f ./$(DEPDIR)/tls13_buffer.Plo -rm -f ./$(DEPDIR)/tls13_client.Plo -rm -f ./$(DEPDIR)/tls13_error.Plo -rm -f ./$(DEPDIR)/tls13_handshake.Plo -rm -f ./$(DEPDIR)/tls13_handshake_msg.Plo -rm -f ./$(DEPDIR)/tls13_key_schedule.Plo - -rm -f ./$(DEPDIR)/tls13_key_share.Plo -rm -f ./$(DEPDIR)/tls13_legacy.Plo -rm -f ./$(DEPDIR)/tls13_lib.Plo + -rm -f ./$(DEPDIR)/tls13_quic.Plo -rm -f ./$(DEPDIR)/tls13_record.Plo -rm -f ./$(DEPDIR)/tls13_record_layer.Plo -rm -f ./$(DEPDIR)/tls13_server.Plo + -rm -f ./$(DEPDIR)/tls_buffer.Plo -rm -f ./$(DEPDIR)/tls_content.Plo + -rm -f ./$(DEPDIR)/tls_key_share.Plo + -rm -f ./$(DEPDIR)/tls_lib.Plo -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -904,6 +928,11 @@ libssl_la_objects.mk: Makefile | sed 's/ */ $$\(abs_top_builddir\)\/ssl\//g' \ > libssl_la_objects.mk +.PHONY: remove_bs_objects +remove_bs_objects: libssl.la + -$(AR) dv $(abs_top_builddir)/ssl/.libs/libssl.a \ + bs_ber.o bs_cbb.o bs_cbs.o + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/ssl/VERSION b/ssl/VERSION index 5525aec1..d10daf35 100644 --- a/ssl/VERSION +++ b/ssl/VERSION @@ -1 +1 @@ -50:0:0 +53:0:0 diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index bb40b2a6..e86b9d83 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_ssl.c,v 1.31 2021/07/01 17:53:39 jsing Exp $ */ +/* $OpenBSD: bio_ssl.c,v 1.33 2022/01/14 09:12:53 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -66,6 +66,7 @@ #include #include +#include "bio_local.h" #include "ssl_locl.h" static int ssl_write(BIO *h, const char *buf, int num); @@ -74,7 +75,7 @@ static int ssl_puts(BIO *h, const char *str); static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int ssl_new(BIO *h); static int ssl_free(BIO *data); -static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long ssl_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); typedef struct bio_ssl_st { SSL *ssl; /* The ssl handle :-) */ /* re-negotiate every time the total number of bytes is this size */ @@ -462,7 +463,7 @@ ssl_ctrl(BIO *b, int cmd, long num, void *ptr) } static long -ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +ssl_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { SSL *ssl; BIO_SSL *bs; diff --git a/ssl/bs_cbb.c b/ssl/bs_cbb.c index e17c57ed..e2f87be4 100644 --- a/ssl/bs_cbb.c +++ b/ssl/bs_cbb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bs_cbb.c,v 1.26 2021/05/16 10:58:27 jsing Exp $ */ +/* $OpenBSD: bs_cbb.c,v 1.28 2022/07/07 17:12:15 tb Exp $ */ /* * Copyright (c) 2014, Google Inc. * @@ -163,6 +163,9 @@ CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len) */ return 0; + if (out_data != NULL && *out_data != NULL) + return 0; + if (out_data != NULL) *out_data = cbb->base->buf; @@ -413,6 +416,19 @@ CBB_add_u32(CBB *cbb, size_t value) return cbb_add_u(cbb, (uint32_t)value, 4); } +int +CBB_add_u64(CBB *cbb, uint64_t value) +{ + uint32_t a, b; + + a = value >> 32; + b = value & 0xffffffff; + + if (!CBB_add_u32(cbb, a)) + return 0; + return CBB_add_u32(cbb, b); +} + int CBB_add_asn1_uint64(CBB *cbb, uint64_t value) { diff --git a/ssl/bs_cbs.c b/ssl/bs_cbs.c index 8d558715..63c078c9 100644 --- a/ssl/bs_cbs.c +++ b/ssl/bs_cbs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bs_cbs.c,v 1.20 2021/05/16 10:58:27 jsing Exp $ */ +/* $OpenBSD: bs_cbs.c,v 1.24 2021/12/15 17:36:49 jsing Exp $ */ /* * Copyright (c) 2014, Google Inc. * @@ -47,6 +47,16 @@ cbs_get(CBS *cbs, const uint8_t **p, size_t n) return 1; } +static int +cbs_peek(CBS *cbs, const uint8_t **p, size_t n) +{ + if (cbs->len < n) + return 0; + + *p = cbs->data; + return 1; +} + size_t CBS_offset(const CBS *cbs) { @@ -95,6 +105,11 @@ int CBS_strdup(const CBS *cbs, char **out_ptr) { free(*out_ptr); + *out_ptr = NULL; + + if (CBS_contains_zero_byte(cbs)) + return 0; + *out_ptr = strndup((const char *)cbs->data, cbs->len); return (*out_ptr != NULL); } @@ -185,6 +200,34 @@ CBS_get_u32(CBS *cbs, uint32_t *out) return cbs_get_u(cbs, out, 4); } +int +CBS_get_u64(CBS *cbs, uint64_t *out) +{ + uint32_t a, b; + + if (cbs->len < 8) + return 0; + + if (!CBS_get_u32(cbs, &a)) + return 0; + if (!CBS_get_u32(cbs, &b)) + return 0; + + *out = (uint64_t)a << 32 | b; + return 1; +} + +int +CBS_get_last_u8(CBS *cbs, uint8_t *out) +{ + if (cbs->len == 0) + return 0; + + *out = cbs->data[cbs->len - 1]; + cbs->len--; + return 1; +} + int CBS_get_bytes(CBS *cbs, CBS *out, size_t len) { @@ -226,6 +269,73 @@ CBS_get_u24_length_prefixed(CBS *cbs, CBS *out) return cbs_get_length_prefixed(cbs, out, 3); } +static int +cbs_peek_u(CBS *cbs, uint32_t *out, size_t len) +{ + uint32_t result = 0; + size_t i; + const uint8_t *data; + + if (len < 1 || len > 4) + return 0; + + if (!cbs_peek(cbs, &data, len)) + return 0; + + for (i = 0; i < len; i++) { + result <<= 8; + result |= data[i]; + } + *out = result; + return 1; +} + +int +CBS_peek_u8(CBS *cbs, uint8_t *out) +{ + const uint8_t *v; + + if (!cbs_peek(cbs, &v, 1)) + return 0; + + *out = *v; + return 1; +} + +int +CBS_peek_u16(CBS *cbs, uint16_t *out) +{ + uint32_t v; + + if (!cbs_peek_u(cbs, &v, 2)) + return 0; + + *out = v; + return 1; +} + +int +CBS_peek_u24(CBS *cbs, uint32_t *out) +{ + return cbs_peek_u(cbs, out, 3); +} + +int +CBS_peek_u32(CBS *cbs, uint32_t *out) +{ + return cbs_peek_u(cbs, out, 4); +} + +int +CBS_peek_last_u8(CBS *cbs, uint8_t *out) +{ + if (cbs->len == 0) + return 0; + + *out = cbs->data[cbs->len - 1]; + return 1; +} + int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag, size_t *out_header_len) diff --git a/ssl/bytestring.h b/ssl/bytestring.h index 9e55dd44..022bc683 100644 --- a/ssl/bytestring.h +++ b/ssl/bytestring.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bytestring.h,v 1.19 2021/05/16 10:58:27 jsing Exp $ */ +/* $OpenBSD: bytestring.h,v 1.23 2022/01/06 14:30:30 jsing Exp $ */ /* * Copyright (c) 2014, Google Inc. * @@ -133,6 +133,18 @@ int CBS_get_u24(CBS *cbs, uint32_t *out); */ int CBS_get_u32(CBS *cbs, uint32_t *out); +/* + * CBS_get_u64 sets |*out| to the next, big-endian uint64_t value from |cbs| + * and advances |cbs|. It returns one on success and zero on error. + */ +int CBS_get_u64(CBS *cbs, uint64_t *out); + +/* + * CBS_get_last_u8 sets |*out| to the last uint8_t from |cbs| and shortens + * |cbs|. It returns one on success and zero on error. + */ +int CBS_get_last_u8(CBS *cbs, uint8_t *out); + /* * CBS_get_bytes sets |*out| to the next |len| bytes from |cbs| and advances * |cbs|. It returns one on success and zero on error. @@ -160,6 +172,36 @@ int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out); */ int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out); +/* + * CBS_peek_u8 sets |*out| to the next uint8_t from |cbs|, but does not advance + * |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_u8(CBS *cbs, uint8_t *out); + +/* + * CBS_peek_u16 sets |*out| to the next, big-endian uint16_t from |cbs|, but + * does not advance |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_u16(CBS *cbs, uint16_t *out); + +/* + * CBS_peek_u24 sets |*out| to the next, big-endian 24-bit value from |cbs|, but + * does not advance |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_u24(CBS *cbs, uint32_t *out); + +/* + * CBS_peek_u32 sets |*out| to the next, big-endian uint32_t value from |cbs|, + * but does not advance |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_u32(CBS *cbs, uint32_t *out); + +/* + * CBS_peek_last_u8 sets |*out| to the last uint8_t from |cbs|, but does not + * shorten |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_last_u8(CBS *cbs, uint8_t *out); + /* Parsing ASN.1 */ @@ -466,6 +508,12 @@ int CBB_add_u24(CBB *cbb, size_t value); */ int CBB_add_u32(CBB *cbb, size_t value); +/* + * CBB_add_u64 appends a 64-bit, big-endian number from |value| to |cbb|. It + * returns one on success and zero otherwise. + */ +int CBB_add_u64(CBB *cbb, uint64_t value); + /* * CBB_add_asn1_uint64 writes an ASN.1 INTEGER into |cbb| using |CBB_add_asn1| * and writes |value| in its contents. It returns one on success and zero on diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 4c014be6..fd7c07a4 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_both.c,v 1.78 2021/09/04 14:24:28 jsing Exp $ */ +/* $OpenBSD: d1_both.c,v 1.81 2022/02/05 14:54:10 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -216,9 +216,9 @@ dtls1_do_write(SSL *s, int type) size_t overhead; /* AHA! Figure out the MTU, and stick to the right size */ - if (D1I(s)->mtu < dtls1_min_mtu() && + if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { - D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), + s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); /* @@ -226,27 +226,27 @@ dtls1_do_write(SSL *s, int type) * doesn't know the MTU (ie., the initial write), so just * make sure we have a reasonable number */ - if (D1I(s)->mtu < dtls1_min_mtu()) { - D1I(s)->mtu = 0; - D1I(s)->mtu = dtls1_guess_mtu(D1I(s)->mtu); + if (s->d1->mtu < dtls1_min_mtu()) { + s->d1->mtu = 0; + s->d1->mtu = dtls1_guess_mtu(s->d1->mtu); BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, - D1I(s)->mtu, NULL); + s->d1->mtu, NULL); } } - OPENSSL_assert(D1I(s)->mtu >= dtls1_min_mtu()); + OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something reasonable now */ if (s->internal->init_off == 0 && type == SSL3_RT_HANDSHAKE) OPENSSL_assert(s->internal->init_num == - (int)D1I(s)->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); + (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); if (!tls12_record_layer_write_overhead(s->internal->rl, &overhead)) return -1; frag_off = 0; while (s->internal->init_num) { - curr_mtu = D1I(s)->mtu - BIO_wpending(SSL_get_wbio(s)) - + curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - DTLS1_RT_HEADER_LENGTH - overhead; if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) { @@ -254,7 +254,7 @@ dtls1_do_write(SSL *s, int type) ret = BIO_flush(SSL_get_wbio(s)); if (ret <= 0) return ret; - curr_mtu = D1I(s)->mtu - DTLS1_RT_HEADER_LENGTH - + curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH - overhead; } @@ -279,8 +279,8 @@ dtls1_do_write(SSL *s, int type) dtls1_fix_message_header(s, frag_off, len - DTLS1_HM_HEADER_LENGTH); - if (!dtls1_write_message_header(&D1I(s)->w_msg_hdr, - D1I(s)->w_msg_hdr.frag_off, D1I(s)->w_msg_hdr.frag_len, + if (!dtls1_write_message_header(&s->d1->w_msg_hdr, + s->d1->w_msg_hdr.frag_off, s->d1->w_msg_hdr.frag_len, (unsigned char *)&s->internal->init_buf->data[s->internal->init_off])) return -1; @@ -299,7 +299,7 @@ dtls1_do_write(SSL *s, int type) */ if (BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) - D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), + s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); else return (-1); @@ -313,14 +313,14 @@ dtls1_do_write(SSL *s, int type) OPENSSL_assert(len == (unsigned int)ret); if (type == SSL3_RT_HANDSHAKE && - !D1I(s)->retransmitting) { + !s->d1->retransmitting) { /* * Should not be done for 'Hello Request's, * but in that case we'll ignore the result * anyway */ unsigned char *p = (unsigned char *)&s->internal->init_buf->data[s->internal->init_off]; - const struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; + const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; int xlen; if (frag_off == 0) { @@ -368,40 +368,39 @@ dtls1_do_write(SSL *s, int type) * Read an entire handshake message. Handshake messages arrive in * fragments. */ -long -dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) +int +dtls1_get_message(SSL *s, int st1, int stn, int mt, long max) { - int i, al; struct hm_header_st *msg_hdr; unsigned char *p; unsigned long msg_len; + int i, al, ok; /* * s3->internal->tmp is used to store messages that are unexpected, caused * by the absence of an optional handshake message */ - if (S3I(s)->hs.tls12.reuse_message) { - S3I(s)->hs.tls12.reuse_message = 0; - if ((mt >= 0) && (S3I(s)->hs.tls12.message_type != mt)) { + if (s->s3->hs.tls12.reuse_message) { + s->s3->hs.tls12.reuse_message = 0; + if ((mt >= 0) && (s->s3->hs.tls12.message_type != mt)) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); goto fatal_err; } - *ok = 1; s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; - s->internal->init_num = (int)S3I(s)->hs.tls12.message_size; - return s->internal->init_num; + s->internal->init_num = (int)s->s3->hs.tls12.message_size; + return 1; } - msg_hdr = &D1I(s)->r_msg_hdr; + msg_hdr = &s->d1->r_msg_hdr; memset(msg_hdr, 0, sizeof(struct hm_header_st)); again: - i = dtls1_get_message_fragment(s, st1, stn, max, ok); + i = dtls1_get_message_fragment(s, st1, stn, max, &ok); if (i == DTLS1_HM_BAD_FRAGMENT || i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ goto again; - else if (i <= 0 && !*ok) + else if (i <= 0 && !ok) return i; p = (unsigned char *)s->internal->init_buf->data; @@ -421,19 +420,17 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) memset(msg_hdr, 0, sizeof(struct hm_header_st)); /* Don't change sequence numbers while listening */ - if (!D1I(s)->listen) - D1I(s)->handshake_read_seq++; + if (!s->d1->listen) + s->d1->handshake_read_seq++; s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; - return s->internal->init_num; + return 1; fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - *ok = 0; return -1; } - static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) { @@ -454,7 +451,7 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) return SSL_AD_ILLEGAL_PARAMETER; } - if ( D1I(s)->r_msg_hdr.frag_off == 0) /* first fragment */ + if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ { /* * msg_len is limited to 2^24, but is effectively checked @@ -466,12 +463,12 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) return SSL_AD_INTERNAL_ERROR; } - S3I(s)->hs.tls12.message_size = msg_len; - D1I(s)->r_msg_hdr.msg_len = msg_len; - S3I(s)->hs.tls12.message_type = msg_hdr->type; - D1I(s)->r_msg_hdr.type = msg_hdr->type; - D1I(s)->r_msg_hdr.seq = msg_hdr->seq; - } else if (msg_len != D1I(s)->r_msg_hdr.msg_len) { + s->s3->hs.tls12.message_size = msg_len; + s->d1->r_msg_hdr.msg_len = msg_len; + s->s3->hs.tls12.message_type = msg_hdr->type; + s->d1->r_msg_hdr.type = msg_hdr->type; + s->d1->r_msg_hdr.seq = msg_hdr->seq; + } else if (msg_len != s->d1->r_msg_hdr.msg_len) { /* * They must be playing with us! BTW, failure to enforce * upper limit would open possibility for buffer overrun. @@ -497,7 +494,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) int al; *ok = 0; - item = pqueue_peek(D1I(s)->buffered_messages); + item = pqueue_peek(s->d1->buffered_messages); if (item == NULL) return 0; @@ -507,9 +504,9 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) if (frag->reassembly != NULL) return 0; - if (D1I(s)->handshake_read_seq == frag->msg_header.seq) { + if (s->d1->handshake_read_seq == frag->msg_header.seq) { unsigned long frag_len = frag->msg_header.frag_len; - pqueue_pop(D1I(s)->buffered_messages); + pqueue_pop(s->d1->buffered_messages); al = dtls1_preprocess_fragment(s, &frag->msg_header, max); @@ -574,7 +571,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) memset(seq64be, 0, sizeof(seq64be)); seq64be[6] = (unsigned char)(msg_hdr->seq >> 8); seq64be[7] = (unsigned char)msg_hdr->seq; - item = pqueue_find(D1I(s)->buffered_messages, seq64be); + item = pqueue_find(s->d1->buffered_messages, seq64be); if (item == NULL) { frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); @@ -639,7 +636,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) goto err; } - pqueue_insert(D1I(s)->buffered_messages, item); + pqueue_insert(s->d1->buffered_messages, item); } return DTLS1_HM_FRAGMENT_RETRY; @@ -668,7 +665,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) memset(seq64be, 0, sizeof(seq64be)); seq64be[6] = (unsigned char) (msg_hdr->seq >> 8); seq64be[7] = (unsigned char) msg_hdr->seq; - item = pqueue_find(D1I(s)->buffered_messages, seq64be); + item = pqueue_find(s->d1->buffered_messages, seq64be); /* * If we already have an entry and this one is a fragment, @@ -683,9 +680,9 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) * a FINISHED before the SERVER_HELLO, which then must be a stale * retransmit. */ - if (msg_hdr->seq <= D1I(s)->handshake_read_seq || - msg_hdr->seq > D1I(s)->handshake_read_seq + 10 || item != NULL || - (D1I(s)->handshake_read_seq == 0 && + if (msg_hdr->seq <= s->d1->handshake_read_seq || + msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || + (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) { unsigned char devnull [256]; @@ -726,7 +723,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) if (item == NULL) goto err; - pqueue_insert(D1I(s)->buffered_messages, item); + pqueue_insert(s->d1->buffered_messages, item); } return DTLS1_HM_FRAGMENT_RETRY; @@ -780,8 +777,8 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) * While listening, we accept seq 1 (ClientHello with cookie) * although we're still expecting seq 0 (ClientHello) */ - if (msg_hdr.seq != D1I(s)->handshake_read_seq && - !(D1I(s)->listen && msg_hdr.seq == 1)) + if (msg_hdr.seq != s->d1->handshake_read_seq && + !(s->d1->listen && msg_hdr.seq == 1)) return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); len = msg_hdr.msg_len; @@ -791,7 +788,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) if (frag_len && frag_len < len) return dtls1_reassemble_fragment(s, &msg_hdr, ok); - if (!s->server && D1I(s)->r_msg_hdr.frag_off == 0 && + if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && wire[0] == SSL3_MT_HELLO_REQUEST) { /* * The server may always send 'Hello Request' messages -- @@ -821,7 +818,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) goto fatal_err; /* XDTLS: ressurect this when restart is in place */ - S3I(s)->hs.state = stn; + s->s3->hs.state = stn; if (frag_len > 0) { unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; @@ -847,8 +844,6 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) goto fatal_err; } - *ok = 1; - /* * Note that s->internal->init_num is *not* used as current offset in * s->internal->init_buf->data, but as a counter summing up fragments' @@ -856,6 +851,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) * length, we assume we have got all the fragments. */ s->internal->init_num = frag_len; + *ok = 1; return frag_len; fatal_err: @@ -960,15 +956,15 @@ dtls1_buffer_message(SSL *s, int is_ccs) memcpy(frag->fragment, s->internal->init_buf->data, s->internal->init_num); - OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len + + OPENSSL_assert(s->d1->w_msg_hdr.msg_len + (is_ccs ? DTLS1_CCS_HEADER_LENGTH : DTLS1_HM_HEADER_LENGTH) == (unsigned int)s->internal->init_num); - frag->msg_header.msg_len = D1I(s)->w_msg_hdr.msg_len; - frag->msg_header.seq = D1I(s)->w_msg_hdr.seq; - frag->msg_header.type = D1I(s)->w_msg_hdr.type; + frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; + frag->msg_header.seq = s->d1->w_msg_hdr.seq; + frag->msg_header.type = s->d1->w_msg_hdr.type; frag->msg_header.frag_off = 0; - frag->msg_header.frag_len = D1I(s)->w_msg_hdr.msg_len; + frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; frag->msg_header.is_ccs = is_ccs; /* save current state*/ @@ -1043,7 +1039,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, saved_state.session = s->session; saved_state.epoch = tls12_record_layer_write_epoch(s->internal->rl); - D1I(s)->retransmitting = 1; + s->d1->retransmitting = 1; /* restore state in which the message was originally sent */ s->session = frag->msg_header.saved_retransmit_state.session; @@ -1060,7 +1056,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, saved_state.epoch)) return 0; - D1I(s)->retransmitting = 0; + s->d1->retransmitting = 0; (void)BIO_flush(SSL_get_wbio(s)); return ret; @@ -1089,12 +1085,12 @@ dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len, unsigned long frag_off, unsigned long frag_len) { /* Don't change sequence numbers while listening */ - if (frag_off == 0 && !D1I(s)->listen) { - D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq; - D1I(s)->next_handshake_write_seq++; + if (frag_off == 0 && !s->d1->listen) { + s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; + s->d1->next_handshake_write_seq++; } - dtls1_set_message_header_int(s, mt, len, D1I(s)->handshake_write_seq, + dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, frag_off, frag_len); } @@ -1103,7 +1099,7 @@ void dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len, unsigned short seq_num, unsigned long frag_off, unsigned long frag_len) { - struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; + struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; msg_hdr->type = mt; msg_hdr->msg_len = len; @@ -1115,7 +1111,7 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len, static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len) { - struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; + struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; msg_hdr->frag_off = frag_off; msg_hdr->frag_len = frag_len; diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index d4280a27..770734e6 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_lib.c,v 1.59 2021/08/30 19:12:25 jsing Exp $ */ +/* $OpenBSD: d1_lib.c,v 1.61 2021/10/23 13:36:03 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -83,20 +83,18 @@ dtls1_new(SSL *s) if ((s->d1 = calloc(1, sizeof(*s->d1))) == NULL) goto err; - if ((s->d1->internal = calloc(1, sizeof(*s->d1->internal))) == NULL) - goto err; - if ((s->d1->internal->unprocessed_rcds.q = pqueue_new()) == NULL) + if ((s->d1->unprocessed_rcds.q = pqueue_new()) == NULL) goto err; - if ((s->d1->internal->buffered_messages = pqueue_new()) == NULL) + if ((s->d1->buffered_messages = pqueue_new()) == NULL) goto err; if ((s->d1->sent_messages = pqueue_new()) == NULL) goto err; - if ((s->d1->internal->buffered_app_data.q = pqueue_new()) == NULL) + if ((s->d1->buffered_app_data.q = pqueue_new()) == NULL) goto err; if (s->server) - s->d1->internal->cookie_len = sizeof(D1I(s)->cookie); + s->d1->cookie_len = sizeof(s->d1->cookie); s->method->ssl_clear(s); return (1); @@ -140,10 +138,10 @@ dtls1_drain_fragments(pqueue queue) static void dtls1_clear_queues(SSL *s) { - dtls1_drain_records(D1I(s)->unprocessed_rcds.q); - dtls1_drain_fragments(D1I(s)->buffered_messages); + dtls1_drain_records(s->d1->unprocessed_rcds.q); + dtls1_drain_fragments(s->d1->buffered_messages); dtls1_drain_fragments(s->d1->sent_messages); - dtls1_drain_records(D1I(s)->buffered_app_data.q); + dtls1_drain_records(s->d1->buffered_app_data.q); } void @@ -154,23 +152,23 @@ dtls1_free(SSL *s) ssl3_free(s); + if (s->d1 == NULL) + return; + dtls1_clear_queues(s); - pqueue_free(D1I(s)->unprocessed_rcds.q); - pqueue_free(D1I(s)->buffered_messages); + pqueue_free(s->d1->unprocessed_rcds.q); + pqueue_free(s->d1->buffered_messages); pqueue_free(s->d1->sent_messages); - pqueue_free(D1I(s)->buffered_app_data.q); + pqueue_free(s->d1->buffered_app_data.q); - freezero(s->d1->internal, sizeof(*s->d1->internal)); freezero(s->d1, sizeof(*s->d1)); - s->d1 = NULL; } void dtls1_clear(SSL *s) { - struct dtls1_state_internal_st *internal; pqueue unprocessed_rcds; pqueue buffered_messages; pqueue sent_messages; @@ -178,34 +176,31 @@ dtls1_clear(SSL *s) unsigned int mtu; if (s->d1) { - unprocessed_rcds = D1I(s)->unprocessed_rcds.q; - buffered_messages = D1I(s)->buffered_messages; + unprocessed_rcds = s->d1->unprocessed_rcds.q; + buffered_messages = s->d1->buffered_messages; sent_messages = s->d1->sent_messages; - buffered_app_data = D1I(s)->buffered_app_data.q; - mtu = D1I(s)->mtu; + buffered_app_data = s->d1->buffered_app_data.q; + mtu = s->d1->mtu; dtls1_clear_queues(s); - memset(s->d1->internal, 0, sizeof(*s->d1->internal)); - internal = s->d1->internal; memset(s->d1, 0, sizeof(*s->d1)); - s->d1->internal = internal; - D1I(s)->unprocessed_rcds.epoch = + s->d1->unprocessed_rcds.epoch = tls12_record_layer_read_epoch(s->internal->rl) + 1; if (s->server) { - D1I(s)->cookie_len = sizeof(D1I(s)->cookie); + s->d1->cookie_len = sizeof(s->d1->cookie); } if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) { - D1I(s)->mtu = mtu; + s->d1->mtu = mtu; } - D1I(s)->unprocessed_rcds.q = unprocessed_rcds; - D1I(s)->buffered_messages = buffered_messages; + s->d1->unprocessed_rcds.q = unprocessed_rcds; + s->d1->buffered_messages = buffered_messages; s->d1->sent_messages = sent_messages; - D1I(s)->buffered_app_data.q = buffered_app_data; + s->d1->buffered_app_data.q = buffered_app_data; } ssl3_clear(s); @@ -351,7 +346,7 @@ void dtls1_stop_timer(SSL *s) { /* Reset everything */ - memset(&(D1I(s)->timeout), 0, sizeof(struct dtls1_timeout_st)); + memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); s->d1->timeout_duration = 1; BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, @@ -363,16 +358,16 @@ dtls1_stop_timer(SSL *s) int dtls1_check_timeout_num(SSL *s) { - D1I(s)->timeout.num_alerts++; + s->d1->timeout.num_alerts++; /* Reduce MTU after 2 unsuccessful retransmissions */ - if (D1I(s)->timeout.num_alerts > 2) { - D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), + if (s->d1->timeout.num_alerts > 2) { + s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); } - if (D1I(s)->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { + if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { /* fail the connection, enough alerts have been sent */ SSLerror(s, SSL_R_READ_TIMEOUT_EXPIRED); return -1; @@ -394,9 +389,9 @@ dtls1_handle_timeout(SSL *s) if (dtls1_check_timeout_num(s) < 0) return -1; - D1I(s)->timeout.read_timeouts++; - if (D1I(s)->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { - D1I(s)->timeout.read_timeouts = 1; + s->d1->timeout.read_timeouts++; + if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { + s->d1->timeout.read_timeouts = 1; } dtls1_start_timer(s); @@ -412,7 +407,7 @@ dtls1_listen(SSL *s, struct sockaddr *client) SSL_clear(s); SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); - D1I(s)->listen = 1; + s->d1->listen = 1; ret = SSL_accept(s); if (ret <= 0) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index aafadf16..456f871a 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.112 2021/09/04 14:31:54 jsing Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.123 2022/03/26 15:05:53 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -113,8 +113,7 @@ * [including the GNU Public Licence.] */ -#include - +#include #include #include @@ -192,12 +191,12 @@ static int dtls1_process_record(SSL *s); static int dtls1_copy_record(SSL *s, DTLS1_RECORD_DATA_INTERNAL *rdata) { - ssl3_release_buffer(&S3I(s)->rbuf); + ssl3_release_buffer(&s->s3->rbuf); s->internal->packet = rdata->packet; s->internal->packet_length = rdata->packet_length; - memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); - memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL)); + memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); + memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL)); return (1); } @@ -219,15 +218,15 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) rdata->packet = s->internal->packet; rdata->packet_length = s->internal->packet_length; - memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); - memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD_INTERNAL)); + memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); + memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD_INTERNAL)); item->data = rdata; s->internal->packet = NULL; s->internal->packet_length = 0; - memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL)); - memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD_INTERNAL)); + memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL)); + memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD_INTERNAL)); if (!ssl3_setup_buffers(s)) goto err; @@ -271,19 +270,19 @@ static int dtls1_process_buffered_record(SSL *s) { /* Check if epoch is current. */ - if (D1I(s)->unprocessed_rcds.epoch != + if (s->d1->unprocessed_rcds.epoch != tls12_record_layer_read_epoch(s->internal->rl)) return (0); /* Update epoch once all unprocessed records have been processed. */ - if (pqueue_peek(D1I(s)->unprocessed_rcds.q) == NULL) { - D1I(s)->unprocessed_rcds.epoch = + if (pqueue_peek(s->d1->unprocessed_rcds.q) == NULL) { + s->d1->unprocessed_rcds.epoch = tls12_record_layer_read_epoch(s->internal->rl) + 1; return (0); } /* Process one of the records. */ - if (!dtls1_retrieve_buffered_record(s, &D1I(s)->unprocessed_rcds)) + if (!dtls1_retrieve_buffered_record(s, &s->d1->unprocessed_rcds)) return (-1); if (!dtls1_process_record(s)) return (-1); @@ -294,7 +293,7 @@ dtls1_process_buffered_record(SSL *s) static int dtls1_process_record(SSL *s) { - SSL3_RECORD_INTERNAL *rr = &(S3I(s)->rrec); + SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec); uint8_t alert_desc; uint8_t *out; size_t out_len; @@ -350,7 +349,7 @@ dtls1_process_record(SSL *s) int dtls1_get_record(SSL *s) { - SSL3_RECORD_INTERNAL *rr = &(S3I(s)->rrec); + SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec); unsigned char *p = NULL; DTLS1_BITMAP *bitmap; unsigned int is_next_epoch; @@ -449,7 +448,7 @@ dtls1_get_record(SSL *s) * since they arrive from different connections and * would be dropped unnecessarily. */ - if (!(D1I(s)->listen && rr->type == SSL3_RT_HANDSHAKE && + if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && p != NULL && *p == SSL3_MT_CLIENT_HELLO) && !dtls1_record_replay_check(s, bitmap, rr->seq_num)) goto again; @@ -464,8 +463,8 @@ dtls1_get_record(SSL *s) * anything while listening. */ if (is_next_epoch) { - if ((SSL_in_init(s) || s->internal->in_handshake) && !D1I(s)->listen) { - if (dtls1_buffer_record(s, &(D1I(s)->unprocessed_rcds), + if ((SSL_in_init(s) || s->internal->in_handshake) && !s->d1->listen) { + if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num) < 0) return (-1); /* Mark receipt of record. */ @@ -483,6 +482,179 @@ dtls1_get_record(SSL *s) return (1); } +static int +dtls1_read_handshake_unexpected(SSL *s) +{ + SSL3_RECORD_INTERNAL *rr = &s->s3->rrec; + struct hm_header_st hs_msg_hdr; + CBS cbs; + int ret; + + if (s->internal->in_handshake) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return -1; + } + + if (rr->off != 0) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return -1; + } + + /* Parse handshake message header. */ + CBS_init(&cbs, rr->data, rr->length); + if (!dtls1_get_message_header(&cbs, &hs_msg_hdr)) + return -1; /* XXX - probably should drop/continue. */ + + /* This may just be a stale retransmit. */ + if (rr->epoch != tls12_record_layer_read_epoch(s->internal->rl)) { + rr->length = 0; + return 1; + } + + if (hs_msg_hdr.type == SSL3_MT_HELLO_REQUEST) { + /* + * Incoming HelloRequest messages should only be received by a + * client. A server may send these at any time - a client should + * ignore the message if received in the middle of a handshake. + * See RFC 5246 sections 7.4 and 7.4.1.1. + */ + if (s->server) { + SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + /* XXX - should also check frag offset/length. */ + if (hs_msg_hdr.msg_len != 0) { + SSLerror(s, SSL_R_BAD_HELLO_REQUEST); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + return -1; + } + + ssl_msg_callback(s, 0, SSL3_RT_HANDSHAKE, rr->data, + DTLS1_HM_HEADER_LENGTH); + + rr->length = 0; + + /* + * It should be impossible to hit this, but keep the safety + * harness for now... + */ + if (s->session == NULL || s->session->cipher == NULL) + return 1; + + /* + * Ignore this message if we're currently handshaking, + * renegotiation is already pending or renegotiation is disabled + * via flags. + */ + if (!SSL_is_init_finished(s) || s->s3->renegotiate || + (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) != 0) + return 1; + + s->d1->handshake_read_seq++; + + /* XXX - why is this set here but not in ssl3? */ + s->internal->new_session = 1; + + if (!ssl3_renegotiate(s)) + return 1; + if (!ssl3_renegotiate_check(s)) + return 1; + + } else if (hs_msg_hdr.type == SSL3_MT_CLIENT_HELLO) { + /* + * Incoming ClientHello messages should only be received by a + * server. A client may send these in response to server + * initiated renegotiation (HelloRequest) or in order to + * initiate renegotiation by the client. See RFC 5246 section + * 7.4.1.2. + */ + if (!s->server) { + SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + /* + * A client should not be sending a ClientHello unless we're not + * currently handshaking. + */ + if (!SSL_is_init_finished(s)) { + SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + if ((s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0) { + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_NO_RENEGOTIATION); + return -1; + } + + if (s->session == NULL || s->session->cipher == NULL) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return -1; + } + + /* Client requested renegotiation but it is not permitted. */ + if (!s->s3->send_connection_binding || + (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) != 0) { + ssl3_send_alert(s, SSL3_AL_WARNING, + SSL_AD_NO_RENEGOTIATION); + return 1; + } + + s->s3->hs.state = SSL_ST_ACCEPT; + s->internal->renegotiate = 1; + s->internal->new_session = 1; + + } else if (hs_msg_hdr.type == SSL3_MT_FINISHED && s->server) { + /* + * If we are server, we may have a repeated FINISHED of the + * client here, then retransmit our CCS and FINISHED. + */ + if (dtls1_check_timeout_num(s) < 0) + return -1; + + /* XXX - should this be calling ssl_msg_callback()? */ + + dtls1_retransmit_buffered_messages(s); + + rr->length = 0; + + return 1; + + } else { + SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + if ((ret = s->internal->handshake_func(s)) < 0) + return ret; + if (ret == 0) { + SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); + return -1; + } + + if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { + if (s->s3->rbuf.left == 0) { + ssl_force_want_read(s); + return -1; + } + } + + /* + * We either finished a handshake or ignored the request, now try again + * to obtain the (application) data we were asked for. + */ + return 1; +} + /* Return up to 'len' payload bytes received in 'type' records. * 'type' is one of the following: * @@ -513,80 +685,92 @@ dtls1_get_record(SSL *s) int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) { - int al, i, ret; - unsigned int n; SSL3_RECORD_INTERNAL *rr; + int rrcount = 0; + unsigned int n; + int ret; - if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */ + if (s->s3->rbuf.buf == NULL) { if (!ssl3_setup_buffers(s)) - return (-1); + return -1; + } - if ((type && - type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) || - (peek && (type != SSL3_RT_APPLICATION_DATA))) { + if (len < 0) { SSLerror(s, ERR_R_INTERNAL_ERROR); return -1; } - if (!s->internal->in_handshake && SSL_in_init(s)) { - i = s->internal->handshake_func(s); - if (i < 0) - return (i); - if (i == 0) { + if (type != 0 && type != SSL3_RT_APPLICATION_DATA && + type != SSL3_RT_HANDSHAKE) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return -1; + } + if (peek && type != SSL3_RT_APPLICATION_DATA) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return -1; + } + + if (SSL_in_init(s) && !s->internal->in_handshake) { + if ((ret = s->internal->handshake_func(s)) < 0) + return ret; + if (ret == 0) { SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } } start: + /* + * Do not process more than three consecutive records, otherwise the + * peer can cause us to loop indefinitely. Instead, return with an + * SSL_ERROR_WANT_READ so the caller can choose when to handle further + * processing. In the future, the total number of non-handshake and + * non-application data records per connection should probably also be + * limited... + */ + if (rrcount++ >= 3) { + ssl_force_want_read(s); + return -1; + } + s->internal->rwstate = SSL_NOTHING; - /* S3I(s)->rrec.type - is the type of record - * S3I(s)->rrec.data, - data - * S3I(s)->rrec.off, - offset into 'data' for next read - * S3I(s)->rrec.length, - number of bytes. */ - rr = &(S3I(s)->rrec); + rr = &s->s3->rrec; - /* We are not handshaking and have no data yet, - * so process data buffered during the last handshake - * in advance, if any. + /* + * We are not handshaking and have no data yet, so process data buffered + * during the last handshake in advance, if any. */ - if (S3I(s)->hs.state == SSL_ST_OK && rr->length == 0) - dtls1_retrieve_buffered_record(s, &(D1I(s)->buffered_app_data)); + if (s->s3->hs.state == SSL_ST_OK && rr->length == 0) + dtls1_retrieve_buffered_record(s, &s->d1->buffered_app_data); - /* Check for timeout */ if (dtls1_handle_timeout(s) > 0) goto start; - /* get new packet if necessary */ - if ((rr->length == 0) || (s->internal->rstate == SSL_ST_READ_BODY)) { - ret = dtls1_get_record(s); - if (ret <= 0) { - ret = dtls1_read_failed(s, ret); - /* anything other than a timeout is an error */ - if (ret <= 0) - return (ret); - else - goto start; + if (rr->length == 0 || s->internal->rstate == SSL_ST_READ_BODY) { + if ((ret = dtls1_get_record(s)) <= 0) { + /* Anything other than a timeout is an error. */ + if ((ret = dtls1_read_failed(s, ret)) <= 0) + return ret; + goto start; } } - if (D1I(s)->listen && rr->type != SSL3_RT_HANDSHAKE) { + if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) { rr->length = 0; goto start; } - /* we now have a packet which can be read and processed */ + /* We now have a packet which can be read and processed. */ - if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec, - * reset by ssl3_get_finished */ - && (rr->type != SSL3_RT_HANDSHAKE)) { - /* We now have application data between CCS and Finished. + if (s->s3->change_cipher_spec && rr->type != SSL3_RT_HANDSHAKE) { + /* + * We now have application data between CCS and Finished. * Most likely the packets were reordered on their way, so * buffer the application data for later processing rather * than dropping the connection. */ - if (dtls1_buffer_record(s, &(D1I(s)->buffered_app_data), + if (dtls1_buffer_record(s, &s->d1->buffered_app_data, rr->seq_num) < 0) { SSLerror(s, ERR_R_INTERNAL_ERROR); return (-1); @@ -595,35 +779,41 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) goto start; } - /* If the other end has shut down, throw anything we read away - * (even in 'peek' mode) */ + /* + * If the other end has shut down, throw anything we read away (even in + * 'peek' mode). + */ if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { - rr->length = 0; s->internal->rwstate = SSL_NOTHING; - return (0); + rr->length = 0; + return 0; } /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ if (type == rr->type) { - /* make sure that we are not getting application data when we - * are doing a handshake for the first time */ + /* + * Make sure that we are not getting application data when we + * are doing a handshake for the first time. + */ if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA && !tls12_record_layer_read_protected(s->internal->rl)) { - al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE); - goto fatal_err; + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; } if (len <= 0) - return (len); + return len; if ((unsigned int)len > rr->length) n = rr->length; else n = (unsigned int)len; - memcpy(buf, &(rr->data[rr->off]), n); + memcpy(buf, &rr->data[rr->off], n); if (!peek) { + memset(&rr->data[rr->off], 0, n); rr->length -= n; rr->off += n; if (rr->length == 0) { @@ -632,7 +822,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } } - return (n); + return n; } /* @@ -640,134 +830,9 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) * message, then it was unexpected (Hello Request or Client Hello). */ - { - unsigned int record_min_len = 0; - - if (rr->type == SSL3_RT_HANDSHAKE) { - record_min_len = DTLS1_HM_HEADER_LENGTH; - } else if (rr->type == SSL3_RT_ALERT) { - record_min_len = DTLS1_AL_HEADER_LENGTH; - } else if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { - record_min_len = DTLS1_CCS_HEADER_LENGTH; - } else if (rr->type == SSL3_RT_APPLICATION_DATA) { - /* - * Application data while renegotiating is allowed. - * Try reading again. - */ - BIO *bio; - - S3I(s)->in_read_app_data = 2; - bio = SSL_get_rbio(s); - s->internal->rwstate = SSL_READING; - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return (-1); - } else { - /* Not certain if this is the right error handling */ - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_UNEXPECTED_RECORD); - goto fatal_err; - } - - if (record_min_len > 0 && rr->length < record_min_len) { - s->internal->rstate = SSL_ST_READ_HEADER; - rr->length = 0; - goto start; - } - } - - /* If we are a client, check for an incoming 'Hello Request': */ - if (!s->server && rr->type == SSL3_RT_HANDSHAKE && - rr->length >= DTLS1_HM_HEADER_LENGTH && rr->off == 0 && - rr->data[0] == SSL3_MT_HELLO_REQUEST && - s->session != NULL && s->session->cipher != NULL) { - struct hm_header_st msg_hdr; - CBS cbs; - - CBS_init(&cbs, rr->data, rr->length); - if (!dtls1_get_message_header(&cbs, &msg_hdr)) - return -1; - if (msg_hdr.msg_len != 0) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_HELLO_REQUEST); - goto fatal_err; - } - rr->length = 0; - - /* no need to check sequence number on HELLO REQUEST messages */ - - ssl_msg_callback(s, 0, SSL3_RT_HANDSHAKE, rr->data, 4); - - if (SSL_is_init_finished(s) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && - !S3I(s)->renegotiate) { - D1I(s)->handshake_read_seq++; - s->internal->new_session = 1; - ssl3_renegotiate(s); - if (ssl3_renegotiate_check(s)) { - i = s->internal->handshake_func(s); - if (i < 0) - return (i); - if (i == 0) { - SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); - } - - if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { - if (S3I(s)->rbuf.left == 0) /* no read-ahead left? */ - { - BIO *bio; - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - s->internal->rwstate = SSL_READING; - bio = SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return (-1); - } - } - } - } - /* we either finished a handshake or ignored the request, - * now try again to obtain the (application) data we were asked for */ - rr->length = 0; - goto start; - } - - if (rr->type == SSL3_RT_ALERT && rr->length >= DTLS1_AL_HEADER_LENGTH && - rr->off == 0) { - int alert_level = rr->data[0]; - int alert_descr = rr->data[1]; - - ssl_msg_callback(s, 0, SSL3_RT_ALERT, rr->data, 2); - - ssl_info_callback(s, SSL_CB_READ_ALERT, - (alert_level << 8) | alert_descr); - - if (alert_level == SSL3_AL_WARNING) { - S3I(s)->warn_alert = alert_descr; - if (alert_descr == SSL_AD_CLOSE_NOTIFY) { - s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; - return (0); - } - } else if (alert_level == SSL3_AL_FATAL) { - s->internal->rwstate = SSL_NOTHING; - S3I(s)->fatal_alert = alert_descr; - SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr); - ERR_asprintf_error_data("SSL alert number %d", - alert_descr); - s->internal->shutdown|=SSL_RECEIVED_SHUTDOWN; - SSL_CTX_remove_session(s->ctx, s->session); - return (0); - } else { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE); - goto fatal_err; - } - - rr->length = 0; + if (rr->type == SSL3_RT_ALERT) { + if ((ret = ssl3_read_alert(s)) <= 0) + return ret; goto start; } @@ -777,142 +842,48 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) return (0); } - if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { - /* 'Change Cipher Spec' is just a single byte, so we know - * exactly what the record payload has to look like */ - /* XDTLS: check that epoch is consistent */ - if ((rr->length != DTLS1_CCS_HEADER_LENGTH) || - (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC); - goto fatal_err; - } - - ssl_msg_callback(s, 0, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1); - - /* We can't process a CCS now, because previous handshake - * messages are still missing, so just drop it. + if (rr->type == SSL3_RT_APPLICATION_DATA) { + /* + * At this point, we were expecting handshake data, but have + * application data. If the library was running inside + * ssl3_read() (i.e. in_read_app_data is set) and it makes + * sense to read application data at this point (session + * renegotiation not yet started), we will indulge it. */ - if (!D1I(s)->change_cipher_spec_ok) { - rr->length = 0; - goto start; - } - - D1I(s)->change_cipher_spec_ok = 0; - - S3I(s)->change_cipher_spec = 1; - if (!ssl3_do_change_cipher_spec(s)) - goto err; - - rr->length = 0; - goto start; - } - - /* Unexpected handshake message (Client Hello, or protocol violation) */ - if (rr->type == SSL3_RT_HANDSHAKE && - rr->length >= DTLS1_HM_HEADER_LENGTH && rr->off == 0 && - !s->internal->in_handshake) { - struct hm_header_st msg_hdr; - CBS cbs; - - /* this may just be a stale retransmit */ - CBS_init(&cbs, rr->data, rr->length); - if (!dtls1_get_message_header(&cbs, &msg_hdr)) + if (s->s3->in_read_app_data != 0 && + s->s3->total_renegotiations != 0 && + (((s->s3->hs.state & SSL_ST_CONNECT) && + (s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) && + (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( + (s->s3->hs.state & SSL_ST_ACCEPT) && + (s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) && + (s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) { + s->s3->in_read_app_data = 2; + return -1; + } else { + SSLerror(s, SSL_R_UNEXPECTED_RECORD); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); return -1; - if (rr->epoch != tls12_record_layer_read_epoch(s->internal->rl)) { - rr->length = 0; - goto start; - } - - /* If we are server, we may have a repeated FINISHED of the - * client here, then retransmit our CCS and FINISHED. - */ - if (msg_hdr.type == SSL3_MT_FINISHED) { - if (dtls1_check_timeout_num(s) < 0) - return -1; - - dtls1_retransmit_buffered_messages(s); - rr->length = 0; - goto start; - } - - if (((S3I(s)->hs.state&SSL_ST_MASK) == SSL_ST_OK) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { - S3I(s)->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; - s->internal->renegotiate = 1; - s->internal->new_session = 1; - } - i = s->internal->handshake_func(s); - if (i < 0) - return (i); - if (i == 0) { - SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); } + } - if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { - if (S3I(s)->rbuf.left == 0) /* no read-ahead left? */ - { - BIO *bio; - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - s->internal->rwstate = SSL_READING; - bio = SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return (-1); - } - } - rr->length = 0; + if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { + if ((ret = ssl3_read_change_cipher_spec(s)) <= 0) + return ret; goto start; } - switch (rr->type) { - default: - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_UNEXPECTED_RECORD); - goto fatal_err; - case SSL3_RT_CHANGE_CIPHER_SPEC: - case SSL3_RT_ALERT: - case SSL3_RT_HANDSHAKE: - /* we already handled all of these, with the possible exception - * of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that - * should not happen when type != rr->type */ - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto fatal_err; - case SSL3_RT_APPLICATION_DATA: - /* At this point, we were expecting handshake data, - * but have application data. If the library was - * running inside ssl3_read() (i.e. in_read_app_data - * is set) and it makes sense to read application data - * at this point (session renegotiation not yet started), - * we will indulge it. - */ - if (S3I(s)->in_read_app_data && - (S3I(s)->total_renegotiations != 0) && - (((S3I(s)->hs.state & SSL_ST_CONNECT) && - (S3I(s)->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) && - (S3I(s)->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( - (S3I(s)->hs.state & SSL_ST_ACCEPT) && - (S3I(s)->hs.state <= SSL3_ST_SW_HELLO_REQ_A) && - (S3I(s)->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) { - S3I(s)->in_read_app_data = 2; - return (-1); - } else { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_UNEXPECTED_RECORD); - goto fatal_err; - } + if (rr->type == SSL3_RT_HANDSHAKE) { + if ((ret = dtls1_read_handshake_unexpected(s)) <= 0) + return ret; + goto start; } - /* not reached */ - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - err: - return (-1); + /* Unknown record type. */ + SSLerror(s, SSL_R_UNEXPECTED_RECORD); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); + return -1; } int @@ -957,7 +928,7 @@ dtls1_write_bytes(SSL *s, int type, const void *buf, int len) int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) { - SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf); + SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf); size_t out_len; CBB cbb; int ret; @@ -974,7 +945,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) } /* If we have an alert to send, let's send it */ - if (S3I(s)->alert_dispatch) { + if (s->s3->alert_dispatch) { if ((ret = ssl3_dispatch_alert(s)) <= 0) return (ret); /* If it went, fall through and send more stuff. */ @@ -1002,10 +973,10 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) * Memorize arguments so that ssl3_write_pending can detect * bad write retries later. */ - S3I(s)->wpend_tot = len; - S3I(s)->wpend_buf = buf; - S3I(s)->wpend_type = type; - S3I(s)->wpend_ret = len; + s->s3->wpend_tot = len; + s->s3->wpend_buf = buf; + s->s3->wpend_type = type; + s->s3->wpend_ret = len; /* We now just need to write the buffer. */ return ssl3_write_pending(s, type, buf, len); @@ -1069,13 +1040,13 @@ dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch) /* In current epoch, accept HM, CCS, DATA, & ALERT */ if (rr->epoch == read_epoch) - return &D1I(s)->bitmap; + return &s->d1->bitmap; /* Only HM and ALERT messages can be from the next epoch */ if (rr->epoch == read_epoch_next && (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) { *is_next_epoch = 1; - return &D1I(s)->next_bitmap; + return &s->d1->next_bitmap; } return NULL; @@ -1084,6 +1055,6 @@ dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch) void dtls1_reset_read_seq_numbers(SSL *s) { - memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP)); - memset(&(D1I(s)->next_bitmap), 0, sizeof(DTLS1_BITMAP)); + memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP)); + memset(&(s->d1->next_bitmap), 0, sizeof(DTLS1_BITMAP)); } diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index 70f9453f..793fa868 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srtp.c,v 1.29 2021/06/11 15:28:13 landry Exp $ */ +/* $OpenBSD: d1_srtp.c,v 1.30 2022/01/28 13:11:56 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -204,7 +204,10 @@ ssl_ctx_make_profiles(const char *profiles_string, if (!srtp_find_profile_by_name(ptr, &p, col ? col - ptr : (int)strlen(ptr))) { - sk_SRTP_PROTECTION_PROFILE_push(profiles, p); + if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) { + sk_SRTP_PROTECTION_PROFILE_free(profiles); + return 1; + } } else { SSLerrorx(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); sk_SRTP_PROTECTION_PROFILE_free(profiles); diff --git a/ssl/dtls_locl.h b/ssl/dtls_locl.h index 4cf8827e..da5c259a 100644 --- a/ssl/dtls_locl.h +++ b/ssl/dtls_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dtls_locl.h,v 1.7 2021/09/04 14:24:28 jsing Exp $ */ +/* $OpenBSD: dtls_locl.h,v 1.10 2021/10/23 13:45:44 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -77,8 +77,6 @@ typedef struct dtls1_bitmap_st { } DTLS1_BITMAP; struct dtls1_retransmit_state { - EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ - EVP_MD_CTX *write_hash; /* used for mac generation */ SSL_SESSION *session; unsigned short epoch; }; @@ -124,9 +122,16 @@ typedef struct dtls1_record_data_internal_st { SSL3_RECORD_INTERNAL rrec; } DTLS1_RECORD_DATA_INTERNAL; -struct dtls1_state_internal_st; +struct dtls1_state_st { + /* Buffered (sent) handshake records */ + struct _pqueue *sent_messages; + + /* Indicates when the last handshake msg or heartbeat sent will timeout */ + struct timeval next_timeout; + + /* Timeout duration */ + unsigned short timeout_duration; -typedef struct dtls1_state_internal_st { unsigned int send_cookie; unsigned char cookie[DTLS1_COOKIE_LENGTH]; unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; @@ -169,21 +174,7 @@ typedef struct dtls1_state_internal_st { unsigned int retransmitting; unsigned int change_cipher_spec_ok; -} DTLS1_STATE_INTERNAL; -#define D1I(s) (s->d1->internal) - -typedef struct dtls1_state_st { - /* Buffered (sent) handshake records */ - struct _pqueue *sent_messages; - - /* Indicates when the last handshake msg or heartbeat sent will timeout */ - struct timeval next_timeout; - - /* Timeout duration */ - unsigned short timeout_duration; - - struct dtls1_state_internal_st *internal; -} DTLS1_STATE; +}; int dtls1_do_write(SSL *s, int type); int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); @@ -223,7 +214,7 @@ void dtls1_free(SSL *s); void dtls1_clear(SSL *s); long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg); -long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); +int dtls1_get_message(SSL *s, int st1, int stn, int mt, long max); int dtls1_get_record(SSL *s); __END_HIDDEN_DECLS diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 1c0286f0..e0289d89 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_cbc.c,v 1.24 2021/05/16 14:10:43 jsing Exp $ */ +/* $OpenBSD: s3_cbc.c,v 1.25 2021/12/09 17:45:49 tb Exp $ */ /* ==================================================================== * Copyright (c) 2012 The OpenSSL Project. All rights reserved. * @@ -404,7 +404,7 @@ ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, unsigned char first_block[MAX_HASH_BLOCK_SIZE]; unsigned char mac_out[EVP_MAX_MD_SIZE]; unsigned int i, j, md_out_size_u; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx; /* mdLengthSize is the number of bytes in the length field that terminates * the hash. */ unsigned int md_length_size = 8; @@ -605,9 +605,10 @@ ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, mac_out[j] |= block[j]&is_block_b; } - EVP_MD_CTX_init(&md_ctx); - if (!EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */)) { - EVP_MD_CTX_cleanup(&md_ctx); + if ((md_ctx = EVP_MD_CTX_new()) == NULL) + return 0; + if (!EVP_DigestInit_ex(md_ctx, EVP_MD_CTX_md(ctx), NULL /* engine */)) { + EVP_MD_CTX_free(md_ctx); return 0; } @@ -615,13 +616,13 @@ ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, for (i = 0; i < md_block_size; i++) hmac_pad[i] ^= 0x6a; - EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size); - EVP_DigestUpdate(&md_ctx, mac_out, md_size); + EVP_DigestUpdate(md_ctx, hmac_pad, md_block_size); + EVP_DigestUpdate(md_ctx, mac_out, md_size); - EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u); + EVP_DigestFinal(md_ctx, md_out, &md_out_size_u); if (md_out_size) *md_out_size = md_out_size_u; - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); return 1; } diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index e78b70f0..989165b2 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.215 2021/09/08 12:56:14 tb Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.238 2022/08/21 19:39:44 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -162,6 +162,7 @@ #include "dtls_locl.h" #include "ssl_locl.h" #include "ssl_sigalgs.h" +#include "ssl_tlsext.h" #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)) @@ -881,7 +882,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher 1301 */ { .valid = 1, - .name = TLS1_3_TXT_AES_128_GCM_SHA256, + .name = TLS1_3_RFC_AES_128_GCM_SHA256, .id = TLS1_3_CK_AES_128_GCM_SHA256, .algorithm_mkey = SSL_kTLS1_3, .algorithm_auth = SSL_aTLS1_3, @@ -897,7 +898,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher 1302 */ { .valid = 1, - .name = TLS1_3_TXT_AES_256_GCM_SHA384, + .name = TLS1_3_RFC_AES_256_GCM_SHA384, .id = TLS1_3_CK_AES_256_GCM_SHA384, .algorithm_mkey = SSL_kTLS1_3, .algorithm_auth = SSL_aTLS1_3, @@ -913,7 +914,7 @@ const SSL_CIPHER ssl3_ciphers[] = { /* Cipher 1303 */ { .valid = 1, - .name = TLS1_3_TXT_CHACHA20_POLY1305_SHA256, + .name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256, .id = TLS1_3_CK_CHACHA20_POLY1305_SHA256, .algorithm_mkey = SSL_kTLS1_3, .algorithm_auth = SSL_aTLS1_3, @@ -1443,8 +1444,8 @@ ssl3_pending(const SSL *s) if (s->internal->rstate == SSL_ST_READ_BODY) return 0; - return (S3I(s)->rrec.type == SSL3_RT_APPLICATION_DATA) ? - S3I(s)->rrec.length : 0; + return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? + s->s3->rrec.length : 0; } int @@ -1543,10 +1544,6 @@ ssl3_new(SSL *s) { if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL) return (0); - if ((S3I(s) = calloc(1, sizeof(*S3I(s)))) == NULL) { - free(s->s3); - return (0); - } s->method->ssl_clear(s); @@ -1562,25 +1559,29 @@ ssl3_free(SSL *s) tls1_cleanup_key_block(s); ssl3_release_read_buffer(s); ssl3_release_write_buffer(s); - freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); - DH_free(S3I(s)->tmp.dh); - EC_KEY_free(S3I(s)->tmp.ecdh); - freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); + freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len); + sk_X509_pop_free(s->s3->hs.peer_certs, X509_free); + sk_X509_pop_free(s->s3->hs.peer_certs_no_leaf, X509_free); + tls_key_share_free(s->s3->hs.key_share); + + tls13_secrets_destroy(s->s3->hs.tls13.secrets); + freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len); + tls13_clienthello_hash_clear(&s->s3->hs.tls13); - tls13_key_share_free(S3I(s)->hs.tls13.key_share); - tls13_secrets_destroy(S3I(s)->hs.tls13.secrets); - freezero(S3I(s)->hs.tls13.cookie, S3I(s)->hs.tls13.cookie_len); - tls13_clienthello_hash_clear(&S3I(s)->hs.tls13); + tls_buffer_free(s->s3->hs.tls13.quic_read_buffer); - sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free); + sk_X509_pop_free(s->internal->verified_chain, X509_free); tls1_transcript_free(s); tls1_transcript_hash_free(s); - free(S3I(s)->alpn_selected); + free(s->s3->alpn_selected); + + freezero(s->s3->peer_quic_transport_params, + s->s3->peer_quic_transport_params_len); - freezero(S3I(s), sizeof(*S3I(s))); freezero(s->s3, sizeof(*s->s3)); s->s3 = NULL; @@ -1589,106 +1590,126 @@ ssl3_free(SSL *s) void ssl3_clear(SSL *s) { - struct ssl3_state_internal_st *internal; - unsigned char *rp, *wp; - size_t rlen, wlen; + unsigned char *rp, *wp; + size_t rlen, wlen; tls1_cleanup_key_block(s); - sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free); + sk_X509_pop_free(s->internal->verified_chain, X509_free); + s->internal->verified_chain = NULL; + + freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len); + s->s3->hs.sigalgs = NULL; + s->s3->hs.sigalgs_len = 0; - DH_free(S3I(s)->tmp.dh); - S3I(s)->tmp.dh = NULL; - EC_KEY_free(S3I(s)->tmp.ecdh); - S3I(s)->tmp.ecdh = NULL; - S3I(s)->tmp.ecdh_nid = NID_undef; - freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); - S3I(s)->tmp.x25519 = NULL; + sk_X509_pop_free(s->s3->hs.peer_certs, X509_free); + s->s3->hs.peer_certs = NULL; + sk_X509_pop_free(s->s3->hs.peer_certs_no_leaf, X509_free); + s->s3->hs.peer_certs_no_leaf = NULL; - freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); - S3I(s)->hs.sigalgs = NULL; - S3I(s)->hs.sigalgs_len = 0; + tls_key_share_free(s->s3->hs.key_share); + s->s3->hs.key_share = NULL; - tls13_key_share_free(S3I(s)->hs.tls13.key_share); - S3I(s)->hs.tls13.key_share = NULL; + tls13_secrets_destroy(s->s3->hs.tls13.secrets); + s->s3->hs.tls13.secrets = NULL; + freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len); + s->s3->hs.tls13.cookie = NULL; + s->s3->hs.tls13.cookie_len = 0; + tls13_clienthello_hash_clear(&s->s3->hs.tls13); - tls13_secrets_destroy(S3I(s)->hs.tls13.secrets); - S3I(s)->hs.tls13.secrets = NULL; - freezero(S3I(s)->hs.tls13.cookie, S3I(s)->hs.tls13.cookie_len); - S3I(s)->hs.tls13.cookie = NULL; - S3I(s)->hs.tls13.cookie_len = 0; - tls13_clienthello_hash_clear(&S3I(s)->hs.tls13); + tls_buffer_free(s->s3->hs.tls13.quic_read_buffer); + s->s3->hs.tls13.quic_read_buffer = NULL; + s->s3->hs.tls13.quic_read_level = ssl_encryption_initial; + s->s3->hs.tls13.quic_write_level = ssl_encryption_initial; - S3I(s)->hs.extensions_seen = 0; + s->s3->hs.extensions_seen = 0; - rp = S3I(s)->rbuf.buf; - wp = S3I(s)->wbuf.buf; - rlen = S3I(s)->rbuf.len; - wlen = S3I(s)->wbuf.len; + rp = s->s3->rbuf.buf; + wp = s->s3->wbuf.buf; + rlen = s->s3->rbuf.len; + wlen = s->s3->wbuf.len; tls1_transcript_free(s); tls1_transcript_hash_free(s); - free(S3I(s)->alpn_selected); - S3I(s)->alpn_selected = NULL; - S3I(s)->alpn_selected_len = 0; + free(s->s3->alpn_selected); + s->s3->alpn_selected = NULL; + s->s3->alpn_selected_len = 0; + + freezero(s->s3->peer_quic_transport_params, + s->s3->peer_quic_transport_params_len); + s->s3->peer_quic_transport_params = NULL; + s->s3->peer_quic_transport_params_len = 0; - memset(S3I(s), 0, sizeof(*S3I(s))); - internal = S3I(s); memset(s->s3, 0, sizeof(*s->s3)); - S3I(s) = internal; - S3I(s)->rbuf.buf = rp; - S3I(s)->wbuf.buf = wp; - S3I(s)->rbuf.len = rlen; - S3I(s)->wbuf.len = wlen; + s->s3->rbuf.buf = rp; + s->s3->wbuf.buf = wp; + s->s3->rbuf.len = rlen; + s->s3->wbuf.len = wlen; ssl_free_wbio_buffer(s); /* Not needed... */ - S3I(s)->renegotiate = 0; - S3I(s)->total_renegotiations = 0; - S3I(s)->num_renegotiations = 0; - S3I(s)->in_read_app_data = 0; + s->s3->renegotiate = 0; + s->s3->total_renegotiations = 0; + s->s3->num_renegotiations = 0; + s->s3->in_read_app_data = 0; s->internal->packet_length = 0; s->version = TLS1_VERSION; - S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); + s->s3->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); +} + +long +_SSL_get_shared_group(SSL *s, long n) +{ + size_t count; + int nid; + + /* OpenSSL document that they return -1 for clients. They return 0. */ + if (!s->server) + return 0; + + if (n == -1) { + if (!tls1_count_shared_groups(s, &count)) + return 0; + + if (count > LONG_MAX) + count = LONG_MAX; + + return count; + } + + /* Undocumented special case added for Suite B profile support. */ + if (n == -2) + n = 0; + + if (n < 0) + return 0; + + if (!tls1_get_shared_group_by_index(s, n, &nid)) + return NID_undef; + + return nid; } long _SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key) { EVP_PKEY *pkey = NULL; - SESS_CERT *sc; int ret = 0; *key = NULL; - if (s->session == NULL || SSI(s)->sess_cert == NULL) - return 0; - - sc = SSI(s)->sess_cert; + if (s->s3->hs.key_share == NULL) + goto err; if ((pkey = EVP_PKEY_new()) == NULL) - return 0; - - if (sc->peer_dh_tmp != NULL) { - if (!EVP_PKEY_set1_DH(pkey, sc->peer_dh_tmp)) - goto err; - } else if (sc->peer_ecdh_tmp) { - if (!EVP_PKEY_set1_EC_KEY(pkey, sc->peer_ecdh_tmp)) - goto err; - } else if (sc->peer_x25519_tmp != NULL) { - if (!ssl_kex_dummy_ecdhe_x25519(pkey)) - goto err; - } else if (S3I(s)->hs.tls13.key_share != NULL) { - if (!tls13_key_share_peer_pkey(S3I(s)->hs.tls13.key_share, - pkey)) - goto err; - } else { goto err; - } + if (!tls_key_share_peer_pkey(s->s3->hs.key_share, pkey)) + goto err; *key = pkey; pkey = NULL; @@ -1710,7 +1731,7 @@ _SSL_session_reused(SSL *s) static int _SSL_num_renegotiations(SSL *s) { - return S3I(s)->num_renegotiations; + return s->s3->num_renegotiations; } static int @@ -1718,8 +1739,8 @@ _SSL_clear_num_renegotiations(SSL *s) { int renegs; - renegs = S3I(s)->num_renegotiations; - S3I(s)->num_renegotiations = 0; + renegs = s->s3->num_renegotiations; + s->s3->num_renegotiations = 0; return renegs; } @@ -1727,26 +1748,31 @@ _SSL_clear_num_renegotiations(SSL *s) static int _SSL_total_renegotiations(SSL *s) { - return S3I(s)->total_renegotiations; + return s->s3->total_renegotiations; } static int _SSL_set_tmp_dh(SSL *s, DH *dh) { - DH *dh_tmp; + DH *dhe_params; if (dh == NULL) { SSLerror(s, ERR_R_PASSED_NULL_PARAMETER); return 0; } - if ((dh_tmp = DHparams_dup(dh)) == NULL) { + if (!ssl_security_dh(s, dh)) { + SSLerror(s, SSL_R_DH_KEY_TOO_SMALL); + return 0; + } + + if ((dhe_params = DHparams_dup(dh)) == NULL) { SSLerror(s, ERR_R_DH_LIB); return 0; } - DH_free(s->cert->dh_tmp); - s->cert->dh_tmp = dh_tmp; + DH_free(s->cert->dhe_params); + s->cert->dhe_params = dhe_params; return 1; } @@ -1754,7 +1780,7 @@ _SSL_set_tmp_dh(SSL *s, DH *dh) static int _SSL_set_dh_auto(SSL *s, int state) { - s->cert->dh_tmp_auto = state; + s->cert->dhe_params_auto = state; return 1; } @@ -1782,17 +1808,21 @@ _SSL_set_ecdh_auto(SSL *s, int state) static int _SSL_set_tlsext_host_name(SSL *s, const char *name) { + int is_ip; + CBS cbs; + free(s->tlsext_hostname); s->tlsext_hostname = NULL; if (name == NULL) return 1; - if (strlen(name) > TLSEXT_MAXLEN_host_name) { + CBS_init(&cbs, name, strlen(name)); + + if (!tlsext_sni_is_valid_hostname(&cbs, &is_ip)) { SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME); return 0; } - if ((s->tlsext_hostname = strdup(name)) == NULL) { SSLerror(s, ERR_R_INTERNAL_ERROR); return 0; @@ -1884,25 +1914,25 @@ _SSL_set_tlsext_status_ocsp_resp(SSL *s, unsigned char *resp, int resp_len) int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain) { - return ssl_cert_set0_chain(ssl->cert, chain); + return ssl_cert_set0_chain(NULL, ssl, chain); } int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain) { - return ssl_cert_set1_chain(ssl->cert, chain); + return ssl_cert_set1_chain(NULL, ssl, chain); } int SSL_add0_chain_cert(SSL *ssl, X509 *x509) { - return ssl_cert_add0_chain_cert(ssl->cert, x509); + return ssl_cert_add0_chain_cert(NULL, ssl, x509); } int SSL_add1_chain_cert(SSL *ssl, X509 *x509) { - return ssl_cert_add1_chain_cert(ssl->cert, x509); + return ssl_cert_add1_chain_cert(NULL, ssl, x509); } int @@ -1919,7 +1949,7 @@ SSL_get0_chain_certs(const SSL *ssl, STACK_OF(X509) **out_chain) int SSL_clear_chain_certs(SSL *ssl) { - return ssl_cert_set0_chain(ssl->cert, NULL); + return ssl_cert_set0_chain(NULL, ssl, NULL); } int @@ -1941,7 +1971,7 @@ _SSL_get_signature_nid(SSL *s, int *nid) { const struct ssl_sigalg *sigalg; - if ((sigalg = S3I(s)->hs.our_sigalg) == NULL) + if ((sigalg = s->s3->hs.our_sigalg) == NULL) return 0; *nid = EVP_MD_type(sigalg->md()); @@ -1954,7 +1984,7 @@ _SSL_get_peer_signature_nid(SSL *s, int *nid) { const struct ssl_sigalg *sigalg; - if ((sigalg = S3I(s)->hs.peer_sigalg) == NULL) + if ((sigalg = s->s3->hs.peer_sigalg) == NULL) return 0; *nid = EVP_MD_type(sigalg->md()); @@ -1967,7 +1997,7 @@ SSL_get_signature_type_nid(const SSL *s, int *nid) { const struct ssl_sigalg *sigalg; - if ((sigalg = S3I(s)->hs.our_sigalg) == NULL) + if ((sigalg = s->s3->hs.our_sigalg) == NULL) return 0; *nid = sigalg->key_type; @@ -1983,7 +2013,7 @@ SSL_get_peer_signature_type_nid(const SSL *s, int *nid) { const struct ssl_sigalg *sigalg; - if ((sigalg = S3I(s)->hs.peer_sigalg) == NULL) + if ((sigalg = s->s3->hs.peer_sigalg) == NULL) return 0; *nid = sigalg->key_type; @@ -2085,6 +2115,9 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_GROUPS_LIST: return SSL_set1_groups_list(s, parg); + case SSL_CTRL_GET_SHARED_GROUP: + return _SSL_get_shared_group(s, larg); + /* XXX - rename to SSL_CTRL_GET_PEER_TMP_KEY and remove server check. */ case SSL_CTRL_GET_SERVER_TMP_KEY: if (s->server != 0) @@ -2143,7 +2176,7 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) return 0; case SSL_CTRL_SET_TMP_DH_CB: - s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; + s->cert->dhe_params_cb = (DH *(*)(SSL *, int, int))fp; return 1; case SSL_CTRL_SET_TMP_ECDH_CB: @@ -2161,15 +2194,25 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) static int _SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh) { - DH *dh_tmp; + DH *dhe_params; - if ((dh_tmp = DHparams_dup(dh)) == NULL) { + if (dh == NULL) { + SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if (!ssl_ctx_security_dh(ctx, dh)) { + SSLerrorx(SSL_R_DH_KEY_TOO_SMALL); + return 0; + } + + if ((dhe_params = DHparams_dup(dh)) == NULL) { SSLerrorx(ERR_R_DH_LIB); return 0; } - DH_free(ctx->internal->cert->dh_tmp); - ctx->internal->cert->dh_tmp = dh_tmp; + DH_free(ctx->internal->cert->dhe_params); + ctx->internal->cert->dhe_params = dhe_params; return 1; } @@ -2177,7 +2220,7 @@ _SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh) static int _SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state) { - ctx->internal->cert->dh_tmp_auto = state; + ctx->internal->cert->dhe_params_auto = state; return 1; } @@ -2262,25 +2305,25 @@ _SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg) int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) { - return ssl_cert_set0_chain(ctx->internal->cert, chain); + return ssl_cert_set0_chain(ctx, NULL, chain); } int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) { - return ssl_cert_set1_chain(ctx->internal->cert, chain); + return ssl_cert_set1_chain(ctx, NULL, chain); } int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509) { - return ssl_cert_add0_chain_cert(ctx->internal->cert, x509); + return ssl_cert_add0_chain_cert(ctx, NULL, x509); } int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509) { - return ssl_cert_add1_chain_cert(ctx->internal->cert, x509); + return ssl_cert_add1_chain_cert(ctx, NULL, x509); } int @@ -2297,7 +2340,7 @@ SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain) int SSL_CTX_clear_chain_certs(SSL_CTX *ctx) { - return ssl_cert_set0_chain(ctx->internal->cert, NULL); + return ssl_cert_set0_chain(ctx, NULL, NULL); } static int @@ -2464,7 +2507,7 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) return 0; case SSL_CTRL_SET_TMP_DH_CB: - ctx->internal->cert->dh_tmp_cb = + ctx->internal->cert->dhe_params_cb = (DH *(*)(SSL *, int, int))fp; return 1; @@ -2501,13 +2544,13 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *prio, *allow; SSL_CIPHER *c, *ret = NULL; int can_use_ecc; - int i, ii, ok; - CERT *cert; + int i, ii, nid, ok; + SSL_CERT *cert; /* Let's see which ciphers we can support */ cert = s->cert; - can_use_ecc = (tls1_get_shared_curve(s) != NID_undef); + can_use_ecc = tls1_get_supported_group(s, &nid); /* * Do not set the compare functions, because this may lead to a @@ -2542,6 +2585,9 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, !(c->algorithm_ssl & SSL_TLSV1_3)) continue; + if (!ssl_security_shared_cipher(s, c)) + continue; + ssl_set_cert_masks(cert, c); mask_k = cert->mask_k; mask_a = cert->mask_a; @@ -2580,7 +2626,7 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb) { unsigned long alg_k; - alg_k = S3I(s)->hs.cipher->algorithm_mkey; + alg_k = s->s3->hs.cipher->algorithm_mkey; #ifndef OPENSSL_NO_GOST if ((alg_k & SSL_kGOST) != 0) { @@ -2624,7 +2670,7 @@ ssl3_shutdown(SSL *s) * Don't do anything much if we have not done the handshake or * we don't want to send messages :-) */ - if ((s->internal->quiet_shutdown) || (S3I(s)->hs.state == SSL_ST_BEFORE)) { + if ((s->internal->quiet_shutdown) || (s->s3->hs.state == SSL_ST_BEFORE)) { s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); return (1); } @@ -2634,11 +2680,11 @@ ssl3_shutdown(SSL *s) ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); /* * Our shutdown alert has been sent now, and if it still needs - * to be written, S3I(s)->alert_dispatch will be true + * to be written, s->s3->alert_dispatch will be true */ - if (S3I(s)->alert_dispatch) - return(-1); /* return WANT_WRITE */ - } else if (S3I(s)->alert_dispatch) { + if (s->s3->alert_dispatch) + return (-1); /* return WANT_WRITE */ + } else if (s->s3->alert_dispatch) { /* resend it if not sent */ ret = ssl3_dispatch_alert(s); if (ret == -1) { @@ -2654,12 +2700,12 @@ ssl3_shutdown(SSL *s) /* If we are waiting for a close from our peer, we are closed */ s->method->ssl_read_bytes(s, 0, NULL, 0, 0); if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) { - return(-1); /* return WANT_READ */ + return (-1); /* return WANT_READ */ } } if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && - !S3I(s)->alert_dispatch) + !s->s3->alert_dispatch) return (1); else return (0); @@ -2670,7 +2716,7 @@ ssl3_write(SSL *s, const void *buf, int len) { errno = 0; - if (S3I(s)->renegotiate) + if (s->s3->renegotiate) ssl3_renegotiate_check(s); return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, @@ -2683,13 +2729,13 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek) int ret; errno = 0; - if (S3I(s)->renegotiate) + if (s->s3->renegotiate) ssl3_renegotiate_check(s); - S3I(s)->in_read_app_data = 1; + s->s3->in_read_app_data = 1; ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek); - if ((ret == -1) && (S3I(s)->in_read_app_data == 2)) { + if ((ret == -1) && (s->s3->in_read_app_data == 2)) { /* * ssl3_read_bytes decided to call s->internal->handshake_func, * which called ssl3_read_bytes to read handshake data. @@ -2702,7 +2748,7 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek) buf, len, peek); s->internal->in_handshake--; } else - S3I(s)->in_read_app_data = 0; + s->s3->in_read_app_data = 0; return (ret); } @@ -2723,35 +2769,28 @@ int ssl3_renegotiate(SSL *s) { if (s->internal->handshake_func == NULL) - return (1); + return 1; if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) - return (0); + return 0; - S3I(s)->renegotiate = 1; - return (1); + s->s3->renegotiate = 1; + + return 1; } int ssl3_renegotiate_check(SSL *s) { - int ret = 0; + if (!s->s3->renegotiate) + return 0; + if (SSL_in_init(s) || s->s3->rbuf.left != 0 || s->s3->wbuf.left != 0) + return 0; - if (S3I(s)->renegotiate) { - if ((S3I(s)->rbuf.left == 0) && (S3I(s)->wbuf.left == 0) && - !SSL_in_init(s)) { - /* - * If we are the server, and we have sent - * a 'RENEGOTIATE' message, we need to go - * to SSL_ST_ACCEPT. - */ - /* SSL_ST_ACCEPT */ - S3I(s)->hs.state = SSL_ST_RENEGOTIATE; - S3I(s)->renegotiate = 0; - S3I(s)->num_renegotiations++; - S3I(s)->total_renegotiations++; - ret = 1; - } - } - return (ret); + s->s3->hs.state = SSL_ST_RENEGOTIATE; + s->s3->renegotiate = 0; + s->s3->num_renegotiations++; + s->s3->total_renegotiations++; + + return 1; } diff --git a/ssl/ssl.sym b/ssl/ssl.sym index ec329e70..107c3552 100644 --- a/ssl/ssl.sym +++ b/ssl/ssl.sym @@ -75,10 +75,13 @@ SSL_CTX_get_default_passwd_cb_userdata SSL_CTX_get_ex_data SSL_CTX_get_ex_new_index SSL_CTX_get_info_callback +SSL_CTX_get_keylog_callback SSL_CTX_get_max_early_data SSL_CTX_get_max_proto_version SSL_CTX_get_min_proto_version +SSL_CTX_get_num_tickets SSL_CTX_get_quiet_shutdown +SSL_CTX_get_security_level SSL_CTX_get_ssl_method SSL_CTX_get_timeout SSL_CTX_get_verify_callback @@ -117,15 +120,19 @@ SSL_CTX_set_default_verify_paths SSL_CTX_set_ex_data SSL_CTX_set_generate_session_id SSL_CTX_set_info_callback +SSL_CTX_set_keylog_callback SSL_CTX_set_max_early_data SSL_CTX_set_max_proto_version SSL_CTX_set_min_proto_version SSL_CTX_set_msg_callback SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_protos_advertised_cb +SSL_CTX_set_num_tickets SSL_CTX_set_post_handshake_auth SSL_CTX_set_purpose +SSL_CTX_set_quic_method SSL_CTX_set_quiet_shutdown +SSL_CTX_set_security_level SSL_CTX_set_session_id_context SSL_CTX_set_ssl_version SSL_CTX_set_timeout @@ -202,6 +209,7 @@ SSL_get0_chain_certs SSL_get0_next_proto_negotiated SSL_get0_param SSL_get0_peername +SSL_get0_verified_chain SSL_get1_session SSL_get1_supported_ciphers SSL_get_SSL_CTX @@ -226,14 +234,17 @@ SSL_get_info_callback SSL_get_max_early_data SSL_get_max_proto_version SSL_get_min_proto_version +SSL_get_num_tickets SSL_get_peer_cert_chain SSL_get_peer_certificate SSL_get_peer_finished +SSL_get_peer_quic_transport_params SSL_get_privatekey SSL_get_quiet_shutdown SSL_get_rbio SSL_get_read_ahead SSL_get_rfd +SSL_get_security_level SSL_get_selected_srtp_profile SSL_get_server_random SSL_get_servername @@ -252,15 +263,23 @@ SSL_get_wbio SSL_get_wfd SSL_has_matching_session_id SSL_is_dtls +SSL_is_quic SSL_is_server SSL_library_init SSL_load_client_CA_file SSL_load_error_strings SSL_new SSL_peek +SSL_peek_ex SSL_pending +SSL_process_quic_post_handshake +SSL_provide_quic_data +SSL_quic_max_handshake_flight_len +SSL_quic_read_level +SSL_quic_write_level SSL_read SSL_read_early_data +SSL_read_ex SSL_renegotiate SSL_renegotiate_abbreviated SSL_renegotiate_pending @@ -292,12 +311,17 @@ SSL_set_max_early_data SSL_set_max_proto_version SSL_set_min_proto_version SSL_set_msg_callback +SSL_set_num_tickets SSL_set_post_handshake_auth SSL_set_psk_use_session_callback SSL_set_purpose +SSL_set_quic_method +SSL_set_quic_transport_params +SSL_set_quic_use_legacy_codepoint SSL_set_quiet_shutdown SSL_set_read_ahead SSL_set_rfd +SSL_set_security_level SSL_set_session SSL_set_session_id_context SSL_set_session_secret_cb @@ -336,4 +360,5 @@ SSL_version_str SSL_want SSL_write SSL_write_early_data +SSL_write_ex OPENSSL_init_ssl diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c index 5ed56b88..5ecbb346 100644 --- a/ssl/ssl_algs.c +++ b/ssl/ssl_algs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_algs.c,v 1.29 2021/05/16 08:24:21 jsing Exp $ */ +/* $OpenBSD: ssl_algs.c,v 1.30 2022/01/14 08:38:48 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -113,7 +113,6 @@ SSL_library_init(void) EVP_add_digest(EVP_sha256()); EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); - EVP_add_digest(EVP_ecdsa()); #ifndef OPENSSL_NO_GOST EVP_add_digest(EVP_gostr341194()); EVP_add_digest(EVP_gost2814789imit()); diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 6ff7ca54..6095a737 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_asn1.c,v 1.59 2021/05/16 14:10:43 jsing Exp $ */ +/* $OpenBSD: ssl_asn1.c,v 1.65 2022/06/07 17:53:42 tb Exp $ */ /* * Copyright (c) 2016 Joel Sing * @@ -71,7 +71,7 @@ SSL_SESSION_encode(SSL_SESSION *s, unsigned char **out, size_t *out_len, /* Cipher suite ID. */ /* XXX - require cipher to be non-NULL or always/only use cipher_id. */ - cid = (uint16_t)(s->cipher_id & 0xffff); + cid = (uint16_t)(s->cipher_id & SSL3_CK_VALUE_MASK); if (s->cipher != NULL) cid = ssl3_cipher_get_value(s->cipher); if (!CBB_add_asn1(&session, &cipher_suite, CBS_ASN1_OCTETSTRING)) @@ -113,8 +113,8 @@ SSL_SESSION_encode(SSL_SESSION *s, unsigned char **out, size_t *out_len, } /* Peer certificate [3]. */ - if (s->peer != NULL) { - if ((len = i2d_X509(s->peer, &peer_cert_bytes)) <= 0) + if (s->peer_cert != NULL) { + if ((len = i2d_X509(s->peer_cert, &peer_cert_bytes)) <= 0) goto err; if (!CBB_add_asn1(&session, &peer_cert, SSLASN1_PEER_CERT_TAG)) goto err; @@ -295,21 +295,15 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) if (!CBS_get_asn1(&session, &session_id, CBS_ASN1_OCTETSTRING)) goto err; if (!CBS_write_bytes(&session_id, s->session_id, sizeof(s->session_id), - &data_len)) + &s->session_id_length)) goto err; - if (data_len > UINT_MAX) - goto err; - s->session_id_length = (unsigned int)data_len; /* Master key. */ if (!CBS_get_asn1(&session, &master_key, CBS_ASN1_OCTETSTRING)) goto err; if (!CBS_write_bytes(&master_key, s->master_key, sizeof(s->master_key), - &data_len)) - goto err; - if (data_len > INT_MAX) + &s->master_key_length)) goto err; - s->master_key_length = (int)data_len; /* Time [1]. */ s->time = time(NULL); @@ -332,8 +326,8 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) s->timeout = (long)timeout; /* Peer certificate [3]. */ - X509_free(s->peer); - s->peer = NULL; + X509_free(s->peer_cert); + s->peer_cert = NULL; if (!CBS_get_optional_asn1(&session, &peer_cert, &present, SSLASN1_PEER_CERT_TAG)) goto err; @@ -342,7 +336,7 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) if (data_len > LONG_MAX) goto err; peer_cert_bytes = CBS_data(&peer_cert); - if (d2i_X509(&s->peer, &peer_cert_bytes, + if (d2i_X509(&s->peer_cert, &peer_cert_bytes, (long)data_len) == NULL) goto err; } @@ -354,11 +348,8 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) goto err; if (present) { if (!CBS_write_bytes(&session_id, (uint8_t *)&s->sid_ctx, - sizeof(s->sid_ctx), &data_len)) - goto err; - if (data_len > UINT_MAX) + sizeof(s->sid_ctx), &s->sid_ctx_length)) goto err; - s->sid_ctx_length = (unsigned int)data_len; } /* Verify result [5]. */ @@ -388,16 +379,13 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) /* Ticket lifetime [9]. */ s->tlsext_tick_lifetime_hint = 0; - /* XXX - tlsext_ticklen is not yet set... */ - if (s->tlsext_ticklen > 0 && s->session_id_length > 0) - s->tlsext_tick_lifetime_hint = -1; if (!CBS_get_optional_asn1_uint64(&session, &lifetime, SSLASN1_LIFETIME_TAG, 0)) goto err; - if (lifetime > LONG_MAX) + if (lifetime > UINT32_MAX) goto err; if (lifetime > 0) - s->tlsext_tick_lifetime_hint = (long)lifetime; + s->tlsext_tick_lifetime_hint = (uint32_t)lifetime; /* Ticket [10]. */ free(s->tlsext_tick); diff --git a/ssl/ssl_both.c b/ssl/ssl_both.c index f3d50d6f..cfd32387 100644 --- a/ssl/ssl_both.c +++ b/ssl/ssl_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_both.c,v 1.35 2021/09/03 13:19:12 jsing Exp $ */ +/* $OpenBSD: ssl_both.c,v 1.42 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -168,33 +168,33 @@ ssl3_send_finished(SSL *s, int state_a, int state_b) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == state_a) { + if (s->s3->hs.state == state_a) { if (!tls12_derive_finished(s)) goto err; /* Copy finished so we can use it for renegotiation checks. */ if (!s->server) { - memcpy(S3I(s)->previous_client_finished, - S3I(s)->hs.finished, S3I(s)->hs.finished_len); - S3I(s)->previous_client_finished_len = - S3I(s)->hs.finished_len; + memcpy(s->s3->previous_client_finished, + s->s3->hs.finished, s->s3->hs.finished_len); + s->s3->previous_client_finished_len = + s->s3->hs.finished_len; } else { - memcpy(S3I(s)->previous_server_finished, - S3I(s)->hs.finished, S3I(s)->hs.finished_len); - S3I(s)->previous_server_finished_len = - S3I(s)->hs.finished_len; + memcpy(s->s3->previous_server_finished, + s->s3->hs.finished, s->s3->hs.finished_len); + s->s3->previous_server_finished_len = + s->s3->hs.finished_len; } if (!ssl3_handshake_msg_start(s, &cbb, &finished, SSL3_MT_FINISHED)) goto err; - if (!CBB_add_bytes(&finished, S3I(s)->hs.finished, - S3I(s)->hs.finished_len)) + if (!CBB_add_bytes(&finished, s->s3->hs.finished, + s->s3->hs.finished_len)) goto err; if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = state_b; + s->s3->hs.state = state_b; } return (ssl3_handshake_write(s)); @@ -208,41 +208,39 @@ ssl3_send_finished(SSL *s, int state_a, int state_b) int ssl3_get_finished(SSL *s, int a, int b) { - int al, ok, md_len; - long n; + int al, md_len, ret; CBS cbs; /* should actually be 36+4 :-) */ - n = ssl3_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok); - if (!ok) - return ((int)n); + if ((ret = ssl3_get_message(s, a, b, SSL3_MT_FINISHED, 64)) <= 0) + return ret; /* If this occurs, we have missed a message */ - if (!S3I(s)->change_cipher_spec) { + if (!s->s3->change_cipher_spec) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_GOT_A_FIN_BEFORE_A_CCS); goto fatal_err; } - S3I(s)->change_cipher_spec = 0; + s->s3->change_cipher_spec = 0; md_len = TLS1_FINISH_MAC_LENGTH; - if (n < 0) { + if (s->internal->init_num < 0) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); goto fatal_err; } - CBS_init(&cbs, s->internal->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); - if (S3I(s)->hs.peer_finished_len != md_len || + if (s->s3->hs.peer_finished_len != md_len || CBS_len(&cbs) != md_len) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); goto fatal_err; } - if (!CBS_mem_equal(&cbs, S3I(s)->hs.peer_finished, CBS_len(&cbs))) { + if (!CBS_mem_equal(&cbs, s->s3->hs.peer_finished, CBS_len(&cbs))) { al = SSL_AD_DECRYPT_ERROR; SSLerror(s, SSL_R_DIGEST_CHECK_FAILED); goto fatal_err; @@ -251,13 +249,13 @@ ssl3_get_finished(SSL *s, int a, int b) /* Copy finished so we can use it for renegotiation checks. */ OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); if (s->server) { - memcpy(S3I(s)->previous_client_finished, - S3I(s)->hs.peer_finished, md_len); - S3I(s)->previous_client_finished_len = md_len; + memcpy(s->s3->previous_client_finished, + s->s3->hs.peer_finished, md_len); + s->s3->previous_client_finished_len = md_len; } else { - memcpy(S3I(s)->previous_server_finished, - S3I(s)->hs.peer_finished, md_len); - S3I(s)->previous_server_finished_len = md_len; + memcpy(s->s3->previous_server_finished, + s->s3->hs.peer_finished, md_len); + s->s3->previous_server_finished_len = md_len; } return (1); @@ -274,7 +272,7 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == a) { + if (s->s3->hs.state == a) { if (!CBB_init_fixed(&cbb, s->internal->init_buf->data, s->internal->init_buf->length)) goto err; @@ -290,14 +288,14 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b) s->internal->init_off = 0; if (SSL_is_dtls(s)) { - D1I(s)->handshake_write_seq = - D1I(s)->next_handshake_write_seq; + s->d1->handshake_write_seq = + s->d1->next_handshake_write_seq; dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, - D1I(s)->handshake_write_seq, 0, 0); + s->d1->handshake_write_seq, 0, 0); dtls1_buffer_message(s, 1); } - S3I(s)->hs.state = b; + s->s3->hs.state = b; } /* SSL3_ST_CW_CHANGE_B */ @@ -336,7 +334,7 @@ ssl3_add_cert(CBB *cbb, X509 *x) } int -ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk) +ssl3_output_cert_chain(SSL *s, CBB *cbb, SSL_CERT_PKEY *cpk) { X509_STORE_CTX *xs_ctx = NULL; STACK_OF(X509) *chain; @@ -370,7 +368,7 @@ ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk) X509_V_FLAG_LEGACY_VERIFY); X509_verify_cert(xs_ctx); ERR_clear_error(); - chain = xs_ctx->chain; + chain = X509_STORE_CTX_get0_chain(xs_ctx); } for (i = 0; i < sk_X509_num(chain); i++) { @@ -397,8 +395,8 @@ ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk) * The first four bytes (msg_type and length) are read in state 'st1', * the body is read in state 'stn'. */ -long -ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) +int +ssl3_get_message(SSL *s, int st1, int stn, int mt, long max) { unsigned char *p; uint32_t l; @@ -408,25 +406,24 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) uint8_t u8; if (SSL_is_dtls(s)) - return (dtls1_get_message(s, st1, stn, mt, max, ok)); + return dtls1_get_message(s, st1, stn, mt, max); - if (S3I(s)->hs.tls12.reuse_message) { - S3I(s)->hs.tls12.reuse_message = 0; - if ((mt >= 0) && (S3I(s)->hs.tls12.message_type != mt)) { + if (s->s3->hs.tls12.reuse_message) { + s->s3->hs.tls12.reuse_message = 0; + if ((mt >= 0) && (s->s3->hs.tls12.message_type != mt)) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); goto fatal_err; } - *ok = 1; s->internal->init_msg = s->internal->init_buf->data + SSL3_HM_HEADER_LENGTH; - s->internal->init_num = (int)S3I(s)->hs.tls12.message_size; - return s->internal->init_num; + s->internal->init_num = (int)s->s3->hs.tls12.message_size; + return 1; } p = (unsigned char *)s->internal->init_buf->data; - if (S3I(s)->hs.state == st1) { + if (s->s3->hs.state == st1) { int skip_message; do { @@ -436,7 +433,6 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) SSL3_HM_HEADER_LENGTH - s->internal->init_num, 0); if (i <= 0) { s->internal->rwstate = SSL_READING; - *ok = 0; return i; } s->internal->init_num += i; @@ -473,7 +469,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) SSLerror(s, ERR_R_BUF_LIB); goto err; } - S3I(s)->hs.tls12.message_type = u8; + s->s3->hs.tls12.message_type = u8; if (l > (unsigned long)max) { al = SSL_AD_ILLEGAL_PARAMETER; @@ -485,8 +481,8 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) SSLerror(s, ERR_R_BUF_LIB); goto err; } - S3I(s)->hs.tls12.message_size = l; - S3I(s)->hs.state = stn; + s->s3->hs.tls12.message_size = l; + s->s3->hs.state = stn; s->internal->init_msg = s->internal->init_buf->data + SSL3_HM_HEADER_LENGTH; @@ -495,13 +491,12 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) /* next state (stn) */ p = s->internal->init_msg; - n = S3I(s)->hs.tls12.message_size - s->internal->init_num; + n = s->s3->hs.tls12.message_size - s->internal->init_num; while (n > 0) { i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[s->internal->init_num], n, 0); if (i <= 0) { s->internal->rwstate = SSL_READING; - *ok = 0; return i; } s->internal->init_num += i; @@ -518,43 +513,31 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) (size_t)s->internal->init_num + SSL3_HM_HEADER_LENGTH); } - *ok = 1; - return (s->internal->init_num); + return 1; fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: - *ok = 0; - return (-1); + return -1; } int -ssl_cert_type(X509 *x, EVP_PKEY *pkey) +ssl_cert_type(EVP_PKEY *pkey) { - EVP_PKEY *pk; - int ret = -1, i; - if (pkey == NULL) - pk = X509_get_pubkey(x); - else - pk = pkey; - if (pk == NULL) - goto err; - - i = pk->type; - if (i == EVP_PKEY_RSA) { - ret = SSL_PKEY_RSA; - } else if (i == EVP_PKEY_EC) { - ret = SSL_PKEY_ECC; - } else if (i == NID_id_GostR3410_2001 || - i == NID_id_GostR3410_2001_cc) { - ret = SSL_PKEY_GOST01; + return -1; + + switch (EVP_PKEY_id(pkey)) { + case EVP_PKEY_EC: + return SSL_PKEY_ECC; + case NID_id_GostR3410_2001: + case NID_id_GostR3410_2001_cc: + return SSL_PKEY_GOST01; + case EVP_PKEY_RSA: + return SSL_PKEY_RSA; } - err: - if (!pkey) - EVP_PKEY_free(pk); - return (ret); + return -1; } int @@ -661,16 +644,16 @@ ssl3_setup_read_buffer(SSL *s) align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); - if (S3I(s)->rbuf.buf == NULL) { + if (s->s3->rbuf.buf == NULL) { len = SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; if ((p = calloc(1, len)) == NULL) goto err; - S3I(s)->rbuf.buf = p; - S3I(s)->rbuf.len = len; + s->s3->rbuf.buf = p; + s->s3->rbuf.len = len; } - s->internal->packet = S3I(s)->rbuf.buf; + s->internal->packet = s->s3->rbuf.buf; return 1; err: @@ -691,7 +674,7 @@ ssl3_setup_write_buffer(SSL *s) align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); - if (S3I(s)->wbuf.buf == NULL) { + if (s->s3->wbuf.buf == NULL) { len = s->max_send_fragment + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align; if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) @@ -700,8 +683,8 @@ ssl3_setup_write_buffer(SSL *s) if ((p = calloc(1, len)) == NULL) goto err; - S3I(s)->wbuf.buf = p; - S3I(s)->wbuf.len = len; + s->s3->wbuf.buf = p; + s->s3->wbuf.len = len; } return 1; @@ -732,11 +715,11 @@ ssl3_release_buffer(SSL3_BUFFER_INTERNAL *b) void ssl3_release_read_buffer(SSL *s) { - ssl3_release_buffer(&S3I(s)->rbuf); + ssl3_release_buffer(&s->s3->rbuf); } void ssl3_release_write_buffer(SSL *s) { - ssl3_release_buffer(&S3I(s)->wbuf); + ssl3_release_buffer(&s->s3->wbuf); } diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index a13ee598..453d7577 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_cert.c,v 1.83 2021/06/11 11:13:53 jsing Exp $ */ +/* $OpenBSD: ssl_cert.c,v 1.103 2022/07/07 13:04:39 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -158,28 +158,31 @@ SSL_get_ex_data_X509_STORE_CTX_idx(void) return ssl_x509_store_ctx_idx; } -CERT * +SSL_CERT * ssl_cert_new(void) { - CERT *ret; + SSL_CERT *ret; - ret = calloc(1, sizeof(CERT)); + ret = calloc(1, sizeof(SSL_CERT)); if (ret == NULL) { SSLerrorx(ERR_R_MALLOC_FAILURE); return (NULL); } ret->key = &(ret->pkeys[SSL_PKEY_RSA]); ret->references = 1; + ret->security_cb = ssl_security_default_cb; + ret->security_level = OPENSSL_TLS_SECURITY_LEVEL; + ret->security_ex_data = NULL; return (ret); } -CERT * -ssl_cert_dup(CERT *cert) +SSL_CERT * +ssl_cert_dup(SSL_CERT *cert) { - CERT *ret; + SSL_CERT *ret; int i; - ret = calloc(1, sizeof(CERT)); + ret = calloc(1, sizeof(SSL_CERT)); if (ret == NULL) { SSLerrorx(ERR_R_MALLOC_FAILURE); return (NULL); @@ -195,44 +198,25 @@ ssl_cert_dup(CERT *cert) ret->mask_k = cert->mask_k; ret->mask_a = cert->mask_a; - if (cert->dh_tmp != NULL) { - ret->dh_tmp = DHparams_dup(cert->dh_tmp); - if (ret->dh_tmp == NULL) { + if (cert->dhe_params != NULL) { + ret->dhe_params = DHparams_dup(cert->dhe_params); + if (ret->dhe_params == NULL) { SSLerrorx(ERR_R_DH_LIB); goto err; } - if (cert->dh_tmp->priv_key) { - BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); - if (!b) { - SSLerrorx(ERR_R_BN_LIB); - goto err; - } - ret->dh_tmp->priv_key = b; - } - if (cert->dh_tmp->pub_key) { - BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); - if (!b) { - SSLerrorx(ERR_R_BN_LIB); - goto err; - } - ret->dh_tmp->pub_key = b; - } } - ret->dh_tmp_cb = cert->dh_tmp_cb; - ret->dh_tmp_auto = cert->dh_tmp_auto; + ret->dhe_params_cb = cert->dhe_params_cb; + ret->dhe_params_auto = cert->dhe_params_auto; for (i = 0; i < SSL_PKEY_NUM; i++) { if (cert->pkeys[i].x509 != NULL) { ret->pkeys[i].x509 = cert->pkeys[i].x509; - CRYPTO_add(&ret->pkeys[i].x509->references, 1, - CRYPTO_LOCK_X509); + X509_up_ref(ret->pkeys[i].x509); } if (cert->pkeys[i].privatekey != NULL) { ret->pkeys[i].privatekey = cert->pkeys[i].privatekey; - CRYPTO_add(&ret->pkeys[i].privatekey->references, 1, - CRYPTO_LOCK_EVP_PKEY); - + EVP_PKEY_up_ref(ret->pkeys[i].privatekey); switch (i) { /* * If there was anything special to do for @@ -265,6 +249,10 @@ ssl_cert_dup(CERT *cert) } } + ret->security_cb = cert->security_cb; + ret->security_level = cert->security_level; + ret->security_ex_data = cert->security_ex_data; + /* * ret->extra_certs *should* exist, but currently the own certificate * chain is held inside SSL_CTX @@ -275,7 +263,7 @@ ssl_cert_dup(CERT *cert) return (ret); err: - DH_free(ret->dh_tmp); + DH_free(ret->dhe_params); for (i = 0; i < SSL_PKEY_NUM; i++) { X509_free(ret->pkeys[i].x509); @@ -288,7 +276,7 @@ ssl_cert_dup(CERT *cert) void -ssl_cert_free(CERT *c) +ssl_cert_free(SSL_CERT *c) { int i; @@ -299,7 +287,7 @@ ssl_cert_free(CERT *c) if (i > 0) return; - DH_free(c->dh_tmp); + DH_free(c->dhe_params); for (i = 0; i < SSL_PKEY_NUM; i++) { X509_free(c->pkeys[i].x509); @@ -310,20 +298,46 @@ ssl_cert_free(CERT *c) free(c); } +SSL_CERT * +ssl_get0_cert(SSL_CTX *ctx, SSL *ssl) +{ + if (ssl != NULL) + return ssl->cert; + + return ctx->internal->cert; +} + int -ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain) +ssl_cert_set0_chain(SSL_CTX *ctx, SSL *ssl, STACK_OF(X509) *chain) { - if (c->key == NULL) + SSL_CERT *ssl_cert; + SSL_CERT_PKEY *cpk; + X509 *x509; + int ssl_err; + int i; + + if ((ssl_cert = ssl_get0_cert(ctx, ssl)) == NULL) + return 0; + + if ((cpk = ssl_cert->key) == NULL) return 0; - sk_X509_pop_free(c->key->chain, X509_free); - c->key->chain = chain; + for (i = 0; i < sk_X509_num(chain); i++) { + x509 = sk_X509_value(chain, i); + if (!ssl_security_cert(ctx, ssl, x509, 0, &ssl_err)) { + SSLerrorx(ssl_err); + return 0; + } + } + + sk_X509_pop_free(cpk->chain, X509_free); + cpk->chain = chain; return 1; } int -ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain) +ssl_cert_set1_chain(SSL_CTX *ctx, SSL *ssl, STACK_OF(X509) *chain) { STACK_OF(X509) *new_chain = NULL; @@ -331,7 +345,7 @@ ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain) if ((new_chain = X509_chain_up_ref(chain)) == NULL) return 0; } - if (!ssl_cert_set0_chain(c, new_chain)) { + if (!ssl_cert_set0_chain(ctx, ssl, new_chain)) { sk_X509_pop_free(new_chain, X509_free); return 0; } @@ -340,25 +354,37 @@ ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain) } int -ssl_cert_add0_chain_cert(CERT *c, X509 *cert) +ssl_cert_add0_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert) { - if (c->key == NULL) + SSL_CERT *ssl_cert; + SSL_CERT_PKEY *cpk; + int ssl_err; + + if ((ssl_cert = ssl_get0_cert(ctx, ssl)) == NULL) + return 0; + + if ((cpk = ssl_cert->key) == NULL) + return 0; + + if (!ssl_security_cert(ctx, ssl, cert, 0, &ssl_err)) { + SSLerrorx(ssl_err); return 0; + } - if (c->key->chain == NULL) { - if ((c->key->chain = sk_X509_new_null()) == NULL) + if (cpk->chain == NULL) { + if ((cpk->chain = sk_X509_new_null()) == NULL) return 0; } - if (!sk_X509_push(c->key->chain, cert)) + if (!sk_X509_push(cpk->chain, cert)) return 0; return 1; } int -ssl_cert_add1_chain_cert(CERT *c, X509 *cert) +ssl_cert_add1_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert) { - if (!ssl_cert_add0_chain_cert(c, cert)) + if (!ssl_cert_add0_chain_cert(ctx, ssl, cert)) return 0; X509_up_ref(cert); @@ -366,88 +392,66 @@ ssl_cert_add1_chain_cert(CERT *c, X509 *cert) return 1; } -SESS_CERT * -ssl_sess_cert_new(void) -{ - SESS_CERT *ret; - - ret = calloc(1, sizeof *ret); - if (ret == NULL) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - return NULL; - } - ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA]); - ret->references = 1; - - return ret; -} - -void -ssl_sess_cert_free(SESS_CERT *sc) -{ - int i; - - if (sc == NULL) - return; - - i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT); - if (i > 0) - return; - - sk_X509_pop_free(sc->cert_chain, X509_free); - for (i = 0; i < SSL_PKEY_NUM; i++) - X509_free(sc->peer_pkeys[i].x509); - - DH_free(sc->peer_dh_tmp); - EC_KEY_free(sc->peer_ecdh_tmp); - free(sc->peer_x25519_tmp); - - free(sc); -} - int -ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) +ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *certs) { - X509_STORE_CTX ctx; - X509 *x; - int ret; + X509_STORE_CTX *ctx = NULL; + X509_VERIFY_PARAM *param; + X509 *cert; + int ret = 0; - if ((sk == NULL) || (sk_X509_num(sk) == 0)) - return (0); + if (sk_X509_num(certs) < 1) + goto err; - x = sk_X509_value(sk, 0); - if (!X509_STORE_CTX_init(&ctx, s->ctx->cert_store, x, sk)) { + if ((ctx = X509_STORE_CTX_new()) == NULL) + goto err; + + cert = sk_X509_value(certs, 0); + if (!X509_STORE_CTX_init(ctx, s->ctx->cert_store, cert, certs)) { SSLerror(s, ERR_R_X509_LIB); - return (0); + goto err; } - X509_STORE_CTX_set_ex_data(&ctx, - SSL_get_ex_data_X509_STORE_CTX_idx(), s); + X509_STORE_CTX_set_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s); /* * We need to inherit the verify parameters. These can be * determined by the context: if its a server it will verify * SSL client certificates or vice versa. */ - X509_STORE_CTX_set_default(&ctx, - s->server ? "ssl_client" : "ssl_server"); + X509_STORE_CTX_set_default(ctx, s->server ? "ssl_client" : "ssl_server"); + + param = X509_STORE_CTX_get0_param(ctx); + + X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s)); /* * Anything non-default in "param" should overwrite anything * in the ctx. */ - X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param); + X509_VERIFY_PARAM_set1(param, s->param); if (s->internal->verify_callback) - X509_STORE_CTX_set_verify_cb(&ctx, s->internal->verify_callback); + X509_STORE_CTX_set_verify_cb(ctx, s->internal->verify_callback); if (s->ctx->internal->app_verify_callback != NULL) - ret = s->ctx->internal->app_verify_callback(&ctx, + ret = s->ctx->internal->app_verify_callback(ctx, s->ctx->internal->app_verify_arg); else - ret = X509_verify_cert(&ctx); + ret = X509_verify_cert(ctx); + + s->verify_result = X509_STORE_CTX_get_error(ctx); + sk_X509_pop_free(s->internal->verified_chain, X509_free); + s->internal->verified_chain = NULL; + if (X509_STORE_CTX_get0_chain(ctx) != NULL) { + s->internal->verified_chain = X509_STORE_CTX_get1_chain(ctx); + if (s->internal->verified_chain == NULL) { + SSLerrorx(ERR_R_MALLOC_FAILURE); + ret = 0; + } + } - s->verify_result = ctx.error; - X509_STORE_CTX_cleanup(&ctx); + err: + X509_STORE_CTX_free(ctx); return (ret); } @@ -508,7 +512,7 @@ SSL_get_client_CA_list(const SSL *s) if (!s->server) { /* We are in the client. */ if ((s->version >> 8) == SSL3_VERSION_MAJOR) - return (S3I(s)->hs.tls12.ca_names); + return (s->s3->hs.tls12.ca_names); else return (NULL); } else { @@ -575,7 +579,7 @@ SSL_load_client_CA_file(const char *file) sk = sk_X509_NAME_new(xname_cmp); - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if ((sk == NULL) || (in == NULL)) { SSLerrorx(ERR_R_MALLOC_FAILURE); @@ -604,8 +608,10 @@ SSL_load_client_CA_file(const char *file) if (sk_X509_NAME_find(sk, xn) >= 0) X509_NAME_free(xn); else { - sk_X509_NAME_push(sk, xn); - sk_X509_NAME_push(ret, xn); + if (!sk_X509_NAME_push(sk, xn)) + goto err; + if (!sk_X509_NAME_push(ret, xn)) + goto err; } } @@ -644,7 +650,7 @@ SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp); - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerrorx(ERR_R_MALLOC_FAILURE); @@ -665,7 +671,8 @@ SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, if (sk_X509_NAME_find(stack, xn) >= 0) X509_NAME_free(xn); else - sk_X509_NAME_push(stack, xn); + if (!sk_X509_NAME_push(stack, xn)) + goto err; } ERR_clear_error(); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 0e9941bc..f39cd2f0 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.124 2021/07/03 16:06:44 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.134 2022/09/08 15:31:12 millert Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -448,7 +448,7 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc, /* * This function does not handle EVP_AEAD. - * See ssl_cipher_get_aead_evp instead. + * See ssl_cipher_get_evp_aead instead. */ if (ss->cipher->algorithm_mac & SSL_AEAD) return 0; @@ -564,10 +564,10 @@ ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md) *md = NULL; - if (S3I(s)->hs.cipher == NULL) + if (s->s3->hs.cipher == NULL) return 0; - handshake_mac = S3I(s)->hs.cipher->algorithm2 & + handshake_mac = s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_MASK; /* For TLSv1.2 we upgrade the default MD5+SHA1 MAC to SHA256. */ @@ -681,7 +681,10 @@ ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers, co_list_num = 0; /* actual count of ciphers */ for (i = 0; i < num_of_ciphers; i++) { c = ssl_method->get_cipher(i); - /* drop those that use any of that is not available */ + /* + * Drop any invalid ciphers and any which use unavailable + * algorithms. + */ if ((c != NULL) && c->valid && !(c->algorithm_mkey & disabled_mkey) && !(c->algorithm_auth & disabled_auth) && @@ -693,9 +696,6 @@ ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers, co_list[co_list_num].prev = NULL; co_list[co_list_num].active = 0; co_list_num++; - /* - if (!sk_push(ca_list,(char *)c)) goto err; - */ } } @@ -942,7 +942,8 @@ ssl_cipher_strength_sort(CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) static int ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p, - CIPHER_ORDER **tail_p, const SSL_CIPHER **ca_list, int *tls13_seen) + CIPHER_ORDER **tail_p, const SSL_CIPHER **ca_list, SSL_CERT *cert, + int *tls13_seen) { unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; unsigned long algo_strength; @@ -997,7 +998,7 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p, ((ch >= '0') && (ch <= '9')) || ((ch >= 'a') && (ch <= 'z')) || (ch == '-') || (ch == '.') || - (ch == '_')) { + (ch == '_') || (ch == '=')) { ch = *(++l); buflen++; } @@ -1009,9 +1010,7 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p, * alphanumeric, so we call this an error. */ SSLerrorx(SSL_R_INVALID_COMMAND); - retval = found = 0; - l++; - break; + return 0; } if (rule == CIPHER_SPECIAL) { @@ -1153,18 +1152,24 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p, if (rule == CIPHER_SPECIAL) { /* special command */ ok = 0; - if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8)) + if (buflen == 8 && strncmp(buf, "STRENGTH", 8) == 0) { ok = ssl_cipher_strength_sort(head_p, tail_p); - else + } else if (buflen == 10 && + strncmp(buf, "SECLEVEL=", 9) == 0) { + int level = buf[9] - '0'; + + if (level >= 0 && level <= 5) { + cert->security_level = level; + ok = 1; + } else { + SSLerrorx(SSL_R_INVALID_COMMAND); + } + } else { SSLerrorx(SSL_R_INVALID_COMMAND); + } if (ok == 0) retval = 0; - /* - * We do not support any "multi" options - * together with "@", so throw away the - * rest of the command, if any left, until - * end or ':' is found. - */ + while ((*l != '\0') && !ITEM_SEP(*l)) l++; } else if (found) { @@ -1198,11 +1203,11 @@ STACK_OF(SSL_CIPHER) * ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) **cipher_list, STACK_OF(SSL_CIPHER) *cipher_list_tls13, - const char *rule_str) + const char *rule_str, SSL_CERT *cert) { int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; - STACK_OF(SSL_CIPHER) *cipherstack; + STACK_OF(SSL_CIPHER) *cipherstack = NULL, *ret = NULL; const char *rule_p; CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; const SSL_CIPHER **ca_list = NULL; @@ -1215,7 +1220,7 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, * Return with error if nothing to do. */ if (rule_str == NULL || cipher_list == NULL) - return NULL; + goto err; /* * To reduce the work to do we only want to process the compiled @@ -1232,7 +1237,7 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER)); if (co_list == NULL) { SSLerrorx(ERR_R_MALLOC_FAILURE); - return(NULL); /* Failure */ + goto err; } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, @@ -1285,10 +1290,8 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, /* Now sort by symmetric encryption strength. The above ordering remains * in force within each class */ - if (!ssl_cipher_strength_sort(&head, &tail)) { - free(co_list); - return NULL; - } + if (!ssl_cipher_strength_sort(&head, &tail)) + goto err; /* Now disable everything (maintaining the ordering!) */ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); @@ -1309,9 +1312,8 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; ca_list = reallocarray(NULL, num_of_alias_max, sizeof(SSL_CIPHER *)); if (ca_list == NULL) { - free(co_list); SSLerrorx(ERR_R_MALLOC_FAILURE); - return(NULL); /* Failure */ + goto err; } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, head); @@ -1324,7 +1326,7 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, rule_p = rule_str; if (strncmp(rule_str, "DEFAULT", 7) == 0) { ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, - &head, &tail, ca_list, &tls13_seen); + &head, &tail, ca_list, cert, &tls13_seen); rule_p += 7; if (*rule_p == ':') rule_p++; @@ -1332,14 +1334,11 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, if (ok && (strlen(rule_p) > 0)) ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, - &tls13_seen); - - free((void *)ca_list); /* Not needed anymore */ + cert, &tls13_seen); if (!ok) { /* Rule processing failure */ - free(co_list); - return (NULL); + goto err; } /* @@ -1347,15 +1346,18 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, * if we cannot get one. */ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { - free(co_list); - return (NULL); + SSLerrorx(ERR_R_MALLOC_FAILURE); + goto err; } /* Prefer TLSv1.3 cipher suites. */ if (cipher_list_tls13 != NULL) { for (i = 0; i < sk_SSL_CIPHER_num(cipher_list_tls13); i++) { cipher = sk_SSL_CIPHER_value(cipher_list_tls13, i); - sk_SSL_CIPHER_push(cipherstack, cipher); + if (!sk_SSL_CIPHER_push(cipherstack, cipher)) { + SSLerrorx(ERR_R_MALLOC_FAILURE); + goto err; + } } tls13_seen = 1; } @@ -1374,19 +1376,29 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, any_active = 0; for (curr = head; curr != NULL; curr = curr->next) { if (curr->active || - (!tls13_seen && curr->cipher->algorithm_ssl == SSL_TLSV1_3)) - sk_SSL_CIPHER_push(cipherstack, curr->cipher); + (!tls13_seen && curr->cipher->algorithm_ssl == SSL_TLSV1_3)) { + if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { + SSLerrorx(ERR_R_MALLOC_FAILURE); + goto err; + } + } any_active |= curr->active; } if (!any_active) sk_SSL_CIPHER_zero(cipherstack); - free(co_list); /* Not needed any longer */ - sk_SSL_CIPHER_free(*cipher_list); *cipher_list = cipherstack; + cipherstack = NULL; + + ret = *cipher_list; + + err: + sk_SSL_CIPHER_free(cipherstack); + free((void *)ca_list); + free(co_list); - return (cipherstack); + return ret; } const SSL_CIPHER * diff --git a/ssl/ssl_ciphers.c b/ssl/ssl_ciphers.c index 4e4a0d93..f77f32ab 100644 --- a/ssl/ssl_ciphers.c +++ b/ssl/ssl_ciphers.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciphers.c,v 1.11 2021/03/11 17:14:46 jsing Exp $ */ +/* $OpenBSD: ssl_ciphers.c,v 1.15 2022/07/02 16:31:04 tb Exp $ */ /* * Copyright (c) 2015-2017 Doug Hogan * Copyright (c) 2015-2018, 2020 Joel Sing @@ -70,6 +70,8 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb) if (!ssl_cipher_allowed_in_tls_version_range(cipher, min_vers, max_vers)) continue; + if (!ssl_security_cipher_check(s, cipher)) + continue; if (!CBB_add_u16(cbb, ssl3_cipher_get_value(cipher))) return 0; @@ -96,7 +98,7 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) uint16_t cipher_value; unsigned long cipher_id; - S3I(s)->send_connection_binding = 0; + s->s3->send_connection_binding = 0; if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); @@ -123,7 +125,7 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) goto err; } - S3I(s)->send_connection_binding = 1; + s->s3->send_connection_binding = 1; continue; } @@ -134,8 +136,8 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) * Fail if the current version is an unexpected * downgrade. */ - if (S3I(s)->hs.negotiated_tls_version < - S3I(s)->hs.our_max_tls_version) { + if (s->s3->hs.negotiated_tls_version < + s->s3->hs.our_max_tls_version) { SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INAPPROPRIATE_FALLBACK); @@ -168,28 +170,28 @@ struct ssl_tls13_ciphersuite { static const struct ssl_tls13_ciphersuite ssl_tls13_ciphersuites[] = { { - .name = TLS1_3_TXT_AES_128_GCM_SHA256, - .alias = "TLS_AES_128_GCM_SHA256", + .name = TLS1_3_RFC_AES_128_GCM_SHA256, + .alias = TLS1_3_TXT_AES_128_GCM_SHA256, .cid = TLS1_3_CK_AES_128_GCM_SHA256, }, { - .name = TLS1_3_TXT_AES_256_GCM_SHA384, - .alias = "TLS_AES_256_GCM_SHA384", + .name = TLS1_3_RFC_AES_256_GCM_SHA384, + .alias = TLS1_3_TXT_AES_256_GCM_SHA384, .cid = TLS1_3_CK_AES_256_GCM_SHA384, }, { - .name = TLS1_3_TXT_CHACHA20_POLY1305_SHA256, - .alias = "TLS_CHACHA20_POLY1305_SHA256", + .name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256, + .alias = TLS1_3_TXT_CHACHA20_POLY1305_SHA256, .cid = TLS1_3_CK_CHACHA20_POLY1305_SHA256, }, { - .name = TLS1_3_TXT_AES_128_CCM_SHA256, - .alias = "TLS_AES_128_CCM_SHA256", + .name = TLS1_3_RFC_AES_128_CCM_SHA256, + .alias = TLS1_3_TXT_AES_128_CCM_SHA256, .cid = TLS1_3_CK_AES_128_CCM_SHA256, }, { - .name = TLS1_3_TXT_AES_128_CCM_8_SHA256, - .alias = "TLS_AES_128_CCM_8_SHA256", + .name = TLS1_3_RFC_AES_128_CCM_8_SHA256, + .alias = TLS1_3_TXT_AES_128_CCM_8_SHA256, .cid = TLS1_3_CK_AES_128_CCM_8_SHA256, }, { diff --git a/ssl/ssl_clnt.c b/ssl/ssl_clnt.c index ddab394d..0e502858 100644 --- a/ssl/ssl_clnt.c +++ b/ssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.111 2021/09/03 13:18:17 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.153 2022/08/17 07:39:19 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -190,12 +190,12 @@ ssl3_connect(SSL *s) SSL_clear(s); for (;;) { - state = S3I(s)->hs.state; + state = s->s3->hs.state; - switch (S3I(s)->hs.state) { + switch (s->s3->hs.state) { case SSL_ST_RENEGOTIATE: s->internal->renegotiate = 1; - S3I(s)->hs.state = SSL_ST_CONNECT; + s->s3->hs.state = SSL_ST_CONNECT; s->ctx->internal->stats.sess_connect_renegotiate++; /* break */ case SSL_ST_BEFORE: @@ -214,13 +214,20 @@ ssl3_connect(SSL *s) } if (!ssl_supported_tls_version_range(s, - &S3I(s)->hs.our_min_tls_version, - &S3I(s)->hs.our_max_tls_version)) { + &s->s3->hs.our_min_tls_version, + &s->s3->hs.our_max_tls_version)) { SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); ret = -1; goto end; } + if (!ssl_security_version(s, + s->s3->hs.our_min_tls_version)) { + SSLerror(s, SSL_R_VERSION_TOO_LOW); + ret = -1; + goto end; + } + if (!ssl3_setup_init_buffer(s)) { ret = -1; goto end; @@ -241,7 +248,7 @@ ssl3_connect(SSL *s) goto end; } - S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A; + s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A; s->ctx->internal->stats.sess_connect++; s->internal->init_num = 0; @@ -249,7 +256,7 @@ ssl3_connect(SSL *s) /* mark client_random uninitialized */ memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); - D1I(s)->send_cookie = 0; + s->d1->send_cookie = 0; s->internal->hit = 0; } break; @@ -269,11 +276,11 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; - if (SSL_is_dtls(s) && D1I(s)->send_cookie) { - S3I(s)->hs.state = SSL3_ST_CW_FLUSH; - S3I(s)->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A; + if (SSL_is_dtls(s) && s->d1->send_cookie) { + s->s3->hs.state = SSL3_ST_CW_FLUSH; + s->s3->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A; } else - S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A; + s->s3->hs.state = SSL3_ST_CR_SRVR_HELLO_A; s->internal->init_num = 0; @@ -290,20 +297,20 @@ ssl3_connect(SSL *s) goto end; if (s->internal->hit) { - S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; + s->s3->hs.state = SSL3_ST_CR_FINISHED_A; if (!SSL_is_dtls(s)) { if (s->internal->tlsext_ticket_expected) { /* receive renewed session ticket */ - S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A; + s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A; } /* No client certificate verification. */ tls1_transcript_free(s); } } else if (SSL_is_dtls(s)) { - S3I(s)->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; + s->s3->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; } else { - S3I(s)->hs.state = SSL3_ST_CR_CERT_A; + s->s3->hs.state = SSL3_ST_CR_CERT_A; } s->internal->init_num = 0; break; @@ -314,10 +321,10 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; dtls1_stop_timer(s); - if (D1I(s)->send_cookie) /* start again, with a cookie */ - S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A; + if (s->d1->send_cookie) /* start again, with a cookie */ + s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A; else - S3I(s)->hs.state = SSL3_ST_CR_CERT_A; + s->s3->hs.state = SSL3_ST_CR_CERT_A; s->internal->init_num = 0; break; @@ -329,25 +336,25 @@ ssl3_connect(SSL *s) if (ret == 2) { s->internal->hit = 1; if (s->internal->tlsext_ticket_expected) - S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A; + s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A; else - S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; + s->s3->hs.state = SSL3_ST_CR_FINISHED_A; s->internal->init_num = 0; break; } /* Check if it is anon DH/ECDH. */ - if (!(S3I(s)->hs.cipher->algorithm_auth & + if (!(s->s3->hs.cipher->algorithm_auth & SSL_aNULL)) { ret = ssl3_get_server_certificate(s); if (ret <= 0) goto end; if (s->internal->tlsext_status_expected) - S3I(s)->hs.state = SSL3_ST_CR_CERT_STATUS_A; + s->s3->hs.state = SSL3_ST_CR_CERT_STATUS_A; else - S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A; } else { skip = 1; - S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A; } s->internal->init_num = 0; break; @@ -357,7 +364,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_server_key_exchange(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CR_CERT_REQ_A; + s->s3->hs.state = SSL3_ST_CR_CERT_REQ_A; s->internal->init_num = 0; /* @@ -375,7 +382,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_certificate_request(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CR_SRVR_DONE_A; + s->s3->hs.state = SSL3_ST_CR_SRVR_DONE_A; s->internal->init_num = 0; break; @@ -386,10 +393,10 @@ ssl3_connect(SSL *s) goto end; if (SSL_is_dtls(s)) dtls1_stop_timer(s); - if (S3I(s)->hs.tls12.cert_request) - S3I(s)->hs.state = SSL3_ST_CW_CERT_A; + if (s->s3->hs.tls12.cert_request) + s->s3->hs.state = SSL3_ST_CW_CERT_A; else - S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -403,7 +410,7 @@ ssl3_connect(SSL *s) ret = ssl3_send_client_certificate(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -430,16 +437,16 @@ ssl3_connect(SSL *s) * message when client's ECDH public key is sent * inside the client certificate. */ - if (S3I(s)->hs.tls12.cert_request == 1) { - S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_A; + if (s->s3->hs.tls12.cert_request == 1) { + s->s3->hs.state = SSL3_ST_CW_CERT_VRFY_A; } else { - S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; - S3I(s)->change_cipher_spec = 0; + s->s3->hs.state = SSL3_ST_CW_CHANGE_A; + s->s3->change_cipher_spec = 0; } if (!SSL_is_dtls(s)) { if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { - S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; - S3I(s)->change_cipher_spec = 0; + s->s3->hs.state = SSL3_ST_CW_CHANGE_A; + s->s3->change_cipher_spec = 0; } } @@ -453,9 +460,9 @@ ssl3_connect(SSL *s) ret = ssl3_send_client_verify(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; + s->s3->hs.state = SSL3_ST_CW_CHANGE_A; s->internal->init_num = 0; - S3I(s)->change_cipher_spec = 0; + s->s3->change_cipher_spec = 0; break; case SSL3_ST_CW_CHANGE_A: @@ -467,9 +474,9 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A; + s->s3->hs.state = SSL3_ST_CW_FINISHED_A; s->internal->init_num = 0; - s->session->cipher = S3I(s)->hs.cipher; + s->session->cipher = s->s3->hs.cipher; if (!tls1_setup_key_block(s)) { ret = -1; @@ -491,18 +498,18 @@ ssl3_connect(SSL *s) goto end; if (!SSL_is_dtls(s)) s->s3->flags |= SSL3_FLAGS_CCS_OK; - S3I(s)->hs.state = SSL3_ST_CW_FLUSH; + s->s3->hs.state = SSL3_ST_CW_FLUSH; /* clear flags */ if (s->internal->hit) { - S3I(s)->hs.tls12.next_state = SSL_ST_OK; + s->s3->hs.tls12.next_state = SSL_ST_OK; } else { /* Allow NewSessionTicket if ticket expected */ if (s->internal->tlsext_ticket_expected) - S3I(s)->hs.tls12.next_state = + s->s3->hs.tls12.next_state = SSL3_ST_CR_SESSION_TICKET_A; else - S3I(s)->hs.tls12.next_state = + s->s3->hs.tls12.next_state = SSL3_ST_CR_FINISHED_A; } s->internal->init_num = 0; @@ -513,7 +520,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_new_session_ticket(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; + s->s3->hs.state = SSL3_ST_CR_FINISHED_A; s->internal->init_num = 0; break; @@ -522,14 +529,14 @@ ssl3_connect(SSL *s) ret = ssl3_get_cert_status(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A; s->internal->init_num = 0; break; case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: if (SSL_is_dtls(s)) - D1I(s)->change_cipher_spec_ok = 1; + s->d1->change_cipher_spec_ok = 1; else s->s3->flags |= SSL3_FLAGS_CCS_OK; ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A, @@ -540,9 +547,9 @@ ssl3_connect(SSL *s) dtls1_stop_timer(s); if (s->internal->hit) - S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; + s->s3->hs.state = SSL3_ST_CW_CHANGE_A; else - S3I(s)->hs.state = SSL_ST_OK; + s->s3->hs.state = SSL_ST_OK; s->internal->init_num = 0; break; @@ -553,21 +560,21 @@ ssl3_connect(SSL *s) /* If the write error was fatal, stop trying */ if (!BIO_should_retry(s->wbio)) { s->internal->rwstate = SSL_NOTHING; - S3I(s)->hs.state = S3I(s)->hs.tls12.next_state; + s->s3->hs.state = s->s3->hs.tls12.next_state; } } ret = -1; goto end; } s->internal->rwstate = SSL_NOTHING; - S3I(s)->hs.state = S3I(s)->hs.tls12.next_state; + s->s3->hs.state = s->s3->hs.tls12.next_state; break; case SSL_ST_OK: /* clean a few things up */ tls1_cleanup_key_block(s); - if (S3I(s)->handshake_transcript != NULL) { + if (s->s3->handshake_transcript != NULL) { SSLerror(s, ERR_R_INTERNAL_ERROR); ret = -1; goto end; @@ -595,8 +602,8 @@ ssl3_connect(SSL *s) if (SSL_is_dtls(s)) { /* done with handshaking */ - D1I(s)->handshake_read_seq = 0; - D1I(s)->next_handshake_write_seq = 0; + s->d1->handshake_read_seq = 0; + s->d1->next_handshake_write_seq = 0; } goto end; @@ -610,17 +617,17 @@ ssl3_connect(SSL *s) } /* did we do anything */ - if (!S3I(s)->hs.tls12.reuse_message && !skip) { + if (!s->s3->hs.tls12.reuse_message && !skip) { if (s->internal->debug) { if ((ret = BIO_flush(s->wbio)) <= 0) goto end; } - if (S3I(s)->hs.state != state) { - new_state = S3I(s)->hs.state; - S3I(s)->hs.state = state; + if (s->s3->hs.state != state) { + new_state = s->s3->hs.state; + s->s3->hs.state = state; ssl_info_callback(s, SSL_CB_CONNECT_LOOP, 1); - S3I(s)->hs.state = new_state; + s->s3->hs.state = new_state; } } skip = 0; @@ -643,19 +650,18 @@ ssl3_send_client_hello(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_A) { + if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_A) { SSL_SESSION *sess = s->session; if (!ssl_max_supported_version(s, &max_version)) { SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); return (-1); } - s->client_version = s->version = max_version; + s->version = max_version; - if (sess == NULL || - sess->ssl_version != s->version || - (!sess->session_id_length && !sess->tlsext_tick) || - sess->internal->not_resumable) { + if (sess == NULL || sess->ssl_version != s->version || + (sess->session_id_length == 0 && sess->tlsext_tick == NULL) || + sess->not_resumable) { if (!ssl_get_new_session(s, 0)) goto err; } @@ -666,44 +672,14 @@ ssl3_send_client_hello(SSL *s) * HelloVerifyRequest, we must retain the original client * random value. */ - if (!SSL_is_dtls(s) || D1I(s)->send_cookie == 0) + if (!SSL_is_dtls(s) || s->d1->send_cookie == 0) arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); if (!ssl3_handshake_msg_start(s, &cbb, &client_hello, SSL3_MT_CLIENT_HELLO)) goto err; - /* - * Version indicates the negotiated version: for example from - * an SSLv2/v3 compatible client hello). The client_version - * field is the maximum version we permit and it is also - * used in RSA encrypted premaster secrets. Some servers can - * choke if we initially report a higher version then - * renegotiate to a lower one in the premaster secret. This - * didn't happen with TLS 1.0 as most servers supported it - * but it can with TLS 1.1 or later if the server only supports - * 1.0. - * - * Possible scenario with previous logic: - * 1. Client hello indicates TLS 1.2 - * 2. Server hello says TLS 1.0 - * 3. RSA encrypted premaster secret uses 1.2. - * 4. Handhaked proceeds using TLS 1.0. - * 5. Server sends hello request to renegotiate. - * 6. Client hello indicates TLS v1.0 as we now - * know that is maximum server supports. - * 7. Server chokes on RSA encrypted premaster secret - * containing version 1.0. - * - * For interoperability it should be OK to always use the - * maximum version we support in client hello and then rely - * on the checking of version to ensure the servers isn't - * being inconsistent: for example initially negotiating with - * TLS 1.0 and renegotiating with TLS 1.2. We do this by using - * client_version in client hello and not resetting it to - * the negotiated version. - */ - if (!CBB_add_u16(&client_hello, s->client_version)) + if (!CBB_add_u16(&client_hello, s->version)) goto err; /* Random stuff */ @@ -728,14 +704,14 @@ ssl3_send_client_hello(SSL *s) /* DTLS Cookie. */ if (SSL_is_dtls(s)) { - if (D1I(s)->cookie_len > sizeof(D1I(s)->cookie)) { + if (s->d1->cookie_len > sizeof(s->d1->cookie)) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } if (!CBB_add_u8_length_prefixed(&client_hello, &cookie)) goto err; - if (!CBB_add_bytes(&cookie, D1I(s)->cookie, - D1I(s)->cookie_len)) + if (!CBB_add_bytes(&cookie, s->d1->cookie, + s->d1->cookie_len)) goto err; } @@ -764,7 +740,7 @@ ssl3_send_client_hello(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_B; + s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_B; } /* SSL3_ST_CW_CLNT_HELLO_B */ @@ -779,27 +755,26 @@ ssl3_send_client_hello(SSL *s) int ssl3_get_dtls_hello_verify(SSL *s) { - long n; - int al, ok = 0; + CBS hello_verify_request, cookie; size_t cookie_len; uint16_t ssl_version; - CBS hello_verify_request, cookie; + int al, ret; - n = ssl3_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, - DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list, &ok); - if (!ok) - return ((int)n); + if ((ret = ssl3_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, + DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list)) <= 0) + return ret; - if (S3I(s)->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { - D1I(s)->send_cookie = 0; - S3I(s)->hs.tls12.reuse_message = 1; + if (s->s3->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { + s->d1->send_cookie = 0; + s->s3->hs.tls12.reuse_message = 1; return (1); } - if (n < 0) + if (s->internal->init_num < 0) goto decode_err; - CBS_init(&hello_verify_request, s->internal->init_msg, n); + CBS_init(&hello_verify_request, s->internal->init_msg, + s->internal->init_num); if (!CBS_get_u16(&hello_verify_request, &ssl_version)) goto decode_err; @@ -820,14 +795,14 @@ ssl3_get_dtls_hello_verify(SSL *s) goto fatal_err; } - if (!CBS_write_bytes(&cookie, D1I(s)->cookie, - sizeof(D1I(s)->cookie), &cookie_len)) { - D1I(s)->cookie_len = 0; + if (!CBS_write_bytes(&cookie, s->d1->cookie, + sizeof(s->d1->cookie), &cookie_len)) { + s->d1->cookie_len = 0; al = SSL_AD_ILLEGAL_PARAMETER; goto fatal_err; } - D1I(s)->cookie_len = cookie_len; - D1I(s)->send_cookie = 1; + s->d1->cookie_len = cookie_len; + s->d1->send_cookie = 1; return 1; @@ -847,26 +822,23 @@ ssl3_get_server_hello(SSL *s) const SSL_CIPHER *cipher; const SSL_METHOD *method; unsigned long alg_k; - size_t outlen; - int al, ok; - long n; + int al, ret; s->internal->first_packet = 1; - n = ssl3_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, - SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok); - if (!ok) - return ((int)n); + if ((ret = ssl3_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, + SSL3_ST_CR_SRVR_HELLO_B, -1, 20000 /* ?? */)) <= 0) + return ret; s->internal->first_packet = 0; - if (n < 0) + if (s->internal->init_num < 0) goto decode_err; - CBS_init(&cbs, s->internal->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); if (SSL_is_dtls(s)) { - if (S3I(s)->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { - if (D1I(s)->send_cookie == 0) { - S3I(s)->hs.tls12.reuse_message = 1; + if (s->s3->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { + if (s->d1->send_cookie == 0) { + s->s3->hs.tls12.reuse_message = 1; return (1); } else { /* Already sent a cookie. */ @@ -877,7 +849,7 @@ ssl3_get_server_hello(SSL *s) } } - if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_HELLO) { + if (s->s3->hs.tls12.message_type != SSL3_MT_SERVER_HELLO) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); goto fatal_err; @@ -892,10 +864,11 @@ ssl3_get_server_hello(SSL *s) al = SSL_AD_PROTOCOL_VERSION; goto fatal_err; } + s->s3->hs.peer_legacy_version = server_version; s->version = server_version; - S3I(s)->hs.negotiated_tls_version = ssl_tls_version(server_version); - if (S3I(s)->hs.negotiated_tls_version == 0) { + s->s3->hs.negotiated_tls_version = ssl_tls_version(server_version); + if (s->s3->hs.negotiated_tls_version == 0) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } @@ -913,8 +886,8 @@ ssl3_get_server_hello(SSL *s) sizeof(s->s3->server_random), NULL)) goto err; - if (S3I(s)->hs.our_max_tls_version >= TLS1_2_VERSION && - S3I(s)->hs.negotiated_tls_version < S3I(s)->hs.our_max_tls_version) { + if (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION && + s->s3->hs.negotiated_tls_version < s->s3->hs.our_max_tls_version) { /* * RFC 8446 section 4.1.3. We must not downgrade if the server * random value contains the TLS 1.2 or TLS 1.1 magical value. @@ -922,7 +895,7 @@ ssl3_get_server_hello(SSL *s) if (!CBS_skip(&server_random, CBS_len(&server_random) - sizeof(tls13_downgrade_12))) goto err; - if (S3I(s)->hs.negotiated_tls_version == TLS1_2_VERSION && + if (s->s3->hs.negotiated_tls_version == TLS1_2_VERSION && CBS_mem_equal(&server_random, tls13_downgrade_12, sizeof(tls13_downgrade_12))) { al = SSL_AD_ILLEGAL_PARAMETER; @@ -955,16 +928,26 @@ ssl3_get_server_hello(SSL *s) * Check if we want to resume the session based on external * pre-shared secret. */ - if (s->internal->tls_session_secret_cb) { + if (s->internal->tls_session_secret_cb != NULL) { SSL_CIPHER *pref_cipher = NULL; - s->session->master_key_length = sizeof(s->session->master_key); - if (s->internal->tls_session_secret_cb(s, s->session->master_key, - &s->session->master_key_length, NULL, &pref_cipher, - s->internal->tls_session_secret_cb_arg)) { - s->session->cipher = pref_cipher ? pref_cipher : - ssl3_get_cipher_by_value(cipher_suite); - s->s3->flags |= SSL3_FLAGS_CCS_OK; + int master_key_length = sizeof(s->session->master_key); + + if (!s->internal->tls_session_secret_cb(s, + s->session->master_key, &master_key_length, NULL, + &pref_cipher, s->internal->tls_session_secret_cb_arg)) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + goto err; } + if (master_key_length <= 0) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + goto err; + } + s->session->master_key_length = master_key_length; + + if ((s->session->cipher = pref_cipher) == NULL) + s->session->cipher = + ssl3_get_cipher_by_value(cipher_suite); + s->s3->flags |= SSL3_FLAGS_CCS_OK; } if (s->session->session_id_length != 0 && @@ -998,9 +981,9 @@ ssl3_get_server_hello(SSL *s) * zero length session identifier. */ if (!CBS_write_bytes(&session_id, s->session->session_id, - sizeof(s->session->session_id), &outlen)) + sizeof(s->session->session_id), + &s->session->session_id_length)) goto err; - s->session->session_id_length = outlen; s->session->ssl_version = s->version; } @@ -1013,7 +996,7 @@ ssl3_get_server_hello(SSL *s) /* TLS v1.2 only ciphersuites require v1.2 or later. */ if ((cipher->algorithm_ssl & SSL_TLSV1_2) && - S3I(s)->hs.negotiated_tls_version < TLS1_2_VERSION) { + s->s3->hs.negotiated_tls_version < TLS1_2_VERSION) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED); goto fatal_err; @@ -1038,7 +1021,7 @@ ssl3_get_server_hello(SSL *s) SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); goto fatal_err; } - S3I(s)->hs.cipher = cipher; + s->s3->hs.cipher = cipher; if (!tls1_transcript_hash_init(s)) goto err; @@ -1047,7 +1030,7 @@ ssl3_get_server_hello(SSL *s) * Don't digest cached records if no sigalgs: we may need them for * client authentication. */ - alg_k = S3I(s)->hs.cipher->algorithm_mkey; + alg_k = s->s3->hs.cipher->algorithm_mkey; if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST))) tls1_transcript_free(s); @@ -1076,7 +1059,7 @@ ssl3_get_server_hello(SSL *s) * which doesn't support RI so for the immediate future tolerate RI * absence on initial connect only. */ - if (!S3I(s)->renegotiate_seen && + if (!s->s3->renegotiate_seen && !(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); @@ -1103,138 +1086,80 @@ ssl3_get_server_hello(SSL *s) int ssl3_get_server_certificate(SSL *s) { - int al, i, ok, ret = -1; - long n; - CBS cbs, cert_list; - X509 *x = NULL; - const unsigned char *q; - STACK_OF(X509) *sk = NULL; - SESS_CERT *sc; - EVP_PKEY *pkey = NULL; - - n = ssl3_get_message(s, SSL3_ST_CR_CERT_A, - SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok); - if (!ok) - return ((int)n); - - if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { - S3I(s)->hs.tls12.reuse_message = 1; + CBS cbs, cert_list, cert_data; + STACK_OF(X509) *certs = NULL; + X509 *cert = NULL; + const uint8_t *p; + int al, ret; + + if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A, + SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0) + return ret; + + ret = -1; + + if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { + s->s3->hs.tls12.reuse_message = 1; return (1); } - if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) { + if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); goto fatal_err; } - - if ((sk = sk_X509_new_null()) == NULL) { + if ((certs = sk_X509_new_null()) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - if (n < 0) + if (s->internal->init_num < 0) goto decode_err; - CBS_init(&cbs, s->internal->init_msg, n); - if (CBS_len(&cbs) < 3) - goto decode_err; + CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); - if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) || - CBS_len(&cbs) != 0) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_LENGTH_MISMATCH); - goto fatal_err; - } + if (!CBS_get_u24_length_prefixed(&cbs, &cert_list)) + goto decode_err; + if (CBS_len(&cbs) != 0) + goto decode_err; while (CBS_len(&cert_list) > 0) { - CBS cert; - - if (CBS_len(&cert_list) < 3) + if (!CBS_get_u24_length_prefixed(&cert_list, &cert_data)) goto decode_err; - if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH); - goto fatal_err; - } - - q = CBS_data(&cert); - x = d2i_X509(NULL, &q, CBS_len(&cert)); - if (x == NULL) { + p = CBS_data(&cert_data); + if ((cert = d2i_X509(NULL, &p, CBS_len(&cert_data))) == NULL) { al = SSL_AD_BAD_CERTIFICATE; SSLerror(s, ERR_R_ASN1_LIB); goto fatal_err; } - if (q != CBS_data(&cert) + CBS_len(&cert)) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH); - goto fatal_err; - } - if (!sk_X509_push(sk, x)) { + if (p != CBS_data(&cert_data) + CBS_len(&cert_data)) + goto decode_err; + if (!sk_X509_push(certs, cert)) { SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - x = NULL; + cert = NULL; } - i = ssl_verify_cert_chain(s, sk); - if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) { + /* A server must always provide a non-empty certificate list. */ + if (sk_X509_num(certs) < 1) { + SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); + goto decode_err; + } + + if (ssl_verify_cert_chain(s, certs) <= 0 && + s->verify_mode != SSL_VERIFY_NONE) { al = ssl_verify_alarm_type(s->verify_result); SSLerror(s, SSL_R_CERTIFICATE_VERIFY_FAILED); goto fatal_err; - } - ERR_clear_error(); /* but we keep s->verify_result */ + s->session->verify_result = s->verify_result; + ERR_clear_error(); - sc = ssl_sess_cert_new(); - if (sc == NULL) + if (!tls_process_peer_certs(s, certs)) goto err; - ssl_sess_cert_free(SSI(s)->sess_cert); - SSI(s)->sess_cert = sc; - - sc->cert_chain = sk; - /* - * Inconsistency alert: cert_chain does include the peer's - * certificate, which we don't include in s3_srvr.c - */ - x = sk_X509_value(sk, 0); - sk = NULL; - /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/ - - pkey = X509_get_pubkey(x); - - if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) { - x = NULL; - al = SSL3_AL_FATAL; - SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); - goto fatal_err; - } - - i = ssl_cert_type(x, pkey); - if (i < 0) { - x = NULL; - al = SSL3_AL_FATAL; - SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE); - goto fatal_err; - } - - sc->peer_cert_type = i; - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - /* - * Why would the following ever happen? - * We just created sc a couple of lines ago. - */ - X509_free(sc->peer_pkeys[i].x509); - sc->peer_pkeys[i].x509 = x; - sc->peer_key = &(sc->peer_pkeys[i]); - - X509_free(s->session->peer); - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - s->session->peer = x; - s->session->verify_result = s->verify_result; - x = NULL; ret = 1; if (0) { @@ -1246,247 +1171,145 @@ ssl3_get_server_certificate(SSL *s) ssl3_send_alert(s, SSL3_AL_FATAL, al); } err: - EVP_PKEY_free(pkey); - X509_free(x); - sk_X509_pop_free(sk, X509_free); + sk_X509_pop_free(certs, X509_free); + X509_free(cert); return (ret); } static int -ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs) +ssl3_get_server_kex_dhe(SSL *s, CBS *cbs) { - CBS dhp, dhg, dhpk; - BN_CTX *bn_ctx = NULL; - SESS_CERT *sc = NULL; - DH *dh = NULL; - long alg_a; - int al; + int decode_error, invalid_params, invalid_key; + int nid = NID_dhKeyAgreement; - alg_a = S3I(s)->hs.cipher->algorithm_auth; - sc = SSI(s)->sess_cert; - - if ((dh = DH_new()) == NULL) { - SSLerror(s, ERR_R_DH_LIB); - goto err; - } - - if (!CBS_get_u16_length_prefixed(cbs, &dhp)) - goto decode_err; - if ((dh->p = BN_bin2bn(CBS_data(&dhp), CBS_len(&dhp), NULL)) == NULL) { - SSLerror(s, ERR_R_BN_LIB); + tls_key_share_free(s->s3->hs.key_share); + if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL) goto err; - } - if (!CBS_get_u16_length_prefixed(cbs, &dhg)) - goto decode_err; - if ((dh->g = BN_bin2bn(CBS_data(&dhg), CBS_len(&dhg), NULL)) == NULL) { - SSLerror(s, ERR_R_BN_LIB); + if (!tls_key_share_peer_params(s->s3->hs.key_share, cbs, + &decode_error, &invalid_params)) { + if (decode_error) { + SSLerror(s, SSL_R_BAD_PACKET_LENGTH); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + } goto err; } - - if (!CBS_get_u16_length_prefixed(cbs, &dhpk)) - goto decode_err; - if ((dh->pub_key = BN_bin2bn(CBS_data(&dhpk), CBS_len(&dhpk), - NULL)) == NULL) { - SSLerror(s, ERR_R_BN_LIB); + if (!tls_key_share_peer_public(s->s3->hs.key_share, cbs, + &decode_error, &invalid_key)) { + if (decode_error) { + SSLerror(s, SSL_R_BAD_PACKET_LENGTH); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + } goto err; } - /* - * Check the strength of the DH key just constructed. - * Discard keys weaker than 1024 bits. - */ - if (DH_size(dh) < 1024 / 8) { + if (invalid_params) { SSLerror(s, SSL_R_BAD_DH_P_LENGTH); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); goto err; } - - if (alg_a & SSL_aRSA) - *pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA].x509); - else - /* XXX - Anonymous DH, so no certificate or pkey. */ - *pkey = NULL; - - sc->peer_dh_tmp = dh; - - return (1); - - decode_err: - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - ssl3_send_alert(s, SSL3_AL_FATAL, al); - - err: - DH_free(dh); - BN_CTX_free(bn_ctx); - - return (-1); -} - -static int -ssl3_get_server_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, int nid, CBS *public) -{ - EC_KEY *ecdh = NULL; - int ret = -1; - - /* Extract the server's ephemeral ECDH public key. */ - if ((ecdh = EC_KEY_new()) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!ssl_kex_peer_public_ecdhe_ecp(ecdh, nid, public)) { - SSLerror(s, SSL_R_BAD_ECPOINT); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - goto err; - } - - sc->peer_nid = nid; - sc->peer_ecdh_tmp = ecdh; - ecdh = NULL; - - ret = 1; - - err: - EC_KEY_free(ecdh); - - return (ret); -} - -static int -ssl3_get_server_kex_ecdhe_ecx(SSL *s, SESS_CERT *sc, int nid, CBS *public) -{ - size_t outlen; - - if (nid != NID_X25519) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - - if (CBS_len(public) != X25519_KEY_LENGTH) { - SSLerror(s, SSL_R_BAD_ECPOINT); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + if (invalid_key) { + SSLerror(s, SSL_R_BAD_DH_PUB_KEY_LENGTH); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); goto err; } - if (!CBS_stow(public, &sc->peer_x25519_tmp, &outlen)) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; + if (!tls_key_share_peer_security(s, s->s3->hs.key_share)) { + SSLerror(s, SSL_R_DH_KEY_TOO_SMALL); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + return 0; } - return (1); + return 1; err: - return (-1); + return 0; } static int -ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs) +ssl3_get_server_kex_ecdhe(SSL *s, CBS *cbs) { - CBS public; uint8_t curve_type; - uint16_t curve_id; - SESS_CERT *sc; - long alg_a; - int nid; - int al; + uint16_t group_id; + int decode_error; + CBS public; - alg_a = S3I(s)->hs.cipher->algorithm_auth; - sc = SSI(s)->sess_cert; + if (!CBS_get_u8(cbs, &curve_type)) + goto decode_err; + if (!CBS_get_u16(cbs, &group_id)) + goto decode_err; /* Only named curves are supported. */ - if (!CBS_get_u8(cbs, &curve_type) || - curve_type != NAMED_CURVE_TYPE || - !CBS_get_u16(cbs, &curve_id)) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_LENGTH_TOO_SHORT); - goto fatal_err; + if (curve_type != NAMED_CURVE_TYPE) { + SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + goto err; } + if (!CBS_get_u8_length_prefixed(cbs, &public)) + goto decode_err; + /* - * Check that the curve is one of our preferences - if it is not, - * the server has sent us an invalid curve. + * Check that the group is one of our preferences - if it is not, + * the server has sent us an invalid group. */ - if (tls1_check_curve(s, curve_id) != 1) { - al = SSL_AD_DECODE_ERROR; + if (!tls1_check_group(s, group_id)) { SSLerror(s, SSL_R_WRONG_CURVE); - goto fatal_err; - } - - if ((nid = tls1_ec_curve_id2nid(curve_id)) == 0) { - al = SSL_AD_INTERNAL_ERROR; - SSLerror(s, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); - goto fatal_err; + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); + goto err; } - if (!CBS_get_u8_length_prefixed(cbs, &public)) - goto decode_err; + tls_key_share_free(s->s3->hs.key_share); + if ((s->s3->hs.key_share = tls_key_share_new(group_id)) == NULL) + goto err; - if (nid == NID_X25519) { - if (ssl3_get_server_kex_ecdhe_ecx(s, sc, nid, &public) != 1) - goto err; - } else { - if (ssl3_get_server_kex_ecdhe_ecp(s, sc, nid, &public) != 1) - goto err; + if (!tls_key_share_peer_public(s->s3->hs.key_share, &public, + &decode_error, NULL)) { + if (decode_error) + goto decode_err; + goto err; } - /* - * The ECC/TLS specification does not mention the use of DSA to sign - * ECParameters in the server key exchange message. We do support RSA - * and ECDSA. - */ - if (alg_a & SSL_aRSA) - *pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA].x509); - else if (alg_a & SSL_aECDSA) - *pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_ECC].x509); - else - /* XXX - Anonymous ECDH, so no certificate or pkey. */ - *pkey = NULL; - - return (1); + return 1; decode_err: - al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); err: - return (-1); + return 0; } int ssl3_get_server_key_exchange(SSL *s) { CBS cbs, signature; - EVP_PKEY *pkey = NULL; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx; const unsigned char *param; - long n, alg_k, alg_a; - int al, ok; size_t param_len; + long alg_k, alg_a; + int al, ret; - EVP_MD_CTX_init(&md_ctx); - - alg_k = S3I(s)->hs.cipher->algorithm_mkey; - alg_a = S3I(s)->hs.cipher->algorithm_auth; + alg_k = s->s3->hs.cipher->algorithm_mkey; + alg_a = s->s3->hs.cipher->algorithm_auth; /* * Use same message size as in ssl3_get_certificate_request() * as ServerKeyExchange message may be skipped. */ - n = ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A, - SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list, &ok); - if (!ok) - return ((int)n); + if ((ret = ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A, + SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list)) <= 0) + return ret; - if (n < 0) + if ((md_ctx = EVP_MD_CTX_new()) == NULL) goto err; - CBS_init(&cbs, s->internal->init_msg, n); + if (s->internal->init_num < 0) + goto err; + + CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); - if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { + if (s->s3->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { /* * Do not skip server key exchange if this cipher suite uses * ephemeral keys. @@ -1497,34 +1320,19 @@ ssl3_get_server_key_exchange(SSL *s) goto fatal_err; } - S3I(s)->hs.tls12.reuse_message = 1; - EVP_MD_CTX_cleanup(&md_ctx); + s->s3->hs.tls12.reuse_message = 1; + EVP_MD_CTX_free(md_ctx); return (1); } - if (SSI(s)->sess_cert != NULL) { - DH_free(SSI(s)->sess_cert->peer_dh_tmp); - SSI(s)->sess_cert->peer_dh_tmp = NULL; - - EC_KEY_free(SSI(s)->sess_cert->peer_ecdh_tmp); - SSI(s)->sess_cert->peer_ecdh_tmp = NULL; - - free(SSI(s)->sess_cert->peer_x25519_tmp); - SSI(s)->sess_cert->peer_x25519_tmp = NULL; - } else { - SSI(s)->sess_cert = ssl_sess_cert_new(); - if (SSI(s)->sess_cert == NULL) - goto err; - } - param = CBS_data(&cbs); param_len = CBS_len(&cbs); if (alg_k & SSL_kDHE) { - if (ssl3_get_server_kex_dhe(s, &pkey, &cbs) != 1) + if (!ssl3_get_server_kex_dhe(s, &cbs)) goto err; } else if (alg_k & SSL_kECDHE) { - if (ssl3_get_server_kex_ecdhe(s, &pkey, &cbs) != 1) + if (!ssl3_get_server_kex_ecdhe(s, &cbs)) goto err; } else if (alg_k != 0) { al = SSL_AD_UNEXPECTED_MESSAGE; @@ -1535,10 +1343,24 @@ ssl3_get_server_key_exchange(SSL *s) param_len -= CBS_len(&cbs); /* if it was signed, check the signature */ - if (pkey != NULL) { + if ((alg_a & SSL_aNULL) == 0) { uint16_t sigalg_value = SIGALG_NONE; const struct ssl_sigalg *sigalg; EVP_PKEY_CTX *pctx; + EVP_PKEY *pkey = NULL; + + if ((alg_a & SSL_aRSA) != 0 && + s->session->peer_cert_type == SSL_PKEY_RSA) { + pkey = X509_get0_pubkey(s->session->peer_cert); + } else if ((alg_a & SSL_aECDSA) != 0 && + s->session->peer_cert_type == SSL_PKEY_ECC) { + pkey = X509_get0_pubkey(s->session->peer_cert); + } + if (pkey == NULL) { + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE); + goto fatal_err; + } if (SSL_USE_SIGALGS(s)) { if (!CBS_get_u16(&cbs, &sigalg_value)) @@ -1557,12 +1379,12 @@ ssl3_get_server_key_exchange(SSL *s) al = SSL_AD_DECODE_ERROR; goto fatal_err; } - S3I(s)->hs.peer_sigalg = sigalg; + s->s3->hs.peer_sigalg = sigalg; - if (!EVP_DigestVerifyInit(&md_ctx, &pctx, sigalg->md(), + if (!EVP_DigestVerifyInit(md_ctx, &pctx, sigalg->md(), NULL, pkey)) goto err; - if (!EVP_DigestVerifyUpdate(&md_ctx, s->s3->client_random, + if (!EVP_DigestVerifyUpdate(md_ctx, s->s3->client_random, SSL3_RANDOM_SIZE)) goto err; if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && @@ -1570,23 +1392,17 @@ ssl3_get_server_key_exchange(SSL *s) RSA_PKCS1_PSS_PADDING) || !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) goto err; - if (!EVP_DigestVerifyUpdate(&md_ctx, s->s3->server_random, + if (!EVP_DigestVerifyUpdate(md_ctx, s->s3->server_random, SSL3_RANDOM_SIZE)) goto err; - if (!EVP_DigestVerifyUpdate(&md_ctx, param, param_len)) + if (!EVP_DigestVerifyUpdate(md_ctx, param, param_len)) goto err; - if (EVP_DigestVerifyFinal(&md_ctx, CBS_data(&signature), + if (EVP_DigestVerifyFinal(md_ctx, CBS_data(&signature), CBS_len(&signature)) <= 0) { al = SSL_AD_DECRYPT_ERROR; SSLerror(s, SSL_R_BAD_SIGNATURE); goto fatal_err; } - } else { - /* aNULL does not need public keys. */ - if (!(alg_a & SSL_aNULL)) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } } if (CBS_len(&cbs) != 0) { @@ -1595,8 +1411,7 @@ ssl3_get_server_key_exchange(SSL *s) goto fatal_err; } - EVP_PKEY_free(pkey); - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); return (1); @@ -1608,8 +1423,7 @@ ssl3_get_server_key_exchange(SSL *s) ssl3_send_alert(s, SSL3_AL_FATAL, al); err: - EVP_PKEY_free(pkey); - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); return (-1); } @@ -1617,22 +1431,22 @@ ssl3_get_server_key_exchange(SSL *s) int ssl3_get_certificate_request(SSL *s) { - int ok, ret = 0; - long n; - CBS cert_request, cert_types, rdn_list; - X509_NAME *xn = NULL; - const unsigned char *q; - STACK_OF(X509_NAME) *ca_sk = NULL; - - n = ssl3_get_message(s, SSL3_ST_CR_CERT_REQ_A, - SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list, &ok); - if (!ok) - return ((int)n); - - S3I(s)->hs.tls12.cert_request = 0; - - if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_DONE) { - S3I(s)->hs.tls12.reuse_message = 1; + CBS cert_request, cert_types, rdn_list; + X509_NAME *xn = NULL; + const unsigned char *q; + STACK_OF(X509_NAME) *ca_sk = NULL; + int ret; + + if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_REQ_A, + SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list)) <= 0) + return ret; + + ret = 0; + + s->s3->hs.tls12.cert_request = 0; + + if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_DONE) { + s->s3->hs.tls12.reuse_message = 1; /* * If we get here we don't need any cached handshake records * as we wont be doing client auth. @@ -1641,22 +1455,22 @@ ssl3_get_certificate_request(SSL *s) return (1); } - if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_REQUEST) { + if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_REQUEST) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE); goto err; } /* TLS does not like anon-DH with client cert */ - if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) { + if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); goto err; } - if (n < 0) + if (s->internal->init_num < 0) goto decode_err; - CBS_init(&cert_request, s->internal->init_msg, n); + CBS_init(&cert_request, s->internal->init_msg, s->internal->init_num); if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); @@ -1683,8 +1497,8 @@ ssl3_get_certificate_request(SSL *s) SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); goto err; } - if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, - &S3I(s)->hs.sigalgs_len)) + if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, + &s->s3->hs.sigalgs_len)) goto err; } @@ -1736,9 +1550,9 @@ ssl3_get_certificate_request(SSL *s) } /* we should setup a certificate to return.... */ - S3I(s)->hs.tls12.cert_request = 1; - sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free); - S3I(s)->hs.tls12.ca_names = ca_sk; + s->s3->hs.tls12.cert_request = 1; + sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free); + s->s3->hs.tls12.ca_names = ca_sk; ca_sk = NULL; ret = 1; @@ -1761,44 +1575,40 @@ ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) int ssl3_get_new_session_ticket(SSL *s) { - int ok, al, ret = 0; - uint32_t lifetime_hint; - long n; - CBS cbs, session_ticket; - - n = ssl3_get_message(s, SSL3_ST_CR_SESSION_TICKET_A, - SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok); - if (!ok) - return ((int)n); - - if (S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) { - S3I(s)->hs.tls12.reuse_message = 1; + uint32_t lifetime_hint; + CBS cbs, session_ticket; + unsigned int session_id_length = 0; + int al, ret; + + if ((ret = ssl3_get_message(s, SSL3_ST_CR_SESSION_TICKET_A, + SSL3_ST_CR_SESSION_TICKET_B, -1, 16384)) <= 0) + return ret; + + if (s->s3->hs.tls12.message_type == SSL3_MT_FINISHED) { + s->s3->hs.tls12.reuse_message = 1; return (1); } - if (S3I(s)->hs.tls12.message_type != SSL3_MT_NEWSESSION_TICKET) { + if (s->s3->hs.tls12.message_type != SSL3_MT_NEWSESSION_TICKET) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); goto fatal_err; } - if (n < 0) { + if (s->internal->init_num < 0) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_LENGTH_MISMATCH); goto fatal_err; } - CBS_init(&cbs, s->internal->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); if (!CBS_get_u32(&cbs, &lifetime_hint) || -#if UINT32_MAX > LONG_MAX - lifetime_hint > LONG_MAX || -#endif !CBS_get_u16_length_prefixed(&cbs, &session_ticket) || CBS_len(&cbs) != 0) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_LENGTH_MISMATCH); goto fatal_err; } - s->session->tlsext_tick_lifetime_hint = (long)lifetime_hint; + s->session->tlsext_tick_lifetime_hint = lifetime_hint; if (!CBS_stow(&session_ticket, &s->session->tlsext_tick, &s->session->tlsext_ticklen)) { @@ -1819,14 +1629,18 @@ ssl3_get_new_session_ticket(SSL *s) * * We choose the former approach because this fits in with * assumptions elsewhere in OpenSSL. The session ID is set - * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the - * ticket. + * to the SHA256 hash of the ticket. */ - EVP_Digest(CBS_data(&session_ticket), CBS_len(&session_ticket), - s->session->session_id, &s->session->session_id_length, - EVP_sha256(), NULL); - ret = 1; - return (ret); + if (!EVP_Digest(CBS_data(&session_ticket), CBS_len(&session_ticket), + s->session->session_id, &session_id_length, EVP_sha256(), NULL)) { + al = SSL_AD_INTERNAL_ERROR; + SSLerror(s, ERR_R_EVP_LIB); + goto fatal_err; + } + s->session->session_id_length = session_id_length; + + return (1); + fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: @@ -1836,24 +1650,20 @@ ssl3_get_new_session_ticket(SSL *s) int ssl3_get_cert_status(SSL *s) { - CBS cert_status, response; - int ok, al; - long n; - uint8_t status_type; + CBS cert_status, response; + uint8_t status_type; + int al, ret; - n = ssl3_get_message(s, SSL3_ST_CR_CERT_STATUS_A, - SSL3_ST_CR_CERT_STATUS_B, -1, 16384, &ok); - if (!ok) - return ((int)n); + if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_STATUS_A, + SSL3_ST_CR_CERT_STATUS_B, -1, 16384)) <= 0) + return ret; - if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { + if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { /* * Tell the callback the server did not send us an OSCP * response, and has decided to head directly to key exchange. */ if (s->ctx->internal->tlsext_status_cb) { - int ret; - free(s->internal->tlsext_ocsp_resp); s->internal->tlsext_ocsp_resp = NULL; s->internal->tlsext_ocsp_resp_len = 0; @@ -1871,25 +1681,25 @@ ssl3_get_cert_status(SSL *s) goto fatal_err; } } - S3I(s)->hs.tls12.reuse_message = 1; + s->s3->hs.tls12.reuse_message = 1; return (1); } - if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE && - S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_STATUS) { + if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE && + s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_STATUS) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); goto fatal_err; } - if (n < 0) { + if (s->internal->init_num < 0) { /* need at least status type + length */ al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_LENGTH_MISMATCH); goto fatal_err; } - CBS_init(&cert_status, s->internal->init_msg, n); + CBS_init(&cert_status, s->internal->init_msg, s->internal->init_num); if (!CBS_get_u8(&cert_status, &status_type) || CBS_len(&cert_status) < 3) { /* need at least status type + length */ @@ -1919,7 +1729,6 @@ ssl3_get_cert_status(SSL *s) } if (s->ctx->internal->tlsext_status_cb) { - int ret; ret = s->ctx->internal->tlsext_status_cb(s, s->ctx->internal->tlsext_status_arg); if (ret == 0) { @@ -1942,32 +1751,32 @@ ssl3_get_cert_status(SSL *s) int ssl3_get_server_done(SSL *s) { - int ok, ret = 0; - long n; + int ret; - n = ssl3_get_message(s, SSL3_ST_CR_SRVR_DONE_A, - SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE, - 30, /* should be very small, like 0 :-) */ &ok); - if (!ok) - return ((int)n); + if ((ret = ssl3_get_message(s, SSL3_ST_CR_SRVR_DONE_A, + SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE, + 30 /* should be very small, like 0 :-) */)) <= 0) + return ret; - if (n > 0) { + if (s->internal->init_num != 0) { /* should contain no data */ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); SSLerror(s, SSL_R_LENGTH_MISMATCH); - return (-1); + return -1; } - ret = 1; - return (ret); + + return 1; } static int -ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb) +ssl3_send_client_kex_rsa(SSL *s, CBB *cbb) { unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH]; unsigned char *enc_pms = NULL; - EVP_PKEY *pkey = NULL; - int ret = -1; + uint16_t max_legacy_version; + EVP_PKEY *pkey; + RSA *rsa; + int ret = 0; int enc_len; CBB epms; @@ -1975,24 +1784,31 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb) * RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1. */ - pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA].x509); - if (pkey == NULL || pkey->type != EVP_PKEY_RSA || - pkey->pkey.rsa == NULL) { + pkey = X509_get0_pubkey(s->session->peer_cert); + if (pkey == NULL || (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } - /* XXX - our max protocol version. */ - pms[0] = s->client_version >> 8; - pms[1] = s->client_version & 0xff; + /* + * Our maximum legacy protocol version - while RFC 5246 section 7.4.7.1 + * says "The latest (newest) version supported by the client", if we're + * doing RSA key exchange then we have to presume that we're talking to + * a server that does not understand the supported versions extension + * and therefore our maximum version is that sent in the ClientHello. + */ + if (!ssl_max_legacy_version(s, &max_legacy_version)) + goto err; + pms[0] = max_legacy_version >> 8; + pms[1] = max_legacy_version & 0xff; arc4random_buf(&pms[2], sizeof(pms) - 2); - if ((enc_pms = malloc(RSA_size(pkey->pkey.rsa))) == NULL) { + if ((enc_pms = malloc(RSA_size(rsa))) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - enc_len = RSA_public_encrypt(sizeof(pms), pms, enc_pms, pkey->pkey.rsa, + enc_len = RSA_public_encrypt(sizeof(pms), pms, enc_pms, rsa, RSA_PKCS1_PADDING); if (enc_len <= 0) { SSLerror(s, SSL_R_BAD_RSA_ENCRYPT); @@ -2013,99 +1829,77 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb) err: explicit_bzero(pms, sizeof(pms)); - EVP_PKEY_free(pkey); free(enc_pms); - return (ret); + return ret; } static int -ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb) +ssl3_send_client_kex_dhe(SSL *s, CBB *cbb) { - DH *dh_srvr = NULL, *dh_clnt = NULL; - unsigned char *key = NULL; - int key_size = 0, key_len; - unsigned char *data; - int ret = -1; - CBB dh_Yc; + uint8_t *key = NULL; + size_t key_len = 0; + int ret = 0; - /* Ensure that we have an ephemeral key for DHE. */ - if (sess_cert->peer_dh_tmp == NULL) { + /* Ensure that we have an ephemeral key from the server for DHE. */ + if (s->s3->hs.key_share == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); SSLerror(s, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); goto err; } - dh_srvr = sess_cert->peer_dh_tmp; - /* Generate a new random key. */ - if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) { - SSLerror(s, ERR_R_DH_LIB); + if (!tls_key_share_generate(s->s3->hs.key_share)) goto err; - } - if (!DH_generate_key(dh_clnt)) { - SSLerror(s, ERR_R_DH_LIB); - goto err; - } - if ((key_size = DH_size(dh_clnt)) <= 0) { - SSLerror(s, ERR_R_DH_LIB); - goto err; - } - if ((key = malloc(key_size)) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); + if (!tls_key_share_public(s->s3->hs.key_share, cbb)) goto err; - } - if ((key_len = DH_compute_key(key, dh_srvr->pub_key, dh_clnt)) <= 0) { - SSLerror(s, ERR_R_DH_LIB); + if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len)) goto err; + + if (!tls_key_share_peer_security(s, s->s3->hs.key_share)) { + SSLerror(s, SSL_R_DH_KEY_TOO_SMALL); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + return 0; } if (!tls12_derive_master_secret(s, key, key_len)) goto err; - if (!CBB_add_u16_length_prefixed(cbb, &dh_Yc)) - goto err; - if (!CBB_add_space(&dh_Yc, &data, BN_num_bytes(dh_clnt->pub_key))) - goto err; - BN_bn2bin(dh_clnt->pub_key, data); - if (!CBB_flush(cbb)) - goto err; - ret = 1; err: - DH_free(dh_clnt); - freezero(key, key_size); + freezero(key, key_len); - return (ret); + return ret; } static int -ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb) +ssl3_send_client_kex_ecdhe(SSL *s, CBB *cbb) { - EC_KEY *ecdh = NULL; uint8_t *key = NULL; size_t key_len = 0; - int ret = -1; - CBB ecpoint; + CBB public; + int ret = 0; - if ((ecdh = EC_KEY_new()) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); + /* Ensure that we have an ephemeral key for ECDHE. */ + if (s->s3->hs.key_share == NULL) { + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } - if (!ssl_kex_generate_ecdhe_ecp(ecdh, sc->peer_nid)) + if (!tls_key_share_generate(s->s3->hs.key_share)) goto err; - /* Encode our public key. */ - if (!CBB_add_u8_length_prefixed(cbb, &ecpoint)) - goto err; - if (!ssl_kex_public_ecdhe_ecp(ecdh, &ecpoint)) + if (!CBB_add_u8_length_prefixed(cbb, &public)) + return 0; + if (!tls_key_share_public(s->s3->hs.key_share, &public)) goto err; if (!CBB_flush(cbb)) goto err; - if (!ssl_kex_derive_ecdhe_ecp(ecdh, sc->peer_ecdh_tmp, &key, &key_len)) + if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len)) goto err; + if (!tls12_derive_master_secret(s, key, key_len)) goto err; @@ -2113,109 +1907,51 @@ ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb) err: freezero(key, key_len); - EC_KEY_free(ecdh); - - return (ret); -} - -static int -ssl3_send_client_kex_ecdhe_ecx(SSL *s, SESS_CERT *sc, CBB *cbb) -{ - uint8_t *public_key = NULL, *private_key = NULL, *shared_key = NULL; - int ret = -1; - CBB ecpoint; - - /* Generate X25519 key pair and derive shared key. */ - if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - if ((shared_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - X25519_keypair(public_key, private_key); - if (!X25519(shared_key, private_key, sc->peer_x25519_tmp)) - goto err; - - /* Serialize the public key. */ - if (!CBB_add_u8_length_prefixed(cbb, &ecpoint)) - goto err; - if (!CBB_add_bytes(&ecpoint, public_key, X25519_KEY_LENGTH)) - goto err; - if (!CBB_flush(cbb)) - goto err; - - if (!tls12_derive_master_secret(s, shared_key, X25519_KEY_LENGTH)) - goto err; - - ret = 1; - err: - free(public_key); - freezero(private_key, X25519_KEY_LENGTH); - freezero(shared_key, X25519_KEY_LENGTH); - - return (ret); -} - -static int -ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sc, CBB *cbb) -{ - if (sc->peer_x25519_tmp != NULL) { - if (ssl3_send_client_kex_ecdhe_ecx(s, sc, cbb) != 1) - goto err; - } else if (sc->peer_ecdh_tmp != NULL) { - if (ssl3_send_client_kex_ecdhe_ecp(s, sc, cbb) != 1) - goto err; - } else { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - - return (1); - - err: - return (-1); + return ret; } static int -ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb) +ssl3_send_client_kex_gost(SSL *s, CBB *cbb) { unsigned char premaster_secret[32], shared_ukm[32], tmp[256]; - EVP_PKEY *pub_key = NULL; - EVP_PKEY_CTX *pkey_ctx; - X509 *peer_cert; + EVP_PKEY_CTX *pkey_ctx = NULL; + EVP_MD_CTX *ukm_hash = NULL; + EVP_PKEY *pkey; size_t msglen; unsigned int md_len; - EVP_MD_CTX *ukm_hash; - int ret = -1; - int nid; CBB gostblob; + int nid; + int ret = 0; /* Get server sertificate PKEY and create ctx from it */ - peer_cert = sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509; - if (peer_cert == NULL) { + pkey = X509_get0_pubkey(s->session->peer_cert); + if (pkey == NULL || s->session->peer_cert_type != SSL_PKEY_GOST01) { SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); goto err; } - - pub_key = X509_get_pubkey(peer_cert); - pkey_ctx = EVP_PKEY_CTX_new(pub_key, NULL); + if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) { + SSLerror(s, ERR_R_MALLOC_FAILURE); + goto err; + } /* * If we have send a certificate, and certificate key parameters match * those of server certificate, use certificate key for key exchange. * Otherwise, generate ephemeral key pair. */ - EVP_PKEY_encrypt_init(pkey_ctx); + if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0) + goto err; /* Generate session key. */ - arc4random_buf(premaster_secret, 32); + arc4random_buf(premaster_secret, sizeof(premaster_secret)); /* * If we have client certificate, use its secret as peer key. + * XXX - this presumably lacks PFS. */ - if (S3I(s)->hs.tls12.cert_request && s->cert->key->privatekey) { + if (s->s3->hs.tls12.cert_request != 0 && + s->cert->key->privatekey != NULL) { if (EVP_PKEY_derive_set_peer(pkey_ctx, s->cert->key->privatekey) <=0) { /* @@ -2229,23 +1965,24 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb) /* * Compute shared IV and store it in algorithm-specific context data. */ - ukm_hash = EVP_MD_CTX_new(); - if (ukm_hash == NULL) { + if ((ukm_hash = EVP_MD_CTX_new()) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } /* XXX check handshake hash instead. */ - if (S3I(s)->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) + if (s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) nid = NID_id_GostR3411_94; else nid = NID_id_tc26_gost3411_2012_256; if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid))) goto err; - EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE); - EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len); - EVP_MD_CTX_free(ukm_hash); + if (!EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE)) + goto err; + if (!EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE)) + goto err; + if (!EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len)) + goto err; if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) { SSLerror(s, SSL_R_LIBRARY_BUG); @@ -2257,7 +1994,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb) */ msglen = 255; if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, - 32) < 0) { + sizeof(premaster_secret)) < 0) { SSLerror(s, SSL_R_LIBRARY_BUG); goto err; } @@ -2271,11 +2008,8 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb) /* Check if pubkey from client certificate was used. */ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, - NULL) > 0) { - /* Set flag "skip certificate verify". */ + NULL) > 0) s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; - } - EVP_PKEY_CTX_free(pkey_ctx); if (!tls12_derive_master_secret(s, premaster_secret, 32)) goto err; @@ -2284,45 +2018,38 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb) err: explicit_bzero(premaster_secret, sizeof(premaster_secret)); - EVP_PKEY_free(pub_key); + EVP_PKEY_CTX_free(pkey_ctx); + EVP_MD_CTX_free(ukm_hash); - return (ret); + return ret; } int ssl3_send_client_key_exchange(SSL *s) { - SESS_CERT *sess_cert; unsigned long alg_k; CBB cbb, kex; memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) { - alg_k = S3I(s)->hs.cipher->algorithm_mkey; - - if ((sess_cert = SSI(s)->sess_cert) == NULL) { - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_UNEXPECTED_MESSAGE); - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } + if (s->s3->hs.state == SSL3_ST_CW_KEY_EXCH_A) { + alg_k = s->s3->hs.cipher->algorithm_mkey; if (!ssl3_handshake_msg_start(s, &cbb, &kex, SSL3_MT_CLIENT_KEY_EXCHANGE)) goto err; if (alg_k & SSL_kRSA) { - if (ssl3_send_client_kex_rsa(s, sess_cert, &kex) != 1) + if (!ssl3_send_client_kex_rsa(s, &kex)) goto err; } else if (alg_k & SSL_kDHE) { - if (ssl3_send_client_kex_dhe(s, sess_cert, &kex) != 1) + if (!ssl3_send_client_kex_dhe(s, &kex)) goto err; } else if (alg_k & SSL_kECDHE) { - if (ssl3_send_client_kex_ecdhe(s, sess_cert, &kex) != 1) + if (!ssl3_send_client_kex_ecdhe(s, &kex)) goto err; } else if (alg_k & SSL_kGOST) { - if (ssl3_send_client_kex_gost(s, sess_cert, &kex) != 1) + if (!ssl3_send_client_kex_gost(s, &kex)) goto err; } else { ssl3_send_alert(s, SSL3_AL_FATAL, @@ -2334,7 +2061,7 @@ ssl3_send_client_key_exchange(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_B; + s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_B; } /* SSL3_ST_CW_KEY_EXCH_B */ @@ -2352,19 +2079,20 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey, { CBB cbb_signature; EVP_PKEY_CTX *pctx = NULL; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = NULL; const unsigned char *hdata; unsigned char *signature = NULL; size_t signature_len, hdata_len; int ret = 0; - EVP_MD_CTX_init(&mctx); + if ((mctx = EVP_MD_CTX_new()) == NULL) + goto err; if (!tls1_transcript_data(s, &hdata, &hdata_len)) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } - if (!EVP_DigestSignInit(&mctx, &pctx, sigalg->md(), NULL, pkey)) { + if (!EVP_DigestSignInit(mctx, &pctx, sigalg->md(), NULL, pkey)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -2380,11 +2108,11 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey, SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignUpdate(&mctx, hdata, hdata_len)) { + if (!EVP_DigestSignUpdate(mctx, hdata, hdata_len)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignFinal(&mctx, NULL, &signature_len) || + if (!EVP_DigestSignFinal(mctx, NULL, &signature_len) || signature_len == 0) { SSLerror(s, ERR_R_EVP_LIB); goto err; @@ -2393,7 +2121,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey, SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - if (!EVP_DigestSignFinal(&mctx, signature, &signature_len)) { + if (!EVP_DigestSignFinal(mctx, signature, &signature_len)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -2410,7 +2138,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey, ret = 1; err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_free(mctx); free(signature); return ret; } @@ -2419,6 +2147,7 @@ static int ssl3_send_client_verify_rsa(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) { CBB cbb_signature; + RSA *rsa; unsigned char data[EVP_MAX_MD_SIZE]; unsigned char *signature = NULL; unsigned int signature_len; @@ -2429,8 +2158,10 @@ ssl3_send_client_verify_rsa(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) goto err; if ((signature = calloc(1, EVP_PKEY_size(pkey))) == NULL) goto err; - if (RSA_sign(NID_md5_sha1, data, data_len, signature, - &signature_len, pkey->pkey.rsa) <= 0 ) { + if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) + goto err; + if (RSA_sign(NID_md5_sha1, data, data_len, signature, &signature_len, + rsa) <= 0 ) { SSLerror(s, ERR_R_RSA_LIB); goto err; } @@ -2452,6 +2183,7 @@ static int ssl3_send_client_verify_ec(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) { CBB cbb_signature; + EC_KEY *eckey; unsigned char data[EVP_MAX_MD_SIZE]; unsigned char *signature = NULL; unsigned int signature_len; @@ -2461,8 +2193,10 @@ ssl3_send_client_verify_ec(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) goto err; if ((signature = calloc(1, EVP_PKEY_size(pkey))) == NULL) goto err; - if (!ECDSA_sign(pkey->save_type, &data[MD5_DIGEST_LENGTH], - SHA_DIGEST_LENGTH, signature, &signature_len, pkey->pkey.ec)) { + if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) + goto err; + if (!ECDSA_sign(0, &data[MD5_DIGEST_LENGTH], SHA_DIGEST_LENGTH, + signature, &signature_len, eckey)) { SSLerror(s, ERR_R_ECDSA_LIB); goto err; } @@ -2485,7 +2219,7 @@ static int ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) { CBB cbb_signature; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx; EVP_PKEY_CTX *pctx; const EVP_MD *md; const unsigned char *hdata; @@ -2495,7 +2229,8 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) int nid; int ret = 0; - EVP_MD_CTX_init(&mctx); + if ((mctx = EVP_MD_CTX_new()) == NULL) + goto err; if (!tls1_transcript_data(s, &hdata, &hdata_len)) { SSLerror(s, ERR_R_INTERNAL_ERROR); @@ -2506,7 +2241,7 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignInit(&mctx, &pctx, md, NULL, pkey)) { + if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -2515,11 +2250,11 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignUpdate(&mctx, hdata, hdata_len)) { + if (!EVP_DigestSignUpdate(mctx, hdata, hdata_len)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignFinal(&mctx, NULL, &signature_len) || + if (!EVP_DigestSignFinal(mctx, NULL, &signature_len) || signature_len == 0) { SSLerror(s, ERR_R_EVP_LIB); goto err; @@ -2528,7 +2263,7 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - if (!EVP_DigestSignFinal(&mctx, signature, &signature_len)) { + if (!EVP_DigestSignFinal(mctx, signature, &signature_len)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -2542,7 +2277,7 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) ret = 1; err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_free(mctx); free(signature); return ret; } @@ -2557,7 +2292,7 @@ ssl3_send_client_verify(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_CW_CERT_VRFY_A) { + if (s->s3->hs.state == SSL3_ST_CW_CERT_VRFY_A) { if (!ssl3_handshake_msg_start(s, &cbb, &cert_verify, SSL3_MT_CERTIFICATE_VERIFY)) goto err; @@ -2567,7 +2302,7 @@ ssl3_send_client_verify(SSL *s) SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); goto err; } - S3I(s)->hs.our_sigalg = sigalg; + s->s3->hs.our_sigalg = sigalg; /* * For TLS v1.2 send signature algorithm and signature using @@ -2577,15 +2312,15 @@ ssl3_send_client_verify(SSL *s) if (!ssl3_send_client_verify_sigalgs(s, pkey, sigalg, &cert_verify)) goto err; - } else if (pkey->type == EVP_PKEY_RSA) { + } else if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) { if (!ssl3_send_client_verify_rsa(s, pkey, &cert_verify)) goto err; - } else if (pkey->type == EVP_PKEY_EC) { + } else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { if (!ssl3_send_client_verify_ec(s, pkey, &cert_verify)) goto err; #ifndef OPENSSL_NO_GOST - } else if (pkey->type == NID_id_GostR3410_94 || - pkey->type == NID_id_GostR3410_2001) { + } else if (EVP_PKEY_id(pkey) == NID_id_GostR3410_94 || + EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) { if (!ssl3_send_client_verify_gost(s, pkey, &cert_verify)) goto err; #endif @@ -2599,7 +2334,7 @@ ssl3_send_client_verify(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_B; + s->s3->hs.state = SSL3_ST_CW_CERT_VRFY_B; } return (ssl3_handshake_write(s)); @@ -2620,16 +2355,16 @@ ssl3_send_client_certificate(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_CW_CERT_A) { + if (s->s3->hs.state == SSL3_ST_CW_CERT_A) { if (s->cert->key->x509 == NULL || s->cert->key->privatekey == NULL) - S3I(s)->hs.state = SSL3_ST_CW_CERT_B; + s->s3->hs.state = SSL3_ST_CW_CERT_B; else - S3I(s)->hs.state = SSL3_ST_CW_CERT_C; + s->s3->hs.state = SSL3_ST_CW_CERT_C; } /* We need to get a client cert */ - if (S3I(s)->hs.state == SSL3_ST_CW_CERT_B) { + if (s->s3->hs.state == SSL3_ST_CW_CERT_B) { /* * If we get an error, we need to * ssl->internal->rwstate = SSL_X509_LOOKUP; return(-1); @@ -2642,7 +2377,7 @@ ssl3_send_client_certificate(SSL *s) } s->internal->rwstate = SSL_NOTHING; if ((i == 1) && (pkey != NULL) && (x509 != NULL)) { - S3I(s)->hs.state = SSL3_ST_CW_CERT_B; + s->s3->hs.state = SSL3_ST_CW_CERT_B; if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey)) i = 0; @@ -2654,27 +2389,27 @@ ssl3_send_client_certificate(SSL *s) X509_free(x509); EVP_PKEY_free(pkey); if (i == 0) { - S3I(s)->hs.tls12.cert_request = 2; + s->s3->hs.tls12.cert_request = 2; /* There is no client certificate to verify. */ tls1_transcript_free(s); } /* Ok, we have a cert */ - S3I(s)->hs.state = SSL3_ST_CW_CERT_C; + s->s3->hs.state = SSL3_ST_CW_CERT_C; } - if (S3I(s)->hs.state == SSL3_ST_CW_CERT_C) { + if (s->s3->hs.state == SSL3_ST_CW_CERT_C) { if (!ssl3_handshake_msg_start(s, &cbb, &client_cert, SSL3_MT_CERTIFICATE)) goto err; if (!ssl3_output_cert_chain(s, &client_cert, - (S3I(s)->hs.tls12.cert_request == 2) ? NULL : s->cert->key)) + (s->s3->hs.tls12.cert_request == 2) ? NULL : s->cert->key)) goto err; if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_CW_CERT_D; + s->s3->hs.state = SSL3_ST_CW_CERT_D; } /* SSL3_ST_CW_CERT_D */ @@ -2691,42 +2426,31 @@ ssl3_send_client_certificate(SSL *s) int ssl3_check_cert_and_algorithm(SSL *s) { - int i, idx; - long alg_k, alg_a; - EVP_PKEY *pkey = NULL; - SESS_CERT *sc; - DH *dh; + long alg_k, alg_a; + int nid = NID_undef; + int i; - alg_k = S3I(s)->hs.cipher->algorithm_mkey; - alg_a = S3I(s)->hs.cipher->algorithm_auth; + alg_k = s->s3->hs.cipher->algorithm_mkey; + alg_a = s->s3->hs.cipher->algorithm_auth; /* We don't have a certificate. */ if (alg_a & SSL_aNULL) return (1); - sc = SSI(s)->sess_cert; - if (sc == NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - dh = SSI(s)->sess_cert->peer_dh_tmp; + if (s->s3->hs.key_share != NULL) + nid = tls_key_share_nid(s->s3->hs.key_share); /* This is the passed certificate. */ - idx = sc->peer_cert_type; - if (idx == SSL_PKEY_ECC) { - if (ssl_check_srvr_ecc_cert_and_alg( - sc->peer_pkeys[idx].x509, s) == 0) { - /* check failed */ + if (s->session->peer_cert_type == SSL_PKEY_ECC) { + if (!ssl_check_srvr_ecc_cert_and_alg(s, s->session->peer_cert)) { SSLerror(s, SSL_R_BAD_ECC_CERT); goto fatal_err; - } else { - return (1); } + return (1); } - pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509); - i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey); - EVP_PKEY_free(pkey); + + i = X509_certificate_type(s->session->peer_cert, NULL); /* Check that we have a certificate if we require one. */ if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) { @@ -2738,15 +2462,16 @@ ssl3_check_cert_and_algorithm(SSL *s) goto fatal_err; } if ((alg_k & SSL_kDHE) && - !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { + !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (nid == NID_dhKeyAgreement))) { SSLerror(s, SSL_R_MISSING_DH_KEY); goto fatal_err; } return (1); + fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - err: + return (0); } @@ -2759,22 +2484,20 @@ ssl3_check_cert_and_algorithm(SSL *s) int ssl3_check_finished(SSL *s) { - int ok; - long n; + int ret; /* If we have no ticket it cannot be a resumed session. */ if (!s->session->tlsext_tick) return (1); /* this function is called when we really expect a Certificate * message, so permit appropriate message length */ - n = ssl3_get_message(s, SSL3_ST_CR_CERT_A, - SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok); - if (!ok) - return ((int)n); - - S3I(s)->hs.tls12.reuse_message = 1; - if ((S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) || - (S3I(s)->hs.tls12.message_type == SSL3_MT_NEWSESSION_TICKET)) + if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A, + SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0) + return ret; + + s->s3->hs.tls12.reuse_message = 1; + if ((s->s3->hs.tls12.message_type == SSL3_MT_FINISHED) || + (s->s3->hs.tls12.message_type == SSL3_MT_NEWSESSION_TICKET)) return (2); return (1); diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 9ea7cd46..31925026 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_err.c,v 1.39 2021/09/10 09:25:29 tb Exp $ */ +/* $OpenBSD: ssl_err.c,v 1.44 2022/08/21 19:18:57 jsing Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,6 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include #include @@ -66,7 +61,6 @@ #include "ssl_locl.h" -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR #define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0) @@ -208,6 +202,8 @@ static ERR_STRING_DATA SSL_str_reasons[]= { {ERR_REASON(SSL_R_BN_LIB) , "bn lib"}, {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) , "ca dn length mismatch"}, {ERR_REASON(SSL_R_CA_DN_TOO_LONG) , "ca dn too long"}, + {ERR_REASON(SSL_R_CA_KEY_TOO_SMALL) , "ca key too small"}, + {ERR_REASON(SSL_R_CA_MD_TOO_WEAK) , "ca md too weak"}, {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) , "ccs received early"}, {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), "certificate verify failed"}, {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) , "cert length mismatch"}, @@ -229,6 +225,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= { {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) , "data length too long"}, {ERR_REASON(SSL_R_DECRYPTION_FAILED) , "decryption failed"}, {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), "decryption failed or bad record mac"}, + {ERR_REASON(SSL_R_DH_KEY_TOO_SMALL) , "dh key too small"}, {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), "dh public value length is wrong"}, {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) , "digest check failed"}, {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) , "dtls message too big"}, @@ -238,6 +235,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= { {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE), "ecc cert should have rsa signature"}, {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE), "ecc cert should have sha1 signature"}, {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER), "ecgroup too large for cipher"}, + {ERR_REASON(SSL_R_EE_KEY_TOO_SMALL) , "ee key too small"}, {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), "empty srtp protection profile list"}, {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "encrypted length too long"}, {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY), "error generating tmp rsa key"}, @@ -327,6 +325,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= { {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"}, {ERR_REASON(SSL_R_PARSE_TLSEXT) , "parse tlsext"}, {ERR_REASON(SSL_R_PATH_TOO_LONG) , "path too long"}, + {ERR_REASON(SSL_R_PEER_BEHAVING_BADLY) , "peer is doing strange or hostile things"}, {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE), "peer did not return a certificate"}, {ERR_REASON(SSL_R_PEER_ERROR) , "peer error"}, {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE), "peer error certificate"}, @@ -342,6 +341,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= { {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR), "public key encrypt error"}, {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) , "public key is not rsa"}, {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) , "public key not rsa"}, + {ERR_REASON(SSL_R_QUIC_INTERNAL_ERROR) , "QUIC: internal error"}, {ERR_REASON(SSL_R_READ_BIO_NOT_SET) , "read bio not set"}, {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) , "read timeout expired"}, {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE), "read wrong packet type"}, @@ -432,6 +432,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= { {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) , "unexpected message"}, {ERR_REASON(SSL_R_UNEXPECTED_RECORD) , "unexpected record"}, {ERR_REASON(SSL_R_UNINITIALIZED) , "uninitialized"}, + {ERR_REASON(SSL_R_UNKNOWN), "unknown failure occurred"}, {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) , "unknown alert type"}, {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE), "unknown certificate type"}, {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED), "unknown cipher returned"}, @@ -452,9 +453,11 @@ static ERR_STRING_DATA SSL_str_reasons[]= { {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"}, {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"}, {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"}, + {ERR_REASON(SSL_R_VERSION_TOO_LOW) , "version too low"}, {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) , "write bio not set"}, {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"}, {ERR_REASON(SSL_R_WRONG_CURVE) , "wrong curve"}, + {ERR_REASON(SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED), "QUIC: wrong encryption level received"}, {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) , "wrong message type"}, {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"}, {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"}, @@ -464,8 +467,6 @@ static ERR_STRING_DATA SSL_str_reasons[]= { {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) , "wrong version number"}, {ERR_REASON(SSL_R_X509_LIB) , "x509 lib"}, {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"}, - {ERR_REASON(SSL_R_PEER_BEHAVING_BADLY), "peer is doing strange or hostile things"}, - {ERR_REASON(SSL_R_UNKNOWN), "unknown failure occurred"}, {0, NULL} }; @@ -666,5 +667,5 @@ void SSL_error_internal(const SSL *s, int r, char *f, int l) { ERR_PUT_error(ERR_LIB_SSL, - (SSL_state_func_code(S3I(s)->hs.state)), r, f, l); + (SSL_state_func_code(s->s3->hs.state)), r, f, l); } diff --git a/ssl/ssl_kex.c b/ssl/ssl_kex.c index 9f05fd60..cab2f1c7 100644 --- a/ssl/ssl_kex.c +++ b/ssl/ssl_kex.c @@ -1,6 +1,6 @@ -/* $OpenBSD: ssl_kex.c,v 1.2 2020/04/18 14:07:56 jsing Exp $ */ +/* $OpenBSD: ssl_kex.c,v 1.10 2022/01/14 09:11:22 tb Exp $ */ /* - * Copyright (c) 2020 Joel Sing + * Copyright (c) 2020, 2021 Joel Sing * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,6 +17,8 @@ #include +#include +#include #include #include #include @@ -24,6 +26,245 @@ #include "bytestring.h" +#define DHE_MINIMUM_BITS 1024 + +int +ssl_kex_generate_dhe(DH *dh, DH *dh_params) +{ + BIGNUM *p = NULL, *g = NULL; + int ret = 0; + + if ((p = BN_dup(DH_get0_p(dh_params))) == NULL) + goto err; + if ((g = BN_dup(DH_get0_g(dh_params))) == NULL) + goto err; + + if (!DH_set0_pqg(dh, p, NULL, g)) + goto err; + p = NULL; + g = NULL; + + if (!DH_generate_key(dh)) + goto err; + + ret = 1; + + err: + BN_free(p); + BN_free(g); + + return ret; +} + +int +ssl_kex_generate_dhe_params_auto(DH *dh, size_t key_bits) +{ + BIGNUM *p = NULL, *g = NULL; + int ret = 0; + + if (key_bits >= 8192) + p = get_rfc3526_prime_8192(NULL); + else if (key_bits >= 4096) + p = get_rfc3526_prime_4096(NULL); + else if (key_bits >= 3072) + p = get_rfc3526_prime_3072(NULL); + else if (key_bits >= 2048) + p = get_rfc3526_prime_2048(NULL); + else if (key_bits >= 1536) + p = get_rfc3526_prime_1536(NULL); + else + p = get_rfc2409_prime_1024(NULL); + + if (p == NULL) + goto err; + + if ((g = BN_new()) == NULL) + goto err; + if (!BN_set_word(g, 2)) + goto err; + + if (!DH_set0_pqg(dh, p, NULL, g)) + goto err; + p = NULL; + g = NULL; + + if (!DH_generate_key(dh)) + goto err; + + ret = 1; + + err: + BN_free(p); + BN_free(g); + + return ret; +} + +int +ssl_kex_params_dhe(DH *dh, CBB *cbb) +{ + int dh_p_len, dh_g_len; + CBB dh_p, dh_g; + uint8_t *data; + + if ((dh_p_len = BN_num_bytes(DH_get0_p(dh))) <= 0) + return 0; + if ((dh_g_len = BN_num_bytes(DH_get0_g(dh))) <= 0) + return 0; + + if (!CBB_add_u16_length_prefixed(cbb, &dh_p)) + return 0; + if (!CBB_add_space(&dh_p, &data, dh_p_len)) + return 0; + if (BN_bn2bin(DH_get0_p(dh), data) != dh_p_len) + return 0; + + if (!CBB_add_u16_length_prefixed(cbb, &dh_g)) + return 0; + if (!CBB_add_space(&dh_g, &data, dh_g_len)) + return 0; + if (BN_bn2bin(DH_get0_g(dh), data) != dh_g_len) + return 0; + + if (!CBB_flush(cbb)) + return 0; + + return 1; +} + +int +ssl_kex_public_dhe(DH *dh, CBB *cbb) +{ + uint8_t *data; + int dh_y_len; + CBB dh_y; + + if ((dh_y_len = BN_num_bytes(DH_get0_pub_key(dh))) <= 0) + return 0; + + if (!CBB_add_u16_length_prefixed(cbb, &dh_y)) + return 0; + if (!CBB_add_space(&dh_y, &data, dh_y_len)) + return 0; + if (BN_bn2bin(DH_get0_pub_key(dh), data) != dh_y_len) + return 0; + + if (!CBB_flush(cbb)) + return 0; + + return 1; +} + +int +ssl_kex_peer_params_dhe(DH *dh, CBS *cbs, int *decode_error, + int *invalid_params) +{ + BIGNUM *p = NULL, *g = NULL; + CBS dh_p, dh_g; + int ret = 0; + + *decode_error = 0; + *invalid_params = 0; + + if (!CBS_get_u16_length_prefixed(cbs, &dh_p)) { + *decode_error = 1; + goto err; + } + if (!CBS_get_u16_length_prefixed(cbs, &dh_g)) { + *decode_error = 1; + goto err; + } + + if ((p = BN_bin2bn(CBS_data(&dh_p), CBS_len(&dh_p), NULL)) == NULL) + goto err; + if ((g = BN_bin2bn(CBS_data(&dh_g), CBS_len(&dh_g), NULL)) == NULL) + goto err; + + if (!DH_set0_pqg(dh, p, NULL, g)) + goto err; + p = NULL; + g = NULL; + + /* XXX - consider calling DH_check(). */ + + if (DH_bits(dh) < DHE_MINIMUM_BITS) + *invalid_params = 1; + + ret = 1; + + err: + BN_free(p); + BN_free(g); + + return ret; +} + +int +ssl_kex_peer_public_dhe(DH *dh, CBS *cbs, int *decode_error, + int *invalid_key) +{ + BIGNUM *pub_key = NULL; + int check_flags; + CBS dh_y; + int ret = 0; + + *decode_error = 0; + *invalid_key = 0; + + if (!CBS_get_u16_length_prefixed(cbs, &dh_y)) { + *decode_error = 1; + goto err; + } + + if ((pub_key = BN_bin2bn(CBS_data(&dh_y), CBS_len(&dh_y), + NULL)) == NULL) + goto err; + + if (!DH_set0_key(dh, pub_key, NULL)) + goto err; + pub_key = NULL; + + if (!DH_check_pub_key(dh, DH_get0_pub_key(dh), &check_flags)) + goto err; + if (check_flags != 0) + *invalid_key = 1; + + ret = 1; + + err: + BN_free(pub_key); + + return ret; +} + +int +ssl_kex_derive_dhe(DH *dh, DH *dh_peer, + uint8_t **shared_key, size_t *shared_key_len) +{ + uint8_t *key = NULL; + int key_len = 0; + int ret = 0; + + if ((key_len = DH_size(dh)) <= 0) + goto err; + if ((key = calloc(1, key_len)) == NULL) + goto err; + + if ((key_len = DH_compute_key(key, DH_get0_pub_key(dh_peer), dh)) <= 0) + goto err; + + *shared_key = key; + *shared_key_len = key_len; + key = NULL; + + ret = 1; + + err: + freezero(key, key_len); + + return ret; +} + int ssl_kex_dummy_ecdhe_x25519(EVP_PKEY *pkey) { @@ -149,8 +390,8 @@ ssl_kex_derive_ecdhe_ecp(EC_KEY *ecdh, EC_KEY *ecdh_peer, uint8_t **shared_key, size_t *shared_key_len) { const EC_POINT *point; - uint8_t *sk = NULL; - int sk_len = 0; + uint8_t *key = NULL; + int key_len = 0; int ret = 0; if (!EC_GROUP_check(EC_KEY_get0_group(ecdh), NULL)) @@ -161,22 +402,22 @@ ssl_kex_derive_ecdhe_ecp(EC_KEY *ecdh, EC_KEY *ecdh_peer, if ((point = EC_KEY_get0_public_key(ecdh_peer)) == NULL) goto err; - if ((sk_len = ECDH_size(ecdh)) <= 0) + if ((key_len = ECDH_size(ecdh)) <= 0) goto err; - if ((sk = calloc(1, sk_len)) == NULL) + if ((key = calloc(1, key_len)) == NULL) goto err; - if (ECDH_compute_key(sk, sk_len, point, ecdh, NULL) <= 0) + if (ECDH_compute_key(key, key_len, point, ecdh, NULL) <= 0) goto err; - *shared_key = sk; - *shared_key_len = sk_len; - sk = NULL; + *shared_key = key; + *shared_key_len = key_len; + key = NULL; ret = 1; err: - freezero(sk, sk_len); + freezero(key, key_len); return ret; } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 0f86238d..f5f7bf66 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.268 2021/09/10 08:59:56 tb Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.305 2022/09/10 15:29:33 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -144,9 +144,9 @@ #include #include +#include #include -#include #include #include #include @@ -162,6 +162,7 @@ #include "dtls_locl.h" #include "ssl_locl.h" #include "ssl_sigalgs.h" +#include "ssl_tlsext.h" const char *SSL_version_str = OPENSSL_VERSION_TEXT; @@ -226,7 +227,8 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) ctx->method = meth; ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, - ctx->internal->cipher_list_tls13, SSL_DEFAULT_CIPHER_LIST); + ctx->internal->cipher_list_tls13, SSL_DEFAULT_CIPHER_LIST, + ctx->internal->cert); if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) <= 0) { SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return (0); @@ -238,6 +240,7 @@ SSL * SSL_new(SSL_CTX *ctx) { SSL *s; + CBS cbs; if (ctx == NULL) { SSLerrorx(SSL_R_NULL_SSL_CTX); @@ -264,6 +267,7 @@ SSL_new(SSL_CTX *ctx) s->internal->options = ctx->internal->options; s->internal->mode = ctx->internal->mode; s->internal->max_cert_list = ctx->internal->max_cert_list; + s->internal->num_tickets = ctx->internal->num_tickets; if ((s->cert = ssl_cert_dup(ctx->internal->cert)) == NULL) goto err; @@ -326,21 +330,16 @@ SSL_new(SSL_CTX *ctx) ctx->internal->tlsext_supportedgroups_length; } - if (s->ctx->internal->alpn_client_proto_list != NULL) { - s->internal->alpn_client_proto_list = - malloc(s->ctx->internal->alpn_client_proto_list_len); - if (s->internal->alpn_client_proto_list == NULL) - goto err; - memcpy(s->internal->alpn_client_proto_list, - s->ctx->internal->alpn_client_proto_list, - s->ctx->internal->alpn_client_proto_list_len); - s->internal->alpn_client_proto_list_len = - s->ctx->internal->alpn_client_proto_list_len; - } + CBS_init(&cbs, ctx->internal->alpn_client_proto_list, + ctx->internal->alpn_client_proto_list_len); + if (!CBS_stow(&cbs, &s->internal->alpn_client_proto_list, + &s->internal->alpn_client_proto_list_len)) + goto err; s->verify_result = X509_V_OK; s->method = ctx->method; + s->quic_method = ctx->quic_method; if (!s->method->ssl_new(s)) goto err; @@ -572,6 +571,8 @@ SSL_free(SSL *s) free(s->internal->alpn_client_proto_list); + free(s->internal->quic_transport_params); + #ifndef OPENSSL_NO_SRTP sk_SRTP_PROTECTION_PROFILE_free(s->internal->srtp_profiles); #endif @@ -595,8 +596,8 @@ SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) /* If the output buffering BIO is still in place, remove it */ if (s->bbio != NULL) { if (s->wbio == s->bbio) { - s->wbio = s->wbio->next_bio; - s->bbio->next_bio = NULL; + s->wbio = BIO_next(s->wbio); + BIO_set_next(s->bbio, NULL); } } @@ -731,10 +732,10 @@ SSL_get_finished(const SSL *s, void *buf, size_t count) { size_t ret; - ret = S3I(s)->hs.finished_len; + ret = s->s3->hs.finished_len; if (count > ret) count = ret; - memcpy(buf, S3I(s)->hs.finished, count); + memcpy(buf, s->s3->hs.finished, count); return (ret); } @@ -744,10 +745,10 @@ SSL_get_peer_finished(const SSL *s, void *buf, size_t count) { size_t ret; - ret = S3I(s)->hs.peer_finished_len; + ret = s->s3->hs.peer_finished_len; if (count > ret) count = ret; - memcpy(buf, S3I(s)->hs.peer_finished, count); + memcpy(buf, s->s3->hs.peer_finished, count); return (ret); } @@ -770,6 +771,46 @@ int return (s->internal->verify_callback); } +void +SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb) +{ + ctx->internal->keylog_callback = cb; +} + +SSL_CTX_keylog_cb_func +SSL_CTX_get_keylog_callback(const SSL_CTX *ctx) +{ + return (ctx->internal->keylog_callback); +} + +int +SSL_set_num_tickets(SSL *s, size_t num_tickets) +{ + s->internal->num_tickets = num_tickets; + + return 1; +} + +size_t +SSL_get_num_tickets(const SSL *s) +{ + return s->internal->num_tickets; +} + +int +SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) +{ + ctx->internal->num_tickets = num_tickets; + + return 1; +} + +size_t +SSL_CTX_get_num_tickets(const SSL_CTX *ctx) +{ + return ctx->internal->num_tickets; +} + int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) { @@ -824,38 +865,39 @@ SSL_pending(const SSL *s) X509 * SSL_get_peer_certificate(const SSL *s) { - X509 *r; + X509 *cert; - if ((s == NULL) || (s->session == NULL)) - r = NULL; - else - r = s->session->peer; + if (s == NULL || s->session == NULL) + return NULL; - if (r == NULL) - return (r); + if ((cert = s->session->peer_cert) == NULL) + return NULL; - CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(cert); - return (r); + return cert; } STACK_OF(X509) * SSL_get_peer_cert_chain(const SSL *s) { - STACK_OF(X509) *r; - - if ((s == NULL) || (s->session == NULL) || - (SSI(s)->sess_cert == NULL)) - r = NULL; - else - r = SSI(s)->sess_cert->cert_chain; + if (s == NULL) + return NULL; /* - * If we are a client, cert_chain includes the peer's own - * certificate; - * if we are a server, it does not. + * Achtung! Due to API inconsistency, a client includes the peer's leaf + * certificate in the peer certificate chain, while a server does not. */ - return (r); + if (!s->server) + return s->s3->hs.peer_certs; + + return s->s3->hs.peer_certs_no_leaf; +} + +STACK_OF(X509) * +SSL_get0_verified_chain(const SSL *s) +{ + return s->internal->verified_chain; } /* @@ -865,7 +907,7 @@ SSL_get_peer_cert_chain(const SSL *s) int SSL_copy_session_id(SSL *t, const SSL *f) { - CERT *tmp; + SSL_CERT *tmp; /* Do we need to do SSL locking? */ if (!SSL_set_session(t, SSL_get_session(f))) @@ -983,6 +1025,16 @@ SSL_get_default_timeout(const SSL *s) int SSL_read(SSL *s, void *buf, int num) { + if (num < 0) { + SSLerror(s, SSL_R_BAD_LENGTH); + return -1; + } + + if (SSL_is_quic(s)) { + SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (-1); + } + if (s->internal->handshake_func == NULL) { SSLerror(s, SSL_R_UNINITIALIZED); return (-1); @@ -995,9 +1047,38 @@ SSL_read(SSL *s, void *buf, int num) return ssl3_read(s, buf, num); } +int +SSL_read_ex(SSL *s, void *buf, size_t num, size_t *bytes_read) +{ + int ret; + + /* We simply don't bother supporting enormous reads */ + if (num > INT_MAX) { + SSLerror(s, SSL_R_BAD_LENGTH); + return 0; + } + + ret = SSL_read(s, buf, (int)num); + if (ret < 0) + ret = 0; + *bytes_read = ret; + + return ret > 0; +} + int SSL_peek(SSL *s, void *buf, int num) { + if (num < 0) { + SSLerror(s, SSL_R_BAD_LENGTH); + return -1; + } + + if (SSL_is_quic(s)) { + SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (-1); + } + if (s->internal->handshake_func == NULL) { SSLerror(s, SSL_R_UNINITIALIZED); return (-1); @@ -1009,9 +1090,38 @@ SSL_peek(SSL *s, void *buf, int num) return ssl3_peek(s, buf, num); } +int +SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *bytes_peeked) +{ + int ret; + + /* We simply don't bother supporting enormous peeks */ + if (num > INT_MAX) { + SSLerror(s, SSL_R_BAD_LENGTH); + return 0; + } + + ret = SSL_peek(s, buf, (int)num); + if (ret < 0) + ret = 0; + *bytes_peeked = ret; + + return ret > 0; +} + int SSL_write(SSL *s, const void *buf, int num) { + if (num < 0) { + SSLerror(s, SSL_R_BAD_LENGTH); + return -1; + } + + if (SSL_is_quic(s)) { + SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (-1); + } + if (s->internal->handshake_func == NULL) { SSLerror(s, SSL_R_UNINITIALIZED); return (-1); @@ -1025,6 +1135,31 @@ SSL_write(SSL *s, const void *buf, int num) return ssl3_write(s, buf, num); } +int +SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *bytes_written) +{ + int ret; + + /* We simply don't bother supporting enormous writes */ + if (num > INT_MAX) { + SSLerror(s, SSL_R_BAD_LENGTH); + return 0; + } + + if (num == 0) { + /* This API is special */ + bytes_written = 0; + return 1; + } + + ret = SSL_write(s, buf, (int)num); + if (ret < 0) + ret = 0; + *bytes_written = ret; + + return ret > 0; +} + uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx) { @@ -1166,7 +1301,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) return (0); #endif if (SSL_is_dtls(s)) { - D1I(s)->mtu = larg; + s->d1->mtu = larg; return (larg); } return (0); @@ -1177,7 +1312,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) return (1); case SSL_CTRL_GET_RI_SUPPORT: if (s->s3) - return (S3I(s)->send_connection_binding); + return (s->s3->send_connection_binding); else return (0); default: if (SSL_is_dtls(s)) @@ -1332,7 +1467,7 @@ STACK_OF(SSL_CIPHER) * SSL_get1_supported_ciphers(SSL *s) { STACK_OF(SSL_CIPHER) *supported_ciphers = NULL, *ciphers; - const SSL_CIPHER *cipher; + SSL_CIPHER *cipher; uint16_t min_vers, max_vers; int i; @@ -1351,6 +1486,8 @@ SSL_get1_supported_ciphers(SSL *s) if (!ssl_cipher_allowed_in_tls_version_range(cipher, min_vers, max_vers)) continue; + if (!ssl_security_supported_cipher(s, cipher)) + continue; if (!sk_SSL_CIPHER_push(supported_ciphers, cipher)) goto err; } @@ -1425,7 +1562,7 @@ SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) * ctx->cipher_list has been updated. */ ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, - ctx->internal->cipher_list_tls13, str); + ctx->internal->cipher_list_tls13, str, ctx->internal->cert); if (ciphers == NULL) { return (0); } else if (sk_SSL_CIPHER_num(ciphers) == 0) { @@ -1460,7 +1597,7 @@ SSL_set_cipher_list(SSL *s, const char *str) /* See comment in SSL_CTX_set_cipher_list. */ ciphers = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, - ciphers_tls13, str); + ciphers_tls13, str, s->cert); if (ciphers == NULL) { return (0); } else if (sk_SSL_CIPHER_num(ciphers) == 0) { @@ -1641,27 +1778,28 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned int protos_len) { + CBS cbs; int failed = 1; - if (protos == NULL || protos_len == 0) - goto err; + if (protos == NULL) + protos_len = 0; - free(ctx->internal->alpn_client_proto_list); - ctx->internal->alpn_client_proto_list = NULL; - ctx->internal->alpn_client_proto_list_len = 0; + CBS_init(&cbs, protos, protos_len); - if ((ctx->internal->alpn_client_proto_list = malloc(protos_len)) - == NULL) - goto err; - ctx->internal->alpn_client_proto_list_len = protos_len; + if (protos_len > 0) { + if (!tlsext_alpn_check_format(&cbs)) + goto err; + } - memcpy(ctx->internal->alpn_client_proto_list, protos, protos_len); + if (!CBS_stow(&cbs, &ctx->internal->alpn_client_proto_list, + &ctx->internal->alpn_client_proto_list_len)) + goto err; failed = 0; err: /* NOTE: Return values are the reverse of what you expect. */ - return (failed); + return failed; } /* @@ -1673,27 +1811,28 @@ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, unsigned int protos_len) { + CBS cbs; int failed = 1; - if (protos == NULL || protos_len == 0) - goto err; + if (protos == NULL) + protos_len = 0; - free(ssl->internal->alpn_client_proto_list); - ssl->internal->alpn_client_proto_list = NULL; - ssl->internal->alpn_client_proto_list_len = 0; + CBS_init(&cbs, protos, protos_len); - if ((ssl->internal->alpn_client_proto_list = malloc(protos_len)) - == NULL) - goto err; - ssl->internal->alpn_client_proto_list_len = protos_len; + if (protos_len > 0) { + if (!tlsext_alpn_check_format(&cbs)) + goto err; + } - memcpy(ssl->internal->alpn_client_proto_list, protos, protos_len); + if (!CBS_stow(&cbs, &ssl->internal->alpn_client_proto_list, + &ssl->internal->alpn_client_proto_list_len)) + goto err; failed = 0; err: /* NOTE: Return values are the reverse of what you expect. */ - return (failed); + return failed; } /* @@ -1720,8 +1859,8 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, unsigned int *len) { - *data = ssl->s3->internal->alpn_selected; - *len = ssl->s3->internal->alpn_selected_len; + *data = ssl->s3->alpn_selected; + *len = ssl->s3->alpn_selected_len; } void @@ -1889,7 +2028,7 @@ SSL_CTX_new(const SSL_METHOD *meth) goto err; ssl_create_cipher_list(ret->method, &ret->cipher_list, - NULL, SSL_DEFAULT_CIPHER_LIST); + NULL, SSL_DEFAULT_CIPHER_LIST, ret->internal->cert); if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { SSLerrorx(SSL_R_LIBRARY_HAS_NO_CIPHERS); @@ -2061,22 +2200,11 @@ SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) X509_VERIFY_PARAM_set_depth(ctx->param, depth); } -static int -ssl_cert_can_sign(X509 *x) -{ - /* This call populates extension flags (ex_flags). */ - X509_check_purpose(x, -1, 0); - - /* Key usage, if present, must allow signing. */ - return ((x->ex_flags & EXFLAG_KUSAGE) == 0 || - (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE)); -} - void -ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) +ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher) { unsigned long mask_a, mask_k; - CERT_PKEY *cpk; + SSL_CERT_PKEY *cpk; if (c == NULL) return; @@ -2084,12 +2212,14 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) mask_a = SSL_aNULL | SSL_aTLS1_3; mask_k = SSL_kECDHE | SSL_kTLS1_3; - if (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto != 0) + if (c->dhe_params != NULL || c->dhe_params_cb != NULL || + c->dhe_params_auto != 0) mask_k |= SSL_kDHE; cpk = &(c->pkeys[SSL_PKEY_ECC]); if (cpk->x509 != NULL && cpk->privatekey != NULL) { - if (ssl_cert_can_sign(cpk->x509)) + /* Key usage, if present, must allow signing. */ + if (X509_get_key_usage(cpk->x509) & X509v3_KU_DIGITAL_SIGNATURE) mask_a |= SSL_aECDSA; } @@ -2116,29 +2246,25 @@ ssl_using_ecc_cipher(SSL *s) { unsigned long alg_a, alg_k; - alg_a = S3I(s)->hs.cipher->algorithm_auth; - alg_k = S3I(s)->hs.cipher->algorithm_mkey; + alg_a = s->s3->hs.cipher->algorithm_auth; + alg_k = s->s3->hs.cipher->algorithm_mkey; - return SSI(s)->tlsext_ecpointformatlist != NULL && - SSI(s)->tlsext_ecpointformatlist_length > 0 && + return s->session->tlsext_ecpointformatlist != NULL && + s->session->tlsext_ecpointformatlist_length > 0 && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)); } int -ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) +ssl_check_srvr_ecc_cert_and_alg(SSL *s, X509 *x) { - const SSL_CIPHER *cs = S3I(s)->hs.cipher; - unsigned long alg_a; + const SSL_CIPHER *cs = s->s3->hs.cipher; + unsigned long alg_a; alg_a = cs->algorithm_auth; if (alg_a & SSL_aECDSA) { - /* This call populates extension flags (ex_flags). */ - X509_check_purpose(x, -1, 0); - /* Key usage, if present, must allow signing. */ - if ((x->ex_flags & EXFLAG_KUSAGE) && - ((x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) == 0)) { + if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) { SSLerror(s, SSL_R_ECC_CERT_NOT_FOR_SIGNING); return (0); } @@ -2147,17 +2273,17 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) return (1); } -CERT_PKEY * +SSL_CERT_PKEY * ssl_get_server_send_pkey(const SSL *s) { - unsigned long alg_a; - CERT *c; - int i; + unsigned long alg_a; + SSL_CERT *c; + int i; c = s->cert; - ssl_set_cert_masks(c, S3I(s)->hs.cipher); + ssl_set_cert_masks(c, s->s3->hs.cipher); - alg_a = S3I(s)->hs.cipher->algorithm_auth; + alg_a = s->s3->hs.cipher->algorithm_auth; if (alg_a & SSL_aECDSA) { i = SSL_PKEY_ECC; @@ -2179,9 +2305,9 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd, { const struct ssl_sigalg *sigalg = NULL; EVP_PKEY *pkey = NULL; - unsigned long alg_a; - CERT *c; - int idx = -1; + unsigned long alg_a; + SSL_CERT *c; + int idx = -1; alg_a = cipher->algorithm_auth; c = s->cert; @@ -2207,52 +2333,29 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd, return (pkey); } -DH * -ssl_get_auto_dh(SSL *s) +size_t +ssl_dhe_params_auto_key_bits(SSL *s) { - CERT_PKEY *cpk; - int keylen; - DH *dhp; + SSL_CERT_PKEY *cpk; + int key_bits; - if (s->cert->dh_tmp_auto == 2) { - keylen = 1024; - } else if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) { - keylen = 1024; - if (S3I(s)->hs.cipher->strength_bits == 256) - keylen = 3072; + if (s->cert->dhe_params_auto == 2) { + key_bits = 1024; + } else if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) { + key_bits = 1024; + if (s->s3->hs.cipher->strength_bits == 256) + key_bits = 3072; } else { if ((cpk = ssl_get_server_send_pkey(s)) == NULL) - return (NULL); - if (cpk->privatekey == NULL || cpk->privatekey->pkey.dh == NULL) - return (NULL); - keylen = EVP_PKEY_bits(cpk->privatekey); + return 0; + if (cpk->privatekey == NULL || + EVP_PKEY_get0_RSA(cpk->privatekey) == NULL) + return 0; + if ((key_bits = EVP_PKEY_bits(cpk->privatekey)) <= 0) + return 0; } - if ((dhp = DH_new()) == NULL) - return (NULL); - - dhp->g = BN_new(); - if (dhp->g != NULL) - BN_set_word(dhp->g, 2); - - if (keylen >= 8192) - dhp->p = get_rfc3526_prime_8192(NULL); - else if (keylen >= 4096) - dhp->p = get_rfc3526_prime_4096(NULL); - else if (keylen >= 3072) - dhp->p = get_rfc3526_prime_3072(NULL); - else if (keylen >= 2048) - dhp->p = get_rfc3526_prime_2048(NULL); - else if (keylen >= 1536) - dhp->p = get_rfc3526_prime_1536(NULL); - else - dhp->p = get_rfc2409_prime_1024(NULL); - - if (dhp->p == NULL || dhp->g == NULL) { - DH_free(dhp); - return (NULL); - } - return (dhp); + return key_bits; } static int @@ -2271,7 +2374,7 @@ ssl_should_update_external_cache(SSL *s, int mode) return 1; /* If it's TLS 1.3, do it to match OpenSSL */ - if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION) + if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION) return 1; return 0; @@ -2296,7 +2399,7 @@ ssl_should_update_internal_cache(SSL *s, int mode) return 0; /* If we are lesser than TLS 1.3, Cache it. */ - if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION) + if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION) return 1; /* Below this we consider TLS 1.3 or later */ @@ -2406,15 +2509,17 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *method) int SSL_get_error(const SSL *s, int i) { - int reason; - unsigned long l; - BIO *bio; + unsigned long l; + int reason; + BIO *bio; if (i > 0) return (SSL_ERROR_NONE); - /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake - * etc, where we do encode the error */ + /* + * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake + * etc, where we do encode the error. + */ if ((l = ERR_peek_error()) != 0) { if (ERR_GET_LIB(l) == ERR_LIB_SYS) return (SSL_ERROR_SYSCALL); @@ -2422,7 +2527,7 @@ SSL_get_error(const SSL *s, int i) return (SSL_ERROR_SSL); } - if ((i < 0) && SSL_want_read(s)) { + if (SSL_want_read(s)) { bio = SSL_get_rbio(s); if (BIO_should_read(bio)) { return (SSL_ERROR_WANT_READ); @@ -2449,7 +2554,7 @@ SSL_get_error(const SSL *s, int i) } } - if ((i < 0) && SSL_want_write(s)) { + if (SSL_want_write(s)) { bio = SSL_get_wbio(s); if (BIO_should_write(bio)) { return (SSL_ERROR_WANT_WRITE); @@ -2469,23 +2574,141 @@ SSL_get_error(const SSL *s, int i) return (SSL_ERROR_SYSCALL); } } - if ((i < 0) && SSL_want_x509_lookup(s)) { + + if (SSL_want_x509_lookup(s)) return (SSL_ERROR_WANT_X509_LOOKUP); + + if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) && + (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) + return (SSL_ERROR_ZERO_RETURN); + + return (SSL_ERROR_SYSCALL); +} + +int +SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method) +{ + if (ctx->method->dtls) + return 0; + + ctx->quic_method = quic_method; + + return 1; +} + +int +SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method) +{ + if (ssl->method->dtls) + return 0; + + ssl->quic_method = quic_method; + + return 1; +} + +size_t +SSL_quic_max_handshake_flight_len(const SSL *ssl, + enum ssl_encryption_level_t level) +{ + size_t flight_len; + + /* Limit flights to 16K when there are no large certificate messages. */ + flight_len = 16384; + + switch (level) { + case ssl_encryption_initial: + return flight_len; + + case ssl_encryption_early_data: + /* QUIC does not send EndOfEarlyData. */ + return 0; + + case ssl_encryption_handshake: + if (ssl->server) { + /* + * Servers may receive Certificate message if configured + * to request client certificates. + */ + if ((SSL_get_verify_mode(ssl) & SSL_VERIFY_PEER) != 0 && + ssl->internal->max_cert_list > flight_len) + flight_len = ssl->internal->max_cert_list; + } else { + /* + * Clients may receive both Certificate message and a + * CertificateRequest message. + */ + if (ssl->internal->max_cert_list * 2 > flight_len) + flight_len = ssl->internal->max_cert_list * 2; + } + return flight_len; + case ssl_encryption_application: + /* + * Note there is not actually a bound on the number of + * NewSessionTickets one may send in a row. This level may need + * more involved flow control. + */ + return flight_len; } - if (i == 0) { - if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) && - (S3I(s)->warn_alert == SSL_AD_CLOSE_NOTIFY)) - return (SSL_ERROR_ZERO_RETURN); + return 0; +} + +enum ssl_encryption_level_t +SSL_quic_read_level(const SSL *ssl) +{ + return ssl->s3->hs.tls13.quic_read_level; +} + +enum ssl_encryption_level_t +SSL_quic_write_level(const SSL *ssl) +{ + return ssl->s3->hs.tls13.quic_write_level; +} + +int +SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level, + const uint8_t *data, size_t len) +{ + if (!SSL_is_quic(ssl)) { + SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; } - return (SSL_ERROR_SYSCALL); + + if (level != SSL_quic_read_level(ssl)) { + SSLerror(ssl, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED); + return 0; + } + + if (ssl->s3->hs.tls13.quic_read_buffer == NULL) { + ssl->s3->hs.tls13.quic_read_buffer = tls_buffer_new(0); + if (ssl->s3->hs.tls13.quic_read_buffer == NULL) { + SSLerror(ssl, ERR_R_MALLOC_FAILURE); + return 0; + } + } + + /* XXX - note that this does not currently downsize. */ + tls_buffer_set_capacity_limit(ssl->s3->hs.tls13.quic_read_buffer, + SSL_quic_max_handshake_flight_len(ssl, level)); + + /* + * XXX - an append that fails due to exceeding capacity should set + * SSL_R_EXCESSIVE_MESSAGE_SIZE. + */ + return tls_buffer_append(ssl->s3->hs.tls13.quic_read_buffer, data, len); } int -SSL_do_handshake(SSL *s) +SSL_process_quic_post_handshake(SSL *ssl) { - int ret = 1; + /* XXX - this needs to run PHH received. */ + return 1; +} +int +SSL_do_handshake(SSL *s) +{ if (s->internal->handshake_func == NULL) { SSLerror(s, SSL_R_CONNECTION_TYPE_NOT_SET); return (-1); @@ -2493,10 +2716,10 @@ SSL_do_handshake(SSL *s) s->method->ssl_renegotiate_check(s); - if (SSL_in_init(s) || SSL_in_before(s)) { - ret = s->internal->handshake_func(s); - } - return (ret); + if (!SSL_in_init(s) && !SSL_in_before(s)) + return 1; + + return s->internal->handshake_func(s); } /* @@ -2508,7 +2731,7 @@ SSL_set_accept_state(SSL *s) { s->server = 1; s->internal->shutdown = 0; - S3I(s)->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE; + s->s3->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE; s->internal->handshake_func = s->method->ssl_accept; ssl_clear_cipher_state(s); } @@ -2518,7 +2741,7 @@ SSL_set_connect_state(SSL *s) { s->server = 0; s->internal->shutdown = 0; - S3I(s)->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE; + s->s3->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE; s->internal->handshake_func = s->method->ssl_connect; ssl_clear_cipher_state(s); } @@ -2650,7 +2873,7 @@ SSL_dup(SSL *s) ret->internal->quiet_shutdown = s->internal->quiet_shutdown; ret->internal->shutdown = s->internal->shutdown; /* SSL_dup does not really work at any state, though */ - S3I(ret)->hs.state = S3I(s)->hs.state; + ret->s3->hs.state = s->s3->hs.state; ret->internal->rstate = s->internal->rstate; /* @@ -2696,22 +2919,8 @@ SSL_dup(SSL *s) void ssl_clear_cipher_state(SSL *s) -{ - ssl_clear_cipher_read_state(s); - ssl_clear_cipher_write_state(s); -} - -void -ssl_clear_cipher_read_state(SSL *s) { tls12_record_layer_clear_read_state(s->internal->rl); - tls12_record_layer_read_cipher_hash(s->internal->rl, - &s->enc_read_ctx, &s->read_hash); -} - -void -ssl_clear_cipher_write_state(SSL *s) -{ tls12_record_layer_clear_write_state(s->internal->rl); } @@ -2730,9 +2939,17 @@ void ssl_msg_callback(SSL *s, int is_write, int content_type, const void *msg_buf, size_t msg_len) { - if (s->internal->msg_callback != NULL) - s->internal->msg_callback(is_write, s->version, content_type, - msg_buf, msg_len, s, s->internal->msg_callback_arg); + if (s->internal->msg_callback == NULL) + return; + + s->internal->msg_callback(is_write, s->version, content_type, + msg_buf, msg_len, s, s->internal->msg_callback_arg); +} + +void +ssl_msg_callback_cbs(SSL *s, int is_write, int content_type, CBS *cbs) +{ + ssl_msg_callback(s, is_write, content_type, CBS_data(cbs), CBS_len(cbs)); } /* Fix this function so that it takes an optional type parameter */ @@ -2899,7 +3116,7 @@ SSL_get_SSL_CTX(const SSL *ssl) SSL_CTX * SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) { - CERT *new_cert; + SSL_CERT *new_cert; if (ctx == NULL) ctx = ssl->initial_ctx; @@ -2951,13 +3168,13 @@ void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val) int SSL_state(const SSL *ssl) { - return (S3I(ssl)->hs.state); + return (ssl->s3->hs.state); } void SSL_set_state(SSL *ssl, int state) { - S3I(ssl)->hs.state = state; + ssl->s3->hs.state = state; } void @@ -3205,6 +3422,68 @@ SSL_CTX_get_ssl_method(const SSL_CTX *ctx) return ctx->method; } +int +SSL_CTX_get_security_level(const SSL_CTX *ctx) +{ + return ctx->internal->cert->security_level; +} + +void +SSL_CTX_set_security_level(SSL_CTX *ctx, int level) +{ + ctx->internal->cert->security_level = level; +} + +int +SSL_get_security_level(const SSL *ssl) +{ + return ssl->cert->security_level; +} + +void +SSL_set_security_level(SSL *ssl, int level) +{ + ssl->cert->security_level = level; +} + +int +SSL_is_quic(const SSL *ssl) +{ + return ssl->quic_method != NULL; +} + +int +SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, + size_t params_len) +{ + freezero(ssl->internal->quic_transport_params, + ssl->internal->quic_transport_params_len); + ssl->internal->quic_transport_params = NULL; + ssl->internal->quic_transport_params_len = 0; + + if ((ssl->internal->quic_transport_params = malloc(params_len)) == NULL) + return 0; + + memcpy(ssl->internal->quic_transport_params, params, params_len); + ssl->internal->quic_transport_params_len = params_len; + + return 1; +} + +void +SSL_get_peer_quic_transport_params(const SSL *ssl, const uint8_t **out_params, + size_t *out_params_len) +{ + *out_params = ssl->s3->peer_quic_transport_params; + *out_params_len = ssl->s3->peer_quic_transport_params_len; +} + +void +SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy) +{ + /* Not supported. */ +} + static int ssl_cipher_id_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) { diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 7ff3e071..a6fc6eaa 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.358 2021/08/30 19:25:43 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.425 2022/09/10 15:29:33 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -213,10 +213,10 @@ __BEGIN_HIDDEN_DECLS /* Bits for algorithm_auth (server authentication) */ #define SSL_aRSA 0x00000001L /* RSA auth */ -#define SSL_aDSS 0x00000002L /* DSS auth */ -#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ +#define SSL_aDSS 0x00000002L /* DSS auth */ +#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ #define SSL_aECDSA 0x00000040L /* ECDSA auth*/ -#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ +#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ #define SSL_aTLS1_3 0x00000400L /* TLSv1.3 authentication */ /* Bits for algorithm_enc (symmetric encryption) */ @@ -234,7 +234,7 @@ __BEGIN_HIDDEN_DECLS #define SSL_AES256GCM 0x00000800L #define SSL_CHACHA20POLY1305 0x00001000L -#define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM) +#define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM) #define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) @@ -341,19 +341,13 @@ __BEGIN_HIDDEN_DECLS #define SSL_MAX_EMPTY_RECORDS 32 /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | - * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) + * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN * SSL_aRSA <- RSA_ENC | RSA_SIGN * SSL_aDSS <- DSA_SIGN */ -/* -#define CERT_INVALID 0 -#define CERT_PUBLIC_KEY 1 -#define CERT_PRIVATE_KEY 2 -*/ - /* From ECC-TLS draft, used in encoding the curve type in * ECParameters */ @@ -361,6 +355,44 @@ __BEGIN_HIDDEN_DECLS #define EXPLICIT_CHAR2_CURVE_TYPE 2 #define NAMED_CURVE_TYPE 3 +typedef struct ssl_cert_pkey_st { + X509 *x509; + EVP_PKEY *privatekey; + STACK_OF(X509) *chain; +} SSL_CERT_PKEY; + +typedef struct ssl_cert_st { + /* Current active set */ + /* ALWAYS points to an element of the pkeys array + * Probably it would make more sense to store + * an index, not a pointer. */ + SSL_CERT_PKEY *key; + + SSL_CERT_PKEY pkeys[SSL_PKEY_NUM]; + + /* The following masks are for the key and auth + * algorithms that are supported by the certs below */ + int valid; + unsigned long mask_k; + unsigned long mask_a; + + DH *dhe_params; + DH *(*dhe_params_cb)(SSL *ssl, int is_export, int keysize); + int dhe_params_auto; + + int (*security_cb)(const SSL *s, const SSL_CTX *ctx, int op, int bits, + int nid, void *other, void *ex_data); /* Not exposed in API. */ + int security_level; + void *security_ex_data; /* Not exposed in API. */ + + int references; /* >1 only if SSL_copy_session_id is used */ +} SSL_CERT; + +struct ssl_comp_st { + int id; + const char *name; +}; + struct ssl_cipher_st { int valid; const char *name; /* text name */ @@ -407,35 +439,14 @@ struct ssl_method_st { unsigned int enc_flags; /* SSL_ENC_FLAG_* */ }; -typedef struct ssl_session_internal_st { - CRYPTO_EX_DATA ex_data; /* application specific data */ - - /* These are used to make removal of session-ids more - * efficient and to implement a maximum cache size. */ - struct ssl_session_st *prev, *next; - - /* Used to indicate that session resumption is not allowed. - * Applications can also set this bit for a new session via - * not_resumable_session_cb to disable session caching and tickets. */ - int not_resumable; - - /* The cert is the certificate used to establish this connection */ - struct sess_cert_st /* SESS_CERT */ *sess_cert; - - size_t tlsext_ecpointformatlist_length; - uint8_t *tlsext_ecpointformatlist; /* peer's list */ - size_t tlsext_supportedgroups_length; - uint16_t *tlsext_supportedgroups; /* peer's list */ -} SSL_SESSION_INTERNAL; -#define SSI(s) (s->session->internal) - -/* Lets make this into an ASN.1 type structure as follows +/* + * Let's make this into an ASN.1 type structure as follows * SSL_SESSION_ID ::= SEQUENCE { - * version INTEGER, -- structure version number - * SSLversion INTEGER, -- SSL version number - * Cipher OCTET STRING, -- the 3 byte cipher ID - * Session_ID OCTET STRING, -- the Session ID - * Master_key OCTET STRING, -- the master key + * version INTEGER, -- structure version number + * SSLversion INTEGER, -- SSL version number + * Cipher OCTET STRING, -- the 2 byte cipher ID + * Session_ID OCTET STRING, -- the Session ID + * Master_key OCTET STRING, -- the master key * KRB5_principal OCTET STRING -- optional Kerberos principal * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds @@ -449,7 +460,7 @@ typedef struct ssl_session_internal_st { * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username - * } + * } * Look in ssl/ssl_asn1.c for more details * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). */ @@ -457,21 +468,22 @@ struct ssl_session_st { int ssl_version; /* what ssl version session info is * being kept in here? */ - int master_key_length; + size_t master_key_length; unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; /* session_id - valid? */ - unsigned int session_id_length; + size_t session_id_length; unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* this is used to determine whether the session is being reused in * the appropriate context. It is up to the application to set this, * via SSL_new */ - unsigned int sid_ctx_length; + size_t sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - /* This is the cert for the other end. */ - X509 *peer; + /* Peer provided leaf (end-entity) certificate. */ + X509 *peer_cert; + int peer_cert_type; /* when app_verify_callback accepts a session where the peer's certificate * is not ok, we must remember the error for session reuse: */ @@ -491,18 +503,26 @@ struct ssl_session_st { char *tlsext_hostname; /* RFC4507 info */ - unsigned char *tlsext_tick; /* Session ticket */ - size_t tlsext_ticklen; /* Session ticket length */ - long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ + unsigned char *tlsext_tick; /* Session ticket */ + size_t tlsext_ticklen; /* Session ticket length */ + uint32_t tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ - struct ssl_session_internal_st *internal; -}; + CRYPTO_EX_DATA ex_data; /* application specific data */ -typedef struct cert_pkey_st { - X509 *x509; - EVP_PKEY *privatekey; - STACK_OF(X509) *chain; -} CERT_PKEY; + /* These are used to make removal of session-ids more + * efficient and to implement a maximum cache size. */ + struct ssl_session_st *prev, *next; + + /* Used to indicate that session resumption is not allowed. + * Applications can also set this bit for a new session via + * not_resumable_session_cb to disable session caching and tickets. */ + int not_resumable; + + size_t tlsext_ecpointformatlist_length; + uint8_t *tlsext_ecpointformatlist; /* peer's list */ + size_t tlsext_supportedgroups_length; + uint16_t *tlsext_supportedgroups; /* peer's list */ +}; struct ssl_sigalg; @@ -532,14 +552,16 @@ typedef struct ssl_handshake_tls13_st { int use_legacy; int hrr; + /* Client indicates psk_dhe_ke support in PskKeyExchangeMode. */ + int use_psk_dhe_ke; + /* Certificate selected for use (static pointer). */ - const CERT_PKEY *cpk; + const SSL_CERT_PKEY *cpk; /* Version proposed by peer server. */ uint16_t server_version; uint16_t server_group; - struct tls13_key_share *key_share; struct tls13_secrets *secrets; uint8_t *cookie; @@ -557,6 +579,11 @@ typedef struct ssl_handshake_tls13_st { EVP_MD_CTX *clienthello_md_ctx; unsigned char *clienthello_hash; unsigned int clienthello_hash_len; + + /* QUIC read buffer and read/write encryption levels. */ + struct tls_buffer *quic_read_buffer; + enum ssl_encryption_level_t quic_read_level; + enum ssl_encryption_level_t quic_write_level; } SSL_HANDSHAKE_TLS13; typedef struct ssl_handshake_st { @@ -577,6 +604,13 @@ typedef struct ssl_handshake_st { */ uint16_t negotiated_tls_version; + /* + * Legacy version advertised by our peer. For a server this is the + * version specified by the client in the ClientHello message. For a + * client, this is the version provided in the ServerHello message. + */ + uint16_t peer_legacy_version; + /* * Current handshake state - contains one of the SSL3_ST_* values and * is used by the TLSv1.2 state machine, as well as being updated by @@ -598,6 +632,9 @@ typedef struct ssl_handshake_st { uint8_t *sigalgs; size_t sigalgs_len; + /* Key share for ephemeral key exchange. */ + struct tls_key_share *key_share; + /* * Copies of the verify data sent in our finished message and the * verify data received in the finished message sent by our peer. @@ -607,10 +644,22 @@ typedef struct ssl_handshake_st { uint8_t peer_finished[EVP_MAX_MD_SIZE]; size_t peer_finished_len; + /* List of certificates received from our peer. */ + STACK_OF(X509) *peer_certs; + STACK_OF(X509) *peer_certs_no_leaf; + SSL_HANDSHAKE_TLS12 tls12; SSL_HANDSHAKE_TLS13 tls13; } SSL_HANDSHAKE; +typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; + +/* TLS Session Ticket extension struct. */ +struct tls_session_ticket_ext_st { + unsigned short length; + void *data; +}; + struct tls12_key_block; struct tls12_key_block *tls12_key_block_new(void); @@ -650,8 +699,6 @@ void tls12_record_layer_write_epoch_done(struct tls12_record_layer *rl, void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl); void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl); void tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl); -void tls12_record_layer_read_cipher_hash(struct tls12_record_layer *rl, - EVP_CIPHER_CTX **cipher, EVP_MD_CTX **hash); int tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl, CBS *mac_key, CBS *key, CBS *iv); int tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl, @@ -770,7 +817,7 @@ typedef struct ssl_ctx_internal_st { STACK_OF(SSL_CIPHER) *cipher_list_tls13; - struct cert_st /* CERT */ *cert; + SSL_CERT *cert; /* Default values used when no per-SSL value is defined follow */ @@ -823,15 +870,56 @@ typedef struct ssl_ctx_internal_st { void *alpn_select_cb_arg; /* Client list of supported protocols in wire format. */ - unsigned char *alpn_client_proto_list; - unsigned int alpn_client_proto_list_len; + uint8_t *alpn_client_proto_list; + size_t alpn_client_proto_list_len; size_t tlsext_ecpointformatlist_length; uint8_t *tlsext_ecpointformatlist; /* our list */ size_t tlsext_supportedgroups_length; uint16_t *tlsext_supportedgroups; /* our list */ + SSL_CTX_keylog_cb_func keylog_callback; /* Unused. For OpenSSL compatibility. */ + size_t num_tickets; /* Unused, for OpenSSL compatibility */ } SSL_CTX_INTERNAL; +struct ssl_ctx_st { + const SSL_METHOD *method; + const SSL_QUIC_METHOD *quic_method; + + STACK_OF(SSL_CIPHER) *cipher_list; + + struct x509_store_st /* X509_STORE */ *cert_store; + + /* If timeout is not 0, it is the default timeout value set + * when SSL_new() is called. This has been put in to make + * life easier to set things up */ + long session_timeout; + + int references; + + /* Default values to use in SSL structures follow (these are copied by SSL_new) */ + + STACK_OF(X509) *extra_certs; + + int verify_mode; + size_t sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + + X509_VERIFY_PARAM *param; + + /* + * XXX + * default_passwd_cb used by python and openvpn, need to keep it until we + * add an accessor + */ + /* Default password callback. */ + pem_password_cb *default_passwd_callback; + + /* Default password callback user data. */ + void *default_passwd_callback_userdata; + + struct ssl_ctx_internal_st *internal; +}; + typedef struct ssl_internal_st { struct tls13_ctx *tls13; @@ -849,8 +937,12 @@ typedef struct ssl_internal_st { unsigned long mode; /* API behaviour */ /* Client list of supported protocols in wire format. */ - unsigned char *alpn_client_proto_list; - unsigned int alpn_client_proto_list_len; + uint8_t *alpn_client_proto_list; + size_t alpn_client_proto_list_len; + + /* QUIC transport params we will send */ + uint8_t *quic_transport_params; + size_t quic_transport_params_len; /* XXX Callbacks */ @@ -963,7 +1055,7 @@ typedef struct ssl_internal_st { const SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */ int renegotiate;/* 1 if we are renegotiating. - * 2 if we are a server and are inside a handshake + * 2 if we are a server and are inside a handshake * (i.e. not just sending a HelloRequest) */ int rstate; /* where we are when reading */ @@ -971,8 +1063,78 @@ typedef struct ssl_internal_st { int mac_packet; int empty_record_count; + + size_t num_tickets; /* Unused, for OpenSSL compatibility */ + STACK_OF(X509) *verified_chain; } SSL_INTERNAL; +struct ssl_st { + /* protocol version + * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) + */ + int version; + + const SSL_METHOD *method; + const SSL_QUIC_METHOD *quic_method; + + /* There are 2 BIO's even though they are normally both the + * same. This is so data can be read and written to different + * handlers */ + + BIO *rbio; /* used by SSL_read */ + BIO *wbio; /* used by SSL_write */ + BIO *bbio; /* used during session-id reuse to concatenate + * messages */ + int server; /* are we the server side? - mostly used by SSL_clear*/ + + struct ssl3_state_st *s3; /* SSLv3 variables */ + struct dtls1_state_st *d1; /* DTLSv1 variables */ + + X509_VERIFY_PARAM *param; + + /* crypto */ + STACK_OF(SSL_CIPHER) *cipher_list; + + /* This is used to hold the server certificate used */ + SSL_CERT *cert; + + /* the session_id_context is used to ensure sessions are only reused + * in the appropriate context */ + size_t sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + + /* This can also be in the session once a session is established */ + SSL_SESSION *session; + + /* Used in SSL2 and SSL3 */ + int verify_mode; /* 0 don't care about verify failure. + * 1 fail if verify fails */ + int error; /* error bytes to be written */ + int error_code; /* actual code */ + + SSL_CTX *ctx; + + long verify_result; + + int references; + + int client_version; /* what was passed, used for + * SSLv3/TLS rollback check */ + + unsigned int max_send_fragment; + + char *tlsext_hostname; + + /* certificate status request info */ + /* Status type or -1 if no status type */ + int tlsext_status_type; + + SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ +#define session_ctx initial_ctx + + struct ssl_internal_st *internal; +}; + typedef struct ssl3_record_internal_st { int type; /* type of record */ unsigned int length; /* How many bytes available */ @@ -992,7 +1154,12 @@ typedef struct ssl3_buffer_internal_st { int left; /* how many bytes left */ } SSL3_BUFFER_INTERNAL; -typedef struct ssl3_state_internal_st { +typedef struct ssl3_state_st { + long flags; + + unsigned char server_random[SSL3_RANDOM_SIZE]; + unsigned char client_random[SSL3_RANDOM_SIZE]; + SSL3_BUFFER_INTERNAL rbuf; /* read IO goes into here */ SSL3_BUFFER_INTERNAL wbuf; /* write IO goes into here */ @@ -1022,7 +1189,7 @@ typedef struct ssl3_state_internal_st { const unsigned char *wpend_buf; /* Transcript of handshake messages that have been sent and received. */ - BUF_MEM *handshake_transcript; + struct tls_buffer *handshake_transcript; /* Rolling hash of handshake messages. */ EVP_MD_CTX *handshake_hash; @@ -1044,15 +1211,6 @@ typedef struct ssl3_state_internal_st { SSL_HANDSHAKE hs; - struct { - DH *dh; - - EC_KEY *ecdh; /* holds short lived ECDH key */ - int ecdh_nid; - - uint8_t *x25519; - } tmp; - /* Connection binding to prevent renegotiation attacks */ unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; unsigned char previous_client_finished_len; @@ -1071,64 +1229,14 @@ typedef struct ssl3_state_internal_st { * protocol that the server selected once the ServerHello has been * processed. */ - unsigned char *alpn_selected; + uint8_t *alpn_selected; size_t alpn_selected_len; -} SSL3_STATE_INTERNAL; -#define S3I(s) (s->s3->internal) - -typedef struct ssl3_state_st { - long flags; - unsigned char server_random[SSL3_RANDOM_SIZE]; - unsigned char client_random[SSL3_RANDOM_SIZE]; - - struct ssl3_state_internal_st *internal; + /* Contains the QUIC transport params received from our peer. */ + uint8_t *peer_quic_transport_params; + size_t peer_quic_transport_params_len; } SSL3_STATE; -typedef struct cert_st { - /* Current active set */ - CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array - * Probably it would make more sense to store - * an index, not a pointer. */ - - /* The following masks are for the key and auth - * algorithms that are supported by the certs below */ - int valid; - unsigned long mask_k; - unsigned long mask_a; - - DH *dh_tmp; - DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize); - int dh_tmp_auto; - - CERT_PKEY pkeys[SSL_PKEY_NUM]; - - int references; /* >1 only if SSL_copy_session_id is used */ -} CERT; - - -typedef struct sess_cert_st { - STACK_OF(X509) *cert_chain; /* as received from peer */ - - /* The 'peer_...' members are used only by clients. */ - int peer_cert_type; - - CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */ - CERT_PKEY peer_pkeys[SSL_PKEY_NUM]; - /* Obviously we don't have the private keys of these, - * so maybe we shouldn't even use the CERT_PKEY type here. */ - - int peer_nid; - DH *peer_dh_tmp; - EC_KEY *peer_ecdh_tmp; - uint8_t *peer_x25519_tmp; - - int references; /* actually always 1 at the moment */ -} SESS_CERT; - -/*#define SSL_DEBUG */ -/*#define RSA_DEBUG */ - /* * Flag values for enc_flags. */ @@ -1165,6 +1273,7 @@ int ssl_supported_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver uint16_t ssl_tls_version(uint16_t version); uint16_t ssl_effective_tls_version(SSL *s); int ssl_max_supported_version(SSL *s, uint16_t *max_ver); +int ssl_max_legacy_version(SSL *s, uint16_t *max_ver); int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver); int ssl_check_version_from_server(SSL *s, uint16_t server_version); int ssl_legacy_stack_version(SSL *s, uint16_t version); @@ -1176,24 +1285,40 @@ const SSL_METHOD *tls_legacy_method(void); const SSL_METHOD *ssl_get_method(uint16_t version); void ssl_clear_cipher_state(SSL *s); -void ssl_clear_cipher_read_state(SSL *s); -void ssl_clear_cipher_write_state(SSL *s); int ssl_clear_bad_session(SSL *s); void ssl_info_callback(const SSL *s, int type, int value); void ssl_msg_callback(SSL *s, int is_write, int content_type, const void *msg_buf, size_t msg_len); +void ssl_msg_callback_cbs(SSL *s, int is_write, int content_type, CBS *cbs); + +SSL_CERT *ssl_cert_new(void); +SSL_CERT *ssl_cert_dup(SSL_CERT *cert); +void ssl_cert_free(SSL_CERT *c); +SSL_CERT *ssl_get0_cert(SSL_CTX *ctx, SSL *ssl); +int ssl_cert_set0_chain(SSL_CTX *ctx, SSL *ssl, STACK_OF(X509) *chain); +int ssl_cert_set1_chain(SSL_CTX *ctx, SSL *ssl, STACK_OF(X509) *chain); +int ssl_cert_add0_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert); +int ssl_cert_add1_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert); + +int ssl_security_default_cb(const SSL *ssl, const SSL_CTX *ctx, int op, + int bits, int nid, void *other, void *ex_data); + +int ssl_security_cipher_check(const SSL *ssl, SSL_CIPHER *cipher); +int ssl_security_shared_cipher(const SSL *ssl, SSL_CIPHER *cipher); +int ssl_security_supported_cipher(const SSL *ssl, SSL_CIPHER *cipher); +int ssl_ctx_security_dh(const SSL_CTX *ctx, DH *dh); +int ssl_security_dh(const SSL *ssl, DH *dh); +int ssl_security_sigalg_check(const SSL *ssl, const EVP_PKEY *pkey); +int ssl_security_tickets(const SSL *ssl); +int ssl_security_version(const SSL *ssl, int version); +int ssl_security_cert(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, + int is_peer, int *out_error); +int ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk, + X509 *x509, int *out_error); +int ssl_security_shared_group(const SSL *ssl, uint16_t group_id); +int ssl_security_supported_group(const SSL *ssl, uint16_t group_id); -CERT *ssl_cert_new(void); -CERT *ssl_cert_dup(CERT *cert); -void ssl_cert_free(CERT *c); -int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain); -int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain); -int ssl_cert_add0_chain_cert(CERT *c, X509 *cert); -int ssl_cert_add1_chain_cert(CERT *c, X509 *cert); - -SESS_CERT *ssl_sess_cert_new(void); -void ssl_sess_cert_free(SESS_CERT *sc); int ssl_get_new_session(SSL *s, int session); int ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert); @@ -1204,7 +1329,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb); STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, CBS *cbs); STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) *tls13, - const char *rule_str); + const char *rule_str, SSL_CERT *cert); int ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str); int ssl_merge_cipherlists(STACK_OF(SSL_CIPHER) *cipherlist, STACK_OF(SSL_CIPHER) *cipherlist_tls13, @@ -1219,12 +1344,12 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); int ssl_undefined_function(SSL *s); int ssl_undefined_void_function(void); int ssl_undefined_const_function(const SSL *s); -CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); +SSL_CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd, const struct ssl_sigalg **sap); -DH *ssl_get_auto_dh(SSL *s); -int ssl_cert_type(X509 *x, EVP_PKEY *pkey); -void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); +size_t ssl_dhe_params_auto_key_bits(SSL *s); +int ssl_cert_type(EVP_PKEY *pkey); +void ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher); STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); int ssl_has_ecc_ciphers(SSL *s); int ssl_verify_alarm_type(long type); @@ -1240,7 +1365,7 @@ int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b); int ssl3_do_write(SSL *s, int type); int ssl3_send_alert(SSL *s, int level, int desc); int ssl3_get_req_cert_types(SSL *s, CBB *cbb); -long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); +int ssl3_get_message(SSL *s, int st1, int stn, int mt, long max); int ssl3_send_finished(SSL *s, int state_a, int state_b); int ssl3_num_ciphers(void); const SSL_CIPHER *ssl3_get_cipher(unsigned int u); @@ -1251,10 +1376,14 @@ int ssl3_renegotiate(SSL *ssl); int ssl3_renegotiate_check(SSL *ssl); +void ssl_force_want_read(SSL *s); + int ssl3_dispatch_alert(SSL *s); +int ssl3_read_alert(SSL *s); +int ssl3_read_change_cipher_spec(SSL *s); int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); -int ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk); +int ssl3_output_cert_chain(SSL *s, CBB *cbb, SSL_CERT_PKEY *cpk); SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *srvr); int ssl3_setup_buffers(SSL *s); @@ -1324,6 +1453,17 @@ int ssl3_get_client_certificate(SSL *s); int ssl3_get_client_key_exchange(SSL *s); int ssl3_get_cert_verify(SSL *s); +int ssl_kex_generate_dhe(DH *dh, DH *dh_params); +int ssl_kex_generate_dhe_params_auto(DH *dh, size_t key_len); +int ssl_kex_params_dhe(DH *dh, CBB *cbb); +int ssl_kex_public_dhe(DH *dh, CBB *cbb); +int ssl_kex_peer_params_dhe(DH *dh, CBS *cbs, int *decode_error, + int *invalid_params); +int ssl_kex_peer_public_dhe(DH *dh, CBS *cbs, int *decode_error, + int *invalid_key); +int ssl_kex_derive_dhe(DH *dh, DH *dh_peer, + uint8_t **shared_key, size_t *shared_key_len); + int ssl_kex_dummy_ecdhe_x25519(EVP_PKEY *pkey); int ssl_kex_generate_ecdhe_ecp(EC_KEY *ecdh, int nid); int ssl_kex_public_ecdhe_ecp(EC_KEY *ecdh, CBB *cbb); @@ -1340,7 +1480,7 @@ void ssl_free_wbio_buffer(SSL *s); int tls1_transcript_hash_init(SSL *s); int tls1_transcript_hash_update(SSL *s, const unsigned char *buf, size_t len); -int tls1_transcript_hash_value(SSL *s, const unsigned char *out, size_t len, +int tls1_transcript_hash_value(SSL *s, unsigned char *out, size_t len, size_t *outlen); void tls1_transcript_hash_free(SSL *s); @@ -1374,22 +1514,25 @@ int tls12_derive_master_secret(SSL *s, uint8_t *premaster_secret, size_t premaster_secret_len); int ssl_using_ecc_cipher(SSL *s); -int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); +int ssl_check_srvr_ecc_cert_and_alg(SSL *s, X509 *x); -void tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats, - size_t *pformatslen); -void tls1_get_group_list(SSL *s, int client_groups, const uint16_t **pgroups, - size_t *pgroupslen); +void tls1_get_formatlist(const SSL *s, int client_formats, + const uint8_t **pformats, size_t *pformatslen); +void tls1_get_group_list(const SSL *s, int client_groups, + const uint16_t **pgroups, size_t *pgroupslen); int tls1_set_groups(uint16_t **out_group_ids, size_t *out_group_ids_len, const int *groups, size_t ngroups); int tls1_set_group_list(uint16_t **out_group_ids, size_t *out_group_ids_len, const char *groups); -int tls1_ec_curve_id2nid(const uint16_t curve_id); -uint16_t tls1_ec_nid2curve_id(const int nid); -int tls1_check_curve(SSL *s, const uint16_t group_id); -int tls1_get_shared_curve(SSL *s); +int tls1_ec_group_id2nid(uint16_t group_id, int *out_nid); +int tls1_ec_group_id2bits(uint16_t group_id, int *out_bits); +int tls1_ec_nid2group_id(int nid, uint16_t *out_group_id); +int tls1_check_group(SSL *s, uint16_t group_id); +int tls1_count_shared_groups(const SSL *ssl, size_t *out_count); +int tls1_get_shared_group_by_index(const SSL *ssl, size_t index, int *out_nid); +int tls1_get_supported_group(const SSL *s, int *out_nid); int ssl_check_clienthello_tlsext_early(SSL *s); int ssl_check_clienthello_tlsext_late(SSL *s); @@ -1431,6 +1574,8 @@ int srtp_find_profile_by_num(unsigned int profile_num, #endif /* OPENSSL_NO_SRTP */ +int tls_process_peer_certs(SSL *s, STACK_OF(X509) *peer_certs); + __END_HIDDEN_DECLS #endif diff --git a/ssl/ssl_packet.c b/ssl/ssl_packet.c index af56dcef..091685b2 100644 --- a/ssl/ssl_packet.c +++ b/ssl/ssl_packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_packet.c,v 1.12 2021/07/01 17:53:39 jsing Exp $ */ +/* $OpenBSD: ssl_packet.c,v 1.13 2022/02/05 14:54:10 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing * @@ -209,10 +209,10 @@ ssl_convert_sslv2_client_hello(SSL *s) if (!CBB_finish(&cbb, &data, &data_len)) goto err; - if (data_len > S3I(s)->rbuf.len) + if (data_len > s->s3->rbuf.len) goto err; - s->internal->packet = S3I(s)->rbuf.buf; + s->internal->packet = s->s3->rbuf.buf; s->internal->packet_length = data_len; memcpy(s->internal->packet, data, data_len); ret = 1; diff --git a/ssl/ssl_pkt.c b/ssl/ssl_pkt.c index 049a7df3..d9f5a0d0 100644 --- a/ssl/ssl_pkt.c +++ b/ssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.50 2021/08/30 19:25:43 jsing Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.60 2022/09/11 13:51:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -127,21 +127,22 @@ static int ssl3_get_record(SSL *s); * Force a WANT_READ return for certain error conditions where * we don't want to spin internally. */ -static void +void ssl_force_want_read(SSL *s) { - BIO * bio; + BIO *bio; bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); + s->internal->rwstate = SSL_READING; } /* * If extend == 0, obtain new n-byte packet; if extend == 1, increase * packet by another n bytes. - * The packet will be in the sub-array of S3I(s)->rbuf.buf specified + * The packet will be in the sub-array of s->s3->rbuf.buf specified * by s->internal->packet and s->internal->packet_length. * (If s->internal->read_ahead is set, 'max' bytes may be stored in rbuf * [plus s->internal->packet_length bytes if extend == 1].) @@ -149,7 +150,7 @@ ssl_force_want_read(SSL *s) static int ssl3_read_n(SSL *s, int n, int max, int extend) { - SSL3_BUFFER_INTERNAL *rb = &(S3I(s)->rbuf); + SSL3_BUFFER_INTERNAL *rb = &(s->s3->rbuf); int i, len, left; size_t align; unsigned char *pkt; @@ -238,7 +239,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) } while (left < n) { - /* Now we have len+left bytes at the front of S3I(s)->rbuf.buf + /* Now we have len+left bytes at the front of s->s3->rbuf.buf * and need to read in more until we have len+n (up to * len+max if possible) */ @@ -287,7 +288,7 @@ ssl3_packet_read(SSL *s, int plen) { int n; - n = ssl3_read_n(s, plen, S3I(s)->rbuf.len, 0); + n = ssl3_read_n(s, plen, s->s3->rbuf.len, 0); if (n <= 0) return n; if (s->internal->packet_length < plen) @@ -326,8 +327,8 @@ ssl3_packet_extend(SSL *s, int plen) static int ssl3_get_record(SSL *s) { - SSL3_BUFFER_INTERNAL *rb = &(S3I(s)->rbuf); - SSL3_RECORD_INTERNAL *rr = &(S3I(s)->rrec); + SSL3_BUFFER_INTERNAL *rb = &(s->s3->rbuf); + SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec); uint8_t alert_desc; uint8_t *out; size_t out_len; @@ -482,8 +483,8 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) } s->internal->rwstate = SSL_NOTHING; - tot = S3I(s)->wnum; - S3I(s)->wnum = 0; + tot = s->s3->wnum; + s->s3->wnum = 0; if (SSL_in_init(s) && !s->internal->in_handshake) { i = s->internal->handshake_func(s); @@ -506,7 +507,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) i = do_ssl3_write(s, type, &(buf[tot]), nw); if (i <= 0) { - S3I(s)->wnum = tot; + s->s3->wnum = tot; return i; } @@ -517,7 +518,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * empty fragment in ciphersuites with known-IV * weakness. */ - S3I(s)->empty_fragment_done = 0; + s->s3->empty_fragment_done = 0; return tot + i; } @@ -530,7 +531,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) { - SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf); + SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf); SSL_SESSION *sess = s->session; int need_empty_fragment = 0; size_t align, out_len; @@ -552,7 +553,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) return (ssl3_write_pending(s, type, buf, len)); /* If we have an alert to send, let's send it. */ - if (S3I(s)->alert_dispatch) { + if (s->s3->alert_dispatch) { if ((ret = ssl3_dispatch_alert(s)) <= 0) return (ret); /* If it went, fall through and send more stuff. */ @@ -571,9 +572,9 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) * bytes and record version number > TLS 1.0. */ version = s->version; - if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && + if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate && - S3I(s)->hs.our_max_tls_version > TLS1_VERSION) + s->s3->hs.our_max_tls_version > TLS1_VERSION) version = TLS1_VERSION; /* @@ -582,8 +583,8 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) * is unnecessary for AEAD. */ if (sess != NULL && tls12_record_layer_write_protected(s->internal->rl)) { - if (S3I(s)->need_empty_fragments && - !S3I(s)->empty_fragment_done && + if (s->s3->need_empty_fragments && + !s->s3->empty_fragment_done && type == SSL3_RT_APPLICATION_DATA) need_empty_fragment = 1; } @@ -608,7 +609,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) if (!tls12_record_layer_seal_record(s->internal->rl, type, buf, 0, &cbb)) goto err; - S3I(s)->empty_fragment_done = 1; + s->s3->empty_fragment_done = 1; } if (!tls12_record_layer_seal_record(s->internal->rl, type, buf, len, &cbb)) @@ -623,10 +624,10 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) * Memorize arguments so that ssl3_write_pending can detect * bad write retries later. */ - S3I(s)->wpend_tot = len; - S3I(s)->wpend_buf = buf; - S3I(s)->wpend_type = type; - S3I(s)->wpend_ret = len; + s->s3->wpend_tot = len; + s->s3->wpend_buf = buf; + s->s3->wpend_type = type; + s->s3->wpend_ret = len; /* We now just need to write the buffer. */ return ssl3_write_pending(s, type, buf, len); @@ -637,17 +638,17 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) return -1; } -/* if S3I(s)->wbuf.left != 0, we need to call this */ +/* if s->s3->wbuf.left != 0, we need to call this */ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) { int i; - SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf); + SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf); /* XXXX */ - if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) && + if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) && !(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || - (S3I(s)->wpend_type != type)) { + (s->s3->wpend_type != type)) { SSLerror(s, SSL_R_BAD_WRITE_RETRY); return (-1); } @@ -669,7 +670,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) !SSL_is_dtls(s)) ssl3_release_write_buffer(s); s->internal->rwstate = SSL_NOTHING; - return (S3I(s)->wpend_ret); + return (s->s3->wpend_ret); } else if (i <= 0) { /* * For DTLS, just drop it. That's kind of the @@ -684,6 +685,308 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) } } +int +ssl3_read_alert(SSL *s) +{ + SSL3_RECORD_INTERNAL *rr = &s->s3->rrec; + uint8_t alert_level, alert_descr; + CBS cbs; + + /* + * TLSv1.2 permits an alert to be fragmented across multiple records or + * for multiple alerts to be be coalesced into a single alert record. + * In the case of DTLS, there is no way to reassemble an alert + * fragmented across multiple records, hence a full alert must be + * available in the record. + */ + while (rr->length > 0 && + s->s3->alert_fragment_len < sizeof(s->s3->alert_fragment)) { + s->s3->alert_fragment[s->s3->alert_fragment_len++] = + rr->data[rr->off++]; + rr->length--; + } + if (s->s3->alert_fragment_len < sizeof(s->s3->alert_fragment)) { + if (SSL_is_dtls(s)) { + SSLerror(s, SSL_R_BAD_LENGTH); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + return -1; + } + return 1; + } + + CBS_init(&cbs, s->s3->alert_fragment, sizeof(s->s3->alert_fragment)); + + ssl_msg_callback_cbs(s, 0, SSL3_RT_ALERT, &cbs); + + if (!CBS_get_u8(&cbs, &alert_level)) + return -1; + if (!CBS_get_u8(&cbs, &alert_descr)) + return -1; + + s->s3->alert_fragment_len = 0; + + ssl_info_callback(s, SSL_CB_READ_ALERT, + (alert_level << 8) | alert_descr); + + if (alert_level == SSL3_AL_WARNING) { + s->s3->warn_alert = alert_descr; + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { + s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; + return 0; + } + /* We requested renegotiation and the peer rejected it. */ + if (alert_descr == SSL_AD_NO_RENEGOTIATION) { + SSLerror(s, SSL_R_NO_RENEGOTIATION); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_HANDSHAKE_FAILURE); + return -1; + } + } else if (alert_level == SSL3_AL_FATAL) { + s->internal->rwstate = SSL_NOTHING; + s->s3->fatal_alert = alert_descr; + SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr); + ERR_asprintf_error_data("SSL alert number %d", alert_descr); + s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; + SSL_CTX_remove_session(s->ctx, s->session); + return 0; + } else { + SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); + return -1; + } + + return 1; +} + +int +ssl3_read_change_cipher_spec(SSL *s) +{ + SSL3_RECORD_INTERNAL *rr = &s->s3->rrec; + const uint8_t ccs[] = { SSL3_MT_CCS }; + CBS cbs; + + /* + * 'Change Cipher Spec' is just a single byte, so we know exactly what + * the record payload has to look like. + */ + CBS_init(&cbs, rr->data, rr->length); + if (rr->off != 0 || CBS_len(&cbs) != sizeof(ccs)) { + SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + return -1; + } + if (!CBS_mem_equal(&cbs, ccs, sizeof(ccs))) { + SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); + return -1; + } + + /* XDTLS: check that epoch is consistent */ + + ssl_msg_callback_cbs(s, 0, SSL3_RT_CHANGE_CIPHER_SPEC, &cbs); + + /* Check that we have a cipher to change to. */ + if (s->s3->hs.cipher == NULL) { + SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + /* Check that we should be receiving a Change Cipher Spec. */ + if (SSL_is_dtls(s)) { + if (!s->d1->change_cipher_spec_ok) { + /* + * We can't process a CCS now, because previous + * handshake messages are still missing, so just + * drop it. + */ + rr->length = 0; + return 1; + } + s->d1->change_cipher_spec_ok = 0; + } else { + if ((s->s3->flags & SSL3_FLAGS_CCS_OK) == 0) { + SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + s->s3->flags &= ~SSL3_FLAGS_CCS_OK; + } + + rr->length = 0; + + s->s3->change_cipher_spec = 1; + if (!ssl3_do_change_cipher_spec(s)) + return -1; + + return 1; +} + +static int +ssl3_read_handshake_unexpected(SSL *s) +{ + SSL3_RECORD_INTERNAL *rr = &s->s3->rrec; + uint32_t hs_msg_length; + uint8_t hs_msg_type; + CBS cbs; + int ret; + + /* + * We need four bytes of handshake data so we have a handshake message + * header - this may be in the same record or fragmented across multiple + * records. + */ + while (rr->length > 0 && + s->s3->handshake_fragment_len < sizeof(s->s3->handshake_fragment)) { + s->s3->handshake_fragment[s->s3->handshake_fragment_len++] = + rr->data[rr->off++]; + rr->length--; + } + + if (s->s3->handshake_fragment_len < sizeof(s->s3->handshake_fragment)) + return 1; + + if (s->internal->in_handshake) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return -1; + } + + /* + * This code currently deals with HelloRequest and ClientHello messages - + * anything else is pushed to the handshake_func. Almost all of this + * belongs in the client/server handshake code. + */ + + /* Parse handshake message header. */ + CBS_init(&cbs, s->s3->handshake_fragment, s->s3->handshake_fragment_len); + if (!CBS_get_u8(&cbs, &hs_msg_type)) + return -1; + if (!CBS_get_u24(&cbs, &hs_msg_length)) + return -1; + + if (hs_msg_type == SSL3_MT_HELLO_REQUEST) { + /* + * Incoming HelloRequest messages should only be received by a + * client. A server may send these at any time - a client should + * ignore the message if received in the middle of a handshake. + * See RFC 5246 sections 7.4 and 7.4.1.1. + */ + if (s->server) { + SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + if (hs_msg_length != 0) { + SSLerror(s, SSL_R_BAD_HELLO_REQUEST); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + return -1; + } + + ssl_msg_callback(s, 0, SSL3_RT_HANDSHAKE, + s->s3->handshake_fragment, s->s3->handshake_fragment_len); + + s->s3->handshake_fragment_len = 0; + + /* + * It should be impossible to hit this, but keep the safety + * harness for now... + */ + if (s->session == NULL || s->session->cipher == NULL) + return 1; + + /* + * Ignore this message if we're currently handshaking, + * renegotiation is already pending or renegotiation is disabled + * via flags. + */ + if (!SSL_is_init_finished(s) || s->s3->renegotiate || + (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) != 0) + return 1; + + if (!ssl3_renegotiate(s)) + return 1; + if (!ssl3_renegotiate_check(s)) + return 1; + + } else if (hs_msg_type == SSL3_MT_CLIENT_HELLO) { + /* + * Incoming ClientHello messages should only be received by a + * server. A client may send these in response to server + * initiated renegotiation (HelloRequest) or in order to + * initiate renegotiation by the client. See RFC 5246 section + * 7.4.1.2. + */ + if (!s->server) { + SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + /* + * A client should not be sending a ClientHello unless we're not + * currently handshaking. + */ + if (!SSL_is_init_finished(s)) { + SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + if ((s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0) { + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_NO_RENEGOTIATION); + return -1; + } + + if (s->session == NULL || s->session->cipher == NULL) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return -1; + } + + /* Client requested renegotiation but it is not permitted. */ + if (!s->s3->send_connection_binding || + (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) != 0) { + ssl3_send_alert(s, SSL3_AL_WARNING, + SSL_AD_NO_RENEGOTIATION); + return 1; + } + + s->s3->hs.state = SSL_ST_ACCEPT; + s->internal->renegotiate = 1; + s->internal->new_session = 1; + + } else { + SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + if ((ret = s->internal->handshake_func(s)) < 0) + return ret; + if (ret == 0) { + SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); + return -1; + } + + if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { + if (s->s3->rbuf.left == 0) { + ssl_force_want_read(s); + return -1; + } + } + + /* + * We either finished a handshake or ignored the request, now try again + * to obtain the (application) data we were asked for. + */ + return 1; +} + /* Return up to 'len' payload bytes received in 'type' records. * 'type' is one of the following: * @@ -714,59 +1017,57 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) { - int al, i, ret, rrcount = 0; - unsigned int n; SSL3_RECORD_INTERNAL *rr; + int rrcount = 0; + unsigned int n; + int ret; - if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */ + if (s->s3->rbuf.buf == NULL) { if (!ssl3_setup_read_buffer(s)) - return (-1); + return -1; + } if (len < 0) { SSLerror(s, ERR_R_INTERNAL_ERROR); return -1; } - if ((type && type != SSL3_RT_APPLICATION_DATA && - type != SSL3_RT_HANDSHAKE) || - (peek && (type != SSL3_RT_APPLICATION_DATA))) { + if (type != 0 && type != SSL3_RT_APPLICATION_DATA && + type != SSL3_RT_HANDSHAKE) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return -1; + } + if (peek && type != SSL3_RT_APPLICATION_DATA) { SSLerror(s, ERR_R_INTERNAL_ERROR); return -1; } - if ((type == SSL3_RT_HANDSHAKE) && - (S3I(s)->handshake_fragment_len > 0)) { - /* (partially) satisfy request from storage */ - unsigned char *src = S3I(s)->handshake_fragment; + if (type == SSL3_RT_HANDSHAKE && s->s3->handshake_fragment_len > 0) { + /* Partially satisfy request from fragment storage. */ + unsigned char *src = s->s3->handshake_fragment; unsigned char *dst = buf; unsigned int k; /* peek == 0 */ n = 0; - while ((len > 0) && (S3I(s)->handshake_fragment_len > 0)) { + while (len > 0 && s->s3->handshake_fragment_len > 0) { *dst++ = *src++; len--; - S3I(s)->handshake_fragment_len--; + s->s3->handshake_fragment_len--; n++; } /* move any remaining fragment bytes: */ - for (k = 0; k < S3I(s)->handshake_fragment_len; k++) - S3I(s)->handshake_fragment[k] = *src++; + for (k = 0; k < s->s3->handshake_fragment_len; k++) + s->s3->handshake_fragment[k] = *src++; return n; } - /* - * Now S3I(s)->handshake_fragment_len == 0 if - * type == SSL3_RT_HANDSHAKE. - */ - if (!s->internal->in_handshake && SSL_in_init(s)) { - /* type == SSL3_RT_APPLICATION_DATA */ - i = s->internal->handshake_func(s); - if (i < 0) - return (i); - if (i == 0) { + if (SSL_in_init(s) && !s->internal->in_handshake) { + if ((ret = s->internal->handshake_func(s)) < 0) + return ret; + if (ret == 0) { SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } } @@ -786,377 +1087,149 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) s->internal->rwstate = SSL_NOTHING; - /* - * S3I(s)->rrec.type - is the type of record - * S3I(s)->rrec.data, - data - * S3I(s)->rrec.off, - offset into 'data' for next read - * S3I(s)->rrec.length, - number of bytes. - */ - rr = &(S3I(s)->rrec); + rr = &s->s3->rrec; - /* get new packet if necessary */ - if ((rr->length == 0) || (s->internal->rstate == SSL_ST_READ_BODY)) { - ret = ssl3_get_record(s); - if (ret <= 0) - return (ret); + if (rr->length == 0 || s->internal->rstate == SSL_ST_READ_BODY) { + if ((ret = ssl3_get_record(s)) <= 0) + return ret; } - /* we now have a packet which can be read and processed */ + /* We now have a packet which can be read and processed. */ - if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec, - * reset by ssl3_get_finished */ - && (rr->type != SSL3_RT_HANDSHAKE)) { - al = SSL_AD_UNEXPECTED_MESSAGE; + if (s->s3->change_cipher_spec && rr->type != SSL3_RT_HANDSHAKE) { SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); - goto fatal_err; + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); + return -1; } - /* If the other end has shut down, throw anything we read away - * (even in 'peek' mode) */ + /* + * If the other end has shut down, throw anything we read away (even in + * 'peek' mode). + */ if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { - rr->length = 0; s->internal->rwstate = SSL_NOTHING; - return (0); + rr->length = 0; + return 0; } - /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ if (type == rr->type) { - /* make sure that we are not getting application data when we - * are doing a handshake for the first time */ + /* + * Make sure that we are not getting application data when we + * are doing a handshake for the first time. + */ if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA && !tls12_record_layer_read_protected(s->internal->rl)) { - al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE); - goto fatal_err; + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; } if (len <= 0) - return (len); + return len; if ((unsigned int)len > rr->length) n = rr->length; else n = (unsigned int)len; - memcpy(buf, &(rr->data[rr->off]), n); + memcpy(buf, &rr->data[rr->off], n); if (!peek) { - memset(&(rr->data[rr->off]), 0, n); + memset(&rr->data[rr->off], 0, n); rr->length -= n; rr->off += n; if (rr->length == 0) { s->internal->rstate = SSL_ST_READ_HEADER; rr->off = 0; if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS && - S3I(s)->rbuf.left == 0) + s->s3->rbuf.left == 0) ssl3_release_read_buffer(s); } } - return (n); - } - - - /* If we get here, then type != rr->type; if we have a handshake - * message, then it was unexpected (Hello Request or Client Hello). */ - - { - /* - * In case of record types for which we have 'fragment' - * storage, * fill that so that we can process the data - * at a fixed place. - */ - unsigned int dest_maxlen = 0; - unsigned char *dest = NULL; - unsigned int *dest_len = NULL; - - if (rr->type == SSL3_RT_HANDSHAKE) { - dest_maxlen = sizeof S3I(s)->handshake_fragment; - dest = S3I(s)->handshake_fragment; - dest_len = &S3I(s)->handshake_fragment_len; - } else if (rr->type == SSL3_RT_ALERT) { - dest_maxlen = sizeof S3I(s)->alert_fragment; - dest = S3I(s)->alert_fragment; - dest_len = &S3I(s)->alert_fragment_len; - } - if (dest_maxlen > 0) { - /* available space in 'dest' */ - n = dest_maxlen - *dest_len; - if (rr->length < n) - n = rr->length; /* available bytes */ - - /* now move 'n' bytes: */ - while (n-- > 0) { - dest[(*dest_len)++] = rr->data[rr->off++]; - rr->length--; - } - if (*dest_len < dest_maxlen) - goto start; /* fragment was too small */ - } + return n; } - /* S3I(s)->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; - * S3I(s)->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. - * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ - - /* If we are a client, check for an incoming 'Hello Request': */ - if ((!s->server) && (S3I(s)->handshake_fragment_len >= 4) && - (S3I(s)->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && - (s->session != NULL) && (s->session->cipher != NULL)) { - S3I(s)->handshake_fragment_len = 0; - - if ((S3I(s)->handshake_fragment[1] != 0) || - (S3I(s)->handshake_fragment[2] != 0) || - (S3I(s)->handshake_fragment[3] != 0)) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_HELLO_REQUEST); - goto fatal_err; - } - - ssl_msg_callback(s, 0, SSL3_RT_HANDSHAKE, - S3I(s)->handshake_fragment, 4); - - if (SSL_is_init_finished(s) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && - !S3I(s)->renegotiate) { - ssl3_renegotiate(s); - if (ssl3_renegotiate_check(s)) { - i = s->internal->handshake_func(s); - if (i < 0) - return (i); - if (i == 0) { - SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); - } - - if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { - if (S3I(s)->rbuf.left == 0) { - /* no read-ahead left? */ - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - ssl_force_want_read(s); - return (-1); - } - } - } - } - /* we either finished a handshake or ignored the request, - * now try again to obtain the (application) data we were asked for */ - goto start; - } - /* Disallow client initiated renegotiation if configured. */ - if (s->server && SSL_is_init_finished(s) && - S3I(s)->handshake_fragment_len >= 4 && - S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO && - (s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION)) { - al = SSL_AD_NO_RENEGOTIATION; - goto fatal_err; - } - /* If we are a server and get a client hello when renegotiation isn't - * allowed send back a no renegotiation alert and carry on. - * WARNING: experimental code, needs reviewing (steve) + /* + * If we get here, then type != rr->type; if we have a handshake + * message, then it was unexpected (Hello Request or Client Hello). */ - if (s->server && - SSL_is_init_finished(s) && - !S3I(s)->send_connection_binding && - (S3I(s)->handshake_fragment_len >= 4) && - (S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && - (s->session != NULL) && (s->session->cipher != NULL)) { - /*S3I(s)->handshake_fragment_len = 0;*/ - rr->length = 0; - ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); - goto start; - } - if (S3I(s)->alert_fragment_len >= 2) { - int alert_level = S3I(s)->alert_fragment[0]; - int alert_descr = S3I(s)->alert_fragment[1]; - - S3I(s)->alert_fragment_len = 0; - - ssl_msg_callback(s, 0, SSL3_RT_ALERT, - S3I(s)->alert_fragment, 2); - - ssl_info_callback(s, SSL_CB_READ_ALERT, - (alert_level << 8) | alert_descr); - - if (alert_level == SSL3_AL_WARNING) { - S3I(s)->warn_alert = alert_descr; - if (alert_descr == SSL_AD_CLOSE_NOTIFY) { - s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; - return (0); - } - /* This is a warning but we receive it if we requested - * renegotiation and the peer denied it. Terminate with - * a fatal alert because if application tried to - * renegotiatie it presumably had a good reason and - * expects it to succeed. - * - * In future we might have a renegotiation where we - * don't care if the peer refused it where we carry on. - */ - else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerror(s, SSL_R_NO_RENEGOTIATION); - goto fatal_err; - } - } else if (alert_level == SSL3_AL_FATAL) { - s->internal->rwstate = SSL_NOTHING; - S3I(s)->fatal_alert = alert_descr; - SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr); - ERR_asprintf_error_data("SSL alert number %d", - alert_descr); - s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; - SSL_CTX_remove_session(s->ctx, s->session); - return (0); - } else { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE); - goto fatal_err; - } + if (rr->type == SSL3_RT_ALERT) { + if ((ret = ssl3_read_alert(s)) <= 0) + return ret; goto start; } if (s->internal->shutdown & SSL_SENT_SHUTDOWN) { - /* but we have not received a shutdown */ s->internal->rwstate = SSL_NOTHING; rr->length = 0; - return (0); + return 0; } - if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { - /* 'Change Cipher Spec' is just a single byte, so we know - * exactly what the record payload has to look like */ - if ((rr->length != 1) || (rr->off != 0) || - (rr->data[0] != SSL3_MT_CCS)) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC); - goto fatal_err; - } - - /* Check we have a cipher to change to */ - if (S3I(s)->hs.cipher == NULL) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); - goto fatal_err; - } - - /* Check that we should be receiving a Change Cipher Spec. */ - if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); - goto fatal_err; + if (rr->type == SSL3_RT_APPLICATION_DATA) { + /* + * At this point, we were expecting handshake data, but have + * application data. If the library was running inside + * ssl3_read() (i.e. in_read_app_data is set) and it makes + * sense to read application data at this point (session + * renegotiation not yet started), we will indulge it. + */ + if (s->s3->in_read_app_data != 0 && + s->s3->total_renegotiations != 0 && + (((s->s3->hs.state & SSL_ST_CONNECT) && + (s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) && + (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( + (s->s3->hs.state & SSL_ST_ACCEPT) && + (s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) && + (s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) { + s->s3->in_read_app_data = 2; + return -1; + } else { + SSLerror(s, SSL_R_UNEXPECTED_RECORD); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; } - s->s3->flags &= ~SSL3_FLAGS_CCS_OK; - - rr->length = 0; - - ssl_msg_callback(s, 0, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1); - - S3I(s)->change_cipher_spec = 1; - if (!ssl3_do_change_cipher_spec(s)) - goto err; - else - goto start; } - /* Unexpected handshake message (Client Hello, or protocol violation) */ - if ((S3I(s)->handshake_fragment_len >= 4) && !s->internal->in_handshake) { - if (((S3I(s)->hs.state&SSL_ST_MASK) == SSL_ST_OK) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { - S3I(s)->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; - s->internal->renegotiate = 1; - s->internal->new_session = 1; - } - i = s->internal->handshake_func(s); - if (i < 0) - return (i); - if (i == 0) { - SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); - } - - if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { - if (S3I(s)->rbuf.left == 0) { /* no read-ahead left? */ - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - ssl_force_want_read(s); - return (-1); - } - } + if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { + if ((ret = ssl3_read_change_cipher_spec(s)) <= 0) + return ret; goto start; } - switch (rr->type) { - default: - /* - * TLS up to v1.1 just ignores unknown message types: - * TLS v1.2 give an unexpected message alert. - */ - if (s->version >= TLS1_VERSION && - s->version <= TLS1_1_VERSION) { - rr->length = 0; - goto start; - } - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_UNEXPECTED_RECORD); - goto fatal_err; - case SSL3_RT_CHANGE_CIPHER_SPEC: - case SSL3_RT_ALERT: - case SSL3_RT_HANDSHAKE: - /* we already handled all of these, with the possible exception - * of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that - * should not happen when type != rr->type */ - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto fatal_err; - case SSL3_RT_APPLICATION_DATA: - /* At this point, we were expecting handshake data, - * but have application data. If the library was - * running inside ssl3_read() (i.e. in_read_app_data - * is set) and it makes sense to read application data - * at this point (session renegotiation not yet started), - * we will indulge it. - */ - if (S3I(s)->in_read_app_data && - (S3I(s)->total_renegotiations != 0) && - (((S3I(s)->hs.state & SSL_ST_CONNECT) && - (S3I(s)->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) && - (S3I(s)->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || - ((S3I(s)->hs.state & SSL_ST_ACCEPT) && - (S3I(s)->hs.state <= SSL3_ST_SW_HELLO_REQ_A) && - (S3I(s)->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) { - S3I(s)->in_read_app_data = 2; - return (-1); - } else { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_UNEXPECTED_RECORD); - goto fatal_err; - } + if (rr->type == SSL3_RT_HANDSHAKE) { + if ((ret = ssl3_read_handshake_unexpected(s)) <= 0) + return ret; + goto start; } - /* not reached */ - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - err: - return (-1); + /* + * Unknown record type - TLSv1.2 sends an unexpected message alert while + * earlier versions silently ignore the record. + */ + if (ssl_effective_tls_version(s) <= TLS1_1_VERSION) { + rr->length = 0; + goto start; + } + SSLerror(s, SSL_R_UNEXPECTED_RECORD); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); + return -1; } int ssl3_do_change_cipher_spec(SSL *s) { - if (S3I(s)->hs.tls12.key_block == NULL) { + if (s->s3->hs.tls12.key_block == NULL) { if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); return (0); } - s->session->cipher = S3I(s)->hs.cipher; + s->session->cipher = s->s3->hs.cipher; if (!tls1_setup_key_block(s)) return (0); } @@ -1178,11 +1251,11 @@ static int ssl3_write_alert(SSL *s) { if (SSL_is_dtls(s)) - return do_dtls1_write(s, SSL3_RT_ALERT, S3I(s)->send_alert, - sizeof(S3I(s)->send_alert)); + return do_dtls1_write(s, SSL3_RT_ALERT, s->s3->send_alert, + sizeof(s->s3->send_alert)); - return do_ssl3_write(s, SSL3_RT_ALERT, S3I(s)->send_alert, - sizeof(S3I(s)->send_alert)); + return do_ssl3_write(s, SSL3_RT_ALERT, s->s3->send_alert, + sizeof(s->s3->send_alert)); } int @@ -1192,15 +1265,15 @@ ssl3_send_alert(SSL *s, int level, int desc) if (level == SSL3_AL_FATAL) SSL_CTX_remove_session(s->ctx, s->session); - S3I(s)->alert_dispatch = 1; - S3I(s)->send_alert[0] = level; - S3I(s)->send_alert[1] = desc; + s->s3->alert_dispatch = 1; + s->s3->send_alert[0] = level; + s->s3->send_alert[1] = desc; /* * If data is still being written out, the alert will be dispatched at * some point in the future. */ - if (S3I(s)->wbuf.left != 0) + if (s->s3->wbuf.left != 0) return -1; return ssl3_dispatch_alert(s); @@ -1211,9 +1284,9 @@ ssl3_dispatch_alert(SSL *s) { int ret; - S3I(s)->alert_dispatch = 0; + s->s3->alert_dispatch = 0; if ((ret = ssl3_write_alert(s)) <= 0) { - S3I(s)->alert_dispatch = 1; + s->s3->alert_dispatch = 1; return ret; } @@ -1222,13 +1295,13 @@ ssl3_dispatch_alert(SSL *s) * If the message does not get sent due to non-blocking IO, * we will not worry too much. */ - if (S3I(s)->send_alert[0] == SSL3_AL_FATAL) + if (s->s3->send_alert[0] == SSL3_AL_FATAL) (void)BIO_flush(s->wbio); - ssl_msg_callback(s, 1, SSL3_RT_ALERT, S3I(s)->send_alert, 2); + ssl_msg_callback(s, 1, SSL3_RT_ALERT, s->s3->send_alert, 2); ssl_info_callback(s, SSL_CB_WRITE_ALERT, - (S3I(s)->send_alert[0] << 8) | S3I(s)->send_alert[1]); + (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]); return ret; } diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index e3a1e5dc..70c29359 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_rsa.c,v 1.34 2021/06/11 11:13:53 jsing Exp $ */ +/* $OpenBSD: ssl_rsa.c,v 1.48 2022/08/31 20:49:37 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -66,12 +66,13 @@ #include "ssl_locl.h" -static int ssl_set_cert(CERT *c, X509 *x509); -static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); -static int use_certificate_chain_bio(BIO *in, CERT *cert, - pem_password_cb *passwd_cb, void *passwd_arg); -static int use_certificate_chain_file(const char *file, CERT *cert, - pem_password_cb *passwd_cb, void *passwd_arg); +static int ssl_get_password_cb_and_arg(SSL_CTX *ctx, SSL *ssl, + pem_password_cb **passwd_cb, void **passwd_arg); +static int ssl_set_cert(SSL_CTX *ctx, SSL *ssl, X509 *x509); +static int ssl_set_pkey(SSL_CTX *ctx, SSL *ssl, EVP_PKEY *pkey); +static int ssl_use_certificate_chain_bio(SSL_CTX *ctx, SSL *ssl, BIO *in); +static int ssl_use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, + const char *file); int SSL_use_certificate(SSL *ssl, X509 *x) @@ -80,7 +81,7 @@ SSL_use_certificate(SSL *ssl, X509 *x) SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); return (0); } - return (ssl_set_cert(ssl->cert, x)); + return ssl_set_cert(NULL, ssl, x); } int @@ -91,7 +92,7 @@ SSL_use_certificate_file(SSL *ssl, const char *file, int type) int ret = 0; X509 *x = NULL; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerror(ssl, ERR_R_BUF_LIB); goto end; @@ -161,51 +162,62 @@ SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) RSA_up_ref(rsa); EVP_PKEY_assign_RSA(pkey, rsa); - ret = ssl_set_pkey(ssl->cert, pkey); + ret = ssl_set_pkey(NULL, ssl, pkey); EVP_PKEY_free(pkey); return (ret); } static int -ssl_set_pkey(CERT *c, EVP_PKEY *pkey) +ssl_set_pkey(SSL_CTX *ctx, SSL *ssl, EVP_PKEY *pkey) { + SSL_CERT *c; int i; - i = ssl_cert_type(NULL, pkey); + i = ssl_cert_type(pkey); if (i < 0) { SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE); return (0); } + if ((c = ssl_get0_cert(ctx, ssl)) == NULL) + return (0); + if (c->pkeys[i].x509 != NULL) { EVP_PKEY *pktmp; - pktmp = X509_get_pubkey(c->pkeys[i].x509); + + if ((pktmp = X509_get0_pubkey(c->pkeys[i].x509)) == NULL) + return 0; + + /* + * Callers of EVP_PKEY_copy_parameters() can't distinguish + * errors from the absence of a param_copy() method. So + * pretend it can never fail. + */ EVP_PKEY_copy_parameters(pktmp, pkey); - EVP_PKEY_free(pktmp); + ERR_clear_error(); /* * Don't check the public/private key, this is mostly * for smart cards. */ - if ((pkey->type == EVP_PKEY_RSA) && - (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) -; - else - if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { - X509_free(c->pkeys[i].x509); - c->pkeys[i].x509 = NULL; - return 0; + if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA || + !(RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK)) { + if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { + X509_free(c->pkeys[i].x509); + c->pkeys[i].x509 = NULL; + return 0; + } } } EVP_PKEY_free(c->pkeys[i].privatekey); - CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + EVP_PKEY_up_ref(pkey); c->pkeys[i].privatekey = pkey; c->key = &(c->pkeys[i]); c->valid = 0; - return (1); + return 1; } int @@ -215,7 +227,7 @@ SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) BIO *in; RSA *rsa = NULL; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerror(ssl, ERR_R_BUF_LIB); goto end; @@ -273,7 +285,7 @@ SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); return (0); } - ret = ssl_set_pkey(ssl->cert, pkey); + ret = ssl_set_pkey(NULL, ssl, pkey); return (ret); } @@ -284,7 +296,7 @@ SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) BIO *in; EVP_PKEY *pkey = NULL; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerror(ssl, ERR_R_BUF_LIB); goto end; @@ -340,22 +352,45 @@ SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); return (0); } - return (ssl_set_cert(ctx->internal->cert, x)); + return ssl_set_cert(ctx, NULL, x); +} + +static int +ssl_get_password_cb_and_arg(SSL_CTX *ctx, SSL *ssl, + pem_password_cb **passwd_cb, void **passwd_arg) +{ + if (ssl != NULL) + ctx = ssl->ctx; + + *passwd_cb = ctx->default_passwd_callback; + *passwd_arg = ctx->default_passwd_callback_userdata; + + return 1; } static int -ssl_set_cert(CERT *c, X509 *x) +ssl_set_cert(SSL_CTX *ctx, SSL *ssl, X509 *x) { + SSL_CERT *c; EVP_PKEY *pkey; + int ssl_err; int i; + if (!ssl_security_cert(ctx, ssl, x, 1, &ssl_err)) { + SSLerrorx(ssl_err); + return (0); + } + + if ((c = ssl_get0_cert(ctx, ssl)) == NULL) + return (0); + pkey = X509_get_pubkey(x); if (pkey == NULL) { SSLerrorx(SSL_R_X509_LIB); return (0); } - i = ssl_cert_type(x, pkey); + i = ssl_cert_type(pkey); if (i < 0) { SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE); EVP_PKEY_free(pkey); @@ -363,36 +398,35 @@ ssl_set_cert(CERT *c, X509 *x) } if (c->pkeys[i].privatekey != NULL) { - EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); + EVP_PKEY *priv_key = c->pkeys[i].privatekey; + + EVP_PKEY_copy_parameters(pkey, priv_key); ERR_clear_error(); /* * Don't check the public/private key, this is mostly * for smart cards. */ - if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && - (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & - RSA_METHOD_FLAG_NO_CHECK)) -; - else - if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { - /* - * don't fail for a cert/key mismatch, just free - * current private key (when switching to a different - * cert & key, first this function should be used, - * then ssl_set_pkey - */ - EVP_PKEY_free(c->pkeys[i].privatekey); - c->pkeys[i].privatekey = NULL; - /* clear error queue */ - ERR_clear_error(); + if (EVP_PKEY_id(priv_key) != EVP_PKEY_RSA || + !(RSA_flags(EVP_PKEY_get0_RSA(priv_key)) & RSA_METHOD_FLAG_NO_CHECK)) { + if (!X509_check_private_key(x, priv_key)) { + /* + * don't fail for a cert/key mismatch, just free + * current private key (when switching to a + * different cert & key, first this function + * should be used, then ssl_set_pkey. + */ + EVP_PKEY_free(c->pkeys[i].privatekey); + c->pkeys[i].privatekey = NULL; + ERR_clear_error(); + } } } EVP_PKEY_free(pkey); X509_free(c->pkeys[i].x509); - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(x); c->pkeys[i].x509 = x; c->key = &(c->pkeys[i]); @@ -408,7 +442,7 @@ SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) int ret = 0; X509 *x = NULL; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerrorx(ERR_R_BUF_LIB); goto end; @@ -477,7 +511,7 @@ SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) RSA_up_ref(rsa); EVP_PKEY_assign_RSA(pkey, rsa); - ret = ssl_set_pkey(ctx->internal->cert, pkey); + ret = ssl_set_pkey(ctx, NULL, pkey); EVP_PKEY_free(pkey); return (ret); } @@ -489,7 +523,7 @@ SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) BIO *in; RSA *rsa = NULL; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerrorx(ERR_R_BUF_LIB); goto end; @@ -545,7 +579,7 @@ SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); return (0); } - return (ssl_set_pkey(ctx->internal->cert, pkey)); + return ssl_set_pkey(ctx, NULL, pkey); } int @@ -555,7 +589,7 @@ SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) BIO *in; EVP_PKEY *pkey = NULL; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerrorx(ERR_R_BUF_LIB); goto end; @@ -612,29 +646,33 @@ SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, * sent to the peer in the Certificate message. */ static int -use_certificate_chain_bio(BIO *in, CERT *cert, pem_password_cb *passwd_cb, - void *passwd_arg) +ssl_use_certificate_chain_bio(SSL_CTX *ctx, SSL *ssl, BIO *in) { + pem_password_cb *passwd_cb; + void *passwd_arg; X509 *ca, *x = NULL; unsigned long err; int ret = 0; + if (!ssl_get_password_cb_and_arg(ctx, ssl, &passwd_cb, &passwd_arg)) + goto err; + if ((x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_arg)) == NULL) { SSLerrorx(ERR_R_PEM_LIB); goto err; } - if (!ssl_set_cert(cert, x)) + if (!ssl_set_cert(ctx, ssl, x)) goto err; - if (!ssl_cert_set0_chain(cert, NULL)) + if (!ssl_cert_set0_chain(ctx, ssl, NULL)) goto err; /* Process any additional CA certificates. */ while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_arg)) != NULL) { - if (!ssl_cert_add0_chain_cert(cert, ca)) { + if (!ssl_cert_add0_chain_cert(ctx, ssl, ca)) { X509_free(ca); goto err; } @@ -655,13 +693,12 @@ use_certificate_chain_bio(BIO *in, CERT *cert, pem_password_cb *passwd_cb, } int -use_certificate_chain_file(const char *file, CERT *cert, - pem_password_cb *passwd_cb, void *passwd_arg) +ssl_use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) { BIO *in; int ret = 0; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerrorx(ERR_R_BUF_LIB); goto end; @@ -672,7 +709,7 @@ use_certificate_chain_file(const char *file, CERT *cert, goto end; } - ret = use_certificate_chain_bio(in, cert, passwd_cb, passwd_arg); + ret = ssl_use_certificate_chain_bio(ctx, ssl, in); end: BIO_free(in); @@ -682,17 +719,13 @@ use_certificate_chain_file(const char *file, CERT *cert, int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) { - return use_certificate_chain_file(file, ctx->internal->cert, - ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); + return ssl_use_certificate_chain_file(ctx, NULL, file); } int SSL_use_certificate_chain_file(SSL *ssl, const char *file) { - return use_certificate_chain_file(file, ssl->cert, - ssl->ctx->default_passwd_callback, - ssl->ctx->default_passwd_callback_userdata); + return ssl_use_certificate_chain_file(NULL, ssl, file); } int @@ -707,9 +740,7 @@ SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len) goto end; } - ret = use_certificate_chain_bio(in, ctx->internal->cert, - ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); + ret = ssl_use_certificate_chain_bio(ctx, NULL, in); end: BIO_free(in); diff --git a/ssl/ssl_seclevel.c b/ssl/ssl_seclevel.c new file mode 100644 index 00000000..b691b9bc --- /dev/null +++ b/ssl/ssl_seclevel.c @@ -0,0 +1,473 @@ +/* $OpenBSD: ssl_seclevel.c,v 1.25 2022/08/17 18:41:17 tb Exp $ */ +/* + * Copyright (c) 2020-2022 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "bytestring.h" +#include "ssl_locl.h" + +static int +ssl_security_normalize_level(const SSL_CTX *ctx, const SSL *ssl, int *out_level) +{ + int security_level; + + if (ctx != NULL) + security_level = SSL_CTX_get_security_level(ctx); + else + security_level = SSL_get_security_level(ssl); + + if (security_level < 0) + security_level = 0; + if (security_level > 5) + security_level = 5; + + *out_level = security_level; + + return 1; +} + +static int +ssl_security_level_to_minimum_bits(int security_level, int *out_minimum_bits) +{ + if (security_level < 0) + return 0; + + if (security_level == 0) + *out_minimum_bits = 0; + else if (security_level == 1) + *out_minimum_bits = 80; + else if (security_level == 2) + *out_minimum_bits = 112; + else if (security_level == 3) + *out_minimum_bits = 128; + else if (security_level == 4) + *out_minimum_bits = 192; + else if (security_level >= 5) + *out_minimum_bits = 256; + + return 1; +} + +static int +ssl_security_level_and_minimum_bits(const SSL_CTX *ctx, const SSL *ssl, + int *out_level, int *out_minimum_bits) +{ + int security_level = 0, minimum_bits = 0; + + if (!ssl_security_normalize_level(ctx, ssl, &security_level)) + return 0; + if (!ssl_security_level_to_minimum_bits(security_level, &minimum_bits)) + return 0; + + if (out_level != NULL) + *out_level = security_level; + if (out_minimum_bits != NULL) + *out_minimum_bits = minimum_bits; + + return 1; +} + +static int +ssl_security_secop_cipher(const SSL_CTX *ctx, const SSL *ssl, int bits, + void *arg) +{ + const SSL_CIPHER *cipher = arg; + int security_level, minimum_bits; + + if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level, + &minimum_bits)) + return 0; + + if (security_level <= 0) + return 1; + + if (bits < minimum_bits) + return 0; + + /* No unauthenticated ciphersuites. */ + if (cipher->algorithm_auth & SSL_aNULL) + return 0; + + if (cipher->algorithm_mac & SSL_MD5) + return 0; + + if (security_level <= 1) + return 1; + + if (cipher->algorithm_enc & SSL_RC4) + return 0; + + if (security_level <= 2) + return 1; + + /* Security level >= 3 requires a cipher with forward secrecy. */ + if ((cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) == 0 && + cipher->algorithm_ssl != SSL_TLSV1_3) + return 0; + + if (security_level <= 3) + return 1; + + if (cipher->algorithm_mac & SSL_SHA1) + return 0; + + return 1; +} + +static int +ssl_security_secop_version(const SSL_CTX *ctx, const SSL *ssl, int version) +{ + int min_version = TLS1_2_VERSION; + int security_level; + + if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level, NULL)) + return 0; + + if (security_level < 4) + min_version = TLS1_1_VERSION; + if (security_level < 3) + min_version = TLS1_VERSION; + + return ssl_tls_version(version) >= min_version; +} + +static int +ssl_security_secop_compression(const SSL_CTX *ctx, const SSL *ssl) +{ + return 0; +} + +static int +ssl_security_secop_tickets(const SSL_CTX *ctx, const SSL *ssl) +{ + int security_level; + + if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level, NULL)) + return 0; + + return security_level < 3; +} + +static int +ssl_security_secop_tmp_dh(const SSL_CTX *ctx, const SSL *ssl, int bits) +{ + int security_level, minimum_bits; + + if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level, + &minimum_bits)) + return 0; + + /* Disallow DHE keys weaker than 1024 bits even at security level 0. */ + if (security_level <= 0 && bits < 80) + return 0; + + return bits >= minimum_bits; +} + +static int +ssl_security_secop_default(const SSL_CTX *ctx, const SSL *ssl, int bits) +{ + int minimum_bits; + + if (!ssl_security_level_and_minimum_bits(ctx, ssl, NULL, &minimum_bits)) + return 0; + + return bits >= minimum_bits; +} + +int +ssl_security_default_cb(const SSL *ssl, const SSL_CTX *ctx, int secop, int bits, + int version, void *cipher, void *ex_data) +{ + switch (secop) { + case SSL_SECOP_CIPHER_SUPPORTED: + case SSL_SECOP_CIPHER_SHARED: + case SSL_SECOP_CIPHER_CHECK: + return ssl_security_secop_cipher(ctx, ssl, bits, cipher); + case SSL_SECOP_VERSION: + return ssl_security_secop_version(ctx, ssl, version); + case SSL_SECOP_COMPRESSION: + return ssl_security_secop_compression(ctx, ssl); + case SSL_SECOP_TICKET: + return ssl_security_secop_tickets(ctx, ssl); + case SSL_SECOP_TMP_DH: + return ssl_security_secop_tmp_dh(ctx, ssl, bits); + default: + return ssl_security_secop_default(ctx, ssl, bits); + } +} + +static int +ssl_ctx_security(const SSL_CTX *ctx, int secop, int bits, int nid, void *other) +{ + return ctx->internal->cert->security_cb(NULL, ctx, secop, bits, nid, + other, ctx->internal->cert->security_ex_data); +} + +static int +ssl_security(const SSL *ssl, int secop, int bits, int nid, void *other) +{ + return ssl->cert->security_cb(ssl, NULL, secop, bits, nid, other, + ssl->cert->security_ex_data); +} + +int +ssl_security_sigalg_check(const SSL *ssl, const EVP_PKEY *pkey) +{ + int bits; + + bits = EVP_PKEY_security_bits(pkey); + + return ssl_security(ssl, SSL_SECOP_SIGALG_CHECK, bits, 0, NULL); +} + +int +ssl_security_tickets(const SSL *ssl) +{ + return ssl_security(ssl, SSL_SECOP_TICKET, 0, 0, NULL); +} + +int +ssl_security_version(const SSL *ssl, int version) +{ + return ssl_security(ssl, SSL_SECOP_VERSION, 0, version, NULL); +} + +static int +ssl_security_cipher(const SSL *ssl, SSL_CIPHER *cipher, int secop) +{ + return ssl_security(ssl, secop, cipher->strength_bits, 0, cipher); +} + +int +ssl_security_cipher_check(const SSL *ssl, SSL_CIPHER *cipher) +{ + return ssl_security_cipher(ssl, cipher, SSL_SECOP_CIPHER_CHECK); +} + +int +ssl_security_shared_cipher(const SSL *ssl, SSL_CIPHER *cipher) +{ + return ssl_security_cipher(ssl, cipher, SSL_SECOP_CIPHER_SHARED); +} + +int +ssl_security_supported_cipher(const SSL *ssl, SSL_CIPHER *cipher) +{ + return ssl_security_cipher(ssl, cipher, SSL_SECOP_CIPHER_SUPPORTED); +} + +int +ssl_ctx_security_dh(const SSL_CTX *ctx, DH *dh) +{ + int bits; + + bits = DH_security_bits(dh); + + return ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, bits, 0, dh); +} + +int +ssl_security_dh(const SSL *ssl, DH *dh) +{ + int bits; + + bits = DH_security_bits(dh); + + return ssl_security(ssl, SSL_SECOP_TMP_DH, bits, 0, dh); +} + +static int +ssl_cert_pubkey_security_bits(const X509 *x509) +{ + EVP_PKEY *pkey; + + if ((pkey = X509_get0_pubkey(x509)) == NULL) + return -1; + + /* + * XXX: DSA_security_bits() returns -1 on keys without parameters and + * makes the default security callback fail. + */ + + return EVP_PKEY_security_bits(pkey); +} + +static int +ssl_security_cert_key(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, int secop) +{ + int security_bits; + + security_bits = ssl_cert_pubkey_security_bits(x509); + + if (ssl != NULL) + return ssl_security(ssl, secop, security_bits, 0, x509); + + return ssl_ctx_security(ctx, secop, security_bits, 0, x509); +} + +static int +ssl_cert_signature_md_nid(X509 *x509) +{ + int md_nid, signature_nid; + + if ((signature_nid = X509_get_signature_nid(x509)) == NID_undef) + return NID_undef; + + if (!OBJ_find_sigid_algs(signature_nid, &md_nid, NULL)) + return NID_undef; + + return md_nid; +} + +static int +ssl_cert_md_nid_security_bits(int md_nid) +{ + const EVP_MD *md; + + if (md_nid == NID_undef) + return -1; + + if ((md = EVP_get_digestbynid(md_nid)) == NULL) + return -1; + + /* Assume 4 bits of collision resistance for each hash octet. */ + return EVP_MD_size(md) * 4; +} + +static int +ssl_security_cert_sig(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, int secop) +{ + int md_nid, security_bits; + + /* Don't check signature if self signed. */ + if ((X509_get_extension_flags(x509) & EXFLAG_SS) != 0) + return 1; + + md_nid = ssl_cert_signature_md_nid(x509); + security_bits = ssl_cert_md_nid_security_bits(md_nid); + + if (ssl != NULL) + return ssl_security(ssl, secop, security_bits, md_nid, x509); + + return ssl_ctx_security(ctx, secop, security_bits, md_nid, x509); +} + +int +ssl_security_cert(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, + int is_ee, int *out_error) +{ + int key_error, operation; + + *out_error = 0; + + if (is_ee) { + operation = SSL_SECOP_EE_KEY; + key_error = SSL_R_EE_KEY_TOO_SMALL; + } else { + operation = SSL_SECOP_CA_KEY; + key_error = SSL_R_CA_KEY_TOO_SMALL; + } + + if (!ssl_security_cert_key(ctx, ssl, x509, operation)) { + *out_error = key_error; + return 0; + } + + if (!ssl_security_cert_sig(ctx, ssl, x509, SSL_SECOP_CA_MD)) { + *out_error = SSL_R_CA_MD_TOO_WEAK; + return 0; + } + + return 1; +} + +/* + * Check security of a chain. If |sk| includes the end entity certificate + * then |x509| must be NULL. + */ +int +ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk, X509 *x509, + int *out_error) +{ + int start_idx = 0; + int is_ee; + int i; + + if (x509 == NULL) { + x509 = sk_X509_value(sk, 0); + start_idx = 1; + } + + is_ee = 1; + if (!ssl_security_cert(NULL, ssl, x509, is_ee, out_error)) + return 0; + + is_ee = 0; + for (i = start_idx; i < sk_X509_num(sk); i++) { + x509 = sk_X509_value(sk, i); + + if (!ssl_security_cert(NULL, ssl, x509, is_ee, out_error)) + return 0; + } + + return 1; +} + +static int +ssl_security_group(const SSL *ssl, uint16_t group_id, int secop) +{ + CBB cbb; + int bits, nid; + uint8_t group[2]; + + if (!tls1_ec_group_id2bits(group_id, &bits)) + return 0; + if (!tls1_ec_group_id2nid(group_id, &nid)) + return 0; + + if (!CBB_init_fixed(&cbb, group, sizeof(group))) + return 0; + if (!CBB_add_u16(&cbb, group_id)) + return 0; + if (!CBB_finish(&cbb, NULL, NULL)) + return 0; + + return ssl_security(ssl, secop, bits, nid, group); +} + +int +ssl_security_shared_group(const SSL *ssl, uint16_t group_id) +{ + return ssl_security_group(ssl, group_id, SSL_SECOP_CURVE_SHARED); +} + +int +ssl_security_supported_group(const SSL *ssl, uint16_t group_id) +{ + return ssl_security_group(ssl, group_id, SSL_SECOP_CURVE_SUPPORTED); +} diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 4e798e08..7cf36f89 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.105 2021/09/08 17:27:33 tb Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.117 2022/08/17 07:39:19 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -186,13 +186,13 @@ SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) { - return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg)); + return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); } void * SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) { - return (CRYPTO_get_ex_data(&s->internal->ex_data, idx)); + return (CRYPTO_get_ex_data(&s->ex_data, idx)); } uint32_t @@ -221,26 +221,23 @@ SSL_SESSION_new(void) SSLerrorx(ERR_R_MALLOC_FAILURE); return (NULL); } - if ((ss->internal = calloc(1, sizeof(*ss->internal))) == NULL) { - free(ss); - SSLerrorx(ERR_R_MALLOC_FAILURE); - return (NULL); - } ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ ss->references = 1; - ss->timeout=60*5+4; /* 5 minute timeout by default */ + ss->timeout = 60 * 5 + 4; /* 5 minutes 4 seconds timeout by default */ ss->time = time(NULL); - ss->internal->prev = NULL; - ss->internal->next = NULL; + ss->prev = NULL; + ss->next = NULL; ss->tlsext_hostname = NULL; - ss->internal->tlsext_ecpointformatlist_length = 0; - ss->internal->tlsext_ecpointformatlist = NULL; - ss->internal->tlsext_supportedgroups_length = 0; - ss->internal->tlsext_supportedgroups = NULL; + ss->peer_cert_type = -1; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->internal->ex_data); + ss->tlsext_ecpointformatlist_length = 0; + ss->tlsext_ecpointformatlist = NULL; + ss->tlsext_supportedgroups_length = 0; + ss->tlsext_supportedgroups = NULL; + + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); return (ss); } @@ -249,7 +246,7 @@ const unsigned char * SSL_SESSION_get_id(const SSL_SESSION *ss, unsigned int *len) { if (len != NULL) - *len = ss->session_id_length; + *len = (unsigned int)ss->session_id_length; return ss->session_id; } @@ -383,7 +380,7 @@ ssl_get_new_session(SSL *s, int session) * Don't allow the callback to set the session length to zero. * nor set it higher than it was. */ - if (!tmp || (tmp > ss->session_id_length)) { + if (tmp == 0 || tmp > ss->session_id_length) { /* The callback set an illegal length */ SSLerror(s, SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); SSL_SESSION_free(ss); @@ -393,7 +390,7 @@ ssl_get_new_session(SSL *s, int session) /* Finally, check for a conflict. */ if (SSL_has_matching_session_id(s, ss->session_id, - ss->session_id_length)) { + ss->session_id_length)) { SSLerror(s, SSL_R_SSL_SESSION_ID_CONFLICT); SSL_SESSION_free(ss); return (0); @@ -440,8 +437,10 @@ ssl_session_from_cache(SSL *s, CBS *session_id) memset(&data, 0, sizeof(data)); data.ssl_version = s->version; - data.session_id_length = CBS_len(session_id); - memcpy(data.session_id, CBS_data(session_id), CBS_len(session_id)); + + if (!CBS_write_bytes(session_id, data.session_id, + sizeof(data.session_id), &data.session_id_length)) + return NULL; CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); sess = lh_SSL_SESSION_retrieve(s->session_ctx->internal->sessions, &data); @@ -531,7 +530,6 @@ int ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) { SSL_SESSION *sess = NULL; - size_t session_id_len; int alert_desc = SSL_AD_INTERNAL_ERROR, fatal = 0; int ticket_decrypted = 0; @@ -560,11 +558,10 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert) * ticket has been accepted so we copy it into sess. */ if (!CBS_write_bytes(session_id, sess->session_id, - sizeof(sess->session_id), &session_id_len)) { + sizeof(sess->session_id), &sess->session_id_length)) { fatal = 1; goto err; } - sess->session_id_length = (unsigned int)session_id_len; break; default: SSLerror(s, ERR_R_INTERNAL_ERROR); @@ -726,26 +723,27 @@ remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) SSL_SESSION *r; int ret = 0; - if ((c != NULL) && (c->session_id_length != 0)) { - if (lck) - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - if ((r = lh_SSL_SESSION_retrieve(ctx->internal->sessions, c)) == c) { - ret = 1; - r = lh_SSL_SESSION_delete(ctx->internal->sessions, c); - SSL_SESSION_list_remove(ctx, c); - } - if (lck) - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - - if (ret) { - r->internal->not_resumable = 1; - if (ctx->internal->remove_session_cb != NULL) - ctx->internal->remove_session_cb(ctx, r); - SSL_SESSION_free(r); - } - } else - ret = 0; - return (ret); + if (c == NULL || c->session_id_length == 0) + return 0; + + if (lck) + CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + if ((r = lh_SSL_SESSION_retrieve(ctx->internal->sessions, c)) == c) { + ret = 1; + r = lh_SSL_SESSION_delete(ctx->internal->sessions, c); + SSL_SESSION_list_remove(ctx, c); + } + if (lck) + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + + if (ret) { + r->not_resumable = 1; + if (ctx->internal->remove_session_cb != NULL) + ctx->internal->remove_session_cb(ctx, r); + SSL_SESSION_free(r); + } + + return ret; } void @@ -760,23 +758,20 @@ SSL_SESSION_free(SSL_SESSION *ss) if (i > 0) return; - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->internal->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); explicit_bzero(ss->master_key, sizeof ss->master_key); explicit_bzero(ss->session_id, sizeof ss->session_id); - ssl_sess_cert_free(ss->internal->sess_cert); - - X509_free(ss->peer); + X509_free(ss->peer_cert); sk_SSL_CIPHER_free(ss->ciphers); free(ss->tlsext_hostname); free(ss->tlsext_tick); - free(ss->internal->tlsext_ecpointformatlist); - free(ss->internal->tlsext_supportedgroups); + free(ss->tlsext_ecpointformatlist); + free(ss->tlsext_supportedgroups); - freezero(ss->internal, sizeof(*ss->internal)); freezero(ss, sizeof(*ss)); } @@ -883,7 +878,7 @@ SSL_SESSION_get0_cipher(const SSL_SESSION *s) X509 * SSL_SESSION_get0_peer(SSL_SESSION *s) { - return s->peer; + return s->peer_cert; } int @@ -1007,7 +1002,7 @@ timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) * save on locking overhead */ (void)lh_SSL_SESSION_delete(p->cache, s); SSL_SESSION_list_remove(p->ctx, s); - s->internal->not_resumable = 1; + s->not_resumable = 1; if (p->ctx->internal->remove_session_cb != NULL) p->ctx->internal->remove_session_cb(p->ctx, s); SSL_SESSION_free(s); @@ -1059,50 +1054,50 @@ ssl_clear_bad_session(SSL *s) static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) { - if ((s->internal->next == NULL) || (s->internal->prev == NULL)) + if (s->next == NULL || s->prev == NULL) return; - if (s->internal->next == (SSL_SESSION *)&(ctx->internal->session_cache_tail)) { + if (s->next == (SSL_SESSION *)&(ctx->internal->session_cache_tail)) { /* last element in list */ - if (s->internal->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) { + if (s->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) { /* only one element in list */ ctx->internal->session_cache_head = NULL; ctx->internal->session_cache_tail = NULL; } else { - ctx->internal->session_cache_tail = s->internal->prev; - s->internal->prev->internal->next = + ctx->internal->session_cache_tail = s->prev; + s->prev->next = (SSL_SESSION *)&(ctx->internal->session_cache_tail); } } else { - if (s->internal->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) { + if (s->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) { /* first element in list */ - ctx->internal->session_cache_head = s->internal->next; - s->internal->next->internal->prev = + ctx->internal->session_cache_head = s->next; + s->next->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head); } else { /* middle of list */ - s->internal->next->internal->prev = s->internal->prev; - s->internal->prev->internal->next = s->internal->next; + s->next->prev = s->prev; + s->prev->next = s->next; } } - s->internal->prev = s->internal->next = NULL; + s->prev = s->next = NULL; } static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) { - if ((s->internal->next != NULL) && (s->internal->prev != NULL)) + if (s->next != NULL && s->prev != NULL) SSL_SESSION_list_remove(ctx, s); if (ctx->internal->session_cache_head == NULL) { ctx->internal->session_cache_head = s; ctx->internal->session_cache_tail = s; - s->internal->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head); - s->internal->next = (SSL_SESSION *)&(ctx->internal->session_cache_tail); + s->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head); + s->next = (SSL_SESSION *)&(ctx->internal->session_cache_tail); } else { - s->internal->next = ctx->internal->session_cache_head; - s->internal->next->internal->prev = s; - s->internal->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head); + s->next = ctx->internal->session_cache_head; + s->next->prev = s; + s->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head); ctx->internal->session_cache_head = s; } } diff --git a/ssl/ssl_sigalgs.c b/ssl/ssl_sigalgs.c index 765f39d4..c3e07e5c 100644 --- a/ssl/ssl_sigalgs.c +++ b/ssl/ssl_sigalgs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sigalgs.c,v 1.37 2021/06/29 19:36:14 jsing Exp $ */ +/* $OpenBSD: ssl_sigalgs.c,v 1.47 2022/07/02 16:31:04 tb Exp $ */ /* * Copyright (c) 2018-2020 Bob Beck * Copyright (c) 2021 Joel Sing @@ -32,114 +32,134 @@ const struct ssl_sigalg sigalgs[] = { .value = SIGALG_RSA_PKCS1_SHA512, .key_type = EVP_PKEY_RSA, .md = EVP_sha512, + .security_level = 5, }, { .value = SIGALG_ECDSA_SECP521R1_SHA512, .key_type = EVP_PKEY_EC, .md = EVP_sha512, - .curve_nid = NID_secp521r1, + .security_level = 5, + .group_nid = NID_secp521r1, }, #ifndef OPENSSL_NO_GOST { .value = SIGALG_GOSTR12_512_STREEBOG_512, .key_type = EVP_PKEY_GOSTR12_512, .md = EVP_streebog512, + .security_level = 0, }, #endif { .value = SIGALG_RSA_PKCS1_SHA384, .key_type = EVP_PKEY_RSA, .md = EVP_sha384, + .security_level = 4, }, { .value = SIGALG_ECDSA_SECP384R1_SHA384, .key_type = EVP_PKEY_EC, .md = EVP_sha384, - .curve_nid = NID_secp384r1, + .security_level = 4, + .group_nid = NID_secp384r1, }, { .value = SIGALG_RSA_PKCS1_SHA256, .key_type = EVP_PKEY_RSA, .md = EVP_sha256, + .security_level = 3, }, { .value = SIGALG_ECDSA_SECP256R1_SHA256, .key_type = EVP_PKEY_EC, .md = EVP_sha256, - .curve_nid = NID_X9_62_prime256v1, + .security_level = 3, + .group_nid = NID_X9_62_prime256v1, }, #ifndef OPENSSL_NO_GOST { .value = SIGALG_GOSTR12_256_STREEBOG_256, .key_type = EVP_PKEY_GOSTR12_256, .md = EVP_streebog256, + .security_level = 0, }, { .value = SIGALG_GOSTR01_GOST94, .key_type = EVP_PKEY_GOSTR01, .md = EVP_gostr341194, + .security_level = 0, /* XXX */ }, #endif { .value = SIGALG_RSA_PSS_RSAE_SHA256, .key_type = EVP_PKEY_RSA, .md = EVP_sha256, + .security_level = 3, .flags = SIGALG_FLAG_RSA_PSS, }, { .value = SIGALG_RSA_PSS_RSAE_SHA384, .key_type = EVP_PKEY_RSA, .md = EVP_sha384, + .security_level = 4, .flags = SIGALG_FLAG_RSA_PSS, }, { .value = SIGALG_RSA_PSS_RSAE_SHA512, .key_type = EVP_PKEY_RSA, .md = EVP_sha512, + .security_level = 5, .flags = SIGALG_FLAG_RSA_PSS, }, { .value = SIGALG_RSA_PSS_PSS_SHA256, .key_type = EVP_PKEY_RSA, .md = EVP_sha256, + .security_level = 3, .flags = SIGALG_FLAG_RSA_PSS, }, { .value = SIGALG_RSA_PSS_PSS_SHA384, .key_type = EVP_PKEY_RSA, .md = EVP_sha384, + .security_level = 4, .flags = SIGALG_FLAG_RSA_PSS, }, { .value = SIGALG_RSA_PSS_PSS_SHA512, .key_type = EVP_PKEY_RSA, .md = EVP_sha512, + .security_level = 5, .flags = SIGALG_FLAG_RSA_PSS, }, { .value = SIGALG_RSA_PKCS1_SHA224, .key_type = EVP_PKEY_RSA, .md = EVP_sha224, + .security_level = 2, }, { .value = SIGALG_ECDSA_SECP224R1_SHA224, .key_type = EVP_PKEY_EC, .md = EVP_sha224, + .security_level = 2, }, { .value = SIGALG_RSA_PKCS1_SHA1, .key_type = EVP_PKEY_RSA, .md = EVP_sha1, + .security_level = 1, }, { .value = SIGALG_ECDSA_SHA1, .key_type = EVP_PKEY_EC, .md = EVP_sha1, + .security_level = 1, }, { .value = SIGALG_RSA_PKCS1_MD5_SHA1, .key_type = EVP_PKEY_RSA, .md = EVP_md5_sha1, + .security_level = 1, }, { .value = SIGALG_NONE, @@ -209,7 +229,7 @@ ssl_sigalg_from_value(SSL *s, uint16_t value) size_t len; int i; - ssl_sigalgs_for_version(S3I(s)->hs.negotiated_tls_version, + ssl_sigalgs_for_version(s->s3->hs.negotiated_tls_version, &values, &len); for (i = 0; i < len; i++) { @@ -221,11 +241,13 @@ ssl_sigalg_from_value(SSL *s, uint16_t value) } int -ssl_sigalgs_build(uint16_t tls_version, CBB *cbb) +ssl_sigalgs_build(uint16_t tls_version, CBB *cbb, int security_level) { + const struct ssl_sigalg *sigalg; const uint16_t *values; size_t len; size_t i; + int ret = 0; ssl_sigalgs_for_version(tls_version, &values, &len); @@ -234,21 +256,29 @@ ssl_sigalgs_build(uint16_t tls_version, CBB *cbb) /* Do not allow the legacy value for < 1.2 to be used. */ if (values[i] == SIGALG_RSA_PKCS1_MD5_SHA1) return 0; - if (ssl_sigalg_lookup(values[i]) == NULL) + if ((sigalg = ssl_sigalg_lookup(values[i])) == NULL) return 0; + if (sigalg->security_level < security_level) + continue; + if (!CBB_add_u16(cbb, values[i])) return 0; + + ret = 1; } - return 1; + return ret; } static const struct ssl_sigalg * ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey) { + if (SSL_get_security_level(s) > 1) + return NULL; + /* Default signature algorithms used for TLSv1.2 and earlier. */ - switch (pkey->type) { + switch (EVP_PKEY_id(pkey)) { case EVP_PKEY_RSA: - if (S3I(s)->hs.negotiated_tls_version < TLS1_2_VERSION) + if (s->s3->hs.negotiated_tls_version < TLS1_2_VERSION) return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); case EVP_PKEY_EC: @@ -259,7 +289,7 @@ ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey) #endif } SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); - return (NULL); + return NULL; } static int @@ -267,17 +297,20 @@ ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey) { if (sigalg == NULL || pkey == NULL) return 0; - if (sigalg->key_type != pkey->type) + if (sigalg->key_type != EVP_PKEY_id(pkey)) return 0; /* RSA PSS must have a sufficiently large RSA key. */ if ((sigalg->flags & SIGALG_FLAG_RSA_PSS)) { - if (pkey->type != EVP_PKEY_RSA || + if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA || EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2)) return 0; } - if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION) + if (!ssl_security_sigalg_check(s, pkey)) + return 0; + + if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION) return 1; /* RSA cannot be used without PSS in TLSv1.3. */ @@ -285,12 +318,12 @@ ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey) (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0) return 0; - /* Ensure that curve matches for EC keys. */ - if (pkey->type == EVP_PKEY_EC) { - if (sigalg->curve_nid == 0) + /* Ensure that group matches for EC keys. */ + if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { + if (sigalg->group_nid == 0) return 0; if (EC_GROUP_get_curve_name(EC_KEY_get0_group( - EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->curve_nid) + EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->group_nid) return 0; } @@ -309,20 +342,20 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) * RFC 5246 allows a TLS 1.2 client to send no sigalgs extension, * in which case the server must use the default. */ - if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION && - S3I(s)->hs.sigalgs == NULL) + if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION && + s->s3->hs.sigalgs == NULL) return ssl_sigalg_for_legacy(s, pkey); /* * If we get here, we have client or server sent sigalgs, use one. */ - CBS_init(&cbs, S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); + CBS_init(&cbs, s->s3->hs.sigalgs, s->s3->hs.sigalgs_len); while (CBS_len(&cbs) > 0) { const struct ssl_sigalg *sigalg; uint16_t sigalg_value; if (!CBS_get_u16(&cbs, &sigalg_value)) - return 0; + return NULL; if ((sigalg = ssl_sigalg_from_value(s, sigalg_value)) == NULL) continue; @@ -344,11 +377,11 @@ ssl_sigalg_for_peer(SSL *s, EVP_PKEY *pkey, uint16_t sigalg_value) if ((sigalg = ssl_sigalg_from_value(s, sigalg_value)) == NULL) { SSLerror(s, SSL_R_UNKNOWN_DIGEST); - return (NULL); + return NULL; } if (!ssl_sigalg_pkey_ok(s, sigalg, pkey)) { SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); - return (NULL); + return NULL; } return sigalg; diff --git a/ssl/ssl_sigalgs.h b/ssl/ssl_sigalgs.h index beab11af..21a54d64 100644 --- a/ssl/ssl_sigalgs.h +++ b/ssl/ssl_sigalgs.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sigalgs.h,v 1.23 2021/06/29 19:25:59 jsing Exp $ */ +/* $OpenBSD: ssl_sigalgs.h,v 1.26 2022/07/02 16:00:12 tb Exp $ */ /* * Copyright (c) 2018-2019 Bob Beck * @@ -64,11 +64,12 @@ struct ssl_sigalg { uint16_t value; int key_type; const EVP_MD *(*md)(void); - int curve_nid; + int security_level; + int group_nid; int flags; }; -int ssl_sigalgs_build(uint16_t tls_version, CBB *cbb); +int ssl_sigalgs_build(uint16_t tls_version, CBB *cbb, int security_level); const struct ssl_sigalg *ssl_sigalg_select(SSL *s, EVP_PKEY *pkey); const struct ssl_sigalg *ssl_sigalg_for_peer(SSL *s, EVP_PKEY *pkey, uint16_t sigalg_value); diff --git a/ssl/ssl_srvr.c b/ssl/ssl_srvr.c index 3a37fc7e..acdcb153 100644 --- a/ssl/ssl_srvr.c +++ b/ssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.119 2021/09/03 13:18:01 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.149 2022/08/17 07:39:19 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -183,7 +183,7 @@ ssl3_accept(SSL *s) errno = 0; if (SSL_is_dtls(s)) - listen = D1I(s)->listen; + listen = s->d1->listen; /* init things to blank */ s->internal->in_handshake++; @@ -191,15 +191,15 @@ ssl3_accept(SSL *s) SSL_clear(s); if (SSL_is_dtls(s)) - D1I(s)->listen = listen; + s->d1->listen = listen; for (;;) { - state = S3I(s)->hs.state; + state = s->s3->hs.state; - switch (S3I(s)->hs.state) { + switch (s->s3->hs.state) { case SSL_ST_RENEGOTIATE: s->internal->renegotiate = 1; - /* S3I(s)->hs.state=SSL_ST_ACCEPT; */ + /* s->s3->hs.state=SSL_ST_ACCEPT; */ case SSL_ST_BEFORE: case SSL_ST_ACCEPT: @@ -216,13 +216,20 @@ ssl3_accept(SSL *s) } if (!ssl_supported_tls_version_range(s, - &S3I(s)->hs.our_min_tls_version, - &S3I(s)->hs.our_max_tls_version)) { + &s->s3->hs.our_min_tls_version, + &s->s3->hs.our_max_tls_version)) { SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); ret = -1; goto end; } + if (!ssl_security_version(s, + s->s3->hs.our_min_tls_version)) { + SSLerror(s, SSL_R_VERSION_TOO_LOW); + ret = -1; + goto end; + } + if (!ssl3_setup_init_buffer(s)) { ret = -1; goto end; @@ -234,7 +241,7 @@ ssl3_accept(SSL *s) s->internal->init_num = 0; - if (S3I(s)->hs.state != SSL_ST_RENEGOTIATE) { + if (s->s3->hs.state != SSL_ST_RENEGOTIATE) { /* * Ok, we now need to push on a buffering BIO * so that the output is sent in a way that @@ -250,9 +257,9 @@ ssl3_accept(SSL *s) goto end; } - S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A; + s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_A; s->ctx->internal->stats.sess_accept++; - } else if (!SSL_is_dtls(s) && !S3I(s)->send_connection_binding) { + } else if (!SSL_is_dtls(s) && !s->s3->send_connection_binding) { /* * Server attempting to renegotiate with * client that doesn't support secure @@ -265,11 +272,11 @@ ssl3_accept(SSL *s) goto end; } else { /* - * S3I(s)->hs.state == SSL_ST_RENEGOTIATE, + * s->s3->hs.state == SSL_ST_RENEGOTIATE, * we will just send a HelloRequest. */ s->ctx->internal->stats.sess_accept_renegotiate++; - S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_A; + s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_A; } break; @@ -284,10 +291,10 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; if (SSL_is_dtls(s)) - S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A; + s->s3->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A; else - S3I(s)->hs.tls12.next_state = SSL3_ST_SW_HELLO_REQ_C; - S3I(s)->hs.state = SSL3_ST_SW_FLUSH; + s->s3->hs.tls12.next_state = SSL3_ST_SW_HELLO_REQ_C; + s->s3->hs.state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; if (SSL_is_dtls(s)) { @@ -299,7 +306,7 @@ ssl3_accept(SSL *s) break; case SSL3_ST_SW_HELLO_REQ_C: - S3I(s)->hs.state = SSL_ST_OK; + s->s3->hs.state = SSL_ST_OK; break; case SSL3_ST_SR_CLNT_HELLO_A: @@ -314,9 +321,9 @@ ssl3_accept(SSL *s) if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) - S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; + s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; else - S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A; + s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A; s->internal->init_num = 0; @@ -330,16 +337,16 @@ ssl3_accept(SSL *s) } /* If we're just listening, stop here */ - if (listen && S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { + if (listen && s->s3->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { ret = 2; - D1I(s)->listen = 0; + s->d1->listen = 0; /* * Set expected sequence numbers to * continue the handshake. */ - D1I(s)->handshake_read_seq = 2; - D1I(s)->handshake_write_seq = 1; - D1I(s)->next_handshake_write_seq = 1; + s->d1->handshake_read_seq = 2; + s->d1->handshake_write_seq = 1; + s->d1->next_handshake_write_seq = 1; goto end; } } else { @@ -350,7 +357,7 @@ ssl3_accept(SSL *s) } s->internal->renegotiate = 2; - S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A; + s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A; s->internal->init_num = 0; } break; @@ -360,8 +367,8 @@ ssl3_accept(SSL *s) ret = ssl3_send_dtls_hello_verify_request(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SW_FLUSH; - S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A; + s->s3->hs.state = SSL3_ST_SW_FLUSH; + s->s3->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A; /* HelloVerifyRequest resets Finished MAC. */ tls1_transcript_reset(s); @@ -378,11 +385,11 @@ ssl3_accept(SSL *s) goto end; if (s->internal->hit) { if (s->internal->tlsext_ticket_expected) - S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A; + s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A; else - S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A; + s->s3->hs.state = SSL3_ST_SW_CHANGE_A; } else { - S3I(s)->hs.state = SSL3_ST_SW_CERT_A; + s->s3->hs.state = SSL3_ST_SW_CERT_A; } s->internal->init_num = 0; break; @@ -390,7 +397,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SW_CERT_A: case SSL3_ST_SW_CERT_B: /* Check if it is anon DH or anon ECDH. */ - if (!(S3I(s)->hs.cipher->algorithm_auth & + if (!(s->s3->hs.cipher->algorithm_auth & SSL_aNULL)) { if (SSL_is_dtls(s)) dtls1_start_timer(s); @@ -398,19 +405,19 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; if (s->internal->tlsext_status_expected) - S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_A; + s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_A; else - S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; } else { skip = 1; - S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; } s->internal->init_num = 0; break; case SSL3_ST_SW_KEY_EXCH_A: case SSL3_ST_SW_KEY_EXCH_B: - alg_k = S3I(s)->hs.cipher->algorithm_mkey; + alg_k = s->s3->hs.cipher->algorithm_mkey; /* * Only send if using a DH key exchange. @@ -429,7 +436,7 @@ ssl3_accept(SSL *s) } else skip = 1; - S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_A; + s->s3->hs.state = SSL3_ST_SW_CERT_REQ_A; s->internal->init_num = 0; break; @@ -453,26 +460,26 @@ ssl3_accept(SSL *s) * s3_clnt.c accepts this for SSL 3). */ if (!(s->verify_mode & SSL_VERIFY_PEER) || - ((s->session->peer != NULL) && + ((s->session->peer_cert != NULL) && (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || - ((S3I(s)->hs.cipher->algorithm_auth & + ((s->s3->hs.cipher->algorithm_auth & SSL_aNULL) && !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { /* No cert request. */ skip = 1; - S3I(s)->hs.tls12.cert_request = 0; - S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A; + s->s3->hs.tls12.cert_request = 0; + s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A; if (!SSL_is_dtls(s)) tls1_transcript_free(s); } else { - S3I(s)->hs.tls12.cert_request = 1; + s->s3->hs.tls12.cert_request = 1; if (SSL_is_dtls(s)) dtls1_start_timer(s); ret = ssl3_send_certificate_request(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A; + s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A; s->internal->init_num = 0; } break; @@ -484,8 +491,8 @@ ssl3_accept(SSL *s) ret = ssl3_send_server_done(s); if (ret <= 0) goto end; - S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CERT_A; - S3I(s)->hs.state = SSL3_ST_SW_FLUSH; + s->s3->hs.tls12.next_state = SSL3_ST_SR_CERT_A; + s->s3->hs.state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; break; @@ -506,25 +513,25 @@ ssl3_accept(SSL *s) /* If the write error was fatal, stop trying. */ if (!BIO_should_retry(s->wbio)) { s->internal->rwstate = SSL_NOTHING; - S3I(s)->hs.state = S3I(s)->hs.tls12.next_state; + s->s3->hs.state = s->s3->hs.tls12.next_state; } } ret = -1; goto end; } s->internal->rwstate = SSL_NOTHING; - S3I(s)->hs.state = S3I(s)->hs.tls12.next_state; + s->s3->hs.state = s->s3->hs.tls12.next_state; break; case SSL3_ST_SR_CERT_A: case SSL3_ST_SR_CERT_B: - if (S3I(s)->hs.tls12.cert_request) { + if (s->s3->hs.tls12.cert_request != 0) { ret = ssl3_get_client_certificate(s); if (ret <= 0) goto end; } s->internal->init_num = 0; - S3I(s)->hs.state = SSL3_ST_SR_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_SR_KEY_EXCH_A; break; case SSL3_ST_SR_KEY_EXCH_A: @@ -534,27 +541,23 @@ ssl3_accept(SSL *s) goto end; if (SSL_is_dtls(s)) { - S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; + s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; } - alg_k = S3I(s)->hs.cipher->algorithm_mkey; - if (ret == 2) { + alg_k = s->s3->hs.cipher->algorithm_mkey; + if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { /* - * For the ECDH ciphersuites when - * the client sends its ECDH pub key in - * a certificate, the CertificateVerify - * message is not sent. - * Also for GOST ciphersuites when - * the client uses its key from the certificate - * for key exchange. + * A GOST client may use the key from its + * certificate for key exchange, in which case + * the CertificateVerify message is not sent. */ - S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A; + s->s3->hs.state = SSL3_ST_SR_FINISHED_A; s->internal->init_num = 0; } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { - S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; + s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; - if (!s->session->peer) + if (!s->session->peer_cert) break; /* * Freeze the transcript for use during client @@ -562,7 +565,7 @@ ssl3_accept(SSL *s) */ tls1_transcript_freeze(s); } else { - S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; + s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; tls1_transcript_free(s); @@ -572,8 +575,8 @@ ssl3_accept(SSL *s) * a client cert, it can be verified. */ if (!tls1_transcript_hash_value(s, - S3I(s)->hs.tls12.cert_verify, - sizeof(S3I(s)->hs.tls12.cert_verify), + s->s3->hs.tls12.cert_verify, + sizeof(s->s3->hs.tls12.cert_verify), NULL)) { ret = -1; goto end; @@ -584,7 +587,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: if (SSL_is_dtls(s)) - D1I(s)->change_cipher_spec_ok = 1; + s->d1->change_cipher_spec_ok = 1; else s->s3->flags |= SSL3_FLAGS_CCS_OK; @@ -592,14 +595,14 @@ ssl3_accept(SSL *s) ret = ssl3_get_cert_verify(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A; + s->s3->hs.state = SSL3_ST_SR_FINISHED_A; s->internal->init_num = 0; break; case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: if (SSL_is_dtls(s)) - D1I(s)->change_cipher_spec_ok = 1; + s->d1->change_cipher_spec_ok = 1; else s->s3->flags |= SSL3_FLAGS_CCS_OK; ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A, @@ -609,11 +612,11 @@ ssl3_accept(SSL *s) if (SSL_is_dtls(s)) dtls1_stop_timer(s); if (s->internal->hit) - S3I(s)->hs.state = SSL_ST_OK; + s->s3->hs.state = SSL_ST_OK; else if (s->internal->tlsext_ticket_expected) - S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A; + s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A; else - S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A; + s->s3->hs.state = SSL3_ST_SW_CHANGE_A; s->internal->init_num = 0; break; @@ -622,7 +625,7 @@ ssl3_accept(SSL *s) ret = ssl3_send_newsession_ticket(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A; + s->s3->hs.state = SSL3_ST_SW_CHANGE_A; s->internal->init_num = 0; break; @@ -631,7 +634,7 @@ ssl3_accept(SSL *s) ret = ssl3_send_cert_status(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -641,9 +644,9 @@ ssl3_accept(SSL *s) SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SW_FINISHED_A; + s->s3->hs.state = SSL3_ST_SW_FINISHED_A; s->internal->init_num = 0; - s->session->cipher = S3I(s)->hs.cipher; + s->session->cipher = s->s3->hs.cipher; if (!tls1_setup_key_block(s)) { ret = -1; @@ -661,12 +664,12 @@ ssl3_accept(SSL *s) SSL3_ST_SW_FINISHED_B); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SW_FLUSH; + s->s3->hs.state = SSL3_ST_SW_FLUSH; if (s->internal->hit) { - S3I(s)->hs.tls12.next_state = SSL3_ST_SR_FINISHED_A; + s->s3->hs.tls12.next_state = SSL3_ST_SR_FINISHED_A; tls1_transcript_free(s); } else - S3I(s)->hs.tls12.next_state = SSL_ST_OK; + s->s3->hs.tls12.next_state = SSL_ST_OK; s->internal->init_num = 0; break; @@ -674,7 +677,7 @@ ssl3_accept(SSL *s) /* clean a few things up */ tls1_cleanup_key_block(s); - if (S3I(s)->handshake_transcript != NULL) { + if (s->s3->handshake_transcript != NULL) { SSLerror(s, ERR_R_INTERNAL_ERROR); ret = -1; goto end; @@ -706,10 +709,10 @@ ssl3_accept(SSL *s) if (SSL_is_dtls(s)) { /* Done handshaking, next message is client hello. */ - D1I(s)->handshake_read_seq = 0; + s->d1->handshake_read_seq = 0; /* Next message is server hello. */ - D1I(s)->handshake_write_seq = 0; - D1I(s)->next_handshake_write_seq = 0; + s->d1->handshake_write_seq = 0; + s->d1->next_handshake_write_seq = 0; } goto end; /* break; */ @@ -721,18 +724,18 @@ ssl3_accept(SSL *s) /* break; */ } - if (!S3I(s)->hs.tls12.reuse_message && !skip) { + if (!s->s3->hs.tls12.reuse_message && !skip) { if (s->internal->debug) { if ((ret = BIO_flush(s->wbio)) <= 0) goto end; } - if (S3I(s)->hs.state != state) { - new_state = S3I(s)->hs.state; - S3I(s)->hs.state = state; + if (s->s3->hs.state != state) { + new_state = s->s3->hs.state; + s->s3->hs.state = state; ssl_info_callback(s, SSL_CB_ACCEPT_LOOP, 1); - S3I(s)->hs.state = new_state; + s->s3->hs.state = new_state; } } skip = 0; @@ -752,14 +755,14 @@ ssl3_send_hello_request(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_HELLO_REQ_A) { + if (s->s3->hs.state == SSL3_ST_SW_HELLO_REQ_A) { if (!ssl3_handshake_msg_start(s, &cbb, &hello, SSL3_MT_HELLO_REQUEST)) goto err; if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_B; + s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_B; } /* SSL3_ST_SW_HELLO_REQ_B */ @@ -779,8 +782,7 @@ ssl3_get_client_hello(SSL *s) uint16_t client_version; uint8_t comp_method; int comp_null; - int i, j, ok, al, ret = -1, cookie_valid = 0; - long n; + int i, j, al, ret, cookie_valid = 0; unsigned long id; SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *ciphers = NULL; @@ -795,22 +797,22 @@ ssl3_get_client_hello(SSL *s) * If we are SSLv3, we will respond with SSLv3, even if prompted with * TLSv1. */ - if (S3I(s)->hs.state == SSL3_ST_SR_CLNT_HELLO_A) { - S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_B; - } + if (s->s3->hs.state == SSL3_ST_SR_CLNT_HELLO_A) + s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_B; s->internal->first_packet = 1; - n = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, + if ((ret = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO, - SSL3_RT_MAX_PLAIN_LENGTH, &ok); - if (!ok) - return ((int)n); + SSL3_RT_MAX_PLAIN_LENGTH)) <= 0) + return ret; s->internal->first_packet = 0; - if (n < 0) + ret = -1; + + if (s->internal->init_num < 0) goto err; - CBS_init(&cbs, s->internal->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); /* Parse client hello up until the extensions (if any). */ if (!CBS_get_u16(&cbs, &client_version)) @@ -838,23 +840,23 @@ ssl3_get_client_hello(SSL *s) * (may differ: see RFC 2246, Appendix E, second paragraph) */ if (!ssl_max_shared_version(s, client_version, &shared_version)) { - if ((s->client_version >> 8) == SSL3_VERSION_MAJOR && + if ((client_version >> 8) == SSL3_VERSION_MAJOR && !tls12_record_layer_write_protected(s->internal->rl)) { /* * Similar to ssl3_get_record, send alert using remote * version number. */ - s->version = s->client_version; + s->version = client_version; } SSLerror(s, SSL_R_WRONG_VERSION_NUMBER); al = SSL_AD_PROTOCOL_VERSION; goto fatal_err; } - s->client_version = client_version; + s->s3->hs.peer_legacy_version = client_version; s->version = shared_version; - S3I(s)->hs.negotiated_tls_version = ssl_tls_version(shared_version); - if (S3I(s)->hs.negotiated_tls_version == 0) { + s->s3->hs.negotiated_tls_version = ssl_tls_version(shared_version); + if (s->s3->hs.negotiated_tls_version == 0) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } @@ -925,7 +927,7 @@ ssl3_get_client_hello(SSL *s) * message has not been sent - make sure that it does not cause * an overflow. */ - if (CBS_len(&cookie) > sizeof(D1I(s)->rcvd_cookie)) { + if (CBS_len(&cookie) > sizeof(s->d1->rcvd_cookie)) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_COOKIE_MISMATCH); goto fatal_err; @@ -937,21 +939,21 @@ ssl3_get_client_hello(SSL *s) size_t cookie_len; /* XXX - rcvd_cookie seems to only be used here... */ - if (!CBS_write_bytes(&cookie, D1I(s)->rcvd_cookie, - sizeof(D1I(s)->rcvd_cookie), &cookie_len)) + if (!CBS_write_bytes(&cookie, s->d1->rcvd_cookie, + sizeof(s->d1->rcvd_cookie), &cookie_len)) goto err; if (s->ctx->internal->app_verify_cookie_cb != NULL) { if (s->ctx->internal->app_verify_cookie_cb(s, - D1I(s)->rcvd_cookie, cookie_len) == 0) { + s->d1->rcvd_cookie, cookie_len) == 0) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_COOKIE_MISMATCH); goto fatal_err; } /* else cookie verification succeeded */ /* XXX - can d1->cookie_len > sizeof(rcvd_cookie) ? */ - } else if (timingsafe_memcmp(D1I(s)->rcvd_cookie, - D1I(s)->cookie, D1I(s)->cookie_len) != 0) { + } else if (timingsafe_memcmp(s->d1->rcvd_cookie, + s->d1->cookie, s->d1->cookie_len) != 0) { /* default verification */ al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_COOKIE_MISMATCH); @@ -1020,7 +1022,7 @@ ssl3_get_client_hello(SSL *s) if (CBS_len(&cbs) != 0) goto decode_err; - if (!S3I(s)->renegotiate_seen && s->internal->renegotiate) { + if (!s->s3->renegotiate_seen && s->internal->renegotiate) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); goto fatal_err; @@ -1039,8 +1041,8 @@ ssl3_get_client_hello(SSL *s) */ arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); - if (S3I(s)->hs.our_max_tls_version >= TLS1_2_VERSION && - S3I(s)->hs.negotiated_tls_version < S3I(s)->hs.our_max_tls_version) { + if (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION && + s->s3->hs.negotiated_tls_version < s->s3->hs.our_max_tls_version) { /* * RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3 * we must set the last 8 bytes of the server random to magical @@ -1049,7 +1051,7 @@ ssl3_get_client_hello(SSL *s) */ size_t index = SSL3_RANDOM_SIZE - sizeof(tls13_downgrade_12); uint8_t *magic = &s->s3->server_random[index]; - if (S3I(s)->hs.negotiated_tls_version == TLS1_2_VERSION) { + if (s->s3->hs.negotiated_tls_version == TLS1_2_VERSION) { /* Indicate we chose to downgrade to 1.2. */ memcpy(magic, tls13_downgrade_12, sizeof(tls13_downgrade_12)); @@ -1060,34 +1062,42 @@ ssl3_get_client_hello(SSL *s) } } - if (!s->internal->hit && s->internal->tls_session_secret_cb) { + if (!s->internal->hit && s->internal->tls_session_secret_cb != NULL) { SSL_CIPHER *pref_cipher = NULL; + int master_key_length = sizeof(s->session->master_key); - s->session->master_key_length = sizeof(s->session->master_key); - if (s->internal->tls_session_secret_cb(s, s->session->master_key, - &s->session->master_key_length, ciphers, &pref_cipher, - s->internal->tls_session_secret_cb_arg)) { - s->internal->hit = 1; - s->session->ciphers = ciphers; - s->session->verify_result = X509_V_OK; - - ciphers = NULL; + if (!s->internal->tls_session_secret_cb(s, + s->session->master_key, &master_key_length, ciphers, + &pref_cipher, s->internal->tls_session_secret_cb_arg)) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + goto err; + } + if (master_key_length <= 0) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + goto err; + } + s->session->master_key_length = master_key_length; - /* check if some cipher was preferred by call back */ - pref_cipher = pref_cipher ? pref_cipher : - ssl3_choose_cipher(s, s->session->ciphers, - SSL_get_ciphers(s)); - if (pref_cipher == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerror(s, SSL_R_NO_SHARED_CIPHER); - goto fatal_err; - } + s->internal->hit = 1; + s->session->verify_result = X509_V_OK; - s->session->cipher = pref_cipher; + sk_SSL_CIPHER_free(s->session->ciphers); + s->session->ciphers = ciphers; + ciphers = NULL; - sk_SSL_CIPHER_free(s->cipher_list); - s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers); + /* Check if some cipher was preferred by the callback. */ + if (pref_cipher == NULL) + pref_cipher = ssl3_choose_cipher(s, s->session->ciphers, + SSL_get_ciphers(s)); + if (pref_cipher == NULL) { + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerror(s, SSL_R_NO_SHARED_CIPHER); + goto fatal_err; } + s->session->cipher = pref_cipher; + + sk_SSL_CIPHER_free(s->cipher_list); + s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers); } /* @@ -1096,31 +1106,30 @@ ssl3_get_client_hello(SSL *s) */ if (!s->internal->hit) { - sk_SSL_CIPHER_free(s->session->ciphers); - s->session->ciphers = ciphers; if (ciphers == NULL) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerror(s, SSL_R_NO_CIPHERS_PASSED); goto fatal_err; } + sk_SSL_CIPHER_free(s->session->ciphers); + s->session->ciphers = ciphers; ciphers = NULL; - c = ssl3_choose_cipher(s, s->session->ciphers, - SSL_get_ciphers(s)); - if (c == NULL) { + if ((c = ssl3_choose_cipher(s, s->session->ciphers, + SSL_get_ciphers(s))) == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_NO_SHARED_CIPHER); goto fatal_err; } - S3I(s)->hs.cipher = c; + s->s3->hs.cipher = c; } else { - S3I(s)->hs.cipher = s->session->cipher; + s->s3->hs.cipher = s->session->cipher; } if (!tls1_transcript_hash_init(s)) goto err; - alg_k = S3I(s)->hs.cipher->algorithm_mkey; + alg_k = s->s3->hs.cipher->algorithm_mkey; if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) || !(s->verify_mode & SSL_VERIFY_PEER)) tls1_transcript_free(s); @@ -1165,10 +1174,10 @@ ssl3_send_dtls_hello_verify_request(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { + if (s->s3->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { if (s->ctx->internal->app_gen_cookie_cb == NULL || - s->ctx->internal->app_gen_cookie_cb(s, D1I(s)->cookie, - &(D1I(s)->cookie_len)) == 0) { + s->ctx->internal->app_gen_cookie_cb(s, s->d1->cookie, + &(s->d1->cookie_len)) == 0) { SSLerror(s, ERR_R_INTERNAL_ERROR); return 0; } @@ -1185,15 +1194,15 @@ ssl3_send_dtls_hello_verify_request(SSL *s) goto err; if (!CBB_add_u8_length_prefixed(&verify, &cookie)) goto err; - if (!CBB_add_bytes(&cookie, D1I(s)->cookie, D1I(s)->cookie_len)) + if (!CBB_add_bytes(&cookie, s->d1->cookie, s->d1->cookie_len)) goto err; if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; + s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; } - /* S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ + /* s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ return (ssl3_handshake_write(s)); err: @@ -1210,7 +1219,7 @@ ssl3_send_server_hello(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { + if (s->s3->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { if (!ssl3_handshake_msg_start(s, &cbb, &server_hello, SSL3_MT_SERVER_HELLO)) goto err; @@ -1255,7 +1264,7 @@ ssl3_send_server_hello(SSL *s) /* Cipher suite. */ if (!CBB_add_u16(&server_hello, - ssl3_cipher_get_value(S3I(s)->hs.cipher))) + ssl3_cipher_get_value(s->s3->hs.cipher))) goto err; /* Compression method (null). */ @@ -1288,14 +1297,14 @@ ssl3_send_server_done(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_DONE_A) { + if (s->s3->hs.state == SSL3_ST_SW_SRVR_DONE_A) { if (!ssl3_handshake_msg_start(s, &cbb, &done, SSL3_MT_SERVER_DONE)) goto err; if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_B; + s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_B; } /* SSL3_ST_SW_SRVR_DONE_B */ @@ -1310,198 +1319,98 @@ ssl3_send_server_done(SSL *s) static int ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) { - CBB dh_p, dh_g, dh_Ys; - DH *dh = NULL, *dhp; - unsigned char *data; - int al; + int nid = NID_dhKeyAgreement; - if (s->cert->dh_tmp_auto != 0) { - if ((dhp = ssl_get_auto_dh(s)) == NULL) { - al = SSL_AD_INTERNAL_ERROR; + tls_key_share_free(s->s3->hs.key_share); + if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL) + goto err; + + if (s->cert->dhe_params_auto != 0) { + size_t key_bits; + + if ((key_bits = ssl_dhe_params_auto_key_bits(s)) == 0) { SSLerror(s, ERR_R_INTERNAL_ERROR); - goto fatal_err; + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_INTERNAL_ERROR); + goto err; } - } else - dhp = s->cert->dh_tmp; + tls_key_share_set_key_bits(s->s3->hs.key_share, + key_bits); + } else { + DH *dh_params = s->cert->dhe_params; - if (dhp == NULL && s->cert->dh_tmp_cb != NULL) - dhp = s->cert->dh_tmp_cb(s, 0, - SSL_C_PKEYLENGTH(S3I(s)->hs.cipher)); + if (dh_params == NULL && s->cert->dhe_params_cb != NULL) + dh_params = s->cert->dhe_params_cb(s, 0, + SSL_C_PKEYLENGTH(s->s3->hs.cipher)); - if (dhp == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); - goto fatal_err; - } - - if (S3I(s)->tmp.dh != NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } + if (dh_params == NULL) { + SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_HANDSHAKE_FAILURE); + goto err; + } - if (s->cert->dh_tmp_auto != 0) { - dh = dhp; - } else if ((dh = DHparams_dup(dhp)) == NULL) { - SSLerror(s, ERR_R_DH_LIB); - goto err; - } - S3I(s)->tmp.dh = dh; - if (!DH_generate_key(dh)) { - SSLerror(s, ERR_R_DH_LIB); - goto err; + if (!tls_key_share_set_dh_params(s->s3->hs.key_share, dh_params)) + goto err; } - /* - * Serialize the DH parameters and public key. - */ - if (!CBB_add_u16_length_prefixed(cbb, &dh_p)) - goto err; - if (!CBB_add_space(&dh_p, &data, BN_num_bytes(dh->p))) - goto err; - BN_bn2bin(dh->p, data); - - if (!CBB_add_u16_length_prefixed(cbb, &dh_g)) + if (!tls_key_share_generate(s->s3->hs.key_share)) goto err; - if (!CBB_add_space(&dh_g, &data, BN_num_bytes(dh->g))) - goto err; - BN_bn2bin(dh->g, data); - if (!CBB_add_u16_length_prefixed(cbb, &dh_Ys)) + if (!tls_key_share_params(s->s3->hs.key_share, cbb)) goto err; - if (!CBB_add_space(&dh_Ys, &data, BN_num_bytes(dh->pub_key))) + if (!tls_key_share_public(s->s3->hs.key_share, cbb)) goto err; - BN_bn2bin(dh->pub_key, data); - if (!CBB_flush(cbb)) - goto err; + if (!tls_key_share_peer_security(s, s->s3->hs.key_share)) { + SSLerror(s, SSL_R_DH_KEY_TOO_SMALL); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + return 0; + } - return (1); + return 1; - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); err: - return (-1); + return 0; } static int -ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) +ssl3_send_server_kex_ecdhe(SSL *s, CBB *cbb) { - uint16_t curve_id; - EC_KEY *ecdh; - CBB ecpoint; - int al; + CBB public; + int nid; - /* - * Only named curves are supported in ECDH ephemeral key exchanges. - * For supported named curves, curve_id is non-zero. - */ - if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) { + if (!tls1_get_supported_group(s, &nid)) { SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); goto err; } - if (S3I(s)->tmp.ecdh != NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); + tls_key_share_free(s->s3->hs.key_share); + if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL) goto err; - } - if ((S3I(s)->tmp.ecdh = EC_KEY_new()) == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerror(s, SSL_R_MISSING_TMP_ECDH_KEY); - goto fatal_err; - } - S3I(s)->tmp.ecdh_nid = nid; - ecdh = S3I(s)->tmp.ecdh; - - if (!ssl_kex_generate_ecdhe_ecp(ecdh, nid)) + if (!tls_key_share_generate(s->s3->hs.key_share)) goto err; /* - * Encode the public key. - * - * Only named curves are supported in ECDH ephemeral key exchanges. - * In this case the ServerKeyExchange message has: - * [1 byte CurveType], [2 byte CurveName] - * [1 byte length of encoded point], followed by - * the actual encoded point itself. + * ECC key exchange - see RFC 8422, section 5.4. */ if (!CBB_add_u8(cbb, NAMED_CURVE_TYPE)) goto err; - if (!CBB_add_u16(cbb, curve_id)) - goto err; - if (!CBB_add_u8_length_prefixed(cbb, &ecpoint)) - goto err; - if (!ssl_kex_public_ecdhe_ecp(ecdh, &ecpoint)) - goto err; - if (!CBB_flush(cbb)) - goto err; - - return (1); - - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - err: - return (-1); -} - -static int -ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb) -{ - uint8_t *public_key = NULL, *private_key = NULL; - uint16_t curve_id; - CBB ecpoint; - int ret = -1; - - /* Generate an X25519 key pair. */ - if (S3I(s)->tmp.x25519 != NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - X25519_keypair(public_key, private_key); - - /* Serialize public key. */ - if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) { - SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); - goto err; - } - - if (!CBB_add_u8(cbb, NAMED_CURVE_TYPE)) - goto err; - if (!CBB_add_u16(cbb, curve_id)) + if (!CBB_add_u16(cbb, tls_key_share_group(s->s3->hs.key_share))) goto err; - if (!CBB_add_u8_length_prefixed(cbb, &ecpoint)) + if (!CBB_add_u8_length_prefixed(cbb, &public)) goto err; - if (!CBB_add_bytes(&ecpoint, public_key, X25519_KEY_LENGTH)) + if (!tls_key_share_public(s->s3->hs.key_share, &public)) goto err; if (!CBB_flush(cbb)) goto err; - S3I(s)->tmp.x25519 = private_key; - private_key = NULL; - ret = 1; + return 1; err: - free(public_key); - freezero(private_key, X25519_KEY_LENGTH); - - return (ret); -} - -static int -ssl3_send_server_kex_ecdhe(SSL *s, CBB *cbb) -{ - int nid; - - nid = tls1_get_shared_curve(s); - - if (nid == NID_X25519) - return ssl3_send_server_kex_ecdhe_ecx(s, nid, cbb); - - return ssl3_send_server_kex_ecdhe_ecp(s, nid, cbb); + return 0; } int @@ -1515,7 +1424,7 @@ ssl3_send_server_key_exchange(SSL *s) size_t params_len; const EVP_MD *md = NULL; unsigned long type; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx = NULL; EVP_PKEY_CTX *pctx; EVP_PKEY *pkey; int al; @@ -1523,9 +1432,10 @@ ssl3_send_server_key_exchange(SSL *s) memset(&cbb, 0, sizeof(cbb)); memset(&cbb_params, 0, sizeof(cbb_params)); - EVP_MD_CTX_init(&md_ctx); + if ((md_ctx = EVP_MD_CTX_new()) == NULL) + goto err; - if (S3I(s)->hs.state == SSL3_ST_SW_KEY_EXCH_A) { + if (s->s3->hs.state == SSL3_ST_SW_KEY_EXCH_A) { if (!ssl3_handshake_msg_start(s, &cbb, &server_kex, SSL3_MT_SERVER_KEY_EXCHANGE)) @@ -1534,12 +1444,12 @@ ssl3_send_server_key_exchange(SSL *s) if (!CBB_init(&cbb_params, 0)) goto err; - type = S3I(s)->hs.cipher->algorithm_mkey; + type = s->s3->hs.cipher->algorithm_mkey; if (type & SSL_kDHE) { - if (ssl3_send_server_kex_dhe(s, &cbb_params) != 1) + if (!ssl3_send_server_kex_dhe(s, &cbb_params)) goto err; } else if (type & SSL_kECDHE) { - if (ssl3_send_server_kex_ecdhe(s, &cbb_params) != 1) + if (!ssl3_send_server_kex_ecdhe(s, &cbb_params)) goto err; } else { al = SSL_AD_HANDSHAKE_FAILURE; @@ -1554,13 +1464,13 @@ ssl3_send_server_key_exchange(SSL *s) goto err; /* Add signature unless anonymous. */ - if (!(S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL)) { - if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.cipher, + if (!(s->s3->hs.cipher->algorithm_auth & SSL_aNULL)) { + if ((pkey = ssl_get_sign_pkey(s, s->s3->hs.cipher, &md, &sigalg)) == NULL) { al = SSL_AD_DECODE_ERROR; goto fatal_err; } - S3I(s)->hs.our_sigalg = sigalg; + s->s3->hs.our_sigalg = sigalg; /* Send signature algorithm. */ if (SSL_USE_SIGALGS(s)) { @@ -1571,7 +1481,7 @@ ssl3_send_server_key_exchange(SSL *s) } } - if (!EVP_DigestSignInit(&md_ctx, &pctx, md, NULL, pkey)) { + if (!EVP_DigestSignInit(md_ctx, &pctx, md, NULL, pkey)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -1582,21 +1492,21 @@ ssl3_send_server_key_exchange(SSL *s) SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignUpdate(&md_ctx, s->s3->client_random, + if (!EVP_DigestSignUpdate(md_ctx, s->s3->client_random, SSL3_RANDOM_SIZE)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignUpdate(&md_ctx, s->s3->server_random, + if (!EVP_DigestSignUpdate(md_ctx, s->s3->server_random, SSL3_RANDOM_SIZE)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignUpdate(&md_ctx, params, params_len)) { + if (!EVP_DigestSignUpdate(md_ctx, params, params_len)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignFinal(&md_ctx, NULL, &signature_len) || + if (!EVP_DigestSignFinal(md_ctx, NULL, &signature_len) || !signature_len) { SSLerror(s, ERR_R_EVP_LIB); goto err; @@ -1605,7 +1515,7 @@ ssl3_send_server_key_exchange(SSL *s) SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - if (!EVP_DigestSignFinal(&md_ctx, signature, &signature_len)) { + if (!EVP_DigestSignFinal(md_ctx, signature, &signature_len)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -1621,10 +1531,10 @@ ssl3_send_server_key_exchange(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B; + s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_B; } - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); free(params); free(signature); @@ -1635,7 +1545,7 @@ ssl3_send_server_key_exchange(SSL *s) err: CBB_cleanup(&cbb_params); CBB_cleanup(&cbb); - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); free(params); free(signature); @@ -1656,7 +1566,7 @@ ssl3_send_certificate_request(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_CERT_REQ_A) { + if (s->s3->hs.state == SSL3_ST_SW_CERT_REQ_A) { if (!ssl3_handshake_msg_start(s, &cbb, &cert_request, SSL3_MT_CERTIFICATE_REQUEST)) goto err; @@ -1670,8 +1580,8 @@ ssl3_send_certificate_request(SSL *s) if (!CBB_add_u16_length_prefixed(&cert_request, &sigalgs)) goto err; - if (!ssl_sigalgs_build( - S3I(s)->hs.negotiated_tls_version, &sigalgs)) + if (!ssl_sigalgs_build(s->s3->hs.negotiated_tls_version, + &sigalgs, SSL_get_security_level(s))) goto err; } @@ -1697,7 +1607,7 @@ ssl3_send_certificate_request(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_B; + s->s3->hs.state = SSL3_ST_SW_CERT_REQ_B; } /* SSL3_ST_SW_CERT_REQ_B */ @@ -1724,18 +1634,15 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs) arc4random_buf(fakekey, sizeof(fakekey)); - /* XXX - peer max protocol version. */ - fakekey[0] = s->client_version >> 8; - fakekey[1] = s->client_version & 0xff; + fakekey[0] = s->s3->hs.peer_legacy_version >> 8; + fakekey[1] = s->s3->hs.peer_legacy_version & 0xff; pkey = s->cert->pkeys[SSL_PKEY_RSA].privatekey; - if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || - (pkey->pkey.rsa == NULL)) { + if (pkey == NULL || (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_MISSING_RSA_CERTIFICATE); goto fatal_err; } - rsa = pkey->pkey.rsa; pms_len = RSA_size(rsa); if (pms_len < SSL_MAX_MASTER_KEY_LENGTH) @@ -1761,9 +1668,8 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs) /* SSLerror(s, SSL_R_BAD_RSA_DECRYPT); */ } - /* XXX - peer max version. */ - if ((al == -1) && !((pms[0] == (s->client_version >> 8)) && - (pms[1] == (s->client_version & 0xff)))) { + if ((al == -1) && !((pms[0] == (s->s3->hs.peer_legacy_version >> 8)) && + (pms[1] == (s->s3->hs.peer_legacy_version & 0xff)))) { /* * The premaster secret must contain the same version number * as the ClientHello to detect version rollback attacks @@ -1797,7 +1703,7 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs) freezero(pms, pms_len); - return (1); + return 1; decode_err: al = SSL_AD_DECODE_ERROR; @@ -1807,200 +1713,112 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs) err: freezero(pms, pms_len); - return (-1); + return 0; } static int ssl3_get_client_kex_dhe(SSL *s, CBS *cbs) { - int key_size = 0; - int key_is_invalid, key_len, al; - unsigned char *key = NULL; - BIGNUM *bn = NULL; - CBS dh_Yc; - DH *dh; - - if (!CBS_get_u16_length_prefixed(cbs, &dh_Yc)) - goto decode_err; - if (CBS_len(cbs) != 0) - goto decode_err; + uint8_t *key = NULL; + size_t key_len = 0; + int decode_error, invalid_key; + int ret = 0; - if (S3I(s)->tmp.dh == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; + if (s->s3->hs.key_share == NULL) { SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); - goto fatal_err; - } - dh = S3I(s)->tmp.dh; - - if ((bn = BN_bin2bn(CBS_data(&dh_Yc), CBS_len(&dh_Yc), NULL)) == NULL) { - SSLerror(s, SSL_R_BN_LIB); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); goto err; } - if ((key_size = DH_size(dh)) <= 0) { - SSLerror(s, ERR_R_DH_LIB); + if (!tls_key_share_peer_public(s->s3->hs.key_share, cbs, + &decode_error, &invalid_key)) { + if (decode_error) { + SSLerror(s, SSL_R_BAD_PACKET_LENGTH); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + } goto err; } - if ((key = malloc(key_size)) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); + if (invalid_key) { + SSLerror(s, SSL_R_BAD_DH_PUB_KEY_LENGTH); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); goto err; } - if (!DH_check_pub_key(dh, bn, &key_is_invalid)) { - al = SSL_AD_INTERNAL_ERROR; - SSLerror(s, ERR_R_DH_LIB); - goto fatal_err; - } - if (key_is_invalid) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, ERR_R_DH_LIB); - goto fatal_err; - } - if ((key_len = DH_compute_key(key, bn, dh)) <= 0) { - al = SSL_AD_INTERNAL_ERROR; - SSLerror(s, ERR_R_DH_LIB); - goto fatal_err; - } - if (!tls12_derive_master_secret(s, key, key_len)) + if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len)) goto err; - DH_free(S3I(s)->tmp.dh); - S3I(s)->tmp.dh = NULL; - - freezero(key, key_size); - BN_clear_free(bn); + if (!tls12_derive_master_secret(s, key, key_len)) + goto err; - return (1); + ret = 1; - decode_err: - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - fatal_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); err: - freezero(key, key_size); - BN_clear_free(bn); + freezero(key, key_len); - return (-1); + return ret; } static int -ssl3_get_client_kex_ecdhe_ecp(SSL *s, CBS *cbs) +ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs) { uint8_t *key = NULL; size_t key_len = 0; - EC_KEY *ecdh_peer = NULL; - EC_KEY *ecdh; + int decode_error; CBS public; - int ret = -1; + int ret = 0; - /* - * Use the ephemeral values we saved when generating the - * ServerKeyExchange message. - */ - if ((ecdh = S3I(s)->tmp.ecdh) == NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); + if (s->s3->hs.key_share == NULL) { + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); goto err; } - /* - * Get client's public key from encoded point in the ClientKeyExchange - * message. - */ - if (!CBS_get_u8_length_prefixed(cbs, &public)) - goto err; - if (CBS_len(cbs) != 0) + if (!CBS_get_u8_length_prefixed(cbs, &public)) { + SSLerror(s, SSL_R_BAD_PACKET_LENGTH); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); goto err; - - if ((ecdh_peer = EC_KEY_new()) == NULL) + } + if (!tls_key_share_peer_public(s->s3->hs.key_share, &public, + &decode_error, NULL)) { + if (decode_error) { + SSLerror(s, SSL_R_BAD_PACKET_LENGTH); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + } goto err; + } - if (!ssl_kex_peer_public_ecdhe_ecp(ecdh_peer, S3I(s)->tmp.ecdh_nid, - &public)) + if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len)) goto err; - /* Derive the shared secret and compute master secret. */ - if (!ssl_kex_derive_ecdhe_ecp(ecdh, ecdh_peer, &key, &key_len)) - goto err; if (!tls12_derive_master_secret(s, key, key_len)) goto err; - EC_KEY_free(S3I(s)->tmp.ecdh); - S3I(s)->tmp.ecdh = NULL; - S3I(s)->tmp.ecdh_nid = NID_undef; - ret = 1; err: freezero(key, key_len); - EC_KEY_free(ecdh_peer); - - return (ret); -} - -static int -ssl3_get_client_kex_ecdhe_ecx(SSL *s, CBS *cbs) -{ - uint8_t *shared_key = NULL; - CBS ecpoint; - int ret = -1; - - if (!CBS_get_u8_length_prefixed(cbs, &ecpoint)) - goto err; - if (CBS_len(cbs) != 0) - goto err; - if (CBS_len(&ecpoint) != X25519_KEY_LENGTH) - goto err; - - if ((shared_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - if (!X25519(shared_key, S3I(s)->tmp.x25519, CBS_data(&ecpoint))) - goto err; - - freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); - S3I(s)->tmp.x25519 = NULL; - - if (!tls12_derive_master_secret(s, shared_key, X25519_KEY_LENGTH)) - goto err; - - ret = 1; - - err: - freezero(shared_key, X25519_KEY_LENGTH); - - return (ret); -} - -static int -ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs) -{ - if (S3I(s)->tmp.x25519 != NULL) - return ssl3_get_client_kex_ecdhe_ecx(s, cbs); - return ssl3_get_client_kex_ecdhe_ecp(s, cbs); + return ret; } static int ssl3_get_client_kex_gost(SSL *s, CBS *cbs) { - EVP_PKEY_CTX *pkey_ctx; - EVP_PKEY *client_pub_pkey = NULL, *pk = NULL; unsigned char premaster_secret[32]; - unsigned long alg_a; - size_t outlen = 32; + EVP_PKEY_CTX *pkey_ctx = NULL; + EVP_PKEY *client_pubkey; + EVP_PKEY *pkey = NULL; + size_t outlen; CBS gostblob; - int al; - int ret = 0; /* Get our certificate private key*/ - alg_a = S3I(s)->hs.cipher->algorithm_auth; - if (alg_a & SSL_aGOST01) - pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; + if ((s->s3->hs.cipher->algorithm_auth & SSL_aGOST01) != 0) + pkey = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; - if ((pkey_ctx = EVP_PKEY_CTX_new(pk, NULL)) == NULL) + if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) goto err; if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) - goto gerr; + goto err; /* * If client certificate is present and is of the same type, @@ -2009,9 +1827,8 @@ ssl3_get_client_kex_gost(SSL *s, CBS *cbs) * it is completely valid to use a client certificate for * authorization only. */ - if ((client_pub_pkey = X509_get_pubkey(s->session->peer)) != NULL) { - if (EVP_PKEY_derive_set_peer(pkey_ctx, - client_pub_pkey) <= 0) + if ((client_pubkey = X509_get0_pubkey(s->session->peer_cert)) != NULL) { + if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pubkey) <= 0) ERR_clear_error(); } @@ -2020,69 +1837,67 @@ ssl3_get_client_kex_gost(SSL *s, CBS *cbs) goto decode_err; if (CBS_len(cbs) != 0) goto decode_err; + outlen = sizeof(premaster_secret); if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, CBS_data(&gostblob), CBS_len(&gostblob)) <= 0) { SSLerror(s, SSL_R_DECRYPTION_FAILED); - goto gerr; + goto err; } - if (!tls12_derive_master_secret(s, premaster_secret, 32)) + if (!tls12_derive_master_secret(s, premaster_secret, + sizeof(premaster_secret))) goto err; /* Check if pubkey from client certificate was used */ - if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, - EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) - ret = 2; - else - ret = 1; - gerr: - EVP_PKEY_free(client_pub_pkey); + if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, + 2, NULL) > 0) + s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; + + explicit_bzero(premaster_secret, sizeof(premaster_secret)); EVP_PKEY_CTX_free(pkey_ctx); - if (ret) - return (ret); - else - goto err; + + return 1; decode_err: - al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - ssl3_send_alert(s, SSL3_AL_FATAL, al); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); err: - return (-1); + explicit_bzero(premaster_secret, sizeof(premaster_secret)); + EVP_PKEY_CTX_free(pkey_ctx); + + return 0; } int ssl3_get_client_key_exchange(SSL *s) { unsigned long alg_k; - int al, ok; + int al, ret; CBS cbs; - long n; /* 2048 maxlen is a guess. How long a key does that permit? */ - n = ssl3_get_message(s, SSL3_ST_SR_KEY_EXCH_A, - SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok); - if (!ok) - return ((int)n); + if ((ret = ssl3_get_message(s, SSL3_ST_SR_KEY_EXCH_A, + SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048)) <= 0) + return ret; - if (n < 0) + if (s->internal->init_num < 0) goto err; - CBS_init(&cbs, s->internal->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); - alg_k = S3I(s)->hs.cipher->algorithm_mkey; + alg_k = s->s3->hs.cipher->algorithm_mkey; if (alg_k & SSL_kRSA) { - if (ssl3_get_client_kex_rsa(s, &cbs) != 1) + if (!ssl3_get_client_kex_rsa(s, &cbs)) goto err; } else if (alg_k & SSL_kDHE) { - if (ssl3_get_client_kex_dhe(s, &cbs) != 1) + if (!ssl3_get_client_kex_dhe(s, &cbs)) goto err; } else if (alg_k & SSL_kECDHE) { - if (ssl3_get_client_kex_ecdhe(s, &cbs) != 1) + if (!ssl3_get_client_kex_ecdhe(s, &cbs)) goto err; } else if (alg_k & SSL_kGOST) { - if (ssl3_get_client_kex_gost(s, &cbs) != 1) + if (!ssl3_get_client_kex_gost(s, &cbs)) goto err; } else { al = SSL_AD_HANDSHAKE_FAILURE; @@ -2110,37 +1925,36 @@ ssl3_get_cert_verify(SSL *s) CBS cbs, signature; const struct ssl_sigalg *sigalg = NULL; uint16_t sigalg_value = SIGALG_NONE; - EVP_PKEY *pkey = NULL; - X509 *peer = NULL; - EVP_MD_CTX mctx; - int al, ok, verify; + EVP_PKEY *pkey; + X509 *peer_cert = NULL; + EVP_MD_CTX *mctx = NULL; + int al, verify; const unsigned char *hdata; size_t hdatalen; int type = 0; - int ret = 0; - long n; + int ret; - EVP_MD_CTX_init(&mctx); + if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_VRFY_A, + SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH)) <= 0) + return ret; - n = ssl3_get_message(s, SSL3_ST_SR_CERT_VRFY_A, - SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok); - if (!ok) - return ((int)n); + ret = 0; - if (n < 0) + if (s->internal->init_num < 0) goto err; - CBS_init(&cbs, s->internal->init_msg, n); + if ((mctx = EVP_MD_CTX_new()) == NULL) + goto err; - if (s->session->peer != NULL) { - peer = s->session->peer; - pkey = X509_get_pubkey(peer); - type = X509_certificate_type(peer, pkey); - } + CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); + + peer_cert = s->session->peer_cert; + pkey = X509_get0_pubkey(peer_cert); + type = X509_certificate_type(peer_cert, pkey); - if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) { - S3I(s)->hs.tls12.reuse_message = 1; - if (peer != NULL) { + if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) { + s->s3->hs.tls12.reuse_message = 1; + if (peer_cert != NULL) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE); goto fatal_err; @@ -2149,7 +1963,7 @@ ssl3_get_cert_verify(SSL *s) goto end; } - if (peer == NULL) { + if (peer_cert == NULL) { SSLerror(s, SSL_R_NO_CLIENT_CERT_RECEIVED); al = SSL_AD_UNEXPECTED_MESSAGE; goto fatal_err; @@ -2161,7 +1975,7 @@ ssl3_get_cert_verify(SSL *s) goto fatal_err; } - if (S3I(s)->change_cipher_spec) { + if (s->s3->change_cipher_spec) { SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); al = SSL_AD_UNEXPECTED_MESSAGE; goto fatal_err; @@ -2190,7 +2004,7 @@ ssl3_get_cert_verify(SSL *s) al = SSL_AD_DECODE_ERROR; goto fatal_err; } - S3I(s)->hs.peer_sigalg = sigalg; + s->s3->hs.peer_sigalg = sigalg; if (SSL_USE_SIGALGS(s)) { EVP_PKEY_CTX *pctx; @@ -2200,7 +2014,7 @@ ssl3_get_cert_verify(SSL *s) al = SSL_AD_INTERNAL_ERROR; goto fatal_err; } - if (!EVP_DigestVerifyInit(&mctx, &pctx, sigalg->md(), + if (!EVP_DigestVerifyInit(mctx, &pctx, sigalg->md(), NULL, pkey)) { SSLerror(s, ERR_R_EVP_LIB); al = SSL_AD_INTERNAL_ERROR; @@ -2220,21 +2034,28 @@ ssl3_get_cert_verify(SSL *s) al = SSL_AD_INTERNAL_ERROR; goto fatal_err; } - if (!EVP_DigestVerifyUpdate(&mctx, hdata, hdatalen)) { + if (!EVP_DigestVerifyUpdate(mctx, hdata, hdatalen)) { SSLerror(s, ERR_R_EVP_LIB); al = SSL_AD_INTERNAL_ERROR; goto fatal_err; } - if (EVP_DigestVerifyFinal(&mctx, CBS_data(&signature), + if (EVP_DigestVerifyFinal(mctx, CBS_data(&signature), CBS_len(&signature)) <= 0) { al = SSL_AD_DECRYPT_ERROR; SSLerror(s, SSL_R_BAD_SIGNATURE); goto fatal_err; } - } else if (pkey->type == EVP_PKEY_RSA) { - verify = RSA_verify(NID_md5_sha1, S3I(s)->hs.tls12.cert_verify, + } else if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) { + RSA *rsa; + + if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerror(s, ERR_R_EVP_LIB); + goto fatal_err; + } + verify = RSA_verify(NID_md5_sha1, s->s3->hs.tls12.cert_verify, MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, CBS_data(&signature), - CBS_len(&signature), pkey->pkey.rsa); + CBS_len(&signature), rsa); if (verify < 0) { al = SSL_AD_DECRYPT_ERROR; SSLerror(s, SSL_R_BAD_RSA_DECRYPT); @@ -2245,19 +2066,26 @@ ssl3_get_cert_verify(SSL *s) SSLerror(s, SSL_R_BAD_RSA_SIGNATURE); goto fatal_err; } - } else if (pkey->type == EVP_PKEY_EC) { - verify = ECDSA_verify(pkey->save_type, - &(S3I(s)->hs.tls12.cert_verify[MD5_DIGEST_LENGTH]), + } else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { + EC_KEY *eckey; + + if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerror(s, ERR_R_EVP_LIB); + goto fatal_err; + } + verify = ECDSA_verify(0, + &(s->s3->hs.tls12.cert_verify[MD5_DIGEST_LENGTH]), SHA_DIGEST_LENGTH, CBS_data(&signature), - CBS_len(&signature), pkey->pkey.ec); + CBS_len(&signature), eckey); if (verify <= 0) { al = SSL_AD_DECRYPT_ERROR; SSLerror(s, SSL_R_BAD_ECDSA_SIGNATURE); goto fatal_err; } #ifndef OPENSSL_NO_GOST - } else if (pkey->type == NID_id_GostR3410_94 || - pkey->type == NID_id_GostR3410_2001) { + } else if (EVP_PKEY_id(pkey) == NID_id_GostR3410_94 || + EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) { unsigned char sigbuf[128]; unsigned int siglen = sizeof(sigbuf); EVP_PKEY_CTX *pctx; @@ -2280,9 +2108,9 @@ ssl3_get_cert_verify(SSL *s) al = SSL_AD_INTERNAL_ERROR; goto fatal_err; } - if (!EVP_DigestInit_ex(&mctx, md, NULL) || - !EVP_DigestUpdate(&mctx, hdata, hdatalen) || - !EVP_DigestFinal(&mctx, sigbuf, &siglen) || + if (!EVP_DigestInit_ex(mctx, md, NULL) || + !EVP_DigestUpdate(mctx, hdata, hdatalen) || + !EVP_DigestFinal(mctx, sigbuf, &siglen) || (EVP_PKEY_verify_init(pctx) <= 0) || (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) || (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY, @@ -2320,99 +2148,69 @@ ssl3_get_cert_verify(SSL *s) end: tls1_transcript_free(s); err: - EVP_MD_CTX_cleanup(&mctx); - EVP_PKEY_free(pkey); + EVP_MD_CTX_free(mctx); + return (ret); } int ssl3_get_client_certificate(SSL *s) { - CBS cbs, client_certs; - int i, ok, al, ret = -1; - X509 *x = NULL; - long n; - const unsigned char *q; - STACK_OF(X509) *sk = NULL; - - n = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, - -1, s->internal->max_cert_list, &ok); - if (!ok) - return ((int)n); - - if (S3I(s)->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { + CBS cbs, cert_list, cert_data; + STACK_OF(X509) *certs = NULL; + X509 *cert = NULL; + const uint8_t *p; + int al, ret; + + if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, + -1, s->internal->max_cert_list)) <= 0) + return ret; + + ret = -1; + + if (s->s3->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { if ((s->verify_mode & SSL_VERIFY_PEER) && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); al = SSL_AD_HANDSHAKE_FAILURE; goto fatal_err; } + /* - * If tls asked for a client cert, - * the client must return a 0 list. + * If we asked for a client certificate and the client has none, + * it must respond with a certificate list of length zero. */ - if (S3I(s)->hs.tls12.cert_request) { - SSLerror(s, SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST - ); + if (s->s3->hs.tls12.cert_request != 0) { + SSLerror(s, SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST); al = SSL_AD_UNEXPECTED_MESSAGE; goto fatal_err; } - S3I(s)->hs.tls12.reuse_message = 1; + s->s3->hs.tls12.reuse_message = 1; return (1); } - if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) { + if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE); goto fatal_err; } - if (n < 0) + if (s->internal->init_num < 0) goto decode_err; - CBS_init(&cbs, s->internal->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); - if ((sk = sk_X509_new_null()) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!CBS_get_u24_length_prefixed(&cbs, &client_certs) || - CBS_len(&cbs) != 0) + if (!CBS_get_u24_length_prefixed(&cbs, &cert_list)) + goto decode_err; + if (CBS_len(&cbs) != 0) goto decode_err; - while (CBS_len(&client_certs) > 0) { - CBS cert; - - if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH); - goto fatal_err; - } - - q = CBS_data(&cert); - x = d2i_X509(NULL, &q, CBS_len(&cert)); - if (x == NULL) { - SSLerror(s, ERR_R_ASN1_LIB); - goto err; - } - if (q != CBS_data(&cert) + CBS_len(&cert)) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH); - goto fatal_err; - } - if (!sk_X509_push(sk, x)) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - x = NULL; - } - - if (sk_X509_num(sk) <= 0) { - /* - * TLS does not mind 0 certs returned. - * Fail for TLS only if we required a certificate. - */ + /* + * A TLS client must send an empty certificate list, if no suitable + * certificate is available (rather than omitting the Certificate + * handshake message) - see RFC 5246 section 7.4.6. + */ + if (CBS_len(&cert_list) == 0) { if ((s->verify_mode & SSL_VERIFY_PEER) && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); @@ -2421,40 +2219,43 @@ ssl3_get_client_certificate(SSL *s) } /* No client certificate so free transcript. */ tls1_transcript_free(s); - } else { - i = ssl_verify_cert_chain(s, sk); - if (i <= 0) { - al = ssl_verify_alarm_type(s->verify_result); - SSLerror(s, SSL_R_NO_CERTIFICATE_RETURNED); - goto fatal_err; - } + goto done; } - X509_free(s->session->peer); - s->session->peer = sk_X509_shift(sk); - s->session->verify_result = s->verify_result; + if ((certs = sk_X509_new_null()) == NULL) { + SSLerror(s, ERR_R_MALLOC_FAILURE); + goto err; + } - /* - * With the current implementation, sess_cert will always be NULL - * when we arrive here - */ - if (SSI(s)->sess_cert == NULL) { - SSI(s)->sess_cert = ssl_sess_cert_new(); - if (SSI(s)->sess_cert == NULL) { + while (CBS_len(&cert_list) > 0) { + if (!CBS_get_u24_length_prefixed(&cert_list, &cert_data)) + goto decode_err; + p = CBS_data(&cert_data); + if ((cert = d2i_X509(NULL, &p, CBS_len(&cert_data))) == NULL) { + SSLerror(s, ERR_R_ASN1_LIB); + goto err; + } + if (p != CBS_data(&cert_data) + CBS_len(&cert_data)) + goto decode_err; + if (!sk_X509_push(certs, cert)) { SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } + cert = NULL; } - sk_X509_pop_free(SSI(s)->sess_cert->cert_chain, X509_free); - SSI(s)->sess_cert->cert_chain = sk; - /* - * Inconsistency alert: cert_chain does *not* include the - * peer's own certificate, while we do include it in s3_clnt.c - */ + if (ssl_verify_cert_chain(s, certs) <= 0) { + al = ssl_verify_alarm_type(s->verify_result); + SSLerror(s, SSL_R_NO_CERTIFICATE_RETURNED); + goto fatal_err; + } + s->session->verify_result = s->verify_result; + ERR_clear_error(); - sk = NULL; + if (!tls_process_peer_certs(s, certs)) + goto err; + done: ret = 1; if (0) { decode_err: @@ -2464,8 +2265,8 @@ ssl3_get_client_certificate(SSL *s) ssl3_send_alert(s, SSL3_AL_FATAL, al); } err: - X509_free(x); - sk_X509_pop_free(sk, X509_free); + sk_X509_pop_free(certs, X509_free); + X509_free(cert); return (ret); } @@ -2474,7 +2275,7 @@ int ssl3_send_server_certificate(SSL *s) { CBB cbb, server_cert; - CERT_PKEY *cpk; + SSL_CERT_PKEY *cpk; /* * Server Certificate - RFC 5246, section 7.4.2. @@ -2482,7 +2283,7 @@ ssl3_send_server_certificate(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_CERT_A) { + if (s->s3->hs.state == SSL3_ST_SW_CERT_A) { if ((cpk = ssl_get_server_send_pkey(s)) == NULL) { SSLerror(s, ERR_R_INTERNAL_ERROR); return (0); @@ -2496,7 +2297,7 @@ ssl3_send_server_certificate(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_CERT_B; + s->s3->hs.state = SSL3_ST_SW_CERT_B; } /* SSL3_ST_SW_CERT_B */ @@ -2521,20 +2322,22 @@ ssl3_send_newsession_ticket(SSL *s) unsigned char key_name[16]; unsigned char *hmac; unsigned int hlen; - EVP_CIPHER_CTX ctx; - HMAC_CTX hctx; + EVP_CIPHER_CTX *ctx = NULL; + HMAC_CTX *hctx = NULL; int len; /* * New Session Ticket - RFC 5077, section 3.3. */ - EVP_CIPHER_CTX_init(&ctx); - HMAC_CTX_init(&hctx); - memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_SESSION_TICKET_A) { + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) + goto err; + if ((hctx = HMAC_CTX_new()) == NULL) + goto err; + + if (s->s3->hs.state == SSL3_ST_SW_SESSION_TICKET_A) { if (!ssl3_handshake_msg_start(s, &cbb, &session_ticket, SSL3_MT_NEWSESSION_TICKET)) goto err; @@ -2551,15 +2354,13 @@ ssl3_send_newsession_ticket(SSL *s) */ if (tctx->internal->tlsext_ticket_key_cb != NULL) { if (tctx->internal->tlsext_ticket_key_cb(s, - key_name, iv, &ctx, &hctx, 1) < 0) { - EVP_CIPHER_CTX_cleanup(&ctx); + key_name, iv, ctx, hctx, 1) < 0) goto err; - } } else { arc4random_buf(iv, 16); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, + EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, tctx->internal->tlsext_tick_aes_key, iv); - HMAC_Init_ex(&hctx, tctx->internal->tlsext_tick_hmac_key, + HMAC_Init_ex(hctx, tctx->internal->tlsext_tick_hmac_key, 16, EVP_sha256(), NULL); memcpy(key_name, tctx->internal->tlsext_tick_key_name, 16); } @@ -2569,11 +2370,11 @@ ssl3_send_newsession_ticket(SSL *s) if ((enc_session = calloc(1, enc_session_max_len)) == NULL) goto err; enc_session_len = 0; - if (!EVP_EncryptUpdate(&ctx, enc_session, &len, session, + if (!EVP_EncryptUpdate(ctx, enc_session, &len, session, session_len)) goto err; enc_session_len += len; - if (!EVP_EncryptFinal_ex(&ctx, enc_session + enc_session_len, + if (!EVP_EncryptFinal_ex(ctx, enc_session + enc_session_len, &len)) goto err; enc_session_len += len; @@ -2582,14 +2383,14 @@ ssl3_send_newsession_ticket(SSL *s) goto err; /* Generate the HMAC. */ - if (!HMAC_Update(&hctx, key_name, sizeof(key_name))) + if (!HMAC_Update(hctx, key_name, sizeof(key_name))) goto err; - if (!HMAC_Update(&hctx, iv, EVP_CIPHER_CTX_iv_length(&ctx))) + if (!HMAC_Update(hctx, iv, EVP_CIPHER_CTX_iv_length(ctx))) goto err; - if (!HMAC_Update(&hctx, enc_session, enc_session_len)) + if (!HMAC_Update(hctx, enc_session, enc_session_len)) goto err; - if ((hmac_len = HMAC_size(&hctx)) <= 0) + if ((hmac_len = HMAC_size(hctx)) <= 0) goto err; /* @@ -2606,14 +2407,14 @@ ssl3_send_newsession_ticket(SSL *s) goto err; if (!CBB_add_bytes(&ticket, key_name, sizeof(key_name))) goto err; - if (!CBB_add_bytes(&ticket, iv, EVP_CIPHER_CTX_iv_length(&ctx))) + if (!CBB_add_bytes(&ticket, iv, EVP_CIPHER_CTX_iv_length(ctx))) goto err; if (!CBB_add_bytes(&ticket, enc_session, enc_session_len)) goto err; if (!CBB_add_space(&ticket, &hmac, hmac_len)) goto err; - if (!HMAC_Final(&hctx, hmac, &hlen)) + if (!HMAC_Final(hctx, hmac, &hlen)) goto err; if (hlen != hmac_len) goto err; @@ -2621,11 +2422,11 @@ ssl3_send_newsession_ticket(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_B; + s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_B; } - EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_CTX_cleanup(&hctx); + EVP_CIPHER_CTX_free(ctx); + HMAC_CTX_free(hctx); freezero(session, session_len); free(enc_session); @@ -2634,8 +2435,8 @@ ssl3_send_newsession_ticket(SSL *s) err: CBB_cleanup(&cbb); - EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_CTX_cleanup(&hctx); + EVP_CIPHER_CTX_free(ctx); + HMAC_CTX_free(hctx); freezero(session, session_len); free(enc_session); @@ -2649,7 +2450,7 @@ ssl3_send_cert_status(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_CERT_STATUS_A) { + if (s->s3->hs.state == SSL3_ST_SW_CERT_STATUS_A) { if (!ssl3_handshake_msg_start(s, &cbb, &certstatus, SSL3_MT_CERTIFICATE_STATUS)) goto err; @@ -2663,7 +2464,7 @@ ssl3_send_cert_status(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_B; + s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_B; } /* SSL3_ST_SW_CERT_STATUS_B */ diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c index b51538c1..5d35528a 100644 --- a/ssl/ssl_stat.c +++ b/ssl/ssl_stat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_stat.c,v 1.17 2021/06/13 15:51:10 jsing Exp $ */ +/* $OpenBSD: ssl_stat.c,v 1.18 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -91,7 +91,7 @@ SSL_state_string_long(const SSL *s) { const char *str; - switch (S3I(s)->hs.state) { + switch (s->s3->hs.state) { case SSL_ST_BEFORE: str = "before SSL initialization"; break; @@ -347,7 +347,7 @@ SSL_state_string(const SSL *s) { const char *str; - switch (S3I(s)->hs.state) { + switch (s->s3->hs.state) { case SSL_ST_BEFORE: str = "PINIT "; break; diff --git a/ssl/ssl_tlsext.c b/ssl/ssl_tlsext.c index 3ad56496..a4285626 100644 --- a/ssl/ssl_tlsext.c +++ b/ssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.99 2021/09/10 09:25:29 tb Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.129 2022/08/15 10:46:53 tb Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -17,6 +17,11 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include + +#include +#include + #include #include @@ -31,15 +36,15 @@ * Supported Application-Layer Protocol Negotiation - RFC 7301 */ -int +static int tlsext_alpn_client_needs(SSL *s, uint16_t msg_type) { /* ALPN protos have been specified and this is the initial handshake */ return s->internal->alpn_client_proto_list != NULL && - S3I(s)->hs.finished_len == 0; + s->s3->hs.finished_len == 0; } -int +static int tlsext_alpn_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB protolist; @@ -58,30 +63,40 @@ tlsext_alpn_client_build(SSL *s, uint16_t msg_type, CBB *cbb) } int -tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert) +tlsext_alpn_check_format(CBS *cbs) { - CBS proto_name_list, alpn; - const unsigned char *selected; - unsigned char selected_len; - int r; + CBS proto_name_list; - if (!CBS_get_u16_length_prefixed(cbs, &alpn)) - goto err; - if (CBS_len(&alpn) < 2) - goto err; - if (CBS_len(cbs) != 0) - goto err; + if (CBS_len(cbs) == 0) + return 0; - CBS_dup(&alpn, &proto_name_list); + CBS_dup(cbs, &proto_name_list); while (CBS_len(&proto_name_list) > 0) { CBS proto_name; if (!CBS_get_u8_length_prefixed(&proto_name_list, &proto_name)) - goto err; + return 0; if (CBS_len(&proto_name) == 0) - goto err; + return 0; } + return 1; +} + +static int +tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert) +{ + CBS alpn, selected_cbs; + const unsigned char *selected; + unsigned char selected_len; + int r; + + if (!CBS_get_u16_length_prefixed(cbs, &alpn)) + return 0; + + if (!tlsext_alpn_check_format(&alpn)) + return 0; + if (s->ctx->internal->alpn_select_cb == NULL) return 1; @@ -96,14 +111,13 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert) s->ctx->internal->alpn_select_cb_arg); if (r == SSL_TLSEXT_ERR_OK) { - free(S3I(s)->alpn_selected); - if ((S3I(s)->alpn_selected = malloc(selected_len)) == NULL) { - S3I(s)->alpn_selected_len = 0; + CBS_init(&selected_cbs, selected, selected_len); + + if (!CBS_stow(&selected_cbs, &s->s3->alpn_selected, + &s->s3->alpn_selected_len)) { *alert = SSL_AD_INTERNAL_ERROR; return 0; } - memcpy(S3I(s)->alpn_selected, selected, selected_len); - S3I(s)->alpn_selected_len = selected_len; return 1; } @@ -116,19 +130,15 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert) SSLerror(s, SSL_R_NO_APPLICATION_PROTOCOL); return 0; - - err: - *alert = SSL_AD_DECODE_ERROR; - return 0; } -int +static int tlsext_alpn_server_needs(SSL *s, uint16_t msg_type) { - return S3I(s)->alpn_selected != NULL; + return s->s3->alpn_selected != NULL; } -int +static int tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB list, selected; @@ -139,8 +149,8 @@ tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb) if (!CBB_add_u8_length_prefixed(&list, &selected)) return 0; - if (!CBB_add_bytes(&selected, S3I(s)->alpn_selected, - S3I(s)->alpn_selected_len)) + if (!CBB_add_bytes(&selected, s->s3->alpn_selected, + s->s3->alpn_selected_len)) return 0; if (!CBB_flush(cbb)) @@ -149,7 +159,7 @@ tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS list, proto; @@ -160,40 +170,33 @@ tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) } if (!CBS_get_u16_length_prefixed(cbs, &list)) - goto err; - if (CBS_len(cbs) != 0) - goto err; + return 0; if (!CBS_get_u8_length_prefixed(&list, &proto)) - goto err; + return 0; if (CBS_len(&list) != 0) - goto err; + return 0; if (CBS_len(&proto) == 0) - goto err; + return 0; - if (!CBS_stow(&proto, &(S3I(s)->alpn_selected), - &(S3I(s)->alpn_selected_len))) - goto err; + if (!CBS_stow(&proto, &s->s3->alpn_selected, &s->s3->alpn_selected_len)) + return 0; return 1; - - err: - *alert = SSL_AD_DECODE_ERROR; - return 0; } /* * Supported Groups - RFC 7919 section 2 */ -int +static int tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type) { return ssl_has_ecc_ciphers(s) || - (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION); + (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); } -int +static int tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { const uint16_t *groups; @@ -211,6 +214,8 @@ tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 0; for (i = 0; i < groups_len; i++) { + if (!ssl_security_supported_group(s, groups[i])) + continue; if (!CBB_add_u16(&grouplist, groups[i])) return 0; } @@ -221,100 +226,80 @@ tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS grouplist; + uint16_t *groups; size_t groups_len; + int i; if (!CBS_get_u16_length_prefixed(cbs, &grouplist)) - goto err; - if (CBS_len(cbs) != 0) - goto err; + return 0; groups_len = CBS_len(&grouplist); if (groups_len == 0 || groups_len % 2 != 0) - goto err; + return 0; groups_len /= 2; - if (!s->internal->hit) { - uint16_t *groups; - int i; - - if (S3I(s)->hs.tls13.hrr) { - if (SSI(s)->tlsext_supportedgroups == NULL) { - *alert = SSL_AD_HANDSHAKE_FAILURE; - return 0; - } - /* - * In the case of TLSv1.3 the client cannot change - * the supported groups. - */ - if (groups_len != SSI(s)->tlsext_supportedgroups_length) { - *alert = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - for (i = 0; i < groups_len; i++) { - uint16_t group; - - if (!CBS_get_u16(&grouplist, &group)) - goto err; - if (SSI(s)->tlsext_supportedgroups[i] != group) { - *alert = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - } + if (s->internal->hit) + return 1; - return 1; + if (s->s3->hs.tls13.hrr) { + if (s->session->tlsext_supportedgroups == NULL) { + *alert = SSL_AD_HANDSHAKE_FAILURE; + return 0; } - if (SSI(s)->tlsext_supportedgroups != NULL) - goto err; + /* + * The ClientHello extension hashing ensures that the client + * did not change its list of supported groups. + */ - if ((groups = reallocarray(NULL, groups_len, - sizeof(uint16_t))) == NULL) { - *alert = SSL_AD_INTERNAL_ERROR; - return 0; - } + return 1; + } - for (i = 0; i < groups_len; i++) { - if (!CBS_get_u16(&grouplist, &groups[i])) { - free(groups); - goto err; - } - } + if (s->session->tlsext_supportedgroups != NULL) + return 0; /* XXX internal error? */ - if (CBS_len(&grouplist) != 0) { + if ((groups = reallocarray(NULL, groups_len, sizeof(uint16_t))) == NULL) { + *alert = SSL_AD_INTERNAL_ERROR; + return 0; + } + + for (i = 0; i < groups_len; i++) { + if (!CBS_get_u16(&grouplist, &groups[i])) { free(groups); - goto err; + return 0; } + } - SSI(s)->tlsext_supportedgroups = groups; - SSI(s)->tlsext_supportedgroups_length = groups_len; + if (CBS_len(&grouplist) != 0) { + free(groups); + return 0; } - return 1; + s->session->tlsext_supportedgroups = groups; + s->session->tlsext_supportedgroups_length = groups_len; - err: - *alert = SSL_AD_DECODE_ERROR; - return 0; + return 1; } /* This extension is never used by the server. */ -int +static int tlsext_supportedgroups_server_needs(SSL *s, uint16_t msg_type) { return 0; } -int +static int tlsext_supportedgroups_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { return 0; } -int +static int tlsext_supportedgroups_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { @@ -372,8 +357,6 @@ tlsext_ecpf_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 0; if (CBS_len(&ecpf) == 0) return 0; - if (CBS_len(cbs) != 0) - return 0; /* Must contain uncompressed (0) - RFC 8422, section 5.1.2. */ if (!CBS_contains_zero_byte(&ecpf)) { @@ -383,8 +366,8 @@ tlsext_ecpf_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) } if (!s->internal->hit) { - if (!CBS_stow(&ecpf, &(SSI(s)->tlsext_ecpointformatlist), - &(SSI(s)->tlsext_ecpointformatlist_length))) { + if (!CBS_stow(&ecpf, &(s->session->tlsext_ecpointformatlist), + &(s->session->tlsext_ecpointformatlist_length))) { *alert = SSL_AD_INTERNAL_ERROR; return 0; } @@ -393,37 +376,37 @@ tlsext_ecpf_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 1; } -int +static int tlsext_ecpf_client_needs(SSL *s, uint16_t msg_type) { return ssl_has_ecc_ciphers(s); } -int +static int tlsext_ecpf_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { return tlsext_ecpf_build(s, msg_type, cbb); } -int +static int tlsext_ecpf_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { return tlsext_ecpf_parse(s, msg_type, cbs, alert); } -int +static int tlsext_ecpf_server_needs(SSL *s, uint16_t msg_type) { return ssl_using_ecc_cipher(s); } -int +static int tlsext_ecpf_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { return tlsext_ecpf_build(s, msg_type, cbb); } -int +static int tlsext_ecpf_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { return tlsext_ecpf_parse(s, msg_type, cbs, alert); @@ -432,21 +415,21 @@ tlsext_ecpf_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) /* * Renegotiation Indication - RFC 5746. */ -int +static int tlsext_ri_client_needs(SSL *s, uint16_t msg_type) { return (s->internal->renegotiate); } -int +static int tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB reneg; if (!CBB_add_u8_length_prefixed(cbb, &reneg)) return 0; - if (!CBB_add_bytes(&reneg, S3I(s)->previous_client_finished, - S3I(s)->previous_client_finished_len)) + if (!CBB_add_bytes(&reneg, s->s3->previous_client_finished, + s->s3->previous_client_finished_len)) return 0; if (!CBB_flush(cbb)) return 0; @@ -454,53 +437,48 @@ tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS reneg; - if (!CBS_get_u8_length_prefixed(cbs, &reneg)) - goto err; - if (CBS_len(cbs) != 0) - goto err; + if (!CBS_get_u8_length_prefixed(cbs, &reneg)) { + SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); + return 0; + } - if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished, - S3I(s)->previous_client_finished_len)) { + if (!CBS_mem_equal(&reneg, s->s3->previous_client_finished, + s->s3->previous_client_finished_len)) { SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); *alert = SSL_AD_HANDSHAKE_FAILURE; return 0; } - S3I(s)->renegotiate_seen = 1; - S3I(s)->send_connection_binding = 1; + s->s3->renegotiate_seen = 1; + s->s3->send_connection_binding = 1; return 1; - - err: - SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); - *alert = SSL_AD_DECODE_ERROR; - return 0; } -int +static int tlsext_ri_server_needs(SSL *s, uint16_t msg_type) { - return (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION && - S3I(s)->send_connection_binding); + return (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION && + s->s3->send_connection_binding); } -int +static int tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB reneg; if (!CBB_add_u8_length_prefixed(cbb, &reneg)) return 0; - if (!CBB_add_bytes(&reneg, S3I(s)->previous_client_finished, - S3I(s)->previous_client_finished_len)) + if (!CBB_add_bytes(&reneg, s->s3->previous_client_finished, + s->s3->previous_client_finished_len)) return 0; - if (!CBB_add_bytes(&reneg, S3I(s)->previous_server_finished, - S3I(s)->previous_server_finished_len)) + if (!CBB_add_bytes(&reneg, s->s3->previous_server_finished, + s->s3->previous_server_finished_len)) return 0; if (!CBB_flush(cbb)) return 0; @@ -508,7 +486,7 @@ tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS reneg, prev_client, prev_server; @@ -517,72 +495,73 @@ tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) * Ensure that the previous client and server values are both not * present, or that they are both present. */ - if ((S3I(s)->previous_client_finished_len == 0 && - S3I(s)->previous_server_finished_len != 0) || - (S3I(s)->previous_client_finished_len != 0 && - S3I(s)->previous_server_finished_len == 0)) { + if ((s->s3->previous_client_finished_len == 0 && + s->s3->previous_server_finished_len != 0) || + (s->s3->previous_client_finished_len != 0 && + s->s3->previous_server_finished_len == 0)) { *alert = SSL_AD_INTERNAL_ERROR; return 0; } - if (!CBS_get_u8_length_prefixed(cbs, &reneg)) - goto err; + if (!CBS_get_u8_length_prefixed(cbs, &reneg)) { + SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); + return 0; + } if (!CBS_get_bytes(&reneg, &prev_client, - S3I(s)->previous_client_finished_len)) - goto err; + s->s3->previous_client_finished_len)) { + SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); + return 0; + } if (!CBS_get_bytes(&reneg, &prev_server, - S3I(s)->previous_server_finished_len)) - goto err; - if (CBS_len(&reneg) != 0) - goto err; - if (CBS_len(cbs) != 0) - goto err; + s->s3->previous_server_finished_len)) { + SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); + return 0; + } + if (CBS_len(&reneg) != 0) { + SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); + return 0; + } - if (!CBS_mem_equal(&prev_client, S3I(s)->previous_client_finished, - S3I(s)->previous_client_finished_len)) { + if (!CBS_mem_equal(&prev_client, s->s3->previous_client_finished, + s->s3->previous_client_finished_len)) { SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); *alert = SSL_AD_HANDSHAKE_FAILURE; return 0; } - if (!CBS_mem_equal(&prev_server, S3I(s)->previous_server_finished, - S3I(s)->previous_server_finished_len)) { + if (!CBS_mem_equal(&prev_server, s->s3->previous_server_finished, + s->s3->previous_server_finished_len)) { SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); *alert = SSL_AD_HANDSHAKE_FAILURE; return 0; } - S3I(s)->renegotiate_seen = 1; - S3I(s)->send_connection_binding = 1; + s->s3->renegotiate_seen = 1; + s->s3->send_connection_binding = 1; return 1; - - err: - SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR); - *alert = SSL_AD_DECODE_ERROR; - return 0; } /* * Signature Algorithms - RFC 5246 section 7.4.1.4.1. */ -int +static int tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type) { - return (S3I(s)->hs.our_max_tls_version >= TLS1_2_VERSION); + return (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION); } -int +static int tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { - uint16_t tls_version = S3I(s)->hs.negotiated_tls_version; + uint16_t tls_version = s->s3->hs.negotiated_tls_version; CBB sigalgs; if (msg_type == SSL_TLSEXT_MSG_CH) - tls_version = S3I(s)->hs.our_min_tls_version; + tls_version = s->s3->hs.our_min_tls_version; if (!CBB_add_u16_length_prefixed(cbb, &sigalgs)) return 0; - if (!ssl_sigalgs_build(tls_version, &sigalgs)) + if (!ssl_sigalgs_build(tls_version, &sigalgs, SSL_get_security_level(s))) return 0; if (!CBB_flush(cbb)) return 0; @@ -590,7 +569,7 @@ tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS sigalgs; @@ -599,26 +578,27 @@ tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 0; if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64) return 0; - if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, &S3I(s)->hs.sigalgs_len)) + if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, &s->s3->hs.sigalgs_len)) return 0; return 1; } -int +static int tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type) { - return (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION); + return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION); } -int +static int tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB sigalgs; if (!CBB_add_u16_length_prefixed(cbb, &sigalgs)) return 0; - if (!ssl_sigalgs_build(S3I(s)->hs.negotiated_tls_version, &sigalgs)) + if (!ssl_sigalgs_build(s->s3->hs.negotiated_tls_version, &sigalgs, + SSL_get_security_level(s))) return 0; if (!CBB_flush(cbb)) return 0; @@ -626,7 +606,7 @@ tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS sigalgs; @@ -638,7 +618,7 @@ tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 0; if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64) return 0; - if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, &S3I(s)->hs.sigalgs_len)) + if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, &s->s3->hs.sigalgs_len)) return 0; return 1; @@ -647,13 +627,13 @@ tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) /* * Server Name Indication - RFC 6066, section 3. */ -int +static int tlsext_sni_client_needs(SSL *s, uint16_t msg_type) { return (s->tlsext_hostname != NULL); } -int +static int tlsext_sni_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB server_name_list, host_name; @@ -673,6 +653,29 @@ tlsext_sni_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } +static int +tlsext_sni_is_ip_literal(CBS *cbs, int *is_ip) +{ + union { + struct in_addr ip4; + struct in6_addr ip6; + } addrbuf; + char *hostname = NULL; + + *is_ip = 0; + + if (!CBS_strdup(cbs, &hostname)) + return 0; + + if (inet_pton(AF_INET, hostname, &addrbuf) == 1 || + inet_pton(AF_INET6, hostname, &addrbuf) == 1) + *is_ip = 1; + + free(hostname); + + return 1; +} + /* * Validate that the CBS contains only a hostname consisting of RFC 5890 * compliant A-labels (see RFC 6066 section 3). Not a complete check @@ -680,18 +683,26 @@ tlsext_sni_client_build(SSL *s, uint16_t msg_type, CBB *cbb) * correct structure and character set. */ int -tlsext_sni_is_valid_hostname(CBS *cbs) +tlsext_sni_is_valid_hostname(CBS *cbs, int *is_ip) { uint8_t prev, c = 0; int component = 0; CBS hostname; + *is_ip = 0; + CBS_dup(cbs, &hostname); if (CBS_len(&hostname) > TLSEXT_MAXLEN_host_name) return 0; - while(CBS_len(&hostname) > 0) { + /* An IP literal is invalid as a host name (RFC 6066 section 3). */ + if (!tlsext_sni_is_ip_literal(&hostname, is_ip)) + return 0; + if (*is_ip) + return 0; + + while (CBS_len(&hostname) > 0) { prev = c; if (!CBS_get_u8(&hostname, &c)) return 0; @@ -722,17 +733,19 @@ tlsext_sni_is_valid_hostname(CBS *cbs) return 1; } -int +static int tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS server_name_list, host_name; uint8_t name_type; + int is_ip; if (!CBS_get_u16_length_prefixed(cbs, &server_name_list)) goto err; if (!CBS_get_u8(&server_name_list, &name_type)) goto err; + /* * RFC 6066 section 3, only one type (host_name) is specified. * We do not tolerate unknown types, neither does BoringSSL. @@ -743,22 +756,30 @@ tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) goto err; } - - if (!CBS_get_u16_length_prefixed(&server_name_list, &host_name)) - goto err; /* * RFC 6066 section 3 specifies a host name must be at least 1 byte * so 0 length is a decode error. */ + if (!CBS_get_u16_length_prefixed(&server_name_list, &host_name)) + goto err; if (CBS_len(&host_name) < 1) goto err; - if (!tlsext_sni_is_valid_hostname(&host_name)) { + if (!tlsext_sni_is_valid_hostname(&host_name, &is_ip)) { + /* + * Various pieces of software have been known to set the SNI + * host name to an IP address, even though that violates the + * RFC. If this is the case, pretend the SNI extension does + * not exist. + */ + if (is_ip) + goto done; + *alert = SSL_AD_ILLEGAL_PARAMETER; goto err; } - if (s->internal->hit || S3I(s)->hs.tls13.hrr) { + if (s->internal->hit || s->s3->hs.tls13.hrr) { if (s->session->tlsext_hostname == NULL) { *alert = SSL_AD_UNRECOGNIZED_NAME; goto err; @@ -777,6 +798,7 @@ tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) } } + done: /* * RFC 6066 section 3 forbids multiple host names with the same type, * therefore we allow only one entry. @@ -785,8 +807,6 @@ tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) *alert = SSL_AD_ILLEGAL_PARAMETER; goto err; } - if (CBS_len(cbs) != 0) - goto err; return 1; @@ -794,7 +814,7 @@ tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 0; } -int +static int tlsext_sni_server_needs(SSL *s, uint16_t msg_type) { if (s->internal->hit) @@ -803,13 +823,13 @@ tlsext_sni_server_needs(SSL *s, uint16_t msg_type) return (s->session->tlsext_hostname != NULL); } -int +static int tlsext_sni_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { return 1; } -int +static int tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { if (s->tlsext_hostname == NULL || CBS_len(cbs) != 0) { @@ -828,10 +848,8 @@ tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 0; } } else { - if (s->session->tlsext_hostname != NULL) { - *alert = SSL_AD_DECODE_ERROR; + if (s->session->tlsext_hostname != NULL) return 0; - } if ((s->session->tlsext_hostname = strdup(s->tlsext_hostname)) == NULL) { *alert = SSL_AD_INTERNAL_ERROR; @@ -842,12 +860,11 @@ tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 1; } - /* * Certificate Status Request - RFC 6066 section 8. */ -int +static int tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type) { if (msg_type != SSL_TLSEXT_MSG_CH) @@ -856,7 +873,7 @@ tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type) return (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp); } -int +static int tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB respid_list, respid, exts; @@ -900,7 +917,7 @@ tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { int alert_desc = SSL_AD_DECODE_ERROR; @@ -966,10 +983,6 @@ tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) goto err; } - /* should be nothing left */ - if (CBS_len(cbs) > 0) - goto err; - ret = 1; err: if (ret == 0) @@ -977,10 +990,10 @@ tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return ret; } -int +static int tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type) { - if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION && + if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION && s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && s->ctx->internal->tlsext_status_cb != NULL) { s->internal->tlsext_status_expected = 0; @@ -992,12 +1005,12 @@ tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type) return s->internal->tlsext_status_expected; } -int +static int tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB ocsp_response; - if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION) { + if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION) { if (!CBB_add_u8(cbb, TLSEXT_STATUSTYPE_ocsp)) return 0; if (!CBB_add_u24_length_prefixed(cbb, &ocsp_response)) @@ -1012,7 +1025,7 @@ tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { uint8_t status_type; @@ -1065,7 +1078,7 @@ tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) /* * SessionTicket extension - RFC 5077 section 3.2 */ -int +static int tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type) { /* @@ -1076,6 +1089,9 @@ tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type) if ((SSL_get_options(s) & SSL_OP_NO_TICKET) != 0) return 0; + if (!ssl_security_tickets(s)) + return 0; + if (s->internal->new_session) return 1; @@ -1086,7 +1102,7 @@ tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type) return 1; } -int +static int tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { /* @@ -1129,7 +1145,7 @@ tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { @@ -1151,21 +1167,22 @@ tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, return 1; } -int +static int tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type) { return (s->internal->tlsext_ticket_expected && - !(SSL_get_options(s) & SSL_OP_NO_TICKET)); + !(SSL_get_options(s) & SSL_OP_NO_TICKET) && + ssl_security_tickets(s)); } -int +static int tlsext_sessionticket_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { /* Empty ticket */ return 1; } -int +static int tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { @@ -1194,13 +1211,13 @@ tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, #ifndef OPENSSL_NO_SRTP -int +static int tlsext_srtp_client_needs(SSL *s, uint16_t msg_type) { return SSL_is_dtls(s) && SSL_get_srtp_profiles(s) != NULL; } -int +static int tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB profiles, mki; @@ -1237,7 +1254,7 @@ tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { const SRTP_PROTECTION_PROFILE *cprof, *sprof; @@ -1269,11 +1286,8 @@ tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) if (!CBS_get_u8_length_prefixed(cbs, &mki) || CBS_len(&mki) != 0) { SSLerror(s, SSL_R_BAD_SRTP_MKI_VALUE); - *alert = SSL_AD_DECODE_ERROR; goto done; } - if (CBS_len(cbs) != 0) - goto err; /* * Per RFC 5764 section 4.1.1 @@ -1287,8 +1301,7 @@ tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) if ((srvr = SSL_get_srtp_profiles(s)) == NULL) goto err; for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(srvr); i++) { - if ((sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i)) - == NULL) + if ((sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i)) == NULL) goto err; for (j = 0; j < sk_SRTP_PROTECTION_PROFILE_num(clnt); j++) { @@ -1310,20 +1323,19 @@ tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) err: SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - *alert = SSL_AD_DECODE_ERROR; done: sk_SRTP_PROTECTION_PROFILE_free(clnt); return ret; } -int +static int tlsext_srtp_server_needs(SSL *s, uint16_t msg_type) { return SSL_is_dtls(s) && SSL_get_selected_srtp_profile(s) != NULL; } -int +static int tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { SRTP_PROTECTION_PROFILE *profile; @@ -1347,7 +1359,7 @@ tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; @@ -1358,12 +1370,12 @@ tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) if (!CBS_get_u16_length_prefixed(cbs, &profile_ids)) { SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - goto err; + return 0; } if (!CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) { SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - goto err; + return 0; } if (!CBS_get_u8_length_prefixed(cbs, &mki) || CBS_len(&mki) != 0) { @@ -1374,14 +1386,14 @@ tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) if ((clnt = SSL_get_srtp_profiles(s)) == NULL) { SSLerror(s, SSL_R_NO_SRTP_PROFILES); - goto err; + return 0; } for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) { if ((prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i)) == NULL) { SSLerror(s, SSL_R_NO_SRTP_PROFILES); - goto err; + return 0; } if (prof->id == id) { @@ -1391,8 +1403,7 @@ tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) } SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - err: - *alert = SSL_AD_DECODE_ERROR; + return 0; } @@ -1401,22 +1412,26 @@ tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) /* * TLSv1.3 Key Share - RFC 8446 section 4.2.8. */ -int +static int tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type) { - return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION); + return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); } -int +static int tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { - CBB client_shares; + CBB client_shares, key_exchange; if (!CBB_add_u16_length_prefixed(cbb, &client_shares)) return 0; - if (!tls13_key_share_public(S3I(s)->hs.tls13.key_share, - &client_shares)) + if (!CBB_add_u16(&client_shares, + tls_key_share_group(s->s3->hs.key_share))) + return 0; + if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange)) + return 0; + if (!tls_key_share_public(s->s3->hs.key_share, &key_exchange)) return 0; if (!CBB_flush(cbb)) @@ -1425,20 +1440,21 @@ tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS client_shares, key_exchange; + int decode_error; uint16_t group; if (!CBS_get_u16_length_prefixed(cbs, &client_shares)) - goto err; + return 0; while (CBS_len(&client_shares) > 0) { /* Unpack client share. */ if (!CBS_get_u16(&client_shares, &group)) - goto err; + return 0; if (!CBS_get_u16_length_prefixed(&client_shares, &key_exchange)) return 0; @@ -1451,109 +1467,125 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) * Ignore this client share if we're using earlier than TLSv1.3 * or we've already selected a key share. */ - if (S3I(s)->hs.our_max_tls_version < TLS1_3_VERSION) + if (s->s3->hs.our_max_tls_version < TLS1_3_VERSION) continue; - if (S3I(s)->hs.tls13.key_share != NULL) + if (s->s3->hs.key_share != NULL) continue; /* XXX - consider implementing server preference. */ - if (!tls1_check_curve(s, group)) + if (!tls1_check_group(s, group)) continue; /* Decode and store the selected key share. */ - S3I(s)->hs.tls13.key_share = tls13_key_share_new(group); - if (S3I(s)->hs.tls13.key_share == NULL) - goto err; - if (!tls13_key_share_peer_public(S3I(s)->hs.tls13.key_share, - group, &key_exchange)) - goto err; + if ((s->s3->hs.key_share = tls_key_share_new(group)) == NULL) { + *alert = SSL_AD_INTERNAL_ERROR; + return 0; + } + if (!tls_key_share_peer_public(s->s3->hs.key_share, + &key_exchange, &decode_error, NULL)) { + if (!decode_error) + *alert = SSL_AD_INTERNAL_ERROR; + return 0; + } } return 1; - - err: - *alert = SSL_AD_DECODE_ERROR; - return 0; } -int +static int tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type) { - return (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION && + return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION && tlsext_extension_seen(s, TLSEXT_TYPE_key_share)); } -int +static int tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { + CBB key_exchange; + /* In the case of a HRR, we only send the server selected group. */ - if (S3I(s)->hs.tls13.hrr) { - if (S3I(s)->hs.tls13.server_group == 0) + if (s->s3->hs.tls13.hrr) { + if (s->s3->hs.tls13.server_group == 0) return 0; - return CBB_add_u16(cbb, S3I(s)->hs.tls13.server_group); + return CBB_add_u16(cbb, s->s3->hs.tls13.server_group); } - if (S3I(s)->hs.tls13.key_share == NULL) + if (s->s3->hs.key_share == NULL) + return 0; + + if (!CBB_add_u16(cbb, tls_key_share_group(s->s3->hs.key_share))) + return 0; + if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) + return 0; + if (!tls_key_share_public(s->s3->hs.key_share, &key_exchange)) return 0; - if (!tls13_key_share_public(S3I(s)->hs.tls13.key_share, cbb)) + if (!CBB_flush(cbb)) return 0; return 1; } -int +static int tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS key_exchange; + int decode_error; uint16_t group; /* Unpack server share. */ if (!CBS_get_u16(cbs, &group)) - goto err; + return 0; if (CBS_len(cbs) == 0) { - /* HRR does not include an actual key share. */ - /* XXX - we should know that we are in a HRR... */ - S3I(s)->hs.tls13.server_group = group; + /* HRR does not include an actual key share, only the group. */ + if (msg_type != SSL_TLSEXT_MSG_HRR) + return 0; + + s->s3->hs.tls13.server_group = group; return 1; } if (!CBS_get_u16_length_prefixed(cbs, &key_exchange)) return 0; - if (S3I(s)->hs.tls13.key_share == NULL) + if (s->s3->hs.key_share == NULL) { + *alert = SSL_AD_INTERNAL_ERROR; return 0; - - if (!tls13_key_share_peer_public(S3I(s)->hs.tls13.key_share, - group, &key_exchange)) - goto err; + } + if (tls_key_share_group(s->s3->hs.key_share) != group) { + *alert = SSL_AD_INTERNAL_ERROR; + return 0; + } + if (!tls_key_share_peer_public(s->s3->hs.key_share, + &key_exchange, &decode_error, NULL)) { + if (!decode_error) + *alert = SSL_AD_INTERNAL_ERROR; + return 0; + } return 1; - - err: - *alert = SSL_AD_DECODE_ERROR; - return 0; } /* * Supported Versions - RFC 8446 section 4.2.1. */ -int +static int tlsext_versions_client_needs(SSL *s, uint16_t msg_type) { - return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION); + return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); } -int +static int tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { uint16_t max, min; uint16_t version; CBB versions; - max = S3I(s)->hs.our_max_tls_version; - min = S3I(s)->hs.our_min_tls_version; + max = s->s3->hs.our_max_tls_version; + min = s->s3->hs.our_min_tls_version; if (!CBB_add_u8_length_prefixed(cbb, &versions)) return 0; @@ -1570,7 +1602,7 @@ tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS versions; @@ -1578,15 +1610,15 @@ tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) uint16_t max, min; uint16_t matched_version = 0; - max = S3I(s)->hs.our_max_tls_version; - min = S3I(s)->hs.our_min_tls_version; + max = s->s3->hs.our_max_tls_version; + min = s->s3->hs.our_min_tls_version; if (!CBS_get_u8_length_prefixed(cbs, &versions)) - goto err; + return 0; while (CBS_len(&versions) > 0) { if (!CBS_get_u16(&versions, &version)) - goto err; + return 0; /* * XXX What is below implements client preference, and * ignores any server preference entirely. @@ -1603,33 +1635,27 @@ tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) *alert = SSL_AD_PROTOCOL_VERSION; return 0; - - err: - *alert = SSL_AD_DECODE_ERROR; - return 0; } -int +static int tlsext_versions_server_needs(SSL *s, uint16_t msg_type) { - return (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION); + return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION); } -int +static int tlsext_versions_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { return CBB_add_u16(cbb, TLS1_3_VERSION); } -int +static int tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { uint16_t selected_version; - if (!CBS_get_u16(cbs, &selected_version)) { - *alert = SSL_AD_DECODE_ERROR; + if (!CBS_get_u16(cbs, &selected_version)) return 0; - } /* XXX - need to fix for DTLS 1.3 */ if (selected_version < TLS1_3_VERSION) { @@ -1638,7 +1664,7 @@ tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) } /* XXX test between min and max once initialization code goes in */ - S3I(s)->hs.tls13.server_version = selected_version; + s->s3->hs.tls13.server_version = selected_version; return 1; } @@ -1648,14 +1674,14 @@ tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) * Cookie - RFC 8446 section 4.2.2. */ -int +static int tlsext_cookie_client_needs(SSL *s, uint16_t msg_type) { - return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION && - S3I(s)->hs.tls13.cookie_len > 0 && S3I(s)->hs.tls13.cookie != NULL); + return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION && + s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL); } -int +static int tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB cookie; @@ -1663,8 +1689,8 @@ tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb) if (!CBB_add_u16_length_prefixed(cbb, &cookie)) return 0; - if (!CBB_add_bytes(&cookie, S3I(s)->hs.tls13.cookie, - S3I(s)->hs.tls13.cookie_len)) + if (!CBB_add_bytes(&cookie, s->s3->hs.tls13.cookie, + s->s3->hs.tls13.cookie_len)) return 0; if (!CBB_flush(cbb)) @@ -1673,48 +1699,44 @@ tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS cookie; if (!CBS_get_u16_length_prefixed(cbs, &cookie)) - goto err; + return 0; - if (CBS_len(&cookie) != S3I(s)->hs.tls13.cookie_len) - goto err; + if (CBS_len(&cookie) != s->s3->hs.tls13.cookie_len) + return 0; /* * Check provided cookie value against what server previously * sent - client *MUST* send the same cookie with new CR after * a cookie is sent by the server with an HRR. */ - if (!CBS_mem_equal(&cookie, S3I(s)->hs.tls13.cookie, - S3I(s)->hs.tls13.cookie_len)) { + if (!CBS_mem_equal(&cookie, s->s3->hs.tls13.cookie, + s->s3->hs.tls13.cookie_len)) { /* XXX special cookie mismatch alert? */ *alert = SSL_AD_ILLEGAL_PARAMETER; return 0; } return 1; - - err: - *alert = SSL_AD_DECODE_ERROR; - return 0; } -int +static int tlsext_cookie_server_needs(SSL *s, uint16_t msg_type) { /* * Server needs to set cookie value in tls13 handshake * in order to send one, should only be sent with HRR. */ - return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION && - S3I(s)->hs.tls13.cookie_len > 0 && S3I(s)->hs.tls13.cookie != NULL); + return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION && + s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL); } -int +static int tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB cookie; @@ -1724,8 +1746,8 @@ tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb) if (!CBB_add_u16_length_prefixed(cbb, &cookie)) return 0; - if (!CBB_add_bytes(&cookie, S3I(s)->hs.tls13.cookie, - S3I(s)->hs.tls13.cookie_len)) + if (!CBB_add_bytes(&cookie, s->s3->hs.tls13.cookie, + s->s3->hs.tls13.cookie_len)) return 0; if (!CBB_flush(cbb)) @@ -1734,7 +1756,7 @@ tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS cookie; @@ -1744,26 +1766,206 @@ tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) * HRR from a server with a cookie to process after accepting * one from the server in the same handshake */ - if (S3I(s)->hs.tls13.cookie != NULL || - S3I(s)->hs.tls13.cookie_len != 0) { + if (s->s3->hs.tls13.cookie != NULL || + s->s3->hs.tls13.cookie_len != 0) { *alert = SSL_AD_ILLEGAL_PARAMETER; return 0; } if (!CBS_get_u16_length_prefixed(cbs, &cookie)) - goto err; + return 0; - if (!CBS_stow(&cookie, &S3I(s)->hs.tls13.cookie, - &S3I(s)->hs.tls13.cookie_len)) - goto err; + if (!CBS_stow(&cookie, &s->s3->hs.tls13.cookie, + &s->s3->hs.tls13.cookie_len)) + return 0; return 1; +} - err: - *alert = SSL_AD_DECODE_ERROR; +/* + * Pre-Shared Key Exchange Modes - RFC 8446, 4.2.9. + */ + +static int +tlsext_psk_kex_modes_client_needs(SSL *s, uint16_t msg_type) +{ + return (s->s3->hs.tls13.use_psk_dhe_ke && + s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); +} + +static int +tlsext_psk_kex_modes_client_build(SSL *s, uint16_t msg_type, CBB *cbb) +{ + CBB ke_modes; + + if (!CBB_add_u8_length_prefixed(cbb, &ke_modes)) + return 0; + + /* Only indicate support for PSK with DHE key establishment. */ + if (!CBB_add_u8(&ke_modes, TLS13_PSK_DHE_KE)) + return 0; + + if (!CBB_flush(cbb)) + return 0; + + return 1; +} + +static int +tlsext_psk_kex_modes_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, + int *alert) +{ + CBS ke_modes; + uint8_t ke_mode; + + if (!CBS_get_u8_length_prefixed(cbs, &ke_modes)) + return 0; + + while (CBS_len(&ke_modes) > 0) { + if (!CBS_get_u8(&ke_modes, &ke_mode)) + return 0; + + if (ke_mode == TLS13_PSK_DHE_KE) + s->s3->hs.tls13.use_psk_dhe_ke = 1; + } + + return 1; +} + +static int +tlsext_psk_kex_modes_server_needs(SSL *s, uint16_t msg_type) +{ + /* Servers MUST NOT send this extension. */ + return 0; +} + +static int +tlsext_psk_kex_modes_server_build(SSL *s, uint16_t msg_type, CBB *cbb) +{ + return 0; +} + +static int +tlsext_psk_kex_modes_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, + int *alert) +{ + return 0; +} + +/* + * Pre-Shared Key Extension - RFC 8446, 4.2.11 + */ + +static int +tlsext_psk_client_needs(SSL *s, uint16_t msg_type) +{ + return 0; +} + +static int +tlsext_psk_client_build(SSL *s, uint16_t msg_type, CBB *cbb) +{ + return 0; +} + +static int +tlsext_psk_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) +{ + return CBS_skip(cbs, CBS_len(cbs)); +} + +static int +tlsext_psk_server_needs(SSL *s, uint16_t msg_type) +{ + return 0; +} + +static int +tlsext_psk_server_build(SSL *s, uint16_t msg_type, CBB *cbb) +{ return 0; } +static int +tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) +{ + return CBS_skip(cbs, CBS_len(cbs)); +} + +/* + * QUIC transport parameters extension - RFC 9001 section 8.2. + */ + +static int +tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type) +{ + return SSL_is_quic(s) && s->internal->quic_transport_params_len > 0; +} + +static int +tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type, + CBB *cbb) +{ + if (!CBB_add_bytes(cbb, s->internal->quic_transport_params, + s->internal->quic_transport_params_len)) + return 0; + + return 1; +} + +static int +tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type, + CBS *cbs, int *alert) +{ + if (!SSL_is_quic(s)) { + *alert = SSL_AD_UNSUPPORTED_EXTENSION; + return 0; + } + + if (!CBS_stow(cbs, &s->s3->peer_quic_transport_params, + &s->s3->peer_quic_transport_params_len)) + return 0; + if (!CBS_skip(cbs, s->s3->peer_quic_transport_params_len)) + return 0; + + return 1; +} + +static int +tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type) +{ + return SSL_is_quic(s) && s->internal->quic_transport_params_len > 0; +} + +static int +tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type, + CBB *cbb) +{ + if (!CBB_add_bytes(cbb, s->internal->quic_transport_params, + s->internal->quic_transport_params_len)) + return 0; + + return 1; +} + +static int +tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type, + CBS *cbs, int *alert) +{ + if (!SSL_is_quic(s)) { + *alert = SSL_AD_UNSUPPORTED_EXTENSION; + return 0; + } + + if (!CBS_stow(cbs, &s->s3->peer_quic_transport_params, + &s->s3->peer_quic_transport_params_len)) + return 0; + if (!CBS_skip(cbs, s->s3->peer_quic_transport_params_len)) + return 0; + + return 1; +} + struct tls_extension_funcs { int (*needs)(SSL *s, uint16_t msg_type); int (*build)(SSL *s, uint16_t msg_type, CBB *cbb); @@ -1950,8 +2152,52 @@ static const struct tls_extension tls_extensions[] = { .build = tlsext_srtp_server_build, .parse = tlsext_srtp_server_parse, }, - } + }, #endif /* OPENSSL_NO_SRTP */ + { + .type = TLSEXT_TYPE_quic_transport_parameters, + .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE, + .client = { + .needs = tlsext_quic_transport_parameters_client_needs, + .build = tlsext_quic_transport_parameters_client_build, + .parse = tlsext_quic_transport_parameters_client_parse, + }, + .server = { + .needs = tlsext_quic_transport_parameters_server_needs, + .build = tlsext_quic_transport_parameters_server_build, + .parse = tlsext_quic_transport_parameters_server_parse, + }, + }, + { + .type = TLSEXT_TYPE_psk_key_exchange_modes, + .messages = SSL_TLSEXT_MSG_CH, + .client = { + .needs = tlsext_psk_kex_modes_client_needs, + .build = tlsext_psk_kex_modes_client_build, + .parse = tlsext_psk_kex_modes_client_parse, + }, + .server = { + .needs = tlsext_psk_kex_modes_server_needs, + .build = tlsext_psk_kex_modes_server_build, + .parse = tlsext_psk_kex_modes_server_parse, + }, + }, + { + /* MUST be last extension in CH per RFC 8446 section 4.2. */ + + .type = TLSEXT_TYPE_pre_shared_key, + .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH, + .client = { + .needs = tlsext_psk_client_needs, + .build = tlsext_psk_client_build, + .parse = tlsext_psk_client_parse, + }, + .server = { + .needs = tlsext_psk_server_needs, + .build = tlsext_psk_server_build, + .parse = tlsext_psk_server_parse, + }, + }, }; #define N_TLS_EXTENSIONS (sizeof(tls_extensions) / sizeof(*tls_extensions)) @@ -1981,10 +2227,10 @@ tlsext_extension_seen(SSL *s, uint16_t type) if (tls_extension_find(type, &idx) == NULL) return 0; - return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0); + return ((s->s3->hs.extensions_seen & (1 << idx)) != 0); } -static const struct tls_extension_funcs * +const struct tls_extension_funcs * tlsext_funcs(const struct tls_extension *tlsext, int is_server) { if (is_server) @@ -2081,7 +2327,7 @@ tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert) tls_version = ssl_effective_tls_version(s); - S3I(s)->hs.extensions_seen = 0; + s->s3->hs.extensions_seen = 0; /* An empty extensions block is valid. */ if (CBS_len(cbs) == 0) @@ -2123,9 +2369,9 @@ tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert) } /* Check for duplicate known extensions. */ - if ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0) + if ((s->s3->hs.extensions_seen & (1 << idx)) != 0) goto err; - S3I(s)->hs.extensions_seen |= (1 << idx); + s->s3->hs.extensions_seen |= (1 << idx); ext = tlsext_funcs(tlsext, is_server); if (!ext->parse(s, msg_type, &extension_data, &alert_desc)) @@ -2147,10 +2393,10 @@ static void tlsext_server_reset_state(SSL *s) { s->tlsext_status_type = -1; - S3I(s)->renegotiate_seen = 0; - free(S3I(s)->alpn_selected); - S3I(s)->alpn_selected = NULL; - S3I(s)->alpn_selected_len = 0; + s->s3->renegotiate_seen = 0; + free(s->s3->alpn_selected); + s->s3->alpn_selected = NULL; + s->s3->alpn_selected_len = 0; s->internal->srtp_profile = NULL; } @@ -2173,10 +2419,10 @@ tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) static void tlsext_client_reset_state(SSL *s) { - S3I(s)->renegotiate_seen = 0; - free(S3I(s)->alpn_selected); - S3I(s)->alpn_selected = NULL; - S3I(s)->alpn_selected_len = 0; + s->s3->renegotiate_seen = 0; + free(s->s3->alpn_selected); + s->s3->alpn_selected = NULL; + s->s3->alpn_selected_len = 0; } int diff --git a/ssl/ssl_tlsext.h b/ssl/ssl_tlsext.h index 8e0742aa..7a41c809 100644 --- a/ssl/ssl_tlsext.h +++ b/ssl/ssl_tlsext.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.h,v 1.26 2020/10/11 01:13:04 guenther Exp $ */ +/* $OpenBSD: ssl_tlsext.h,v 1.32 2022/08/04 09:27:36 tb Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -31,102 +31,8 @@ __BEGIN_HIDDEN_DECLS -int tlsext_alpn_client_needs(SSL *s, uint16_t msg_type); -int tlsext_alpn_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -int tlsext_alpn_server_needs(SSL *s, uint16_t msg_type); -int tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_alpn_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); - -int tlsext_ri_client_needs(SSL *s, uint16_t msg_type); -int tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -int tlsext_ri_server_needs(SSL *s, uint16_t msg_type); -int tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); - -int tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type); -int tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); -int tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type); -int tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); - -int tlsext_sni_client_needs(SSL *s, uint16_t msg_type); -int tlsext_sni_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -int tlsext_sni_server_needs(SSL *s, uint16_t msg_type); -int tlsext_sni_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -int tlsext_sni_is_valid_hostname(CBS *cbs); - -int tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type); -int tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_supportedgroups_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); -int tlsext_supportedgroups_server_needs(SSL *s, uint16_t msg_type); -int tlsext_supportedgroups_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); - -int tlsext_ecpf_client_needs(SSL *s, uint16_t msg_type); -int tlsext_ecpf_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_ecpf_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -int tlsext_ecpf_server_needs(SSL *s, uint16_t msg_type); -int tlsext_ecpf_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_ecpf_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); - -int tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type); -int tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -int tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type); -int tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); - -int tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type); -int tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); -int tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type); -int tlsext_sessionticket_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); - -int tlsext_versions_client_needs(SSL *s, uint16_t msg_type); -int tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); -int tlsext_versions_server_needs(SSL *s, uint16_t msg_type); -int tlsext_versions_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); - -int tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type); -int tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); -int tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type); -int tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); - -int tlsext_cookie_client_needs(SSL *s, uint16_t msg_type); -int tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -int tlsext_cookie_server_needs(SSL *s, uint16_t msg_type); -int tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); - -#ifndef OPENSSL_NO_SRTP -int tlsext_srtp_client_needs(SSL *s, uint16_t msg_type); -int tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -int tlsext_srtp_server_needs(SSL *s, uint16_t msg_type); -int tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -#endif +int tlsext_alpn_check_format(CBS *cbs); +int tlsext_sni_is_valid_hostname(CBS *cbs, int *is_ip); int tlsext_client_build(SSL *s, uint16_t msg_type, CBB *cbb); int tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); @@ -134,8 +40,8 @@ int tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); int tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb); int tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -const struct tls_extension *tls_extension_find(uint16_t, size_t *); int tlsext_extension_seen(SSL *s, uint16_t); + __END_HIDDEN_DECLS #endif diff --git a/ssl/ssl_transcript.c b/ssl/ssl_transcript.c index 47aa15ad..e4a041f6 100644 --- a/ssl/ssl_transcript.c +++ b/ssl/ssl_transcript.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_transcript.c,v 1.5 2021/05/16 14:10:43 jsing Exp $ */ +/* $OpenBSD: ssl_transcript.c,v 1.8 2022/07/22 19:54:46 jsing Exp $ */ /* * Copyright (c) 2017 Joel Sing * @@ -18,6 +18,7 @@ #include #include "ssl_locl.h" +#include "tls_internal.h" int tls1_transcript_hash_init(SSL *s) @@ -33,11 +34,11 @@ tls1_transcript_hash_init(SSL *s) goto err; } - if ((S3I(s)->handshake_hash = EVP_MD_CTX_new()) == NULL) { + if ((s->s3->handshake_hash = EVP_MD_CTX_new()) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - if (!EVP_DigestInit_ex(S3I(s)->handshake_hash, md, NULL)) { + if (!EVP_DigestInit_ex(s->s3->handshake_hash, md, NULL)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -62,35 +63,35 @@ tls1_transcript_hash_init(SSL *s) int tls1_transcript_hash_update(SSL *s, const unsigned char *buf, size_t len) { - if (S3I(s)->handshake_hash == NULL) + if (s->s3->handshake_hash == NULL) return 1; - return EVP_DigestUpdate(S3I(s)->handshake_hash, buf, len); + return EVP_DigestUpdate(s->s3->handshake_hash, buf, len); } int -tls1_transcript_hash_value(SSL *s, const unsigned char *out, size_t len, +tls1_transcript_hash_value(SSL *s, unsigned char *out, size_t len, size_t *outlen) { EVP_MD_CTX *mdctx = NULL; unsigned int mdlen; int ret = 0; - if (S3I(s)->handshake_hash == NULL) + if (s->s3->handshake_hash == NULL) goto err; - if (EVP_MD_CTX_size(S3I(s)->handshake_hash) > len) + if (EVP_MD_CTX_size(s->s3->handshake_hash) > len) goto err; if ((mdctx = EVP_MD_CTX_new()) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - if (!EVP_MD_CTX_copy_ex(mdctx, S3I(s)->handshake_hash)) { + if (!EVP_MD_CTX_copy_ex(mdctx, s->s3->handshake_hash)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestFinal_ex(mdctx, (unsigned char *)out, &mdlen)) { + if (!EVP_DigestFinal_ex(mdctx, out, &mdlen)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -108,17 +109,17 @@ tls1_transcript_hash_value(SSL *s, const unsigned char *out, size_t len, void tls1_transcript_hash_free(SSL *s) { - EVP_MD_CTX_free(S3I(s)->handshake_hash); - S3I(s)->handshake_hash = NULL; + EVP_MD_CTX_free(s->s3->handshake_hash); + s->s3->handshake_hash = NULL; } int tls1_transcript_init(SSL *s) { - if (S3I(s)->handshake_transcript != NULL) + if (s->s3->handshake_transcript != NULL) return 0; - if ((S3I(s)->handshake_transcript = BUF_MEM_new()) == NULL) + if ((s->s3->handshake_transcript = tls_buffer_new(0)) == NULL) return 0; tls1_transcript_reset(s); @@ -129,21 +130,14 @@ tls1_transcript_init(SSL *s) void tls1_transcript_free(SSL *s) { - BUF_MEM_free(S3I(s)->handshake_transcript); - S3I(s)->handshake_transcript = NULL; + tls_buffer_free(s->s3->handshake_transcript); + s->s3->handshake_transcript = NULL; } void tls1_transcript_reset(SSL *s) { - /* - * We should check the return value of BUF_MEM_grow_clean(), however - * due to yet another bad API design, when called with a length of zero - * it is impossible to tell if it succeeded (returning a length of zero) - * or if it failed (and returned zero)... our implementation never - * fails with a length of zero, so we trust all is okay... - */ - (void)BUF_MEM_grow_clean(S3I(s)->handshake_transcript, 0); + tls_buffer_clear(s->s3->handshake_transcript); tls1_transcript_unfreeze(s); } @@ -151,36 +145,29 @@ tls1_transcript_reset(SSL *s) int tls1_transcript_append(SSL *s, const unsigned char *buf, size_t len) { - size_t olen, nlen; - - if (S3I(s)->handshake_transcript == NULL) + if (s->s3->handshake_transcript == NULL) return 1; if (s->s3->flags & TLS1_FLAGS_FREEZE_TRANSCRIPT) return 1; - olen = S3I(s)->handshake_transcript->length; - nlen = olen + len; - - if (nlen < olen) - return 0; - - if (BUF_MEM_grow(S3I(s)->handshake_transcript, nlen) == 0) - return 0; - - memcpy(S3I(s)->handshake_transcript->data + olen, buf, len); - - return 1; + return tls_buffer_append(s->s3->handshake_transcript, buf, len); } int tls1_transcript_data(SSL *s, const unsigned char **data, size_t *len) { - if (S3I(s)->handshake_transcript == NULL) + CBS cbs; + + if (s->s3->handshake_transcript == NULL) + return 0; + + if (!tls_buffer_data(s->s3->handshake_transcript, &cbs)) return 0; - *data = S3I(s)->handshake_transcript->data; - *len = S3I(s)->handshake_transcript->length; + /* XXX - change to caller providing a CBS argument. */ + *data = CBS_data(&cbs); + *len = CBS_len(&cbs); return 1; } diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 09b76dd4..2b95c28f 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_txt.c,v 1.29 2021/06/11 11:13:53 jsing Exp $ */ +/* $OpenBSD: ssl_txt.c,v 1.35 2022/06/07 17:55:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -95,94 +95,106 @@ SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) BIO *b; int ret; - if ((b = BIO_new(BIO_s_file_internal())) == NULL) { + if ((b = BIO_new(BIO_s_file())) == NULL) { SSLerrorx(ERR_R_BUF_LIB); - return (0); + return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = SSL_SESSION_print(b, x); BIO_free(b); - return (ret); + return ret; } int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) { - unsigned int i; - const char *s; + size_t i; + int ret = 0; if (x == NULL) goto err; + if (BIO_puts(bp, "SSL-Session:\n") <= 0) goto err; - s = ssl_version_string(x->ssl_version); - if (BIO_printf(bp, " Protocol : %s\n", s) <= 0) + if (BIO_printf(bp, " Protocol : %s\n", + ssl_version_string(x->ssl_version)) <= 0) goto err; if (x->cipher == NULL) { - if (((x->cipher_id) & 0xff000000) == 0x02000000) { - if (BIO_printf(bp, " Cipher : %06lX\n", x->cipher_id&0xffffff) <= 0) - goto err; - } else { - if (BIO_printf(bp, " Cipher : %04lX\n", x->cipher_id&0xffff) <= 0) - goto err; - } + if (BIO_printf(bp, " Cipher : %04lX\n", + x->cipher_id & SSL3_CK_VALUE_MASK) <= 0) + goto err; } else { - if (BIO_printf(bp, " Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0) + const char *cipher_name = "unknown"; + + if (x->cipher->name != NULL) + cipher_name = x->cipher->name; + + if (BIO_printf(bp, " Cipher : %s\n", cipher_name) <= 0) goto err; } + if (BIO_puts(bp, " Session-ID: ") <= 0) goto err; + for (i = 0; i < x->session_id_length; i++) { if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0) goto err; } + if (BIO_puts(bp, "\n Session-ID-ctx: ") <= 0) goto err; + for (i = 0; i < x->sid_ctx_length; i++) { if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0) goto err; } + if (BIO_puts(bp, "\n Master-Key: ") <= 0) goto err; - for (i = 0; i < (unsigned int)x->master_key_length; i++) { + + for (i = 0; i < x->master_key_length; i++) { if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) goto err; } - if (x->tlsext_tick_lifetime_hint) { + + if (x->tlsext_tick_lifetime_hint > 0) { if (BIO_printf(bp, - "\n TLS session ticket lifetime hint: %ld (seconds)", + "\n TLS session ticket lifetime hint: %u (seconds)", x->tlsext_tick_lifetime_hint) <= 0) goto err; } - if (x->tlsext_tick) { + + if (x->tlsext_tick != NULL) { if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; - if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) + if (BIO_dump_indent(bp, x->tlsext_tick, x->tlsext_ticklen, + 4) <= 0) goto err; } if (x->time != 0) { - if (BIO_printf(bp, "\n Start Time: %"PRId64, (int64_t)x->time) <= 0) + if (BIO_printf(bp, "\n Start Time: %"PRId64, + (int64_t)x->time) <= 0) goto err; } - if (x->timeout != 0L) { - if (BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0) + + if (x->timeout != 0) { + if (BIO_printf(bp, "\n Timeout : %ld (sec)", + x->timeout) <= 0) goto err; } - if (BIO_puts(bp, "\n") <= 0) - goto err; - if (BIO_puts(bp, " Verify return code: ") <= 0) + if (BIO_puts(bp, "\n") <= 0) goto err; - if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, + if (BIO_printf(bp, " Verify return code: %ld (%s)\n", + x->verify_result, X509_verify_cert_error_string(x->verify_result)) <= 0) goto err; - return (1); + ret = 1; err: - return (0); + return ret; } - diff --git a/ssl/ssl_versions.c b/ssl/ssl_versions.c index c633b58c..4a58f14c 100644 --- a/ssl/ssl_versions.c +++ b/ssl/ssl_versions.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_versions.c,v 1.20 2021/07/01 17:53:39 jsing Exp $ */ +/* $OpenBSD: ssl_versions.c,v 1.24 2022/09/11 18:13:30 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing * @@ -177,6 +177,14 @@ ssl_enabled_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) s->internal->min_tls_version, s->internal->max_tls_version)) return 0; + /* QUIC requires a minimum of TLSv1.3. */ + if (SSL_is_quic(s)) { + if (max_version < TLS1_3_VERSION) + return 0; + if (min_version < TLS1_3_VERSION) + min_version = TLS1_3_VERSION; + } + if (min_ver != NULL) *min_ver = min_version; if (max_ver != NULL) @@ -224,10 +232,10 @@ ssl_tls_version(uint16_t version) uint16_t ssl_effective_tls_version(SSL *s) { - if (S3I(s)->hs.negotiated_tls_version > 0) - return S3I(s)->hs.negotiated_tls_version; + if (s->s3->hs.negotiated_tls_version > 0) + return s->s3->hs.negotiated_tls_version; - return S3I(s)->hs.our_max_tls_version; + return s->s3->hs.our_max_tls_version; } int @@ -250,6 +258,24 @@ ssl_max_supported_version(SSL *s, uint16_t *max_ver) return 1; } +int +ssl_max_legacy_version(SSL *s, uint16_t *max_ver) +{ + uint16_t max_version; + + if ((max_version = s->s3->hs.our_max_tls_version) > TLS1_2_VERSION) + max_version = TLS1_2_VERSION; + + if (SSL_is_dtls(s)) { + if ((max_version = ssl_tls_to_dtls_version(max_version)) == 0) + return 0; + } + + *max_ver = max_version; + + return 1; +} + int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver) { @@ -311,6 +337,9 @@ ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver) return 0; } + if (!ssl_security_version(s, shared_version)) + return 0; + *max_ver = shared_version; return 1; @@ -334,8 +363,11 @@ ssl_check_version_from_server(SSL *s, uint16_t server_version) &max_tls_version)) return 0; - return (server_tls_version >= min_tls_version && - server_tls_version <= max_tls_version); + if (server_tls_version < min_tls_version || + server_tls_version > max_tls_version) + return 0; + + return ssl_security_version(s, server_tls_version); } int diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 65e20633..c996159a 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.151 2021/07/01 17:53:39 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.154 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -149,8 +149,8 @@ void tls1_cleanup_key_block(SSL *s) { - tls12_key_block_free(S3I(s)->hs.tls12.key_block); - S3I(s)->hs.tls12.key_block = NULL; + tls12_key_block_free(s->s3->hs.tls12.key_block); + s->s3->hs.tls12.key_block = NULL; } /* @@ -164,8 +164,8 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *secret, size_t secret_len, { unsigned char A1[EVP_MAX_MD_SIZE], hmac[EVP_MAX_MD_SIZE]; size_t A1_len, hmac_len; - EVP_MD_CTX ctx; - EVP_PKEY *mac_key; + EVP_MD_CTX *ctx = NULL; + EVP_PKEY *mac_key = NULL; int ret = 0; int chunk; size_t i; @@ -173,42 +173,43 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *secret, size_t secret_len, chunk = EVP_MD_size(md); OPENSSL_assert(chunk >= 0); - EVP_MD_CTX_init(&ctx); + if ((ctx = EVP_MD_CTX_new()) == NULL) + goto err; mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, secret, secret_len); - if (!mac_key) + if (mac_key == NULL) goto err; - if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key)) + if (!EVP_DigestSignInit(ctx, NULL, md, NULL, mac_key)) goto err; - if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len)) + if (seed1 && !EVP_DigestSignUpdate(ctx, seed1, seed1_len)) goto err; - if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len)) + if (seed2 && !EVP_DigestSignUpdate(ctx, seed2, seed2_len)) goto err; - if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len)) + if (seed3 && !EVP_DigestSignUpdate(ctx, seed3, seed3_len)) goto err; - if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len)) + if (seed4 && !EVP_DigestSignUpdate(ctx, seed4, seed4_len)) goto err; - if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len)) + if (seed5 && !EVP_DigestSignUpdate(ctx, seed5, seed5_len)) goto err; - if (!EVP_DigestSignFinal(&ctx, A1, &A1_len)) + if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) goto err; for (;;) { - if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key)) + if (!EVP_DigestSignInit(ctx, NULL, md, NULL, mac_key)) goto err; - if (!EVP_DigestSignUpdate(&ctx, A1, A1_len)) + if (!EVP_DigestSignUpdate(ctx, A1, A1_len)) goto err; - if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len)) + if (seed1 && !EVP_DigestSignUpdate(ctx, seed1, seed1_len)) goto err; - if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len)) + if (seed2 && !EVP_DigestSignUpdate(ctx, seed2, seed2_len)) goto err; - if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len)) + if (seed3 && !EVP_DigestSignUpdate(ctx, seed3, seed3_len)) goto err; - if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len)) + if (seed4 && !EVP_DigestSignUpdate(ctx, seed4, seed4_len)) goto err; - if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len)) + if (seed5 && !EVP_DigestSignUpdate(ctx, seed5, seed5_len)) goto err; - if (!EVP_DigestSignFinal(&ctx, hmac, &hmac_len)) + if (!EVP_DigestSignFinal(ctx, hmac, &hmac_len)) goto err; if (hmac_len > out_len) @@ -223,18 +224,18 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *secret, size_t secret_len, if (out_len == 0) break; - if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key)) + if (!EVP_DigestSignInit(ctx, NULL, md, NULL, mac_key)) goto err; - if (!EVP_DigestSignUpdate(&ctx, A1, A1_len)) + if (!EVP_DigestSignUpdate(ctx, A1, A1_len)) goto err; - if (!EVP_DigestSignFinal(&ctx, A1, &A1_len)) + if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) goto err; } ret = 1; err: EVP_PKEY_free(mac_key); - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_free(ctx); explicit_bzero(A1, sizeof(A1)); explicit_bzero(hmac, sizeof(hmac)); @@ -256,7 +257,7 @@ tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len, if (!ssl_get_handshake_evp_md(s, &md)) return (0); - if (md->type == NID_md5_sha1) { + if (EVP_MD_type(md) == NID_md5_sha1) { /* * Partition secret between MD5 and SHA1, then XOR result. * If the secret length is odd, a one byte overlap is used. @@ -302,10 +303,10 @@ tls1_change_cipher_state(SSL *s, int is_write) /* Use client write keys on client write and server read. */ if ((!s->server && is_write) || (s->server && !is_write)) { - tls12_key_block_client_write(S3I(s)->hs.tls12.key_block, + tls12_key_block_client_write(s->s3->hs.tls12.key_block, &mac_key, &key, &iv); } else { - tls12_key_block_server_write(S3I(s)->hs.tls12.key_block, + tls12_key_block_server_write(s->s3->hs.tls12.key_block, &mac_key, &key, &iv); } @@ -315,8 +316,6 @@ tls1_change_cipher_state(SSL *s, int is_write) goto err; if (SSL_is_dtls(s)) dtls1_reset_read_seq_numbers(s); - tls12_record_layer_read_cipher_hash(s->internal->rl, - &s->enc_read_ctx, &s->read_hash); } else { if (!tls12_record_layer_change_write_cipher_state(s->internal->rl, &mac_key, &key, &iv)) @@ -355,7 +354,7 @@ tls1_setup_key_block(SSL *s) * XXX - callers should be changed so that they only call this * function once. */ - if (S3I(s)->hs.tls12.key_block != NULL) + if (s->s3->hs.tls12.key_block != NULL) return (1); if (s->session->cipher && @@ -385,7 +384,7 @@ tls1_setup_key_block(SSL *s) if (!tls12_key_block_generate(key_block, s, aead, cipher, mac_hash)) goto err; - S3I(s)->hs.tls12.key_block = key_block; + s->s3->hs.tls12.key_block = key_block; key_block = NULL; if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) && @@ -394,15 +393,15 @@ tls1_setup_key_block(SSL *s) * Enable vulnerability countermeasure for CBC ciphers with * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */ - S3I(s)->need_empty_fragments = 1; + s->s3->need_empty_fragments = 1; if (s->session->cipher != NULL) { if (s->session->cipher->algorithm_enc == SSL_eNULL) - S3I(s)->need_empty_fragments = 0; + s->s3->need_empty_fragments = 0; #ifndef OPENSSL_NO_RC4 if (s->session->cipher->algorithm_enc == SSL_RC4) - S3I(s)->need_empty_fragments = 0; + s->s3->need_empty_fragments = 0; #endif } } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 3cb2d8a1..355c9827 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.182 2021/07/01 17:53:39 jsing Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.195 2022/08/17 18:45:25 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -150,38 +150,136 @@ tls1_clear(SSL *s) s->version = s->method->version; } -static const int nid_list[] = { - NID_sect163k1, /* sect163k1 (1) */ - NID_sect163r1, /* sect163r1 (2) */ - NID_sect163r2, /* sect163r2 (3) */ - NID_sect193r1, /* sect193r1 (4) */ - NID_sect193r2, /* sect193r2 (5) */ - NID_sect233k1, /* sect233k1 (6) */ - NID_sect233r1, /* sect233r1 (7) */ - NID_sect239k1, /* sect239k1 (8) */ - NID_sect283k1, /* sect283k1 (9) */ - NID_sect283r1, /* sect283r1 (10) */ - NID_sect409k1, /* sect409k1 (11) */ - NID_sect409r1, /* sect409r1 (12) */ - NID_sect571k1, /* sect571k1 (13) */ - NID_sect571r1, /* sect571r1 (14) */ - NID_secp160k1, /* secp160k1 (15) */ - NID_secp160r1, /* secp160r1 (16) */ - NID_secp160r2, /* secp160r2 (17) */ - NID_secp192k1, /* secp192k1 (18) */ - NID_X9_62_prime192v1, /* secp192r1 (19) */ - NID_secp224k1, /* secp224k1 (20) */ - NID_secp224r1, /* secp224r1 (21) */ - NID_secp256k1, /* secp256k1 (22) */ - NID_X9_62_prime256v1, /* secp256r1 (23) */ - NID_secp384r1, /* secp384r1 (24) */ - NID_secp521r1, /* secp521r1 (25) */ - NID_brainpoolP256r1, /* brainpoolP256r1 (26) */ - NID_brainpoolP384r1, /* brainpoolP384r1 (27) */ - NID_brainpoolP512r1, /* brainpoolP512r1 (28) */ - NID_X25519, /* X25519 (29) */ +struct supported_group { + int nid; + int bits; }; +/* + * Supported groups (formerly known as named curves) + * https://www.iana.org/assignments/tls-parameters/#tls-parameters-8 + */ +static const struct supported_group nid_list[] = { + [1] = { + .nid = NID_sect163k1, + .bits = 80, + }, + [2] = { + .nid = NID_sect163r1, + .bits = 80, + }, + [3] = { + .nid = NID_sect163r2, + .bits = 80, + }, + [4] = { + .nid = NID_sect193r1, + .bits = 80, + }, + [5] = { + .nid = NID_sect193r2, + .bits = 80, + }, + [6] = { + .nid = NID_sect233k1, + .bits = 112, + }, + [7] = { + .nid = NID_sect233r1, + .bits = 112, + }, + [8] = { + .nid = NID_sect239k1, + .bits = 112, + }, + [9] = { + .nid = NID_sect283k1, + .bits = 128, + }, + [10] = { + .nid = NID_sect283r1, + .bits = 128, + }, + [11] = { + .nid = NID_sect409k1, + .bits = 192, + }, + [12] = { + .nid = NID_sect409r1, + .bits = 192, + }, + [13] = { + .nid = NID_sect571k1, + .bits = 256, + }, + [14] = { + .nid = NID_sect571r1, + .bits = 256, + }, + [15] = { + .nid = NID_secp160k1, + .bits = 80, + }, + [16] = { + .nid = NID_secp160r1, + .bits = 80, + }, + [17] = { + .nid = NID_secp160r2, + .bits = 80, + }, + [18] = { + .nid = NID_secp192k1, + .bits = 80, + }, + [19] = { + .nid = NID_X9_62_prime192v1, /* aka secp192r1 */ + .bits = 80, + }, + [20] = { + .nid = NID_secp224k1, + .bits = 112, + }, + [21] = { + .nid = NID_secp224r1, + .bits = 112, + }, + [22] = { + .nid = NID_secp256k1, + .bits = 128, + }, + [23] = { + .nid = NID_X9_62_prime256v1, /* aka secp256r1 */ + .bits = 128, + }, + [24] = { + .nid = NID_secp384r1, + .bits = 192, + }, + [25] = { + .nid = NID_secp521r1, + .bits = 256, + }, + [26] = { + .nid = NID_brainpoolP256r1, + .bits = 128, + }, + [27] = { + .nid = NID_brainpoolP384r1, + .bits = 192, + }, + [28] = { + .nid = NID_brainpoolP512r1, + .bits = 256, + }, + [29] = { + .nid = NID_X25519, + .bits = 128, + }, +}; + +#define NID_LIST_LEN (sizeof(nid_list) / sizeof(nid_list[0])) + #if 0 static const uint8_t ecformats_list[] = { TLSEXT_ECPOINTFORMAT_uncompressed, @@ -195,7 +293,7 @@ static const uint8_t ecformats_default[] = { }; #if 0 -static const uint16_t eccurves_list[] = { +static const uint16_t ecgroups_list[] = { 29, /* X25519 (29) */ 14, /* sect571r1 (14) */ 13, /* sect571k1 (13) */ @@ -228,95 +326,67 @@ static const uint16_t eccurves_list[] = { }; #endif -static const uint16_t eccurves_client_default[] = { +static const uint16_t ecgroups_client_default[] = { 29, /* X25519 (29) */ 23, /* secp256r1 (23) */ 24, /* secp384r1 (24) */ 25, /* secp521r1 (25) */ }; -static const uint16_t eccurves_server_default[] = { +static const uint16_t ecgroups_server_default[] = { 29, /* X25519 (29) */ 23, /* secp256r1 (23) */ 24, /* secp384r1 (24) */ }; int -tls1_ec_curve_id2nid(const uint16_t curve_id) +tls1_ec_group_id2nid(uint16_t group_id, int *out_nid) { - /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ - if ((curve_id < 1) || - ((unsigned int)curve_id > sizeof(nid_list) / sizeof(nid_list[0]))) + int nid; + + if (group_id >= NID_LIST_LEN) + return 0; + + if ((nid = nid_list[group_id].nid) == 0) return 0; - return nid_list[curve_id - 1]; + + *out_nid = nid; + + return 1; } -uint16_t -tls1_ec_nid2curve_id(const int nid) +int +tls1_ec_group_id2bits(uint16_t group_id, int *out_bits) { - /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ - switch (nid) { - case NID_sect163k1: /* sect163k1 (1) */ - return 1; - case NID_sect163r1: /* sect163r1 (2) */ - return 2; - case NID_sect163r2: /* sect163r2 (3) */ - return 3; - case NID_sect193r1: /* sect193r1 (4) */ - return 4; - case NID_sect193r2: /* sect193r2 (5) */ - return 5; - case NID_sect233k1: /* sect233k1 (6) */ - return 6; - case NID_sect233r1: /* sect233r1 (7) */ - return 7; - case NID_sect239k1: /* sect239k1 (8) */ - return 8; - case NID_sect283k1: /* sect283k1 (9) */ - return 9; - case NID_sect283r1: /* sect283r1 (10) */ - return 10; - case NID_sect409k1: /* sect409k1 (11) */ - return 11; - case NID_sect409r1: /* sect409r1 (12) */ - return 12; - case NID_sect571k1: /* sect571k1 (13) */ - return 13; - case NID_sect571r1: /* sect571r1 (14) */ - return 14; - case NID_secp160k1: /* secp160k1 (15) */ - return 15; - case NID_secp160r1: /* secp160r1 (16) */ - return 16; - case NID_secp160r2: /* secp160r2 (17) */ - return 17; - case NID_secp192k1: /* secp192k1 (18) */ - return 18; - case NID_X9_62_prime192v1: /* secp192r1 (19) */ - return 19; - case NID_secp224k1: /* secp224k1 (20) */ - return 20; - case NID_secp224r1: /* secp224r1 (21) */ - return 21; - case NID_secp256k1: /* secp256k1 (22) */ - return 22; - case NID_X9_62_prime256v1: /* secp256r1 (23) */ - return 23; - case NID_secp384r1: /* secp384r1 (24) */ - return 24; - case NID_secp521r1: /* secp521r1 (25) */ - return 25; - case NID_brainpoolP256r1: /* brainpoolP256r1 (26) */ - return 26; - case NID_brainpoolP384r1: /* brainpoolP384r1 (27) */ - return 27; - case NID_brainpoolP512r1: /* brainpoolP512r1 (28) */ - return 28; - case NID_X25519: /* X25519 (29) */ - return 29; - default: + int bits; + + if (group_id >= NID_LIST_LEN) + return 0; + + if ((bits = nid_list[group_id].bits) == 0) + return 0; + + *out_bits = bits; + + return 1; +} + +int +tls1_ec_nid2group_id(int nid, uint16_t *out_group_id) +{ + uint16_t group_id; + + if (nid == 0) return 0; + + for (group_id = 0; group_id < NID_LIST_LEN; group_id++) { + if (nid_list[group_id].nid == nid) { + *out_group_id = group_id; + return 1; + } } + + return 0; } /* @@ -325,12 +395,12 @@ tls1_ec_nid2curve_id(const int nid) * exists, or the default formats if a custom list has not been specified. */ void -tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats, +tls1_get_formatlist(const SSL *s, int client_formats, const uint8_t **pformats, size_t *pformatslen) { if (client_formats != 0) { - *pformats = SSI(s)->tlsext_ecpointformatlist; - *pformatslen = SSI(s)->tlsext_ecpointformatlist_length; + *pformats = s->session->tlsext_ecpointformatlist; + *pformatslen = s->session->tlsext_ecpointformatlist_length; return; } @@ -348,12 +418,12 @@ tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats, * exists, or the default groups if a custom list has not been specified. */ void -tls1_get_group_list(SSL *s, int client_groups, const uint16_t **pgroups, +tls1_get_group_list(const SSL *s, int client_groups, const uint16_t **pgroups, size_t *pgroupslen) { if (client_groups != 0) { - *pgroups = SSI(s)->tlsext_supportedgroups; - *pgroupslen = SSI(s)->tlsext_supportedgroups_length; + *pgroups = s->session->tlsext_supportedgroups; + *pgroupslen = s->session->tlsext_supportedgroups_length; return; } @@ -363,14 +433,108 @@ tls1_get_group_list(SSL *s, int client_groups, const uint16_t **pgroups, return; if (!s->server) { - *pgroups = eccurves_client_default; - *pgroupslen = sizeof(eccurves_client_default) / 2; + *pgroups = ecgroups_client_default; + *pgroupslen = sizeof(ecgroups_client_default) / 2; } else { - *pgroups = eccurves_server_default; - *pgroupslen = sizeof(eccurves_server_default) / 2; + *pgroups = ecgroups_server_default; + *pgroupslen = sizeof(ecgroups_server_default) / 2; } } +static int +tls1_get_group_lists(const SSL *ssl, const uint16_t **pref, size_t *preflen, + const uint16_t **supp, size_t *supplen) +{ + unsigned long server_pref; + + /* Cannot do anything on the client side. */ + if (!ssl->server) + return 0; + + server_pref = (ssl->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE); + tls1_get_group_list(ssl, (server_pref == 0), pref, preflen); + tls1_get_group_list(ssl, (server_pref != 0), supp, supplen); + + return 1; +} + +static int +tls1_group_id_present(uint16_t group_id, const uint16_t *list, size_t list_len) +{ + size_t i; + + for (i = 0; i < list_len; i++) { + if (group_id == list[i]) + return 1; + } + + return 0; +} + +int +tls1_count_shared_groups(const SSL *ssl, size_t *out_count) +{ + size_t count, preflen, supplen, i; + const uint16_t *pref, *supp; + + if (!tls1_get_group_lists(ssl, &pref, &preflen, &supp, &supplen)) + return 0; + + count = 0; + for (i = 0; i < preflen; i++) { + if (!tls1_group_id_present(pref[i], supp, supplen)) + continue; + + if (!ssl_security_shared_group(ssl, pref[i])) + continue; + + count++; + } + + *out_count = count; + + return 1; +} + +static int +tls1_group_by_index(const SSL *ssl, size_t n, int *out_nid, + int (*ssl_security_fn)(const SSL *, uint16_t)) +{ + size_t count, preflen, supplen, i; + const uint16_t *pref, *supp; + + if (!tls1_get_group_lists(ssl, &pref, &preflen, &supp, &supplen)) + return 0; + + count = 0; + for (i = 0; i < preflen; i++) { + if (!tls1_group_id_present(pref[i], supp, supplen)) + continue; + + if (!ssl_security_fn(ssl, pref[i])) + continue; + + if (count++ == n) + return tls1_ec_group_id2nid(pref[i], out_nid); + } + + return 0; +} + +int +tls1_get_shared_group_by_index(const SSL *ssl, size_t index, int *out_nid) +{ + return tls1_group_by_index(ssl, index, out_nid, + ssl_security_shared_group); +} + +int +tls1_get_supported_group(const SSL *ssl, int *out_nid) +{ + return tls1_group_by_index(ssl, 0, out_nid, + ssl_security_supported_group); +} + int tls1_set_groups(uint16_t **out_group_ids, size_t *out_group_ids_len, const int *groups, size_t ngroups) @@ -378,13 +542,11 @@ tls1_set_groups(uint16_t **out_group_ids, size_t *out_group_ids_len, uint16_t *group_ids; size_t i; - group_ids = calloc(ngroups, sizeof(uint16_t)); - if (group_ids == NULL) + if ((group_ids = calloc(ngroups, sizeof(uint16_t))) == NULL) return 0; for (i = 0; i < ngroups; i++) { - group_ids[i] = tls1_ec_nid2curve_id(groups[i]); - if (group_ids[i] == 0) { + if (!tls1_ec_nid2group_id(groups[i], &group_ids[i])) { free(group_ids); return 0; } @@ -424,8 +586,7 @@ tls1_set_group_list(uint16_t **out_group_ids, size_t *out_group_ids_len, goto err; group_ids = new_group_ids; - group_ids[ngroups] = tls1_ec_nid2curve_id(nid); - if (group_ids[ngroups] == 0) + if (!tls1_ec_nid2group_id(nid, &group_ids[ngroups])) goto err; ngroups++; @@ -445,9 +606,9 @@ tls1_set_group_list(uint16_t **out_group_ids, size_t *out_group_ids_len, return 0; } -/* Check that a curve is one of our preferences. */ +/* Check that a group is one of our preferences. */ int -tls1_check_curve(SSL *s, const uint16_t curve_id) +tls1_check_group(SSL *s, uint16_t group_id) { const uint16_t *groups; size_t groupslen, i; @@ -455,40 +616,17 @@ tls1_check_curve(SSL *s, const uint16_t curve_id) tls1_get_group_list(s, 0, &groups, &groupslen); for (i = 0; i < groupslen; i++) { - if (groups[i] == curve_id) - return (1); - } - return (0); -} - -int -tls1_get_shared_curve(SSL *s) -{ - size_t preflen, supplen, i, j; - const uint16_t *pref, *supp; - unsigned long server_pref; - - /* Cannot do anything on the client side. */ - if (s->server == 0) - return (NID_undef); - - /* Return first preference shared curve. */ - server_pref = (s->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE); - tls1_get_group_list(s, (server_pref == 0), &pref, &preflen); - tls1_get_group_list(s, (server_pref != 0), &supp, &supplen); - - for (i = 0; i < preflen; i++) { - for (j = 0; j < supplen; j++) { - if (pref[i] == supp[j]) - return (tls1_ec_curve_id2nid(pref[i])); - } + if (!ssl_security_supported_group(s, groups[i])) + continue; + if (groups[i] == group_id) + return 1; } - return (NID_undef); + return 0; } /* For an EC key set TLS ID and required compression based on parameters. */ static int -tls1_set_ec_id(uint16_t *curve_id, uint8_t *comp_id, EC_KEY *ec) +tls1_set_ec_id(uint16_t *group_id, uint8_t *comp_id, EC_KEY *ec) { const EC_GROUP *grp; const EC_METHOD *meth; @@ -498,18 +636,18 @@ tls1_set_ec_id(uint16_t *curve_id, uint8_t *comp_id, EC_KEY *ec) if (ec == NULL) return (0); - /* Determine whether the curve is defined over a prime field. */ + /* Determine whether the group is defined over a prime field. */ if ((grp = EC_KEY_get0_group(ec)) == NULL) return (0); if ((meth = EC_GROUP_method_of(grp)) == NULL) return (0); prime_field = (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field); - /* Determine curve ID - NID_undef results in a curve ID of zero. */ + /* Determine group ID. */ nid = EC_GROUP_get_curve_name(grp); - /* If we have an ID set it, otherwise set arbitrary explicit curve. */ - if ((*curve_id = tls1_ec_nid2curve_id(nid)) == 0) - *curve_id = prime_field ? 0xff01 : 0xff02; + /* If we have an ID set it, otherwise set arbitrary explicit group. */ + if (!tls1_ec_nid2group_id(nid, group_id)) + *group_id = prime_field ? 0xff01 : 0xff02; if (comp_id == NULL) return (1); @@ -529,7 +667,7 @@ tls1_set_ec_id(uint16_t *curve_id, uint8_t *comp_id, EC_KEY *ec) /* Check that an EC key is compatible with extensions. */ static int -tls1_check_ec_key(SSL *s, const uint16_t *curve_id, const uint8_t *comp_id) +tls1_check_ec_key(SSL *s, const uint16_t *group_id, const uint8_t *comp_id) { size_t groupslen, formatslen, i; const uint16_t *groups; @@ -550,12 +688,12 @@ tls1_check_ec_key(SSL *s, const uint16_t *curve_id, const uint8_t *comp_id) } /* - * Check curve list if present, otherwise everything is supported. + * Check group list if present, otherwise everything is supported. */ tls1_get_group_list(s, 1, &groups, &groupslen); - if (curve_id != NULL && groups != NULL) { + if (group_id != NULL && groups != NULL) { for (i = 0; i < groupslen; i++) { - if (groups[i] == *curve_id) + if (groups[i] == *group_id) break; } if (i == groupslen) @@ -569,22 +707,22 @@ tls1_check_ec_key(SSL *s, const uint16_t *curve_id, const uint8_t *comp_id) int tls1_check_ec_server_key(SSL *s) { - CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC; - uint16_t curve_id; + SSL_CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC; + uint16_t group_id; uint8_t comp_id; + EC_KEY *eckey; EVP_PKEY *pkey; - int rv; if (cpk->x509 == NULL || cpk->privatekey == NULL) return (0); - if ((pkey = X509_get_pubkey(cpk->x509)) == NULL) + if ((pkey = X509_get0_pubkey(cpk->x509)) == NULL) + return (0); + if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) return (0); - rv = tls1_set_ec_id(&curve_id, &comp_id, pkey->pkey.ec); - EVP_PKEY_free(pkey); - if (rv != 1) + if (!tls1_set_ec_id(&group_id, &comp_id, eckey)) return (0); - return tls1_check_ec_key(s, &curve_id, &comp_id); + return tls1_check_ec_key(s, &group_id, &comp_id); } int @@ -634,7 +772,7 @@ ssl_check_clienthello_tlsext_late(SSL *s) if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->internal->tlsext_status_cb) { int r; - CERT_PKEY *certpkey; + SSL_CERT_PKEY *certpkey; certpkey = ssl_get_server_send_pkey(s); /* If no certificate can't return certificate status */ if (certpkey == NULL) { diff --git a/ssl/tls12_lib.c b/ssl/tls12_lib.c index f30f3a7b..14c8fd53 100644 --- a/ssl/tls12_lib.c +++ b/ssl/tls12_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls12_lib.c,v 1.3 2021/05/02 15:57:29 jsing Exp $ */ +/* $OpenBSD: tls12_lib.c,v 1.5 2022/06/07 17:19:09 tb Exp $ */ /* * Copyright (c) 2021 Joel Sing * @@ -27,7 +27,7 @@ tls12_finished_verify_data(SSL *s, const char *finished_label, *out_len = 0; - if (s->session->master_key_length <= 0) + if (s->session->master_key_length == 0) return 0; if (verify_data_len < TLS1_FINISH_MAC_LENGTH) @@ -71,12 +71,12 @@ tls12_derive_finished(SSL *s) { if (!s->server) { return tls12_client_finished_verify_data(s, - S3I(s)->hs.finished, sizeof(S3I(s)->hs.finished), - &S3I(s)->hs.finished_len); + s->s3->hs.finished, sizeof(s->s3->hs.finished), + &s->s3->hs.finished_len); } else { return tls12_server_finished_verify_data(s, - S3I(s)->hs.finished, sizeof(S3I(s)->hs.finished), - &S3I(s)->hs.finished_len); + s->s3->hs.finished, sizeof(s->s3->hs.finished), + &s->s3->hs.finished_len); } } @@ -85,12 +85,12 @@ tls12_derive_peer_finished(SSL *s) { if (s->server) { return tls12_client_finished_verify_data(s, - S3I(s)->hs.peer_finished, sizeof(S3I(s)->hs.peer_finished), - &S3I(s)->hs.peer_finished_len); + s->s3->hs.peer_finished, sizeof(s->s3->hs.peer_finished), + &s->s3->hs.peer_finished_len); } else { return tls12_server_finished_verify_data(s, - S3I(s)->hs.peer_finished, sizeof(S3I(s)->hs.peer_finished), - &S3I(s)->hs.peer_finished_len); + s->s3->hs.peer_finished, sizeof(s->s3->hs.peer_finished), + &s->s3->hs.peer_finished_len); } } diff --git a/ssl/tls12_record_layer.c b/ssl/tls12_record_layer.c index 6d7d8696..3568e187 100644 --- a/ssl/tls12_record_layer.c +++ b/ssl/tls12_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls12_record_layer.c,v 1.34 2021/08/30 19:12:25 jsing Exp $ */ +/* $OpenBSD: tls12_record_layer.c,v 1.36 2022/01/14 09:12:15 tb Exp $ */ /* * Copyright (c) 2020 Joel Sing * @@ -61,10 +61,7 @@ tls12_record_protection_new(void) static void tls12_record_protection_clear(struct tls12_record_protection *rp) { - if (rp->aead_ctx != NULL) { - EVP_AEAD_CTX_cleanup(rp->aead_ctx); - freezero(rp->aead_ctx, sizeof(*rp->aead_ctx)); - } + EVP_AEAD_CTX_free(rp->aead_ctx); freezero(rp->aead_nonce, rp->aead_nonce_len); freezero(rp->aead_fixed_nonce, rp->aead_fixed_nonce_len); @@ -355,14 +352,6 @@ tls12_record_layer_clear_write_state(struct tls12_record_layer *rl) rl->write_previous = NULL; } -void -tls12_record_layer_read_cipher_hash(struct tls12_record_layer *rl, - EVP_CIPHER_CTX **cipher, EVP_MD_CTX **hash) -{ - *cipher = rl->read->cipher_ctx; - *hash = rl->read->hash_ctx; -} - void tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl) { @@ -430,7 +419,7 @@ tls12_record_layer_ccs_aead(struct tls12_record_layer *rl, if (!tls12_record_protection_unused(rp)) return 0; - if ((rp->aead_ctx = calloc(1, sizeof(*rp->aead_ctx))) == NULL) + if ((rp->aead_ctx = EVP_AEAD_CTX_new()) == NULL) return 0; /* AES GCM cipher suites use variable nonce in record. */ diff --git a/ssl/tls13_client.c b/ssl/tls13_client.c index 62c51744..33ef55d2 100644 --- a/ssl/tls13_client.c +++ b/ssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.86 2021/06/29 19:20:39 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.99 2022/09/11 14:33:07 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -36,7 +36,7 @@ tls13_client_init(struct tls13_ctx *ctx) SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); return 0; } - s->client_version = s->version = ctx->hs->our_max_tls_version; + s->version = ctx->hs->our_max_tls_version; tls13_record_layer_set_retry_after_phh(ctx->rl, (s->internal->mode & SSL_MODE_AUTO_RETRY) != 0); @@ -51,9 +51,9 @@ tls13_client_init(struct tls13_ctx *ctx) tls1_get_group_list(s, 0, &groups, &groups_len); if (groups_len < 1) return 0; - if ((ctx->hs->tls13.key_share = tls13_key_share_new(groups[0])) == NULL) + if ((ctx->hs->key_share = tls_key_share_new(groups[0])) == NULL) return 0; - if (!tls13_key_share_generate(ctx->hs->tls13.key_share)) + if (!tls_key_share_generate(ctx->hs->key_share)) return 0; arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); @@ -92,9 +92,8 @@ tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb) SSL *s = ctx->ssl; /* Legacy client version is capped at TLS 1.2. */ - client_version = ctx->hs->our_max_tls_version; - if (client_version > TLS1_2_VERSION) - client_version = TLS1_2_VERSION; + if (!ssl_max_legacy_version(s, &client_version)) + goto err; if (!CBB_add_u16(cbb, client_version)) goto err; @@ -149,12 +148,12 @@ tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb) int tls13_client_hello_sent(struct tls13_ctx *ctx) { - tls13_record_layer_allow_ccs(ctx->rl, 1); - tls1_transcript_freeze(ctx->ssl); - if (ctx->middlebox_compat) + if (ctx->middlebox_compat) { + tls13_record_layer_allow_ccs(ctx->rl, 1); ctx->send_dummy_ccs = 1; + } return 1; } @@ -282,6 +281,7 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) goto err; } ctx->hs->negotiated_tls_version = ctx->hs->tls13.server_version; + ctx->hs->peer_legacy_version = legacy_version; /* The session_id must match. */ if (!CBS_mem_equal(&session_id, ctx->hs->tls13.legacy_session_id, @@ -343,7 +343,7 @@ tls13_client_engage_record_protection(struct tls13_ctx *ctx) /* Derive the shared key and engage record protection. */ - if (!tls13_key_share_derive(ctx->hs->tls13.key_share, &shared_key, + if (!tls_key_share_derive(ctx->hs->key_share, &shared_key, &shared_key_len)) goto err; @@ -382,10 +382,10 @@ tls13_client_engage_record_protection(struct tls13_ctx *ctx) tls13_record_layer_set_hash(ctx->rl, ctx->hash); if (!tls13_record_layer_set_read_traffic_key(ctx->rl, - &secrets->server_handshake_traffic)) + &secrets->server_handshake_traffic, ssl_encryption_handshake)) goto err; if (!tls13_record_layer_set_write_traffic_key(ctx->rl, - &secrets->client_handshake_traffic)) + &secrets->client_handshake_traffic, ssl_encryption_handshake)) goto err; ret = 1; @@ -440,17 +440,17 @@ tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb) * supported groups and is not the same as the key share we previously * offered. */ - if (!tls1_check_curve(ctx->ssl, ctx->hs->tls13.server_group)) + if (!tls1_check_group(ctx->ssl, ctx->hs->tls13.server_group)) return 0; /* XXX alert */ - if (ctx->hs->tls13.server_group == tls13_key_share_group(ctx->hs->tls13.key_share)) + if (ctx->hs->tls13.server_group == tls_key_share_group(ctx->hs->key_share)) return 0; /* XXX alert */ /* Switch to new key share. */ - tls13_key_share_free(ctx->hs->tls13.key_share); - if ((ctx->hs->tls13.key_share = - tls13_key_share_new(ctx->hs->tls13.server_group)) == NULL) + tls_key_share_free(ctx->hs->key_share); + if ((ctx->hs->key_share = + tls_key_share_new(ctx->hs->tls13.server_group)) == NULL) return 0; - if (!tls13_key_share_generate(ctx->hs->tls13.key_share)) + if (!tls_key_share_generate(ctx->hs->key_share)) return 0; if (!tls13_client_hello_build(ctx, cbb)) @@ -504,16 +504,10 @@ tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs) if (!tlsext_client_parse(ctx->ssl, SSL_TLSEXT_MSG_EE, cbs, &alert_desc)) { ctx->alert = alert_desc; - goto err; + return 0; } return 1; - - err: - if (ctx->alert == 0) - ctx->alert = TLS13_ALERT_DECODE_ERROR; - - return 0; } int @@ -559,9 +553,8 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs) struct stack_st_X509 *certs = NULL; SSL *s = ctx->ssl; X509 *cert = NULL; - EVP_PKEY *pkey; const uint8_t *p; - int cert_idx, alert_desc; + int alert_desc; int ret = 0; if ((certs = sk_X509_new_null()) == NULL) @@ -616,35 +609,12 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs) "failed to verify peer certificate", NULL); goto err; } + s->session->verify_result = s->verify_result; ERR_clear_error(); - cert = sk_X509_value(certs, 0); - X509_up_ref(cert); - - if ((pkey = X509_get0_pubkey(cert)) == NULL) - goto err; - if (EVP_PKEY_missing_parameters(pkey)) - goto err; - if ((cert_idx = ssl_cert_type(cert, pkey)) < 0) - goto err; - - ssl_sess_cert_free(SSI(s)->sess_cert); - if ((SSI(s)->sess_cert = ssl_sess_cert_new()) == NULL) + if (!tls_process_peer_certs(s, certs)) goto err; - SSI(s)->sess_cert->cert_chain = certs; - certs = NULL; - - X509_up_ref(cert); - SSI(s)->sess_cert->peer_pkeys[cert_idx].x509 = cert; - SSI(s)->sess_cert->peer_key = &(SSI(s)->sess_cert->peer_pkeys[cert_idx]); - - X509_free(s->session->peer); - - X509_up_ref(cert); - s->session->peer = cert; - s->session->verify_result = s->verify_result; - if (ctx->ocsp_status_recv_cb != NULL && !ctx->ocsp_status_recv_cb(ctx)) goto err; @@ -696,7 +666,7 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) if (!CBB_finish(&cbb, &sig_content, &sig_content_len)) goto err; - if ((cert = ctx->ssl->session->peer) == NULL) + if ((cert = ctx->ssl->session->peer_cert) == NULL) goto err; if ((pkey = X509_get0_pubkey(cert)) == NULL) goto err; @@ -813,7 +783,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs) * using the server application traffic keys. */ if (!tls13_record_layer_set_read_traffic_key(ctx->rl, - &secrets->server_application_traffic)) + &secrets->server_application_traffic, ssl_encryption_application)) goto err; tls13_record_layer_allow_ccs(ctx->rl, 0); @@ -828,7 +798,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs) } static int -tls13_client_check_certificate(struct tls13_ctx *ctx, CERT_PKEY *cpk, +tls13_client_check_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY *cpk, int *ok, const struct ssl_sigalg **out_sigalg) { const struct ssl_sigalg *sigalg; @@ -851,12 +821,12 @@ tls13_client_check_certificate(struct tls13_ctx *ctx, CERT_PKEY *cpk, } static int -tls13_client_select_certificate(struct tls13_ctx *ctx, CERT_PKEY **out_cpk, +tls13_client_select_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY **out_cpk, const struct ssl_sigalg **out_sigalg) { SSL *s = ctx->ssl; const struct ssl_sigalg *sigalg; - CERT_PKEY *cpk; + SSL_CERT_PKEY *cpk; int cert_ok; *out_cpk = NULL; @@ -897,7 +867,7 @@ tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb) CBB cert_request_context, cert_list; const struct ssl_sigalg *sigalg; STACK_OF(X509) *chain; - CERT_PKEY *cpk; + SSL_CERT_PKEY *cpk; X509 *cert; int i, ret = 0; @@ -948,7 +918,7 @@ tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) EVP_MD_CTX *mdctx = NULL; EVP_PKEY_CTX *pctx; EVP_PKEY *pkey; - const CERT_PKEY *cpk; + const SSL_CERT_PKEY *cpk; CBB sig_cbb; int ret = 0; @@ -1092,5 +1062,5 @@ tls13_client_finished_sent(struct tls13_ctx *ctx) * using the client application traffic keys. */ return tls13_record_layer_set_write_traffic_key(ctx->rl, - &secrets->client_application_traffic); + &secrets->client_application_traffic, ssl_encryption_application); } diff --git a/ssl/tls13_handshake.c b/ssl/tls13_handshake.c index cca8560f..c40442fd 100644 --- a/ssl/tls13_handshake.c +++ b/ssl/tls13_handshake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_handshake.c,v 1.70 2021/09/16 19:25:30 jsing Exp $ */ +/* $OpenBSD: tls13_handshake.c,v 1.71 2022/04/19 17:01:43 tb Exp $ */ /* * Copyright (c) 2018-2021 Theo Buehler * Copyright (c) 2019 Joel Sing @@ -291,8 +291,6 @@ tls13_handshake_message_name(uint8_t msg_type) return "CertificateVerify"; case TLS13_MT_FINISHED: return "Finished"; - case TLS13_MT_KEY_UPDATE: - return "KeyUpdate"; } return "Unknown"; } diff --git a/ssl/tls13_handshake_msg.c b/ssl/tls13_handshake_msg.c index ff6d6d7e..134cfb21 100644 --- a/ssl/tls13_handshake_msg.c +++ b/ssl/tls13_handshake_msg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_handshake_msg.c,v 1.3 2021/05/16 14:19:04 jsing Exp $ */ +/* $OpenBSD: tls13_handshake_msg.c,v 1.6 2022/07/22 19:33:53 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -28,7 +28,7 @@ struct tls13_handshake_msg { uint8_t *data; size_t data_len; - struct tls13_buffer *buf; + struct tls_buffer *buf; CBS cbs; CBB cbb; }; @@ -40,7 +40,7 @@ tls13_handshake_msg_new() if ((msg = calloc(1, sizeof(struct tls13_handshake_msg))) == NULL) goto err; - if ((msg->buf = tls13_buffer_new(0)) == NULL) + if ((msg->buf = tls_buffer_new(0)) == NULL) goto err; return msg; @@ -57,7 +57,7 @@ tls13_handshake_msg_free(struct tls13_handshake_msg *msg) if (msg == NULL) return; - tls13_buffer_free(msg->buf); + tls_buffer_free(msg->buf); CBB_cleanup(&msg->cbb); @@ -71,12 +71,6 @@ tls13_handshake_msg_data(struct tls13_handshake_msg *msg, CBS *cbs) CBS_init(cbs, msg->data, msg->data_len); } -int -tls13_handshake_msg_set_buffer(struct tls13_handshake_msg *msg, CBS *cbs) -{ - return tls13_buffer_set_data(msg->buf, cbs); -} - uint8_t tls13_handshake_msg_type(struct tls13_handshake_msg *msg) { @@ -137,12 +131,13 @@ tls13_handshake_msg_recv(struct tls13_handshake_msg *msg, return TLS13_IO_FAILURE; if (msg->msg_type == 0) { - if ((ret = tls13_buffer_extend(msg->buf, + if ((ret = tls_buffer_extend(msg->buf, TLS13_HANDSHAKE_MSG_HEADER_LEN, tls13_handshake_msg_read_cb, rl)) <= 0) return ret; - tls13_buffer_cbs(msg->buf, &cbs); + if (!tls_buffer_data(msg->buf, &cbs)) + return TLS13_IO_FAILURE; if (!CBS_get_u8(&cbs, &msg_type)) return TLS13_IO_FAILURE; @@ -157,12 +152,12 @@ tls13_handshake_msg_recv(struct tls13_handshake_msg *msg, msg->msg_len = msg_len; } - if ((ret = tls13_buffer_extend(msg->buf, + if ((ret = tls_buffer_extend(msg->buf, TLS13_HANDSHAKE_MSG_HEADER_LEN + msg->msg_len, tls13_handshake_msg_read_cb, rl)) <= 0) return ret; - if (!tls13_buffer_finish(msg->buf, &msg->data, &msg->data_len)) + if (!tls_buffer_finish(msg->buf, &msg->data, &msg->data_len)) return TLS13_IO_FAILURE; return TLS13_IO_SUCCESS; diff --git a/ssl/tls13_internal.h b/ssl/tls13_internal.h index 20cb52eb..f4b17bdf 100644 --- a/ssl/tls13_internal.h +++ b/ssl/tls13_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_internal.h,v 1.94 2021/09/16 19:25:30 jsing Exp $ */ +/* $OpenBSD: tls13_internal.h,v 1.101 2022/07/24 14:28:16 jsing Exp $ */ /* * Copyright (c) 2018 Bob Beck * Copyright (c) 2018 Theo Buehler @@ -24,6 +24,7 @@ #include #include "bytestring.h" +#include "tls_internal.h" __BEGIN_HIDDEN_DECLS @@ -87,29 +88,22 @@ __BEGIN_HIDDEN_DECLS #define TLS13_INFO_CONNECT_EXIT SSL_CB_CONNECT_EXIT typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg); -typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *_cbs); +typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg); typedef void (*tls13_phh_sent_cb)(void *_cb_arg); -typedef ssize_t (*tls13_read_cb)(void *_buf, size_t _buflen, void *_cb_arg); -typedef ssize_t (*tls13_write_cb)(const void *_buf, size_t _buflen, - void *_cb_arg); -typedef ssize_t (*tls13_flush_cb)(void *_cb_arg); typedef void (*tls13_handshake_message_cb)(void *_cb_arg); typedef void (*tls13_info_cb)(void *_cb_arg, int _state, int _ret); typedef int (*tls13_ocsp_status_cb)(void *_cb_arg); /* - * Buffers. + * PSK support. */ -struct tls13_buffer; -struct tls13_buffer *tls13_buffer_new(size_t init_size); -int tls13_buffer_set_data(struct tls13_buffer *buf, CBS *data); -void tls13_buffer_free(struct tls13_buffer *buf); -ssize_t tls13_buffer_extend(struct tls13_buffer *buf, size_t len, - tls13_read_cb read_cb, void *cb_arg); -void tls13_buffer_cbs(struct tls13_buffer *buf, CBS *cbs); -int tls13_buffer_finish(struct tls13_buffer *buf, uint8_t **out, - size_t *out_len); +/* + * Known PskKeyExchangeMode values. + * https://www.iana.org/assignments/tls-parameters/#tls-pskkeyexchangemode + */ +#define TLS13_PSK_KE 0 +#define TLS13_PSK_DHE_KE 1 /* * Secrets. @@ -175,33 +169,25 @@ int tls13_derive_application_secrets(struct tls13_secrets *secrets, int tls13_update_client_traffic_secret(struct tls13_secrets *secrets); int tls13_update_server_traffic_secret(struct tls13_secrets *secrets); -/* - * Key shares. - */ -struct tls13_key_share; - -struct tls13_key_share *tls13_key_share_new(uint16_t group_id); -struct tls13_key_share *tls13_key_share_new_nid(int nid); -void tls13_key_share_free(struct tls13_key_share *ks); - -uint16_t tls13_key_share_group(struct tls13_key_share *ks); -int tls13_key_share_peer_pkey(struct tls13_key_share *ks, EVP_PKEY *pkey); -int tls13_key_share_generate(struct tls13_key_share *ks); -int tls13_key_share_public(struct tls13_key_share *ks, CBB *cbb); -int tls13_key_share_peer_public(struct tls13_key_share *ks, uint16_t group, - CBS *cbs); -int tls13_key_share_derive(struct tls13_key_share *ks, uint8_t **shared_key, - size_t *shared_key_len); - /* * Record Layer. */ struct tls13_record_layer; struct tls13_record_layer_callbacks { - tls13_read_cb wire_read; - tls13_write_cb wire_write; - tls13_flush_cb wire_flush; + /* Wire callbacks. */ + tls_read_cb wire_read; + tls_write_cb wire_write; + tls_flush_cb wire_flush; + + /* Interceptors. */ + tls_handshake_read_cb handshake_read; + tls_handshake_write_cb handshake_write; + tls_traffic_key_cb set_read_traffic_key; + tls_traffic_key_cb set_write_traffic_key; + tls_alert_send_cb alert_send; + + /* Notification callbacks. */ tls13_alert_cb alert_recv; tls13_alert_cb alert_sent; tls13_phh_recv_cb phh_recv; @@ -211,6 +197,8 @@ struct tls13_record_layer_callbacks { struct tls13_record_layer *tls13_record_layer_new( const struct tls13_record_layer_callbacks *callbacks, void *cb_arg); void tls13_record_layer_free(struct tls13_record_layer *rl); +void tls13_record_layer_set_callbacks(struct tls13_record_layer *rl, + const struct tls13_record_layer_callbacks *callbacks, void *cb_arg); void tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow); void tls13_record_layer_allow_legacy_alerts(struct tls13_record_layer *rl, int allow); void tls13_record_layer_rcontent(struct tls13_record_layer *rl, CBS *cbs); @@ -223,9 +211,9 @@ void tls13_record_layer_set_legacy_version(struct tls13_record_layer *rl, void tls13_record_layer_set_retry_after_phh(struct tls13_record_layer *rl, int retry); void tls13_record_layer_handshake_completed(struct tls13_record_layer *rl); int tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl, - struct tls13_secret *read_key); + struct tls13_secret *read_key, enum ssl_encryption_level_t read_level); int tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl, - struct tls13_secret *write_key); + struct tls13_secret *write_key, enum ssl_encryption_level_t write_level); ssize_t tls13_record_layer_send_pending(struct tls13_record_layer *rl); ssize_t tls13_record_layer_phh(struct tls13_record_layer *rl, CBS *cbs); ssize_t tls13_record_layer_flush(struct tls13_record_layer *rl); @@ -250,7 +238,6 @@ struct tls13_handshake_msg; struct tls13_handshake_msg *tls13_handshake_msg_new(void); void tls13_handshake_msg_free(struct tls13_handshake_msg *msg); void tls13_handshake_msg_data(struct tls13_handshake_msg *msg, CBS *cbs); -int tls13_handshake_msg_set_buffer(struct tls13_handshake_msg *msg, CBS *cbs); uint8_t tls13_handshake_msg_type(struct tls13_handshake_msg *msg); int tls13_handshake_msg_content(struct tls13_handshake_msg *msg, CBS *cbs); int tls13_handshake_msg_start(struct tls13_handshake_msg *msg, CBB *body, @@ -316,12 +303,19 @@ struct tls13_ctx { #define TLS13_PHH_LIMIT 100 #endif -struct tls13_ctx *tls13_ctx_new(int mode); +struct tls13_ctx *tls13_ctx_new(int mode, SSL *ssl); void tls13_ctx_free(struct tls13_ctx *ctx); const EVP_AEAD *tls13_cipher_aead(const SSL_CIPHER *cipher); const EVP_MD *tls13_cipher_hash(const SSL_CIPHER *cipher); +void tls13_alert_received_cb(uint8_t alert_desc, void *arg); +void tls13_alert_sent_cb(uint8_t alert_desc, void *arg); +ssize_t tls13_phh_received_cb(void *cb_arg); +void tls13_phh_done_cb(void *cb_arg); + +int tls13_quic_init(struct tls13_ctx *ctx); + /* * Legacy interfaces. */ diff --git a/ssl/tls13_key_schedule.c b/ssl/tls13_key_schedule.c index bb96cf3d..d88faab0 100644 --- a/ssl/tls13_key_schedule.c +++ b/ssl/tls13_key_schedule.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_key_schedule.c,v 1.14 2021/01/05 18:36:22 tb Exp $ */ +/* $OpenBSD: tls13_key_schedule.c,v 1.15 2022/07/07 17:09:45 tb Exp $ */ /* * Copyright (c) 2018, Bob Beck * @@ -169,7 +169,7 @@ tls13_hkdf_expand_label_with_length(struct tls13_secret *out, const uint8_t *label, size_t label_len, const struct tls13_secret *context) { const char tls13_plabel[] = "tls13 "; - uint8_t *hkdf_label; + uint8_t *hkdf_label = NULL; size_t hkdf_label_len; CBB cbb, child; int ret; diff --git a/ssl/tls13_legacy.c b/ssl/tls13_legacy.c index f668dd4e..545f2cd9 100644 --- a/ssl/tls13_legacy.c +++ b/ssl/tls13_legacy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_legacy.c,v 1.31 2021/09/16 19:25:30 jsing Exp $ */ +/* $OpenBSD: tls13_legacy.c,v 1.38 2022/07/17 15:49:20 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -127,7 +127,7 @@ tls13_legacy_error(SSL *ssl) int reason = SSL_R_UNKNOWN; /* If we received a fatal alert we already put an error on the stack. */ - if (S3I(ssl)->fatal_alert != 0) + if (ssl->s3->fatal_alert != 0) return; switch (ctx->error.code) { @@ -229,6 +229,8 @@ tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int pee if (ctx == NULL || !ctx->handshake_completed) { if ((ret = ssl->internal->handshake_func(ssl)) <= 0) return ret; + if (len == 0) + return 0; return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLIN); } @@ -263,6 +265,8 @@ tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len) if (ctx == NULL || !ctx->handshake_completed) { if ((ret = ssl->internal->handshake_func(ssl)) <= 0) return ret; + if (len == 0) + return 0; return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLOUT); } @@ -288,7 +292,7 @@ tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len) * In the non-SSL_MODE_ENABLE_PARTIAL_WRITE case we have to loop until * we have written out all of the requested data. */ - sent = S3I(ssl)->wnum; + sent = ssl->s3->wnum; if (len < sent) { SSLerror(ssl, SSL_R_BAD_LENGTH); return -1; @@ -296,12 +300,12 @@ tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len) n = len - sent; for (;;) { if (n == 0) { - S3I(ssl)->wnum = 0; + ssl->s3->wnum = 0; return sent; } if ((ret = tls13_write_application_data(ctx->rl, &buf[sent], n)) <= 0) { - S3I(ssl)->wnum = sent; + ssl->s3->wnum = sent; return tls13_legacy_return_code(ssl, ret); } sent += ret; @@ -330,8 +334,8 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx) /* Stash any unprocessed data from the last record. */ tls13_record_layer_rcontent(ctx->rl, &cbs); if (CBS_len(&cbs) > 0) { - if (!CBB_init_fixed(&cbb, S3I(s)->rbuf.buf, - S3I(s)->rbuf.len)) + if (!CBB_init_fixed(&cbb, s->s3->rbuf.buf, + s->s3->rbuf.len)) goto err; if (!CBB_add_u8(&cbb, SSL3_RT_HANDSHAKE)) goto err; @@ -344,12 +348,12 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx) if (!CBB_finish(&cbb, NULL, NULL)) goto err; - S3I(s)->rbuf.offset = SSL3_RT_HEADER_LENGTH; - S3I(s)->rbuf.left = CBS_len(&cbs); - S3I(s)->rrec.type = SSL3_RT_HANDSHAKE; - S3I(s)->rrec.length = CBS_len(&cbs); + s->s3->rbuf.offset = SSL3_RT_HEADER_LENGTH; + s->s3->rbuf.left = CBS_len(&cbs); + s->s3->rrec.type = SSL3_RT_HANDSHAKE; + s->s3->rrec.length = CBS_len(&cbs); s->internal->rstate = SSL_ST_READ_BODY; - s->internal->packet = S3I(s)->rbuf.buf; + s->internal->packet = s->s3->rbuf.buf; s->internal->packet_length = SSL3_RT_HEADER_LENGTH; s->internal->mac_packet = 1; } @@ -362,9 +366,9 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx) s->internal->init_buf->length, NULL)) goto err; - S3I(s)->hs.tls12.reuse_message = 1; - S3I(s)->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg); - S3I(s)->hs.tls12.message_size = CBS_len(&cbs) - SSL3_HM_HEADER_LENGTH; + s->s3->hs.tls12.reuse_message = 1; + s->s3->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg); + s->s3->hs.tls12.message_size = CBS_len(&cbs) - SSL3_HM_HEADER_LENGTH; return 1; @@ -383,7 +387,7 @@ tls13_use_legacy_client(struct tls13_ctx *ctx) return 0; s->internal->handshake_func = s->method->ssl_connect; - s->client_version = s->version = s->method->max_tls_version; + s->version = s->method->max_tls_version; return 1; } @@ -397,7 +401,7 @@ tls13_use_legacy_server(struct tls13_ctx *ctx) return 0; s->internal->handshake_func = s->method->ssl_accept; - s->client_version = s->version = s->method->max_tls_version; + s->version = s->method->max_tls_version; s->server = 1; return 1; @@ -410,14 +414,10 @@ tls13_legacy_accept(SSL *ssl) int ret; if (ctx == NULL) { - if ((ctx = tls13_ctx_new(TLS13_HS_SERVER)) == NULL) { + if ((ctx = tls13_ctx_new(TLS13_HS_SERVER, ssl)) == NULL) { SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ return -1; } - ssl->internal->tls13 = ctx; - ctx->ssl = ssl; - ctx->hs = &S3I(ssl)->hs; - if (!tls13_server_init(ctx)) { if (ERR_peek_error() == 0) SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ @@ -445,23 +445,11 @@ tls13_legacy_connect(SSL *ssl) struct tls13_ctx *ctx = ssl->internal->tls13; int ret; -#ifdef TLS13_USE_LEGACY_CLIENT_AUTH - /* XXX drop back to legacy for client auth for now */ - if (ssl->cert->key->privatekey != NULL) { - ssl->method = tls_legacy_client_method(); - return ssl->method->ssl_connect(ssl); - } -#endif - if (ctx == NULL) { - if ((ctx = tls13_ctx_new(TLS13_HS_CLIENT)) == NULL) { + if ((ctx = tls13_ctx_new(TLS13_HS_CLIENT, ssl)) == NULL) { SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ return -1; } - ssl->internal->tls13 = ctx; - ctx->ssl = ssl; - ctx->hs = &S3I(ssl)->hs; - if (!tls13_client_init(ctx)) { if (ERR_peek_error() == 0) SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ @@ -491,9 +479,9 @@ tls13_legacy_shutdown(SSL *ssl) ssize_t ret; /* - * We need to return 0 when we have sent a close-notify but have not - * yet received one. We return 1 only once we have sent and received - * close-notify alerts. All other cases return -1 and set internal + * We need to return 0 at the point that we have completed sending a + * close-notify. We return 1 when we have sent and received close-notify + * alerts. All other cases, including EOF, return -1 and set internal * state appropriately. */ if (ctx == NULL || ssl->internal->quiet_shutdown) { @@ -509,13 +497,15 @@ tls13_legacy_shutdown(SSL *ssl) TLS13_ALERT_CLOSE_NOTIFY)) < 0) return tls13_legacy_return_code(ssl, ret); } - if ((ret = tls13_record_layer_send_pending(ctx->rl)) != - TLS13_IO_SUCCESS) + ret = tls13_record_layer_send_pending(ctx->rl); + if (ret == TLS13_IO_EOF) + return -1; + if (ret != TLS13_IO_SUCCESS) return tls13_legacy_return_code(ssl, ret); } else if (!ctx->close_notify_recv) { /* * If there is no application data pending, attempt to read more - * data in order to receive a close notify. This should trigger + * data in order to receive a close-notify. This should trigger * a record to be read from the wire, which may be application * handshake or alert data. Only one attempt is made to match * previous semantics. @@ -524,6 +514,8 @@ tls13_legacy_shutdown(SSL *ssl) if ((ret = tls13_read_application_data(ctx->rl, buf, sizeof(buf))) < 0) return tls13_legacy_return_code(ssl, ret); + if (!ctx->close_notify_recv) + return -1; } } diff --git a/ssl/tls13_lib.c b/ssl/tls13_lib.c index 1a9596ad..651c34ca 100644 --- a/ssl/tls13_lib.c +++ b/ssl/tls13_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_lib.c,v 1.62 2021/09/16 19:25:30 jsing Exp $ */ +/* $OpenBSD: tls13_lib.c,v 1.71 2022/09/10 15:29:33 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * Copyright (c) 2019 Bob Beck @@ -103,7 +103,7 @@ tls13_cipher_hash(const SSL_CIPHER *cipher) return NULL; } -static void +void tls13_alert_received_cb(uint8_t alert_desc, void *arg) { struct tls13_ctx *ctx = arg; @@ -111,7 +111,7 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg) if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { ctx->close_notify_recv = 1; ctx->ssl->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; - S3I(ctx->ssl)->warn_alert = alert_desc; + ctx->ssl->s3->warn_alert = alert_desc; return; } @@ -124,7 +124,7 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg) } /* All other alerts are treated as fatal in TLSv1.3. */ - S3I(ctx->ssl)->fatal_alert = alert_desc; + ctx->ssl->s3->fatal_alert = alert_desc; SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc); ERR_asprintf_error_data("SSL alert number %d", alert_desc); @@ -132,7 +132,7 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg) SSL_CTX_remove_session(ctx->ssl->ctx, ctx->ssl->session); } -static void +void tls13_alert_sent_cb(uint8_t alert_desc, void *arg) { struct tls13_ctx *ctx = arg; @@ -162,7 +162,7 @@ tls13_legacy_handshake_message_recv_cb(void *arg) return; tls13_handshake_msg_data(ctx->hs_msg, &cbs); - ssl_msg_callback(s, 0, SSL3_RT_HANDSHAKE, CBS_data(&cbs), CBS_len(&cbs)); + ssl_msg_callback_cbs(s, 0, SSL3_RT_HANDSHAKE, &cbs); } static void @@ -176,7 +176,7 @@ tls13_legacy_handshake_message_sent_cb(void *arg) return; tls13_handshake_msg_data(ctx->hs_msg, &cbs); - ssl_msg_callback(s, 1, SSL3_RT_HANDSHAKE, CBS_data(&cbs), CBS_len(&cbs)); + ssl_msg_callback_cbs(s, 1, SSL3_RT_HANDSHAKE, &cbs); } static void @@ -215,31 +215,43 @@ tls13_legacy_ocsp_status_recv_cb(void *arg) } static int -tls13_phh_update_local_traffic_secret(struct tls13_ctx *ctx) +tls13_phh_update_read_traffic_secret(struct tls13_ctx *ctx) { struct tls13_secrets *secrets = ctx->hs->tls13.secrets; + struct tls13_secret *secret; - if (ctx->mode == TLS13_HS_CLIENT) - return (tls13_update_client_traffic_secret(secrets) && - tls13_record_layer_set_write_traffic_key(ctx->rl, - &secrets->client_application_traffic)); - return (tls13_update_server_traffic_secret(secrets) && - tls13_record_layer_set_read_traffic_key(ctx->rl, - &secrets->server_application_traffic)); + if (ctx->mode == TLS13_HS_CLIENT) { + secret = &secrets->server_application_traffic; + if (!tls13_update_server_traffic_secret(secrets)) + return 0; + } else { + secret = &secrets->client_application_traffic; + if (!tls13_update_client_traffic_secret(secrets)) + return 0; + } + + return tls13_record_layer_set_read_traffic_key(ctx->rl, + secret, ssl_encryption_application); } static int -tls13_phh_update_peer_traffic_secret(struct tls13_ctx *ctx) +tls13_phh_update_write_traffic_secret(struct tls13_ctx *ctx) { struct tls13_secrets *secrets = ctx->hs->tls13.secrets; + struct tls13_secret *secret; - if (ctx->mode == TLS13_HS_CLIENT) - return (tls13_update_server_traffic_secret(secrets) && - tls13_record_layer_set_read_traffic_key(ctx->rl, - &secrets->server_application_traffic)); - return (tls13_update_client_traffic_secret(secrets) && - tls13_record_layer_set_write_traffic_key(ctx->rl, - &secrets->client_application_traffic)); + if (ctx->mode == TLS13_HS_CLIENT) { + secret = &secrets->client_application_traffic; + if (!tls13_update_client_traffic_secret(secrets)) + return 0; + } else { + secret = &secrets->server_application_traffic; + if (!tls13_update_server_traffic_secret(secrets)) + return 0; + } + + return tls13_record_layer_set_write_traffic_key(ctx->rl, + secret, ssl_encryption_application); } /* @@ -285,13 +297,13 @@ tls13_key_update_recv(struct tls13_ctx *ctx, CBS *cbs) goto err; } - if (!tls13_phh_update_peer_traffic_secret(ctx)) + if (!tls13_phh_update_read_traffic_secret(ctx)) goto err; if (key_update_request == 0) return TLS13_IO_SUCCESS; - /* key_update_request == 1 */ + /* Our peer requested that we update our write traffic keys. */ if ((hs_msg = tls13_handshake_msg_new()) == NULL) goto err; if (!tls13_handshake_msg_start(hs_msg, &cbb_hs, TLS13_MT_KEY_UPDATE)) @@ -316,23 +328,12 @@ tls13_key_update_recv(struct tls13_ctx *ctx, CBS *cbs) return tls13_send_alert(ctx->rl, alert); } -static void -tls13_phh_done_cb(void *cb_arg) -{ - struct tls13_ctx *ctx = cb_arg; - - if (ctx->key_update_request) { - tls13_phh_update_local_traffic_secret(ctx); - ctx->key_update_request = 0; - } -} - -static ssize_t -tls13_phh_received_cb(void *cb_arg, CBS *cbs) +ssize_t +tls13_phh_received_cb(void *cb_arg) { ssize_t ret = TLS13_IO_FAILURE; struct tls13_ctx *ctx = cb_arg; - CBS phh_cbs; + CBS cbs; if (!tls13_phh_limit_check(ctx)) return tls13_send_alert(ctx->rl, TLS13_ALERT_UNEXPECTED_MESSAGE); @@ -341,19 +342,16 @@ tls13_phh_received_cb(void *cb_arg, CBS *cbs) ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL)) return TLS13_IO_FAILURE; - if (!tls13_handshake_msg_set_buffer(ctx->hs_msg, cbs)) - return TLS13_IO_FAILURE; - - if ((ret = tls13_handshake_msg_recv(ctx->hs_msg, ctx->rl)) - != TLS13_IO_SUCCESS) + if ((ret = tls13_handshake_msg_recv(ctx->hs_msg, ctx->rl)) != + TLS13_IO_SUCCESS) return ret; - if (!tls13_handshake_msg_content(ctx->hs_msg, &phh_cbs)) + if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs)) return TLS13_IO_FAILURE; switch(tls13_handshake_msg_type(ctx->hs_msg)) { case TLS13_MT_KEY_UPDATE: - ret = tls13_key_update_recv(ctx, &phh_cbs); + ret = tls13_key_update_recv(ctx, &cbs); break; case TLS13_MT_NEW_SESSION_TICKET: /* XXX do nothing for now and ignore this */ @@ -371,10 +369,22 @@ tls13_phh_received_cb(void *cb_arg, CBS *cbs) return ret; } -static const struct tls13_record_layer_callbacks rl_callbacks = { +void +tls13_phh_done_cb(void *cb_arg) +{ + struct tls13_ctx *ctx = cb_arg; + + if (ctx->key_update_request) { + tls13_phh_update_write_traffic_secret(ctx); + ctx->key_update_request = 0; + } +} + +static const struct tls13_record_layer_callbacks tls13_rl_callbacks = { .wire_read = tls13_legacy_wire_read_cb, .wire_write = tls13_legacy_wire_write_cb, .wire_flush = tls13_legacy_wire_flush_cb, + .alert_recv = tls13_alert_received_cb, .alert_sent = tls13_alert_sent_cb, .phh_recv = tls13_phh_received_cb, @@ -382,16 +392,18 @@ static const struct tls13_record_layer_callbacks rl_callbacks = { }; struct tls13_ctx * -tls13_ctx_new(int mode) +tls13_ctx_new(int mode, SSL *ssl) { struct tls13_ctx *ctx = NULL; if ((ctx = calloc(sizeof(struct tls13_ctx), 1)) == NULL) goto err; + ctx->hs = &ssl->s3->hs; ctx->mode = mode; + ctx->ssl = ssl; - if ((ctx->rl = tls13_record_layer_new(&rl_callbacks, ctx)) == NULL) + if ((ctx->rl = tls13_record_layer_new(&tls13_rl_callbacks, ctx)) == NULL) goto err; ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb; @@ -401,6 +413,13 @@ tls13_ctx_new(int mode) ctx->middlebox_compat = 1; + ssl->internal->tls13 = ctx; + + if (SSL_is_quic(ssl)) { + if (!tls13_quic_init(ctx)) + goto err; + } + return ctx; err: diff --git a/ssl/tls13_quic.c b/ssl/tls13_quic.c new file mode 100644 index 00000000..bb7317d4 --- /dev/null +++ b/ssl/tls13_quic.c @@ -0,0 +1,182 @@ +/* $OpenBSD: tls13_quic.c,v 1.6 2022/08/30 18:23:40 tb Exp $ */ +/* + * Copyright (c) 2022 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include "tls13_internal.h" + +static ssize_t +tls13_quic_wire_read_cb(void *buf, size_t n, void *arg) +{ + struct tls13_ctx *ctx = arg; + SSL *ssl = ctx->ssl; + + SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR); + return TLS13_IO_FAILURE; +} + +static ssize_t +tls13_quic_wire_write_cb(const void *buf, size_t n, void *arg) +{ + struct tls13_ctx *ctx = arg; + SSL *ssl = ctx->ssl; + + SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR); + return TLS13_IO_FAILURE; +} + +static ssize_t +tls13_quic_wire_flush_cb(void *arg) +{ + struct tls13_ctx *ctx = arg; + SSL *ssl = ctx->ssl; + + if (!ssl->quic_method->flush_flight(ssl)) { + SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR); + return TLS13_IO_FAILURE; + } + + return TLS13_IO_SUCCESS; +} + +static ssize_t +tls13_quic_handshake_read_cb(void *buf, size_t n, void *arg) +{ + struct tls13_ctx *ctx = arg; + + if (ctx->hs->tls13.quic_read_buffer == NULL) + return TLS13_IO_WANT_POLLIN; + + return tls_buffer_read(ctx->hs->tls13.quic_read_buffer, buf, n); +} + +static ssize_t +tls13_quic_handshake_write_cb(const void *buf, size_t n, void *arg) +{ + struct tls13_ctx *ctx = arg; + SSL *ssl = ctx->ssl; + + if (!ssl->quic_method->add_handshake_data(ssl, + ctx->hs->tls13.quic_write_level, buf, n)) { + SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR); + return TLS13_IO_FAILURE; + } + + return n; +} + +static int +tls13_quic_set_read_traffic_key(struct tls13_secret *read_key, + enum ssl_encryption_level_t read_level, void *arg) +{ + struct tls13_ctx *ctx = arg; + SSL *ssl = ctx->ssl; + + ctx->hs->tls13.quic_read_level = read_level; + + /* Handle both the new (BoringSSL) and old (quictls) APIs. */ + + if (ssl->quic_method->set_read_secret != NULL) + return ssl->quic_method->set_read_secret(ssl, + ctx->hs->tls13.quic_read_level, ctx->hs->cipher, + read_key->data, read_key->len); + + if (ssl->quic_method->set_encryption_secrets != NULL) + return ssl->quic_method->set_encryption_secrets(ssl, + ctx->hs->tls13.quic_read_level, read_key->data, NULL, + read_key->len); + + return 0; +} + +static int +tls13_quic_set_write_traffic_key(struct tls13_secret *write_key, + enum ssl_encryption_level_t write_level, void *arg) +{ + struct tls13_ctx *ctx = arg; + SSL *ssl = ctx->ssl; + + ctx->hs->tls13.quic_write_level = write_level; + + /* Handle both the new (BoringSSL) and old (quictls) APIs. */ + + if (ssl->quic_method->set_write_secret != NULL) + return ssl->quic_method->set_write_secret(ssl, + ctx->hs->tls13.quic_write_level, ctx->hs->cipher, + write_key->data, write_key->len); + + if (ssl->quic_method->set_encryption_secrets != NULL) + return ssl->quic_method->set_encryption_secrets(ssl, + ctx->hs->tls13.quic_write_level, NULL, write_key->data, + write_key->len); + + return 0; +} + +static int +tls13_quic_alert_send_cb(int alert_desc, void *arg) +{ + struct tls13_ctx *ctx = arg; + SSL *ssl = ctx->ssl; + + if (!ssl->quic_method->send_alert(ssl, ctx->hs->tls13.quic_write_level, + alert_desc)) { + SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR); + return TLS13_IO_FAILURE; + } + + return TLS13_IO_SUCCESS; +} + +static const struct tls13_record_layer_callbacks quic_rl_callbacks = { + .wire_read = tls13_quic_wire_read_cb, + .wire_write = tls13_quic_wire_write_cb, + .wire_flush = tls13_quic_wire_flush_cb, + + .handshake_read = tls13_quic_handshake_read_cb, + .handshake_write = tls13_quic_handshake_write_cb, + .set_read_traffic_key = tls13_quic_set_read_traffic_key, + .set_write_traffic_key = tls13_quic_set_write_traffic_key, + .alert_send = tls13_quic_alert_send_cb, + + .alert_recv = tls13_alert_received_cb, + .alert_sent = tls13_alert_sent_cb, + .phh_recv = tls13_phh_received_cb, + .phh_sent = tls13_phh_done_cb, +}; + +int +tls13_quic_init(struct tls13_ctx *ctx) +{ + BIO *bio; + + tls13_record_layer_set_callbacks(ctx->rl, &quic_rl_callbacks, ctx); + + ctx->middlebox_compat = 0; + + /* + * QUIC does not use BIOs, however we currently expect a BIO to exist + * for status handling. + */ + if ((bio = BIO_new(BIO_s_null())) == NULL) + return 0; + + SSL_set_bio(ctx->ssl, bio, bio); + bio = NULL; + + return 1; +} diff --git a/ssl/tls13_record.c b/ssl/tls13_record.c index 3bdaead5..dbc835c5 100644 --- a/ssl/tls13_record.c +++ b/ssl/tls13_record.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_record.c,v 1.8 2021/05/16 14:19:04 jsing Exp $ */ +/* $OpenBSD: tls13_record.c,v 1.10 2022/07/22 19:33:53 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -26,7 +26,7 @@ struct tls13_record { size_t data_len; CBS cbs; - struct tls13_buffer *buf; + struct tls_buffer *buf; }; struct tls13_record * @@ -36,7 +36,7 @@ tls13_record_new(void) if ((rec = calloc(1, sizeof(struct tls13_record))) == NULL) goto err; - if ((rec->buf = tls13_buffer_new(TLS13_RECORD_MAX_LEN)) == NULL) + if ((rec->buf = tls_buffer_new(TLS13_RECORD_MAX_LEN)) == NULL) goto err; return rec; @@ -53,7 +53,7 @@ tls13_record_free(struct tls13_record *rec) if (rec == NULL) return; - tls13_buffer_free(rec->buf); + tls_buffer_free(rec->buf); freezero(rec->data, rec->data_len); freezero(rec, sizeof(struct tls13_record)); @@ -118,7 +118,7 @@ tls13_record_set_data(struct tls13_record *rec, uint8_t *data, size_t data_len) } ssize_t -tls13_record_recv(struct tls13_record *rec, tls13_read_cb wire_read, +tls13_record_recv(struct tls13_record *rec, tls_read_cb wire_read, void *wire_arg) { uint16_t rec_len, rec_version; @@ -130,11 +130,12 @@ tls13_record_recv(struct tls13_record *rec, tls13_read_cb wire_read, return TLS13_IO_FAILURE; if (rec->content_type == 0) { - if ((ret = tls13_buffer_extend(rec->buf, + if ((ret = tls_buffer_extend(rec->buf, TLS13_RECORD_HEADER_LEN, wire_read, wire_arg)) <= 0) return ret; - tls13_buffer_cbs(rec->buf, &cbs); + if (!tls_buffer_data(rec->buf, &cbs)) + return TLS13_IO_FAILURE; if (!CBS_get_u8(&cbs, &content_type)) return TLS13_IO_FAILURE; @@ -153,18 +154,18 @@ tls13_record_recv(struct tls13_record *rec, tls13_read_cb wire_read, rec->rec_len = rec_len; } - if ((ret = tls13_buffer_extend(rec->buf, + if ((ret = tls_buffer_extend(rec->buf, TLS13_RECORD_HEADER_LEN + rec->rec_len, wire_read, wire_arg)) <= 0) return ret; - if (!tls13_buffer_finish(rec->buf, &rec->data, &rec->data_len)) + if (!tls_buffer_finish(rec->buf, &rec->data, &rec->data_len)) return TLS13_IO_FAILURE; return rec->data_len; } ssize_t -tls13_record_send(struct tls13_record *rec, tls13_write_cb wire_write, +tls13_record_send(struct tls13_record *rec, tls_write_cb wire_write, void *wire_arg) { ssize_t ret; diff --git a/ssl/tls13_record.h b/ssl/tls13_record.h index 4b7ac4f8..18e4fa1a 100644 --- a/ssl/tls13_record.h +++ b/ssl/tls13_record.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_record.h,v 1.4 2021/05/16 14:20:29 jsing Exp $ */ +/* $OpenBSD: tls13_record.h,v 1.5 2021/10/23 13:12:14 jsing Exp $ */ /* * Copyright (c) 2019 Joel Sing * @@ -56,9 +56,9 @@ int tls13_record_content(struct tls13_record *_rec, CBS *_cbs); void tls13_record_data(struct tls13_record *_rec, CBS *_cbs); int tls13_record_set_data(struct tls13_record *_rec, uint8_t *_data, size_t _data_len); -ssize_t tls13_record_recv(struct tls13_record *_rec, tls13_read_cb _wire_read, +ssize_t tls13_record_recv(struct tls13_record *_rec, tls_read_cb _wire_read, void *_wire_arg); -ssize_t tls13_record_send(struct tls13_record *_rec, tls13_write_cb _wire_write, +ssize_t tls13_record_send(struct tls13_record *_rec, tls_write_cb _wire_write, void *_wire_arg); __END_HIDDEN_DECLS diff --git a/ssl/tls13_record_layer.c b/ssl/tls13_record_layer.c index 6b9f5d14..423b405c 100644 --- a/ssl/tls13_record_layer.c +++ b/ssl/tls13_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_record_layer.c,v 1.64 2021/09/16 19:25:30 jsing Exp $ */ +/* $OpenBSD: tls13_record_layer.c,v 1.71 2022/09/11 13:50:41 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -25,7 +25,7 @@ static ssize_t tls13_record_layer_write_record(struct tls13_record_layer *rl, uint8_t content_type, const uint8_t *content, size_t content_len); struct tls13_record_protection { - EVP_AEAD_CTX aead_ctx; + EVP_AEAD_CTX *aead_ctx; struct tls13_secret iv; struct tls13_secret nonce; uint8_t seq_num[TLS13_RECORD_SEQ_NUM_LEN]; @@ -40,12 +40,12 @@ tls13_record_protection_new(void) void tls13_record_protection_clear(struct tls13_record_protection *rp) { - EVP_AEAD_CTX_cleanup(&rp->aead_ctx); + EVP_AEAD_CTX_free(rp->aead_ctx); tls13_secret_cleanup(&rp->iv); tls13_secret_cleanup(&rp->nonce); - memset(rp->seq_num, 0, sizeof(rp->seq_num)); + memset(rp, 0, sizeof(*rp)); } void @@ -146,8 +146,8 @@ tls13_record_layer_new(const struct tls13_record_layer_callbacks *callbacks, goto err; rl->legacy_version = TLS1_2_VERSION; - rl->cb = *callbacks; - rl->cb_arg = cb_arg; + + tls13_record_layer_set_callbacks(rl, callbacks, cb_arg); return rl; @@ -177,6 +177,14 @@ tls13_record_layer_free(struct tls13_record_layer *rl) freezero(rl, sizeof(struct tls13_record_layer)); } +void +tls13_record_layer_set_callbacks(struct tls13_record_layer *rl, + const struct tls13_record_layer_callbacks *callbacks, void *cb_arg) +{ + rl->cb = *callbacks; + rl->cb_arg = cb_arg; +} + void tls13_record_layer_rcontent(struct tls13_record_layer *rl, CBS *cbs) { @@ -458,6 +466,9 @@ tls13_record_layer_set_traffic_key(const EVP_AEAD *aead, const EVP_MD *hash, tls13_record_protection_clear(rp); + if ((rp->aead_ctx = EVP_AEAD_CTX_new()) == NULL) + return 0; + if (!tls13_secret_init(&rp->iv, EVP_AEAD_nonce_length(aead))) goto err; if (!tls13_secret_init(&rp->nonce, EVP_AEAD_nonce_length(aead))) @@ -470,7 +481,7 @@ tls13_record_layer_set_traffic_key(const EVP_AEAD *aead, const EVP_MD *hash, if (!tls13_hkdf_expand_label(&key, hash, traffic_key, "key", &context)) goto err; - if (!EVP_AEAD_CTX_init(&rp->aead_ctx, aead, key.data, key.len, + if (!EVP_AEAD_CTX_init(rp->aead_ctx, aead, key.data, key.len, EVP_AEAD_DEFAULT_TAG_LENGTH, NULL)) goto err; @@ -484,16 +495,24 @@ tls13_record_layer_set_traffic_key(const EVP_AEAD *aead, const EVP_MD *hash, int tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl, - struct tls13_secret *read_key) + struct tls13_secret *read_key, enum ssl_encryption_level_t read_level) { + if (rl->cb.set_read_traffic_key != NULL) + return rl->cb.set_read_traffic_key(read_key, read_level, + rl->cb_arg); + return tls13_record_layer_set_traffic_key(rl->aead, rl->hash, rl->read, read_key); } int tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl, - struct tls13_secret *write_key) + struct tls13_secret *write_key, enum ssl_encryption_level_t write_level) { + if (rl->cb.set_write_traffic_key != NULL) + return rl->cb.set_write_traffic_key(write_key, write_level, + rl->cb_arg); + return tls13_record_layer_set_traffic_key(rl->aead, rl->hash, rl->write, write_key); } @@ -528,8 +547,7 @@ tls13_record_layer_open_record_plaintext(struct tls13_record_layer *rl) static int tls13_record_layer_open_record_protected(struct tls13_record_layer *rl) { - CBS header, enc_record; - ssize_t inner_len; + CBS header, enc_record, inner; uint8_t *content = NULL; size_t content_len = 0; uint8_t content_type; @@ -551,7 +569,7 @@ tls13_record_layer_open_record_protected(struct tls13_record_layer *rl) rl->read->seq_num)) goto err; - if (!EVP_AEAD_CTX_open(&rl->read->aead_ctx, + if (!EVP_AEAD_CTX_open(rl->read->aead_ctx, content, &out_len, content_len, rl->read->nonce.data, rl->read->nonce.len, CBS_data(&enc_record), CBS_len(&enc_record), @@ -571,22 +589,24 @@ tls13_record_layer_open_record_protected(struct tls13_record_layer *rl) * it may be followed by padding that consists of one or more zeroes. * Time to hunt for that elusive content type! */ - /* XXX - CBS from end? CBS_get_end_u8()? */ - inner_len = out_len - 1; - while (inner_len >= 0 && content[inner_len] == 0) - inner_len--; - if (inner_len < 0) { + CBS_init(&inner, content, out_len); + content_type = 0; + while (CBS_get_last_u8(&inner, &content_type)) { + if (content_type != 0) + break; + } + if (content_type == 0) { /* Unexpected message per RFC 8446 section 5.4. */ rl->alert = TLS13_ALERT_UNEXPECTED_MESSAGE; goto err; } - if (inner_len > TLS13_RECORD_MAX_PLAINTEXT_LEN) { + if (CBS_len(&inner) > TLS13_RECORD_MAX_PLAINTEXT_LEN) { rl->alert = TLS13_ALERT_RECORD_OVERFLOW; goto err; } - content_type = content[inner_len]; - tls_content_set_data(rl->rcontent, content_type, content, inner_len); + tls_content_set_data(rl->rcontent, content_type, CBS_data(&inner), + CBS_len(&inner)); return 1; @@ -727,7 +747,7 @@ tls13_record_layer_seal_record_protected(struct tls13_record_layer *rl, * this would avoid a copy since the inner would be passed as two * separate pieces. */ - if (!EVP_AEAD_CTX_seal(&rl->write->aead_ctx, + if (!EVP_AEAD_CTX_seal(rl->write->aead_ctx, enc_record, &out_len, enc_record_len, rl->write->nonce.data, rl->write->nonce.len, inner, inner_len, header, header_len)) @@ -830,6 +850,8 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl) return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR); if (ccs != 1) return tls13_send_alert(rl, TLS13_ALERT_ILLEGAL_PARAMETER); + if (CBS_len(&cbs) != 0) + return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR); rl->ccs_seen++; tls13_record_layer_rrec_free(rl); return TLS13_IO_WANT_RETRY; @@ -905,7 +927,7 @@ tls13_record_layer_recv_phh(struct tls13_record_layer *rl) * TLS13_IO_FAILURE something broke. */ if (rl->cb.phh_recv != NULL) - ret = rl->cb.phh_recv(rl->cb_arg, tls_content_cbs(rl->rcontent)); + ret = rl->cb.phh_recv(rl->cb_arg); tls_content_clear(rl->rcontent); @@ -1124,6 +1146,9 @@ tls13_send_dummy_ccs(struct tls13_record_layer *rl) ssize_t tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n) { + if (rl->cb.handshake_read != NULL) + return rl->cb.handshake_read(buf, n, rl->cb_arg); + return tls13_record_layer_read(rl, SSL3_RT_HANDSHAKE, buf, n); } @@ -1131,6 +1156,9 @@ ssize_t tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf, size_t n) { + if (rl->cb.handshake_write != NULL) + return rl->cb.handshake_write(buf, n, rl->cb_arg); + return tls13_record_layer_write(rl, SSL3_RT_HANDSHAKE, buf, n); } @@ -1177,6 +1205,9 @@ tls13_send_alert(struct tls13_record_layer *rl, uint8_t alert_desc) uint8_t alert_level = TLS13_ALERT_LEVEL_FATAL; ssize_t ret; + if (rl->cb.alert_send != NULL) + return rl->cb.alert_send(alert_desc, rl->cb_arg); + if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY || alert_desc == TLS13_ALERT_USER_CANCELED) alert_level = TLS13_ALERT_LEVEL_WARNING; diff --git a/ssl/tls13_server.c b/ssl/tls13_server.c index d2c7abbf..82350702 100644 --- a/ssl/tls13_server.c +++ b/ssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.84 2021/07/01 17:53:39 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.103 2022/09/17 17:14:06 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -108,10 +108,15 @@ tls13_client_hello_required_extensions(struct tls13_ctx *ctx) */ /* - * If we got no pre_shared_key, then signature_algorithms and - * supported_groups must both be present. + * RFC 8446 section 4.2.9 - if we received a pre_shared_key, then we + * also need psk_key_exchange_modes. Otherwise, section 9.2 specifies + * that we need both signature_algorithms and supported_groups. */ - if (!tlsext_extension_seen(s, TLSEXT_TYPE_pre_shared_key)) { + if (tlsext_extension_seen(s, TLSEXT_TYPE_pre_shared_key)) { + if (!tlsext_extension_seen(s, + TLSEXT_TYPE_psk_key_exchange_modes)) + return 0; + } else { if (!tlsext_extension_seen(s, TLSEXT_TYPE_signature_algorithms)) return 0; if (!tlsext_extension_seen(s, TLSEXT_TYPE_supported_groups)) @@ -164,10 +169,20 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) return tls13_use_legacy_server(ctx); } ctx->hs->negotiated_tls_version = TLS1_3_VERSION; + ctx->hs->peer_legacy_version = legacy_version; /* Ensure we send subsequent alerts with the correct record version. */ tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION); + /* + * Ensure that the client has not requested middlebox compatibility mode + * if it is prohibited from doing so. + */ + if (!ctx->middlebox_compat && CBS_len(&session_id) != 0) { + ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; + goto err; + } + /* Add decoded values to the current ClientHello hash */ if (!tls13_clienthello_hash_init(ctx)) { ctx->alert = TLS13_ALERT_INTERNAL_ERROR; @@ -228,8 +243,14 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) goto err; } - /* Store legacy session identifier so we can echo it. */ - if (CBS_len(&session_id) > sizeof(ctx->hs->tls13.legacy_session_id)) { + /* + * The legacy session identifier must either be zero length or a 32 byte + * value (in which case the client is requesting middlebox compatibility + * mode), as per RFC 8446 section 4.1.2. If it is valid, store the value + * so that we can echo it back to the client. + */ + if (CBS_len(&session_id) != 0 && + CBS_len(&session_id) != sizeof(ctx->hs->tls13.legacy_session_id)) { ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; goto err; } @@ -294,10 +315,9 @@ tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs) * has been enabled. This would probably mean using either an * INITIAL | WITHOUT_HRR state, or another intermediate state. */ - if (ctx->hs->tls13.key_share != NULL) + if (ctx->hs->key_share != NULL) ctx->handshake_stage.hs_type |= NEGOTIATED | WITHOUT_HRR; - /* XXX - check this is the correct point */ tls13_record_layer_allow_ccs(ctx->rl, 1); return 1; @@ -359,8 +379,8 @@ tls13_server_engage_record_protection(struct tls13_ctx *ctx) SSL *s = ctx->ssl; int ret = 0; - if (!tls13_key_share_derive(ctx->hs->tls13.key_share, - &shared_key, &shared_key_len)) + if (!tls_key_share_derive(ctx->hs->key_share, &shared_key, + &shared_key_len)) goto err; s->session->cipher = ctx->hs->cipher; @@ -397,10 +417,10 @@ tls13_server_engage_record_protection(struct tls13_ctx *ctx) tls13_record_layer_set_hash(ctx->rl, ctx->hash); if (!tls13_record_layer_set_read_traffic_key(ctx->rl, - &secrets->client_handshake_traffic)) + &secrets->client_handshake_traffic, ssl_encryption_handshake)) goto err; if (!tls13_record_layer_set_write_traffic_key(ctx->rl, - &secrets->server_handshake_traffic)) + &secrets->server_handshake_traffic, ssl_encryption_handshake)) goto err; ctx->handshake_stage.hs_type |= NEGOTIATED; @@ -424,11 +444,11 @@ tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb) if (!tls13_synthetic_handshake_message(ctx)) return 0; - if (ctx->hs->tls13.key_share != NULL) + if (ctx->hs->key_share != NULL) return 0; - if ((nid = tls1_get_shared_curve(ctx->ssl)) == NID_undef) + if (!tls1_get_supported_group(ctx->ssl, &nid)) return 0; - if ((ctx->hs->tls13.server_group = tls1_ec_nid2curve_id(nid)) == 0) + if (!tls1_ec_nid2group_id(nid, &ctx->hs->tls13.server_group)) return 0; if (!tls13_server_hello_build(ctx, cbb, 1)) @@ -484,9 +504,9 @@ tls13_servername_process(struct tls13_ctx *ctx) int tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb) { - if (ctx->hs->tls13.key_share == NULL) + if (ctx->hs->key_share == NULL) return 0; - if (!tls13_key_share_generate(ctx->hs->tls13.key_share)) + if (!tls_key_share_generate(ctx->hs->key_share)) return 0; if (!tls13_servername_process(ctx)) return 0; @@ -544,7 +564,7 @@ tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb) } static int -tls13_server_check_certificate(struct tls13_ctx *ctx, CERT_PKEY *cpk, +tls13_server_check_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY *cpk, int *ok, const struct ssl_sigalg **out_sigalg) { const struct ssl_sigalg *sigalg; @@ -556,15 +576,11 @@ tls13_server_check_certificate(struct tls13_ctx *ctx, CERT_PKEY *cpk, if (cpk->x509 == NULL || cpk->privatekey == NULL) goto done; - if (!X509_check_purpose(cpk->x509, -1, 0)) - return 0; - /* * The digitalSignature bit MUST be set if the Key Usage extension is * present as per RFC 8446 section 4.4.2.2. */ - if ((cpk->x509->ex_flags & EXFLAG_KUSAGE) && - !(cpk->x509->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE)) + if (!(X509_get_key_usage(cpk->x509) & X509v3_KU_DIGITAL_SIGNATURE)) goto done; if ((sigalg = ssl_sigalg_select(s, cpk->privatekey)) == NULL) @@ -578,12 +594,12 @@ tls13_server_check_certificate(struct tls13_ctx *ctx, CERT_PKEY *cpk, } static int -tls13_server_select_certificate(struct tls13_ctx *ctx, CERT_PKEY **out_cpk, +tls13_server_select_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY **out_cpk, const struct ssl_sigalg **out_sigalg) { SSL *s = ctx->ssl; const struct ssl_sigalg *sigalg; - CERT_PKEY *cpk; + SSL_CERT_PKEY *cpk; int cert_ok; *out_cpk = NULL; @@ -619,7 +635,7 @@ tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb) const struct ssl_sigalg *sigalg; X509_STORE_CTX *xsc = NULL; STACK_OF(X509) *chain; - CERT_PKEY *cpk; + SSL_CERT_PKEY *cpk; X509 *cert; int i, ret = 0; @@ -649,7 +665,7 @@ tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb) X509_V_FLAG_LEGACY_VERIFY); X509_verify_cert(xsc); ERR_clear_error(); - chain = xsc->chain; + chain = X509_STORE_CTX_get0_chain(xsc); } if (!CBB_add_u8_length_prefixed(cbb, &cert_request_context)) @@ -700,7 +716,7 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) EVP_MD_CTX *mdctx = NULL; EVP_PKEY_CTX *pctx; EVP_PKEY *pkey; - const CERT_PKEY *cpk; + const SSL_CERT_PKEY *cpk; CBB sig_cbb; int ret = 0; @@ -848,7 +864,7 @@ tls13_server_finished_sent(struct tls13_ctx *ctx) * using the server application traffic keys. */ return tls13_record_layer_set_write_traffic_key(ctx->rl, - &secrets->server_application_traffic); + &secrets->server_application_traffic, ssl_encryption_application); } int @@ -858,9 +874,7 @@ tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs) struct stack_st_X509 *certs = NULL; SSL *s = ctx->ssl; X509 *cert = NULL; - EVP_PKEY *pkey; const uint8_t *p; - int cert_idx; int ret = 0; if (!CBS_get_u8_length_prefixed(cbs, &cert_request_context)) @@ -909,35 +923,12 @@ tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs) "failed to verify peer certificate", NULL); goto err; } + s->session->verify_result = s->verify_result; ERR_clear_error(); - cert = sk_X509_value(certs, 0); - X509_up_ref(cert); - - if ((pkey = X509_get0_pubkey(cert)) == NULL) - goto err; - if (EVP_PKEY_missing_parameters(pkey)) - goto err; - if ((cert_idx = ssl_cert_type(cert, pkey)) < 0) - goto err; - - ssl_sess_cert_free(SSI(s)->sess_cert); - if ((SSI(s)->sess_cert = ssl_sess_cert_new()) == NULL) + if (!tls_process_peer_certs(s, certs)) goto err; - SSI(s)->sess_cert->cert_chain = certs; - certs = NULL; - - X509_up_ref(cert); - SSI(s)->sess_cert->peer_pkeys[cert_idx].x509 = cert; - SSI(s)->sess_cert->peer_key = &(SSI(s)->sess_cert->peer_pkeys[cert_idx]); - - X509_free(s->session->peer); - - X509_up_ref(cert); - s->session->peer = cert; - s->session->verify_result = s->verify_result; - ctx->handshake_stage.hs_type |= WITH_CCV; ret = 1; @@ -986,7 +977,7 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) if (!CBB_finish(&cbb, &sig_content, &sig_content_len)) goto err; - if ((cert = ctx->ssl->session->peer) == NULL) + if ((cert = ctx->ssl->session->peer_cert) == NULL) goto err; if ((pkey = X509_get0_pubkey(cert)) == NULL) goto err; @@ -1095,7 +1086,7 @@ tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs) * using the client application traffic keys. */ if (!tls13_record_layer_set_read_traffic_key(ctx->rl, - &secrets->client_application_traffic)) + &secrets->client_application_traffic, ssl_encryption_application)) goto err; tls13_record_layer_allow_ccs(ctx->rl, 0); diff --git a/ssl/tls_buffer.c b/ssl/tls_buffer.c new file mode 100644 index 00000000..f70cfbc1 --- /dev/null +++ b/ssl/tls_buffer.c @@ -0,0 +1,248 @@ +/* $OpenBSD: tls_buffer.c,v 1.3 2022/07/22 19:33:53 jsing Exp $ */ +/* + * Copyright (c) 2018, 2019, 2022 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include "bytestring.h" +#include "tls_internal.h" + +#define TLS_BUFFER_CAPACITY_LIMIT (1024 * 1024) + +struct tls_buffer { + size_t capacity; + size_t capacity_limit; + uint8_t *data; + size_t len; + size_t offset; +}; + +static int tls_buffer_resize(struct tls_buffer *buf, size_t capacity); + +struct tls_buffer * +tls_buffer_new(size_t init_size) +{ + struct tls_buffer *buf = NULL; + + if ((buf = calloc(1, sizeof(struct tls_buffer))) == NULL) + goto err; + + buf->capacity_limit = TLS_BUFFER_CAPACITY_LIMIT; + + if (!tls_buffer_resize(buf, init_size)) + goto err; + + return buf; + + err: + tls_buffer_free(buf); + + return NULL; +} + +void +tls_buffer_clear(struct tls_buffer *buf) +{ + freezero(buf->data, buf->capacity); + + buf->data = NULL; + buf->capacity = 0; + buf->len = 0; + buf->offset = 0; +} + +void +tls_buffer_free(struct tls_buffer *buf) +{ + if (buf == NULL) + return; + + tls_buffer_clear(buf); + + freezero(buf, sizeof(struct tls_buffer)); +} + +static int +tls_buffer_grow(struct tls_buffer *buf, size_t capacity) +{ + if (buf->capacity >= capacity) + return 1; + + return tls_buffer_resize(buf, capacity); +} + +static int +tls_buffer_resize(struct tls_buffer *buf, size_t capacity) +{ + uint8_t *data; + + /* + * XXX - Consider maintaining a minimum size and growing more + * intelligently (rather than exactly). + */ + if (buf->capacity == capacity) + return 1; + + if (capacity > buf->capacity_limit) + return 0; + + if ((data = recallocarray(buf->data, buf->capacity, capacity, 1)) == NULL) + return 0; + + buf->data = data; + buf->capacity = capacity; + + /* Ensure that len and offset are valid if capacity decreased. */ + if (buf->len > buf->capacity) + buf->len = buf->capacity; + if (buf->offset > buf->len) + buf->offset = buf->len; + + return 1; +} + +void +tls_buffer_set_capacity_limit(struct tls_buffer *buf, size_t limit) +{ + /* + * XXX - do we want to force a resize if this limit is less than current + * capacity... and what do we do with existing data? Force a clear? + */ + buf->capacity_limit = limit; +} + +ssize_t +tls_buffer_extend(struct tls_buffer *buf, size_t len, + tls_read_cb read_cb, void *cb_arg) +{ + ssize_t ret; + + if (len == buf->len) + return buf->len; + + if (len < buf->len) + return TLS_IO_FAILURE; + + if (!tls_buffer_resize(buf, len)) + return TLS_IO_FAILURE; + + for (;;) { + if ((ret = read_cb(&buf->data[buf->len], + buf->capacity - buf->len, cb_arg)) <= 0) + return ret; + + if (ret > buf->capacity - buf->len) + return TLS_IO_FAILURE; + + buf->len += ret; + + if (buf->len == buf->capacity) + return buf->len; + } +} + +ssize_t +tls_buffer_read(struct tls_buffer *buf, uint8_t *rbuf, size_t n) +{ + if (buf->offset > buf->len) + return TLS_IO_FAILURE; + + if (buf->offset == buf->len) + return TLS_IO_WANT_POLLIN; + + if (n > buf->len - buf->offset) + n = buf->len - buf->offset; + + memcpy(rbuf, &buf->data[buf->offset], n); + + buf->offset += n; + + return n; +} + +ssize_t +tls_buffer_write(struct tls_buffer *buf, const uint8_t *wbuf, size_t n) +{ + if (buf->offset > buf->len) + return TLS_IO_FAILURE; + + /* + * To avoid continually growing the buffer, pull data up to the + * start of the buffer. If all data has been read then we can simply + * reset, otherwise wait until we're going to save at least 4KB of + * memory to reduce overhead. + */ + if (buf->offset == buf->len) { + buf->len = 0; + buf->offset = 0; + } + if (buf->offset >= 4096) { + memmove(buf->data, &buf->data[buf->offset], + buf->len - buf->offset); + buf->len -= buf->offset; + buf->offset = 0; + } + + if (buf->len > SIZE_MAX - n) + return TLS_IO_FAILURE; + if (!tls_buffer_grow(buf, buf->len + n)) + return TLS_IO_FAILURE; + + memcpy(&buf->data[buf->len], wbuf, n); + + buf->len += n; + + return n; +} + +int +tls_buffer_append(struct tls_buffer *buf, const uint8_t *wbuf, size_t n) +{ + return tls_buffer_write(buf, wbuf, n) == n; +} + +int +tls_buffer_data(struct tls_buffer *buf, CBS *out_cbs) +{ + CBS cbs; + + CBS_init(&cbs, buf->data, buf->len); + + if (!CBS_skip(&cbs, buf->offset)) + return 0; + + CBS_dup(&cbs, out_cbs); + + return 1; +} + +int +tls_buffer_finish(struct tls_buffer *buf, uint8_t **out, size_t *out_len) +{ + if (out == NULL || out_len == NULL) + return 0; + + *out = buf->data; + *out_len = buf->len; + + buf->data = NULL; + buf->capacity = 0; + buf->len = 0; + buf->offset = 0; + + return 1; +} diff --git a/ssl/tls_internal.h b/ssl/tls_internal.h new file mode 100644 index 00000000..1d3a8133 --- /dev/null +++ b/ssl/tls_internal.h @@ -0,0 +1,100 @@ +/* $OpenBSD: tls_internal.h,v 1.9 2022/07/24 14:28:16 jsing Exp $ */ +/* + * Copyright (c) 2018, 2019, 2021 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef HEADER_TLS_INTERNAL_H +#define HEADER_TLS_INTERNAL_H + +#include +#include + +#include "bytestring.h" + +__BEGIN_HIDDEN_DECLS + +#define TLS_IO_SUCCESS 1 +#define TLS_IO_EOF 0 +#define TLS_IO_FAILURE -1 +#define TLS_IO_ALERT -2 +#define TLS_IO_WANT_POLLIN -3 +#define TLS_IO_WANT_POLLOUT -4 +#define TLS_IO_WANT_RETRY -5 /* Retry the previous call immediately. */ + +enum ssl_encryption_level_t; + +struct tls13_secret; + +/* + * Callbacks. + */ +typedef ssize_t (*tls_read_cb)(void *_buf, size_t _buflen, void *_cb_arg); +typedef ssize_t (*tls_write_cb)(const void *_buf, size_t _buflen, + void *_cb_arg); +typedef ssize_t (*tls_flush_cb)(void *_cb_arg); + +typedef ssize_t (*tls_handshake_read_cb)(void *_buf, size_t _buflen, + void *_cb_arg); +typedef ssize_t (*tls_handshake_write_cb)(const void *_buf, size_t _buflen, + void *_cb_arg); +typedef int (*tls_traffic_key_cb)(struct tls13_secret *key, + enum ssl_encryption_level_t level, void *_cb_arg); +typedef int (*tls_alert_send_cb)(int _alert_desc, void *_cb_arg); + +/* + * Buffers. + */ +struct tls_buffer; + +struct tls_buffer *tls_buffer_new(size_t init_size); +void tls_buffer_clear(struct tls_buffer *buf); +void tls_buffer_free(struct tls_buffer *buf); +void tls_buffer_set_capacity_limit(struct tls_buffer *buf, size_t limit); +ssize_t tls_buffer_extend(struct tls_buffer *buf, size_t len, + tls_read_cb read_cb, void *cb_arg); +ssize_t tls_buffer_read(struct tls_buffer *buf, uint8_t *rbuf, size_t n); +ssize_t tls_buffer_write(struct tls_buffer *buf, const uint8_t *wbuf, size_t n); +int tls_buffer_append(struct tls_buffer *buf, const uint8_t *wbuf, size_t n); +int tls_buffer_data(struct tls_buffer *buf, CBS *cbs); +int tls_buffer_finish(struct tls_buffer *buf, uint8_t **out, size_t *out_len); + +/* + * Key shares. + */ +struct tls_key_share; + +struct tls_key_share *tls_key_share_new(uint16_t group_id); +struct tls_key_share *tls_key_share_new_nid(int nid); +void tls_key_share_free(struct tls_key_share *ks); + +uint16_t tls_key_share_group(struct tls_key_share *ks); +int tls_key_share_nid(struct tls_key_share *ks); +void tls_key_share_set_key_bits(struct tls_key_share *ks, size_t key_bits); +int tls_key_share_set_dh_params(struct tls_key_share *ks, DH *dh_params); +int tls_key_share_peer_pkey(struct tls_key_share *ks, EVP_PKEY *pkey); +int tls_key_share_generate(struct tls_key_share *ks); +int tls_key_share_params(struct tls_key_share *ks, CBB *cbb); +int tls_key_share_public(struct tls_key_share *ks, CBB *cbb); +int tls_key_share_peer_params(struct tls_key_share *ks, CBS *cbs, + int *decode_error, int *invalid_params); +int tls_key_share_peer_public(struct tls_key_share *ks, CBS *cbs, + int *decode_error, int *invalid_key); +int tls_key_share_derive(struct tls_key_share *ks, uint8_t **shared_key, + size_t *shared_key_len); +int tls_key_share_peer_security(const SSL *ssl, struct tls_key_share *ks); + +__END_HIDDEN_DECLS + +#endif diff --git a/ssl/tls_key_share.c b/ssl/tls_key_share.c new file mode 100644 index 00000000..048db25b --- /dev/null +++ b/ssl/tls_key_share.c @@ -0,0 +1,484 @@ +/* $OpenBSD: tls_key_share.c,v 1.7 2022/07/02 16:00:12 tb Exp $ */ +/* + * Copyright (c) 2020, 2021 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include + +#include "bytestring.h" +#include "ssl_locl.h" +#include "tls_internal.h" + +struct tls_key_share { + int nid; + uint16_t group_id; + size_t key_bits; + + DH *dhe; + DH *dhe_peer; + + EC_KEY *ecdhe; + EC_KEY *ecdhe_peer; + + uint8_t *x25519_public; + uint8_t *x25519_private; + uint8_t *x25519_peer_public; +}; + +static struct tls_key_share * +tls_key_share_new_internal(int nid, uint16_t group_id) +{ + struct tls_key_share *ks; + + if ((ks = calloc(1, sizeof(struct tls_key_share))) == NULL) + return NULL; + + ks->group_id = group_id; + ks->nid = nid; + + return ks; +} + +struct tls_key_share * +tls_key_share_new(uint16_t group_id) +{ + int nid; + + if (!tls1_ec_group_id2nid(group_id, &nid)) + return NULL; + + return tls_key_share_new_internal(nid, group_id); +} + +struct tls_key_share * +tls_key_share_new_nid(int nid) +{ + uint16_t group_id = 0; + + if (nid != NID_dhKeyAgreement) { + if (!tls1_ec_nid2group_id(nid, &group_id)) + return NULL; + } + + return tls_key_share_new_internal(nid, group_id); +} + +void +tls_key_share_free(struct tls_key_share *ks) +{ + if (ks == NULL) + return; + + DH_free(ks->dhe); + DH_free(ks->dhe_peer); + + EC_KEY_free(ks->ecdhe); + EC_KEY_free(ks->ecdhe_peer); + + freezero(ks->x25519_public, X25519_KEY_LENGTH); + freezero(ks->x25519_private, X25519_KEY_LENGTH); + freezero(ks->x25519_peer_public, X25519_KEY_LENGTH); + + freezero(ks, sizeof(*ks)); +} + +uint16_t +tls_key_share_group(struct tls_key_share *ks) +{ + return ks->group_id; +} + +int +tls_key_share_nid(struct tls_key_share *ks) +{ + return ks->nid; +} + +void +tls_key_share_set_key_bits(struct tls_key_share *ks, size_t key_bits) +{ + ks->key_bits = key_bits; +} + +int +tls_key_share_set_dh_params(struct tls_key_share *ks, DH *dh_params) +{ + if (ks->nid != NID_dhKeyAgreement) + return 0; + if (ks->dhe != NULL || ks->dhe_peer != NULL) + return 0; + + if ((ks->dhe = DHparams_dup(dh_params)) == NULL) + return 0; + if ((ks->dhe_peer = DHparams_dup(dh_params)) == NULL) + return 0; + + return 1; +} + +int +tls_key_share_peer_pkey(struct tls_key_share *ks, EVP_PKEY *pkey) +{ + if (ks->nid == NID_dhKeyAgreement && ks->dhe_peer != NULL) + return EVP_PKEY_set1_DH(pkey, ks->dhe_peer); + + if (ks->nid == NID_X25519 && ks->x25519_peer_public != NULL) + return ssl_kex_dummy_ecdhe_x25519(pkey); + + if (ks->ecdhe_peer != NULL) + return EVP_PKEY_set1_EC_KEY(pkey, ks->ecdhe_peer); + + return 0; +} + +static int +tls_key_share_generate_dhe(struct tls_key_share *ks) +{ + /* + * If auto params are not being used then we must already have DH + * parameters set. + */ + if (ks->key_bits == 0) { + if (ks->dhe == NULL) + return 0; + + return ssl_kex_generate_dhe(ks->dhe, ks->dhe); + } + + if (ks->dhe != NULL || ks->dhe_peer != NULL) + return 0; + + if ((ks->dhe = DH_new()) == NULL) + return 0; + if (!ssl_kex_generate_dhe_params_auto(ks->dhe, ks->key_bits)) + return 0; + if ((ks->dhe_peer = DHparams_dup(ks->dhe)) == NULL) + return 0; + + return 1; +} + +static int +tls_key_share_generate_ecdhe_ecp(struct tls_key_share *ks) +{ + EC_KEY *ecdhe = NULL; + int ret = 0; + + if (ks->ecdhe != NULL) + goto err; + + if ((ecdhe = EC_KEY_new()) == NULL) + goto err; + if (!ssl_kex_generate_ecdhe_ecp(ecdhe, ks->nid)) + goto err; + + ks->ecdhe = ecdhe; + ecdhe = NULL; + + ret = 1; + + err: + EC_KEY_free(ecdhe); + + return ret; +} + +static int +tls_key_share_generate_x25519(struct tls_key_share *ks) +{ + uint8_t *public = NULL, *private = NULL; + int ret = 0; + + if (ks->x25519_public != NULL || ks->x25519_private != NULL) + goto err; + + if ((public = calloc(1, X25519_KEY_LENGTH)) == NULL) + goto err; + if ((private = calloc(1, X25519_KEY_LENGTH)) == NULL) + goto err; + + X25519_keypair(public, private); + + ks->x25519_public = public; + ks->x25519_private = private; + public = NULL; + private = NULL; + + ret = 1; + + err: + freezero(public, X25519_KEY_LENGTH); + freezero(private, X25519_KEY_LENGTH); + + return ret; +} + +int +tls_key_share_generate(struct tls_key_share *ks) +{ + if (ks->nid == NID_dhKeyAgreement) + return tls_key_share_generate_dhe(ks); + + if (ks->nid == NID_X25519) + return tls_key_share_generate_x25519(ks); + + return tls_key_share_generate_ecdhe_ecp(ks); +} + +static int +tls_key_share_params_dhe(struct tls_key_share *ks, CBB *cbb) +{ + if (ks->dhe == NULL) + return 0; + + return ssl_kex_params_dhe(ks->dhe, cbb); +} + +int +tls_key_share_params(struct tls_key_share *ks, CBB *cbb) +{ + if (ks->nid == NID_dhKeyAgreement) + return tls_key_share_params_dhe(ks, cbb); + + return 0; +} + +static int +tls_key_share_public_dhe(struct tls_key_share *ks, CBB *cbb) +{ + if (ks->dhe == NULL) + return 0; + + return ssl_kex_public_dhe(ks->dhe, cbb); +} + +static int +tls_key_share_public_ecdhe_ecp(struct tls_key_share *ks, CBB *cbb) +{ + if (ks->ecdhe == NULL) + return 0; + + return ssl_kex_public_ecdhe_ecp(ks->ecdhe, cbb); +} + +static int +tls_key_share_public_x25519(struct tls_key_share *ks, CBB *cbb) +{ + if (ks->x25519_public == NULL) + return 0; + + return CBB_add_bytes(cbb, ks->x25519_public, X25519_KEY_LENGTH); +} + +int +tls_key_share_public(struct tls_key_share *ks, CBB *cbb) +{ + if (ks->nid == NID_dhKeyAgreement) + return tls_key_share_public_dhe(ks, cbb); + + if (ks->nid == NID_X25519) + return tls_key_share_public_x25519(ks, cbb); + + return tls_key_share_public_ecdhe_ecp(ks, cbb); +} + +static int +tls_key_share_peer_params_dhe(struct tls_key_share *ks, CBS *cbs, + int *decode_error, int *invalid_params) +{ + if (ks->dhe != NULL || ks->dhe_peer != NULL) + return 0; + + if ((ks->dhe_peer = DH_new()) == NULL) + return 0; + if (!ssl_kex_peer_params_dhe(ks->dhe_peer, cbs, decode_error, + invalid_params)) + return 0; + if ((ks->dhe = DHparams_dup(ks->dhe_peer)) == NULL) + return 0; + + return 1; +} + +int +tls_key_share_peer_params(struct tls_key_share *ks, CBS *cbs, + int *decode_error, int *invalid_params) +{ + if (ks->nid != NID_dhKeyAgreement) + return 0; + + return tls_key_share_peer_params_dhe(ks, cbs, decode_error, + invalid_params); +} + +static int +tls_key_share_peer_public_dhe(struct tls_key_share *ks, CBS *cbs, + int *decode_error, int *invalid_key) +{ + if (ks->dhe_peer == NULL) + return 0; + + return ssl_kex_peer_public_dhe(ks->dhe_peer, cbs, decode_error, + invalid_key); +} + +static int +tls_key_share_peer_public_ecdhe_ecp(struct tls_key_share *ks, CBS *cbs) +{ + EC_KEY *ecdhe = NULL; + int ret = 0; + + if (ks->ecdhe_peer != NULL) + goto err; + + if ((ecdhe = EC_KEY_new()) == NULL) + goto err; + if (!ssl_kex_peer_public_ecdhe_ecp(ecdhe, ks->nid, cbs)) + goto err; + + ks->ecdhe_peer = ecdhe; + ecdhe = NULL; + + ret = 1; + + err: + EC_KEY_free(ecdhe); + + return ret; +} + +static int +tls_key_share_peer_public_x25519(struct tls_key_share *ks, CBS *cbs, + int *decode_error) +{ + size_t out_len; + + *decode_error = 0; + + if (ks->x25519_peer_public != NULL) + return 0; + + if (CBS_len(cbs) != X25519_KEY_LENGTH) { + *decode_error = 1; + return 0; + } + + return CBS_stow(cbs, &ks->x25519_peer_public, &out_len); +} + +int +tls_key_share_peer_public(struct tls_key_share *ks, CBS *cbs, int *decode_error, + int *invalid_key) +{ + *decode_error = 0; + + if (invalid_key != NULL) + *invalid_key = 0; + + if (ks->nid == NID_dhKeyAgreement) + return tls_key_share_peer_public_dhe(ks, cbs, decode_error, + invalid_key); + + if (ks->nid == NID_X25519) + return tls_key_share_peer_public_x25519(ks, cbs, decode_error); + + return tls_key_share_peer_public_ecdhe_ecp(ks, cbs); +} + +static int +tls_key_share_derive_dhe(struct tls_key_share *ks, + uint8_t **shared_key, size_t *shared_key_len) +{ + if (ks->dhe == NULL || ks->dhe_peer == NULL) + return 0; + + return ssl_kex_derive_dhe(ks->dhe, ks->dhe_peer, shared_key, + shared_key_len); +} + +static int +tls_key_share_derive_ecdhe_ecp(struct tls_key_share *ks, + uint8_t **shared_key, size_t *shared_key_len) +{ + if (ks->ecdhe == NULL || ks->ecdhe_peer == NULL) + return 0; + + return ssl_kex_derive_ecdhe_ecp(ks->ecdhe, ks->ecdhe_peer, + shared_key, shared_key_len); +} + +static int +tls_key_share_derive_x25519(struct tls_key_share *ks, + uint8_t **shared_key, size_t *shared_key_len) +{ + uint8_t *sk = NULL; + int ret = 0; + + if (ks->x25519_private == NULL || ks->x25519_peer_public == NULL) + goto err; + + if ((sk = calloc(1, X25519_KEY_LENGTH)) == NULL) + goto err; + if (!X25519(sk, ks->x25519_private, ks->x25519_peer_public)) + goto err; + + *shared_key = sk; + *shared_key_len = X25519_KEY_LENGTH; + sk = NULL; + + ret = 1; + + err: + freezero(sk, X25519_KEY_LENGTH); + + return ret; +} + +int +tls_key_share_derive(struct tls_key_share *ks, uint8_t **shared_key, + size_t *shared_key_len) +{ + if (*shared_key != NULL) + return 0; + + *shared_key_len = 0; + + if (ks->nid == NID_dhKeyAgreement) + return tls_key_share_derive_dhe(ks, shared_key, + shared_key_len); + + if (ks->nid == NID_X25519) + return tls_key_share_derive_x25519(ks, shared_key, + shared_key_len); + + return tls_key_share_derive_ecdhe_ecp(ks, shared_key, + shared_key_len); +} + +int +tls_key_share_peer_security(const SSL *ssl, struct tls_key_share *ks) +{ + switch (ks->nid) { + case NID_dhKeyAgreement: + return ssl_security_dh(ssl, ks->dhe_peer); + default: + return 0; + } +} diff --git a/ssl/tls_lib.c b/ssl/tls_lib.c new file mode 100644 index 00000000..eb5ed380 --- /dev/null +++ b/ssl/tls_lib.c @@ -0,0 +1,68 @@ +/* $OpenBSD: tls_lib.c,v 1.2 2022/08/20 21:48:25 tb Exp $ */ +/* + * Copyright (c) 2019, 2021 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "ssl_locl.h" + +int +tls_process_peer_certs(SSL *s, STACK_OF(X509) *peer_certs) +{ + STACK_OF(X509) *peer_certs_no_leaf; + X509 *peer_cert = NULL; + EVP_PKEY *pkey; + int cert_type; + int ret = 0; + + if (sk_X509_num(peer_certs) < 1) + goto err; + peer_cert = sk_X509_value(peer_certs, 0); + X509_up_ref(peer_cert); + + if ((pkey = X509_get0_pubkey(peer_cert)) == NULL) { + SSLerror(s, SSL_R_NO_PUBLICKEY); + goto err; + } + if (EVP_PKEY_missing_parameters(pkey)) { + SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); + goto err; + } + if ((cert_type = ssl_cert_type(pkey)) < 0) { + SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE); + goto err; + } + + s->session->peer_cert_type = cert_type; + + X509_free(s->session->peer_cert); + s->session->peer_cert = peer_cert; + peer_cert = NULL; + + sk_X509_pop_free(s->s3->hs.peer_certs, X509_free); + if ((s->s3->hs.peer_certs = X509_chain_up_ref(peer_certs)) == NULL) + goto err; + + if ((peer_certs_no_leaf = X509_chain_up_ref(peer_certs)) == NULL) + goto err; + X509_free(sk_X509_shift(peer_certs_no_leaf)); + sk_X509_pop_free(s->s3->hs.peer_certs_no_leaf, X509_free); + s->s3->hs.peer_certs_no_leaf = peer_certs_no_leaf; + + ret = 1; + err: + X509_free(peer_cert); + + return ret; +} diff --git a/tap-driver.sh b/tap-driver.sh index 0ca49037..fea066f5 100644 --- a/tap-driver.sh +++ b/tap-driver.sh @@ -1,5 +1,5 @@ #! /bin/sh -# Copyright (C) 2011-2020 Free Software Foundation, Inc. +# Copyright (C) 2011-2021 Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/test-driver b/test-driver index 9759384a..be73b80a 100644 --- a/test-driver +++ b/test-driver @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 2011-2020 Free Software Foundation, Inc. +# Copyright (C) 2011-2021 Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -105,8 +105,11 @@ trap "st=130; $do_exit" 2 trap "st=141; $do_exit" 13 trap "st=143; $do_exit" 15 -# Test script is run here. -"$@" >$log_file 2>&1 +# Test script is run here. We create the file first, then append to it, +# to ameliorate tests themselves also writing to the log file. Our tests +# don't, but others can (automake bug#35762). +: >"$log_file" +"$@" >>"$log_file" 2>&1 estatus=$? if test $enable_hard_errors = no && test $estatus -eq 99; then @@ -128,7 +131,7 @@ esac # know whether the test passed or failed simply by looking at the '.log' # file, without the need of also peaking into the corresponding '.trs' # file (automake bug#11814). -echo "$res $test_name (exit status: $estatus)" >>$log_file +echo "$res $test_name (exit status: $estatus)" >>"$log_file" # Report outcome to console. echo "${col}${res}${std}: $test_name" diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index efe51260..9b10b338 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -1,216 +1,273 @@ +add_definitions(-DLIBRESSL_CRYPTO_INTERNAL) + include_directories( . - ../crypto/modes ../crypto/asn1 + ../crypto/bio + ../crypto/bn + ../crypto/evp + ../crypto/modes ../crypto/x509 ../ssl - ../tls ../apps/openssl ../apps/openssl/compat + ../include ../include/compat ) -add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_CURRENT_SOURCE_DIR}/../apps/openssl/cert.pem\") +add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_CURRENT_SOURCE_DIR}/../cert.pem\") file(TO_NATIVE_PATH ${CMAKE_CURRENT_SOURCE_DIR} TEST_SOURCE_DIR) # aeadtest add_executable(aeadtest aeadtest.c) -target_link_libraries(aeadtest ${OPENSSL_LIBS}) -add_test(aeadtest aeadtest ${CMAKE_CURRENT_SOURCE_DIR}/aeadtests.txt) +target_link_libraries(aeadtest ${OPENSSL_TEST_LIBS}) +if(NOT WIN32) + add_test(NAME aeadtest COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/aeadtest.sh) + set_tests_properties(aeadtest PROPERTIES ENVIRONMENT "srcdir=${TEST_SOURCE_DIR}") +else() + add_test(aeadtest aeadtest aead ${CMAKE_CURRENT_SOURCE_DIR}/aeadtests.txt) +endif() # aes_wrap add_executable(aes_wrap aes_wrap.c) -target_link_libraries(aes_wrap ${OPENSSL_LIBS}) +target_link_libraries(aes_wrap ${OPENSSL_TEST_LIBS}) add_test(aes_wrap aes_wrap) # arc4randomforktest # Windows/mingw does not have fork, but Cygwin does. if(NOT (WIN32 OR (CMAKE_SYSTEM_NAME MATCHES "MINGW"))) add_executable(arc4randomforktest arc4randomforktest.c) - target_link_libraries(arc4randomforktest ${OPENSSL_LIBS}) + target_link_libraries(arc4randomforktest ${OPENSSL_TEST_LIBS}) add_test(arc4randomforktest ${CMAKE_CURRENT_SOURCE_DIR}/arc4randomforktest.sh) endif() +# asn1api +add_executable(asn1api asn1api.c) +target_link_libraries(asn1api ${OPENSSL_TEST_LIBS}) +add_test(asn1api asn1api) + +# asn1basic +add_executable(asn1basic asn1basic.c) +target_link_libraries(asn1basic ${OPENSSL_TEST_LIBS}) +add_test(asn1basic asn1basic) + +# asn1complex +add_executable(asn1complex asn1complex.c) +target_link_libraries(asn1complex ${OPENSSL_TEST_LIBS}) +add_test(asn1complex asn1complex) + # asn1evp add_executable(asn1evp asn1evp.c) -target_link_libraries(asn1evp ${OPENSSL_LIBS}) +target_link_libraries(asn1evp ${OPENSSL_TEST_LIBS}) add_test(asn1evp asn1evp) +# asn1object +add_executable(asn1object asn1object.c) +target_link_libraries(asn1object ${OPENSSL_TEST_LIBS}) +add_test(asn1object asn1object) + +# asn1string_copy +add_executable(asn1string_copy asn1string_copy.c) +target_link_libraries(asn1string_copy ${OPENSSL_TEST_LIBS}) +add_test(asn1string_copy asn1string_copy) + # asn1test add_executable(asn1test asn1test.c) -target_link_libraries(asn1test ${OPENSSL_LIBS}) +target_link_libraries(asn1test ${OPENSSL_TEST_LIBS}) add_test(asn1test asn1test) # asn1time add_executable(asn1time asn1time.c) -target_link_libraries(asn1time ${OPENSSL_LIBS}) +target_link_libraries(asn1time ${OPENSSL_TEST_LIBS}) add_test(asn1time asn1time) +# asn1x509 +add_executable(asn1x509 asn1x509.c) +target_link_libraries(asn1x509 ${OPENSSL_TEST_LIBS}) +add_test(asn1x509 asn1x509) + # base64test add_executable(base64test base64test.c) -target_link_libraries(base64test ${OPENSSL_LIBS}) +target_link_libraries(base64test ${OPENSSL_TEST_LIBS}) add_test(base64test base64test) # bftest add_executable(bftest bftest.c) -target_link_libraries(bftest ${OPENSSL_LIBS}) +target_link_libraries(bftest ${OPENSSL_TEST_LIBS}) add_test(bftest bftest) # biotest # the BIO tests rely on resolver results that are OS and environment-specific if(ENABLE_EXTRATESTS) add_executable(biotest biotest.c) - target_link_libraries(biotest ${OPENSSL_LIBS}) + target_link_libraries(biotest ${OPENSSL_TEST_LIBS}) add_test(biotest biotest) endif() # bnaddsub add_executable(bnaddsub bnaddsub.c) -target_link_libraries(bnaddsub ${OPENSSL_LIBS}) +target_link_libraries(bnaddsub ${OPENSSL_TEST_LIBS}) add_test(bnaddsub bnaddsub) +# bn_isqrt +add_executable(bn_isqrt bn_isqrt.c) +target_link_libraries(bn_isqrt ${OPENSSL_TEST_LIBS}) +add_test(bn_isqrt bn_isqrt) + +# bn_mod_exp2_mont +add_executable(bn_mod_exp2_mont bn_mod_exp2_mont.c) +target_link_libraries(bn_mod_exp2_mont ${OPENSSL_TEST_LIBS}) +add_test(bn_mod_exp2_mont bn_mod_exp2_mont) + +# bn_mod_sqrt +add_executable(bn_mod_sqrt bn_mod_sqrt.c) +target_link_libraries(bn_mod_sqrt ${OPENSSL_TEST_LIBS}) +add_test(bn_mod_sqrt bn_mod_sqrt) + +# bn_primes +add_executable(bn_primes bn_primes.c) +target_link_libraries(bn_primes ${OPENSSL_TEST_LIBS}) +add_test(bn_primes bn_primes) + # bn_rand_interval -if(NOT BUILD_SHARED_LIBS) - add_executable(bn_rand_interval bn_rand_interval.c) - target_link_libraries(bn_rand_interval ${OPENSSL_LIBS}) - add_test(bn_rand_interval bn_rand_interval) -endif() +add_executable(bn_rand_interval bn_rand_interval.c) +target_link_libraries(bn_rand_interval ${OPENSSL_TEST_LIBS}) +add_test(bn_rand_interval bn_rand_interval) # bntest -if(NOT BUILD_SHARED_LIBS) - add_executable(bntest bntest.c) - set_source_files_properties(bntest.c PROPERTIES COMPILE_FLAGS - -ULIBRESSL_INTERNAL) - target_link_libraries(bntest ${OPENSSL_LIBS}) - add_test(bntest bntest) -endif() +add_executable(bntest bntest.c) +set_source_files_properties(bntest.c PROPERTIES COMPILE_FLAGS + -ULIBRESSL_INTERNAL) +target_link_libraries(bntest ${OPENSSL_TEST_LIBS}) +add_test(bntest bntest) # bn_to_string -if(NOT BUILD_SHARED_LIBS) - add_executable(bn_to_string bn_to_string.c) - target_link_libraries(bn_to_string ${OPENSSL_LIBS}) - add_test(bn_to_string bn_to_string) -endif() +add_executable(bn_to_string bn_to_string.c) +target_link_libraries(bn_to_string ${OPENSSL_TEST_LIBS}) +add_test(bn_to_string bn_to_string) # buffertest -if(NOT BUILD_SHARED_LIBS) - add_executable(buffertest buffertest.c) - target_link_libraries(buffertest ${OPENSSL_LIBS}) - add_test(buffertest buffertest) -endif() +add_executable(buffertest buffertest.c) +target_link_libraries(buffertest ${OPENSSL_TEST_LIBS}) +add_test(buffertest buffertest) # bytestringtest -if(NOT BUILD_SHARED_LIBS) - add_executable(bytestringtest bytestringtest.c) - target_link_libraries(bytestringtest ${OPENSSL_LIBS}) - add_test(bytestringtest bytestringtest) -endif() +add_executable(bytestringtest bytestringtest.c) +target_link_libraries(bytestringtest ${OPENSSL_TEST_LIBS}) +add_test(bytestringtest bytestringtest) # casttest add_executable(casttest casttest.c) -target_link_libraries(casttest ${OPENSSL_LIBS}) +target_link_libraries(casttest ${OPENSSL_TEST_LIBS}) add_test(casttest casttest) # chachatest add_executable(chachatest chachatest.c) -target_link_libraries(chachatest ${OPENSSL_LIBS}) +target_link_libraries(chachatest ${OPENSSL_TEST_LIBS}) add_test(chachatest chachatest) # cipher_list -if(NOT BUILD_SHARED_LIBS) - add_executable(cipher_list cipher_list.c) - target_link_libraries(cipher_list ${OPENSSL_LIBS}) - add_test(cipher_list cipher_list) -endif() +add_executable(cipher_list cipher_list.c) +target_link_libraries(cipher_list ${OPENSSL_TEST_LIBS}) +add_test(cipher_list cipher_list) -if(NOT BUILD_SHARED_LIBS) - # cipherstest - add_executable(cipherstest cipherstest.c) - target_link_libraries(cipherstest ${OPENSSL_LIBS}) - add_test(cipherstest cipherstest) -endif() +# cipherstest +add_executable(cipherstest cipherstest.c) +target_link_libraries(cipherstest ${OPENSSL_TEST_LIBS}) +add_test(cipherstest cipherstest) # clienttest add_executable(clienttest clienttest.c) -target_link_libraries(clienttest ${OPENSSL_LIBS}) +target_link_libraries(clienttest ${OPENSSL_TEST_LIBS}) add_test(clienttest clienttest) # cmstest add_executable(cmstest cmstest.c) -target_link_libraries(cmstest ${OPENSSL_LIBS}) +target_link_libraries(cmstest ${OPENSSL_TEST_LIBS}) add_test(cmstest cmstest) # configtest add_executable(configtest configtest.c) -target_link_libraries(configtest ${LIBTLS_LIBS}) +target_link_libraries(configtest ${LIBTLS_TEST_LIBS}) add_test(configtest configtest) # constraints -if(NOT BUILD_SHARED_LIBS) - add_executable(constraints constraints.c) - target_link_libraries(constraints ${OPENSSL_LIBS}) - add_test(constraints constraints) -endif() +add_executable(constraints constraints.c) +target_link_libraries(constraints ${OPENSSL_TEST_LIBS}) +add_test(constraints constraints) # cts128test add_executable(cts128test cts128test.c) -target_link_libraries(cts128test ${OPENSSL_LIBS}) +target_link_libraries(cts128test ${OPENSSL_TEST_LIBS}) add_test(cts128test cts128test) # destest add_executable(destest destest.c) -target_link_libraries(destest ${OPENSSL_LIBS}) +target_link_libraries(destest ${OPENSSL_TEST_LIBS}) add_test(destest destest) # dhtest add_executable(dhtest dhtest.c) -target_link_libraries(dhtest ${OPENSSL_LIBS}) +target_link_libraries(dhtest ${OPENSSL_TEST_LIBS}) add_test(dhtest dhtest) # dsatest add_executable(dsatest dsatest.c) -target_link_libraries(dsatest ${OPENSSL_LIBS}) +target_link_libraries(dsatest ${OPENSSL_TEST_LIBS}) add_test(dsatest dsatest) # dtlstest -if(NOT BUILD_SHARED_LIBS AND NOT WIN32) +if(NOT WIN32) add_executable(dtlstest dtlstest.c) - target_link_libraries(dtlstest ${OPENSSL_LIBS}) + target_link_libraries(dtlstest ${OPENSSL_TEST_LIBS}) add_test(NAME dtlstest COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/dtlstest.sh) set_tests_properties(dtlstest PROPERTIES ENVIRONMENT "srcdir=${TEST_SOURCE_DIR}") endif() -if(NOT BUILD_SHARED_LIBS) +# ec_asn1_test +add_executable(ec_asn1_test ec_asn1_test.c) +target_link_libraries(ec_asn1_test ${OPENSSL_TEST_LIBS}) +add_test(ec_asn1_test ec_asn1_test) + # ec_point_conversion add_executable(ec_point_conversion ec_point_conversion.c) -target_link_libraries(ec_point_conversion ${OPENSSL_LIBS}) +target_link_libraries(ec_point_conversion ${OPENSSL_TEST_LIBS}) add_test(ec_point_conversion ec_point_conversion) # ecdhtest add_executable(ecdhtest ecdhtest.c) -target_link_libraries(ecdhtest ${OPENSSL_LIBS}) +target_link_libraries(ecdhtest ${OPENSSL_TEST_LIBS}) add_test(ecdhtest ecdhtest) # ecdsatest add_executable(ecdsatest ecdsatest.c) -target_link_libraries(ecdsatest ${OPENSSL_LIBS}) +target_link_libraries(ecdsatest ${OPENSSL_TEST_LIBS}) add_test(ecdsatest ecdsatest) # ectest add_executable(ectest ectest.c) -target_link_libraries(ectest ${OPENSSL_LIBS}) +target_link_libraries(ectest ${OPENSSL_TEST_LIBS}) add_test(ectest ectest) -endif() # enginetest add_executable(enginetest enginetest.c) -target_link_libraries(enginetest ${OPENSSL_LIBS}) +target_link_libraries(enginetest ${OPENSSL_TEST_LIBS}) add_test(enginetest enginetest) +# evp_pkey_check +add_executable(evp_pkey_check evp_pkey_check.c) +target_link_libraries(evp_pkey_check ${OPENSSL_TEST_LIBS}) +add_test(evp_pkey_check evp_pkey_check) + +# evp_pkey_cleanup +add_executable(evp_pkey_cleanup evp_pkey_cleanup.c) +target_link_libraries(evp_pkey_cleanup ${OPENSSL_TEST_LIBS}) +add_test(evp_pkey_cleanup evp_pkey_cleanup) + # evptest add_executable(evptest evptest.c) -target_link_libraries(evptest ${OPENSSL_LIBS}) +target_link_libraries(evptest ${OPENSSL_TEST_LIBS}) add_test(evptest evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptests.txt) # explicit_bzero @@ -221,94 +278,89 @@ if(NOT WIN32) else() add_executable(explicit_bzero explicit_bzero.c compat/memmem.c) endif() - target_link_libraries(explicit_bzero ${OPENSSL_LIBS}) + target_link_libraries(explicit_bzero ${OPENSSL_TEST_LIBS}) add_test(explicit_bzero explicit_bzero) endif() # exptest -if(NOT BUILD_SHARED_LIBS) - add_executable(exptest exptest.c) - set_source_files_properties(exptest.c PROPERTIES COMPILE_FLAGS - -ULIBRESSL_INTERNAL) - target_link_libraries(exptest ${OPENSSL_LIBS}) - add_test(exptest exptest) -endif() +add_executable(exptest exptest.c) +set_source_files_properties(exptest.c PROPERTIES COMPILE_FLAGS + -ULIBRESSL_INTERNAL) +target_link_libraries(exptest ${OPENSSL_TEST_LIBS}) +add_test(exptest exptest) # freenull add_executable(freenull freenull.c) -target_link_libraries(freenull ${OPENSSL_LIBS}) +target_link_libraries(freenull ${OPENSSL_TEST_LIBS}) add_test(freenull freenull) # gcm128test add_executable(gcm128test gcm128test.c) -target_link_libraries(gcm128test ${OPENSSL_LIBS}) +target_link_libraries(gcm128test ${OPENSSL_TEST_LIBS}) add_test(gcm128test gcm128test) # gost2814789t add_executable(gost2814789t gost2814789t.c) -target_link_libraries(gost2814789t ${OPENSSL_LIBS}) +target_link_libraries(gost2814789t ${OPENSSL_TEST_LIBS}) add_test(gost2814789t gost2814789t) # handshake_table -if(NOT BUILD_SHARED_LIBS) - add_executable(handshake_table handshake_table.c) - target_link_libraries(handshake_table ${OPENSSL_LIBS}) - add_test(handshake_table handshake_table) -endif() +add_executable(handshake_table handshake_table.c) +target_link_libraries(handshake_table ${OPENSSL_TEST_LIBS}) +add_test(handshake_table handshake_table) # hkdf_test add_executable(hkdf_test hkdf_test.c) -target_link_libraries(hkdf_test ${OPENSSL_LIBS}) +target_link_libraries(hkdf_test ${OPENSSL_TEST_LIBS}) add_test(hkdf_test hkdf_test) # hmactest add_executable(hmactest hmactest.c) -target_link_libraries(hmactest ${OPENSSL_LIBS}) +target_link_libraries(hmactest ${OPENSSL_TEST_LIBS}) add_test(hmactest hmactest) # ideatest add_executable(ideatest ideatest.c) -target_link_libraries(ideatest ${OPENSSL_LIBS}) +target_link_libraries(ideatest ${OPENSSL_TEST_LIBS}) add_test(ideatest ideatest) # igetest add_executable(igetest igetest.c) -target_link_libraries(igetest ${OPENSSL_LIBS}) +target_link_libraries(igetest ${OPENSSL_TEST_LIBS}) add_test(igetest igetest) # keypairtest -if(NOT BUILD_SHARED_LIBS) - add_executable(key_schedule key_schedule.c) - target_link_libraries(key_schedule ${OPENSSL_LIBS}) - add_test(key_schedule key_schedule) - - add_executable(keypairtest keypairtest.c) - target_link_libraries(keypairtest ${LIBTLS_LIBS}) - add_test(keypairtest keypairtest - ${CMAKE_CURRENT_SOURCE_DIR}/ca.pem - ${CMAKE_CURRENT_SOURCE_DIR}/server.pem - ${CMAKE_CURRENT_SOURCE_DIR}/server.pem) -endif() - -# md4test -add_executable(md4test md4test.c) -target_link_libraries(md4test ${OPENSSL_LIBS}) -add_test(md4test md4test) - -# md5test -add_executable(md5test md5test.c) -target_link_libraries(md5test ${OPENSSL_LIBS}) -add_test(md5test md5test) +add_executable(key_schedule key_schedule.c) +target_link_libraries(key_schedule ${OPENSSL_TEST_LIBS}) +add_test(key_schedule key_schedule) + +add_executable(keypairtest keypairtest.c) +target_link_libraries(keypairtest ${LIBTLS_TEST_LIBS}) +target_include_directories(keypairtest BEFORE PUBLIC ../tls) +add_test(keypairtest keypairtest + ${CMAKE_CURRENT_SOURCE_DIR}/ca.pem + ${CMAKE_CURRENT_SOURCE_DIR}/server.pem + ${CMAKE_CURRENT_SOURCE_DIR}/server.pem) + +# md_test +add_executable(md_test md_test.c) +target_link_libraries(md_test ${OPENSSL_TEST_LIBS}) +add_test(md_test md_test) # mont add_executable(mont mont.c) -target_link_libraries(mont ${OPENSSL_LIBS}) +target_link_libraries(mont ${OPENSSL_TEST_LIBS}) add_test(mont mont) +# objectstest +add_executable(objectstest objectstest.c) +target_link_libraries(objectstest ${OPENSSL_TEST_LIBS}) +add_test(objectstest objectstest) + # ocsp_test if(ENABLE_EXTRATESTS) add_executable(ocsp_test ocsp_test.c) - target_link_libraries(ocsp_test ${OPENSSL_LIBS}) + target_link_libraries(ocsp_test ${OPENSSL_TEST_LIBS}) if(NOT MSVC) add_test(NAME ocsptest COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/ocsptest.sh) else() @@ -318,12 +370,12 @@ endif() # optionstest add_executable(optionstest optionstest.c) -target_link_libraries(optionstest ${OPENSSL_LIBS}) +target_link_libraries(optionstest ${OPENSSL_TEST_LIBS}) add_test(optionstest optionstest) # pbkdf2 add_executable(pbkdf2 pbkdf2.c) -target_link_libraries(pbkdf2 ${OPENSSL_LIBS}) +target_link_libraries(pbkdf2 ${OPENSSL_TEST_LIBS}) add_test(pbkdf2 pbkdf2) # pidwraptest @@ -331,138 +383,142 @@ add_test(pbkdf2 pbkdf2) # awkward on systems with slow fork if(ENABLE_EXTRATESTS AND NOT MSVC) add_executable(pidwraptest pidwraptest.c) - target_link_libraries(pidwraptest ${OPENSSL_LIBS}) + target_link_libraries(pidwraptest ${OPENSSL_TEST_LIBS}) add_test(pidwraptest ${CMAKE_CURRENT_SOURCE_DIR}/pidwraptest.sh) endif() # pkcs7test add_executable(pkcs7test pkcs7test.c) -target_link_libraries(pkcs7test ${OPENSSL_LIBS}) +target_link_libraries(pkcs7test ${OPENSSL_TEST_LIBS}) add_test(pkcs7test pkcs7test) # poly1305test add_executable(poly1305test poly1305test.c) -target_link_libraries(poly1305test ${OPENSSL_LIBS}) +target_link_libraries(poly1305test ${OPENSSL_TEST_LIBS}) add_test(poly1305test poly1305test) # pq_test -if(NOT BUILD_SHARED_LIBS) - add_executable(pq_test pq_test.c) - target_link_libraries(pq_test ${OPENSSL_LIBS}) - if(NOT MSVC) - add_test(NAME pq_test COMMAND - ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh) - else() - add_test(NAME pq_test COMMAND - ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.bat - $) - endif() - set_tests_properties(pq_test PROPERTIES ENVIRONMENT - "srcdir=${TEST_SOURCE_DIR}") +add_executable(pq_test pq_test.c) +target_link_libraries(pq_test ${OPENSSL_TEST_LIBS}) +if(NOT MSVC) + add_test(NAME pq_test COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh) +else() + add_test(NAME pq_test COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.bat + $) endif() +set_tests_properties(pq_test PROPERTIES ENVIRONMENT "srcdir=${TEST_SOURCE_DIR}") + +# quictest +set(QUICTEST_SRC quictest.c) +add_executable(quictest ${QUICTEST_SRC}) +target_link_libraries(quictest ${OPENSSL_TEST_LIBS}) +if(NOT MSVC) + add_test(NAME quictest COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/quictest.sh) +else() + add_test(NAME quictest COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/quictest.bat $) +endif() +set_tests_properties(quictest PROPERTIES ENVIRONMENT "srcdir=${TEST_SOURCE_DIR}") # randtest add_executable(randtest randtest.c) -target_link_libraries(randtest ${OPENSSL_LIBS}) +target_link_libraries(randtest ${OPENSSL_TEST_LIBS}) add_test(randtest randtest) -# rc2test -add_executable(rc2test rc2test.c) -target_link_libraries(rc2test ${OPENSSL_LIBS}) -add_test(rc2test rc2test) +# rc2_test +add_executable(rc2_test rc2_test.c) +target_link_libraries(rc2_test ${OPENSSL_TEST_LIBS}) +add_test(rc2_test rc2_test) -# rc4test -add_executable(rc4test rc4test.c) -target_link_libraries(rc4test ${OPENSSL_LIBS}) -add_test(rc4test rc4test) +# rc4_test +add_executable(rc4_test rc4_test.c) +target_link_libraries(rc4_test ${OPENSSL_TEST_LIBS}) +add_test(rc4_test rc4_test) # recordtest -if(NOT BUILD_SHARED_LIBS) - add_executable(recordtest recordtest.c) - target_link_libraries(recordtest ${OPENSSL_LIBS}) - add_test(recordtest recordtest) -endif() +add_executable(recordtest recordtest.c) +target_link_libraries(recordtest ${OPENSSL_TEST_LIBS}) +add_test(recordtest recordtest) # record_layer_test -if(NOT BUILD_SHARED_LIBS) - add_executable(record_layer_test record_layer_test.c) - target_link_libraries(record_layer_test ${OPENSSL_LIBS}) - add_test(record_layer_test record_layer_test) -endif() +add_executable(record_layer_test record_layer_test.c) +target_link_libraries(record_layer_test ${OPENSSL_TEST_LIBS}) +add_test(record_layer_test record_layer_test) + +# rfc3779 +add_executable(rfc3779 rfc3779.c) +set_source_files_properties(rfc3779.c PROPERTIES COMPILE_FLAGS -D__unused=) +target_link_libraries(rfc3779 ${OPENSSL_TEST_LIBS}) +add_test(rfc3779 rfc3779) # rfc5280time add_executable(rfc5280time rfc5280time.c) -target_link_libraries(rfc5280time ${OPENSSL_LIBS}) +target_link_libraries(rfc5280time ${OPENSSL_TEST_LIBS}) if(SMALL_TIME_T) add_test(rfc5280time ${CMAKE_CURRENT_SOURCE_DIR}/rfc5280time_small.test) else() add_test(rfc5280time rfc5280time) endif() -# rmdtest -add_executable(rmdtest rmdtest.c) -target_link_libraries(rmdtest ${OPENSSL_LIBS}) -add_test(rmdtest rmdtest) +# rmd_test +add_executable(rmd_test rmd_test.c) +target_link_libraries(rmd_test ${OPENSSL_TEST_LIBS}) +add_test(rmd_test rmd_test) # rsa_test add_executable(rsa_test rsa_test.c) -target_link_libraries(rsa_test ${OPENSSL_LIBS}) +target_link_libraries(rsa_test ${OPENSSL_TEST_LIBS}) add_test(rsa_test rsa_test) # servertest -if(NOT BUILD_SHARED_LIBS) - add_executable(servertest servertest.c) - target_link_libraries(servertest ${OPENSSL_LIBS}) - if(NOT MSVC) - add_test(NAME servertest COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/servertest.sh) - else() - add_test(NAME servertest COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/servertest.bat $) - endif() - set_tests_properties(servertest PROPERTIES ENVIRONMENT "srcdir=${TEST_SOURCE_DIR}") +add_executable(servertest servertest.c) +target_link_libraries(servertest ${OPENSSL_TEST_LIBS}) +if(NOT MSVC) + add_test(NAME servertest COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/servertest.sh) +else() + add_test(NAME servertest COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/servertest.bat $) endif() +set_tests_properties(servertest PROPERTIES ENVIRONMENT "srcdir=${TEST_SOURCE_DIR}") -# sha1test -add_executable(sha1test sha1test.c) -target_link_libraries(sha1test ${OPENSSL_LIBS}) -add_test(sha1test sha1test) - -# sha256test -add_executable(sha256test sha256test.c) -target_link_libraries(sha256test ${OPENSSL_LIBS}) -add_test(sha256test sha256test) - -# sha512test -add_executable(sha512test sha512test.c) -target_link_libraries(sha512test ${OPENSSL_LIBS}) -add_test(sha512test sha512test) +# sha_test +add_executable(sha_test sha_test.c) +target_link_libraries(sha_test ${OPENSSL_TEST_LIBS}) +add_test(sha_test sha_test) # sm3test add_executable(sm3test sm3test.c) -target_link_libraries(sm3test ${OPENSSL_LIBS}) +target_link_libraries(sm3test ${OPENSSL_TEST_LIBS}) add_test(sm3test sm3test) # sm4test add_executable(sm4test sm4test.c) -target_link_libraries(sm4test ${OPENSSL_LIBS}) +target_link_libraries(sm4test ${OPENSSL_TEST_LIBS}) add_test(sm4test sm4test) # ssl_get_shared_ciphers add_executable(ssl_get_shared_ciphers ssl_get_shared_ciphers.c) set_source_files_properties(ssl_get_shared_ciphers.c PROPERTIES COMPILE_FLAGS -DCERTSDIR=\\"${CMAKE_CURRENT_SOURCE_DIR}\\") -target_link_libraries(ssl_get_shared_ciphers ${OPENSSL_LIBS}) +target_link_libraries(ssl_get_shared_ciphers ${OPENSSL_TEST_LIBS}) add_test(ssl_get_shared_ciphers ssl_get_shared_ciphers) +# ssl_methods +add_executable(ssl_methods ssl_methods.c) +target_link_libraries(ssl_methods ${OPENSSL_TEST_LIBS}) +add_test(ssl_methods ssl_methods) + +# ssl_set_alpn_protos +add_executable(ssl_set_alpn_protos ssl_set_alpn_protos.c) +target_link_libraries(ssl_set_alpn_protos ${OPENSSL_TEST_LIBS}) +add_test(ssl_set_alpn_protos ssl_set_alpn_protos) + # ssl_versions -if(NOT BUILD_SHARED_LIBS) - add_executable(ssl_versions ssl_versions.c) - target_link_libraries(ssl_versions ${OPENSSL_LIBS}) - add_test(ssl_versions ssl_versions) -endif() +add_executable(ssl_versions ssl_versions.c) +target_link_libraries(ssl_versions ${OPENSSL_TEST_LIBS}) +add_test(ssl_versions ssl_versions) # ssltest add_executable(ssltest ssltest.c) -target_link_libraries(ssltest ${OPENSSL_LIBS}) +target_link_libraries(ssltest ${OPENSSL_TEST_LIBS}) if(NOT MSVC) add_test(NAME ssltest COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh) else() @@ -470,6 +526,11 @@ else() endif() set_tests_properties(ssltest PROPERTIES ENVIRONMENT "srcdir=${TEST_SOURCE_DIR}") +# string_table +add_executable(string_table string_table.c) +target_link_libraries(string_table ${OPENSSL_TEST_LIBS}) +add_test(string_table string_table) + # testdsa if(NOT MSVC) add_test(NAME testdsa COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh) @@ -496,19 +557,17 @@ set_tests_properties(testrsa PROPERTIES ENVIRONMENT "srcdir=${TEST_SOURCE_DIR}") # timingsafe add_executable(timingsafe timingsafe.c) -target_link_libraries(timingsafe ${OPENSSL_LIBS}) +target_link_libraries(timingsafe ${OPENSSL_TEST_LIBS}) add_test(timingsafe timingsafe) # tlsexttest -if(NOT BUILD_SHARED_LIBS) - add_executable(tlsexttest tlsexttest.c) - target_link_libraries(tlsexttest ${OPENSSL_LIBS}) - add_test(tlsexttest tlsexttest) -endif() +add_executable(tlsexttest tlsexttest.c) +target_link_libraries(tlsexttest ${OPENSSL_TEST_LIBS}) +add_test(tlsexttest tlsexttest) # tlslegacytest add_executable(tlslegacytest tlslegacytest.c) -target_link_libraries(tlslegacytest ${OPENSSL_LIBS}) +target_link_libraries(tlslegacytest ${OPENSSL_TEST_LIBS}) add_test(tlslegacytest tlslegacytest) # tlstest @@ -522,7 +581,7 @@ if(NOT CMAKE_SYSTEM_NAME MATCHES "WindowsStore") endif() add_executable(tlstest ${TLSTEST_SRC}) - target_link_libraries(tlstest ${LIBTLS_LIBS}) + target_link_libraries(tlstest ${LIBTLS_TEST_LIBS}) if(NOT MSVC) add_test(NAME tlstest COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/tlstest.sh) else() @@ -532,67 +591,59 @@ if(NOT CMAKE_SYSTEM_NAME MATCHES "WindowsStore") endif() # tls_ext_alpn -if(NOT BUILD_SHARED_LIBS) - add_executable(tls_ext_alpn tls_ext_alpn.c) - target_link_libraries(tls_ext_alpn ${OPENSSL_LIBS}) - add_test(tls_ext_alpn tls_ext_alpn) -endif() +add_executable(tls_ext_alpn tls_ext_alpn.c) +target_link_libraries(tls_ext_alpn ${OPENSSL_TEST_LIBS}) +add_test(tls_ext_alpn tls_ext_alpn) # tls_prf -if(NOT BUILD_SHARED_LIBS) - add_executable(tls_prf tls_prf.c) - target_link_libraries(tls_prf ${OPENSSL_LIBS}) - add_test(tls_prf tls_prf) -endif() +add_executable(tls_prf tls_prf.c) +target_link_libraries(tls_prf ${OPENSSL_TEST_LIBS}) +add_test(tls_prf tls_prf) # utf8test -if(NOT BUILD_SHARED_LIBS) - add_executable(utf8test utf8test.c) - target_link_libraries(utf8test ${OPENSSL_LIBS}) - add_test(utf8test utf8test) -endif() +add_executable(utf8test utf8test.c) +target_link_libraries(utf8test ${OPENSSL_TEST_LIBS}) +add_test(utf8test utf8test) # valid_handshakes_terminate -if(NOT BUILD_SHARED_LIBS) - add_executable(valid_handshakes_terminate valid_handshakes_terminate.c) - target_link_libraries(valid_handshakes_terminate ${OPENSSL_LIBS}) - add_test(valid_handshakes_terminate valid_handshakes_terminate) -endif() +add_executable(valid_handshakes_terminate valid_handshakes_terminate.c) +target_link_libraries(valid_handshakes_terminate ${OPENSSL_TEST_LIBS}) +add_test(valid_handshakes_terminate valid_handshakes_terminate) # verifytest -if(NOT BUILD_SHARED_LIBS) - add_executable(verifytest verifytest.c) - target_link_libraries(verifytest ${LIBTLS_LIBS}) - add_test(verifytest verifytest) -endif() +add_executable(verifytest verifytest.c) +target_link_libraries(verifytest ${LIBTLS_TEST_LIBS}) +add_test(verifytest verifytest) # x25519test add_executable(x25519test x25519test.c) -target_link_libraries(x25519test ${OPENSSL_LIBS}) +target_link_libraries(x25519test ${OPENSSL_TEST_LIBS}) add_test(x25519test x25519test) # x509attribute add_executable(x509attribute x509attribute.c) -target_link_libraries(x509attribute ${OPENSSL_LIBS}) +target_link_libraries(x509attribute ${OPENSSL_TEST_LIBS}) add_test(x509attribute x509attribute) # x509_info add_executable(x509_info x509_info.c) -target_link_libraries(x509_info ${OPENSSL_LIBS}) +target_link_libraries(x509_info ${OPENSSL_TEST_LIBS}) add_test(x509_info x509_info) # x509name add_executable(x509name x509name.c) -target_link_libraries(x509name ${OPENSSL_LIBS}) +target_link_libraries(x509name ${OPENSSL_TEST_LIBS}) add_test(x509name x509name) -if(BUILD_SHARED_LIBS) - add_custom_command(TARGET x25519test POST_BUILD - COMMAND "${CMAKE_COMMAND}" -E copy - "$" - "$" - "$" - "${CMAKE_CURRENT_BINARY_DIR}" - COMMENT "Copying DLLs for regression tests") -endif() - +# x509req_ext +add_executable(x509req_ext x509req_ext.c) +target_link_libraries(x509req_ext ${OPENSSL_TEST_LIBS}) +add_test(x509req_ext x509req_ext) + +add_custom_command(TARGET x25519test POST_BUILD + COMMAND "${CMAKE_COMMAND}" -E copy + "$" + "$" + "$" + "${CMAKE_CURRENT_BINARY_DIR}" + COMMENT "Copying DLLs for regression tests") diff --git a/tests/Makefile.am b/tests/Makefile.am index f43bd858..24e6f2ee 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -1,13 +1,17 @@ include $(top_srcdir)/Makefile.am.common -AM_CPPFLAGS += -I $(top_srcdir)/crypto/modes +AM_CPPFLAGS += -DLIBRESSL_CRYPTO_INTERNAL + AM_CPPFLAGS += -I $(top_srcdir)/crypto/asn1 +AM_CPPFLAGS += -I $(top_srcdir)/crypto/bio +AM_CPPFLAGS += -I $(top_srcdir)/crypto/bn +AM_CPPFLAGS += -I $(top_srcdir)/crypto/evp +AM_CPPFLAGS += -I $(top_srcdir)/crypto/modes AM_CPPFLAGS += -I $(top_srcdir)/crypto/x509 AM_CPPFLAGS += -I $(top_srcdir)/ssl -AM_CPPFLAGS += -I $(top_srcdir)/tls AM_CPPFLAGS += -I $(top_srcdir)/apps/openssl AM_CPPFLAGS += -I $(top_srcdir)/apps/openssl/compat -AM_CPPFLAGS += -D_PATH_SSL_CA_FILE=\"$(top_srcdir)/apps/openssl/cert.pem\" +AM_CPPFLAGS += -D_PATH_SSL_CA_FILE=\"$(top_srcdir)/cert.pem\" LDADD = $(abs_top_builddir)/tls/.libs/libtls.a LDADD += $(abs_top_builddir)/ssl/.libs/libssl.a @@ -30,6 +34,11 @@ check_PROGRAMS += aeadtest aeadtest_SOURCES = aeadtest.c EXTRA_DIST += aeadtest.sh EXTRA_DIST += aeadtests.txt +EXTRA_DIST += aes_128_gcm_tests.txt +EXTRA_DIST += aes_192_gcm_tests.txt +EXTRA_DIST += aes_256_gcm_tests.txt +EXTRA_DIST += chacha20_poly1305_tests.txt +EXTRA_DIST += xchacha20_poly1305_tests.txt # aes_wrap TESTS += aes_wrap @@ -45,11 +54,41 @@ arc4randomforktest_SOURCES = arc4randomforktest.c endif EXTRA_DIST += arc4randomforktest.sh +# asn1_string_to_utf8 +TESTS += asn1_string_to_utf8 +check_PROGRAMS += asn1_string_to_utf8 +asn1_string_to_utf8_SOURCES = asn1_string_to_utf8.c + +# asn1api +TESTS += asn1api +check_PROGRAMS += asn1api +asn1api_SOURCES = asn1api.c + +# asn1basic +TESTS += asn1basic +check_PROGRAMS += asn1basic +asn1basic_SOURCES = asn1basic.c + +# asn1complex +TESTS += asn1complex +check_PROGRAMS += asn1complex +asn1complex_SOURCES = asn1complex.c + # asn1evp TESTS += asn1evp check_PROGRAMS += asn1evp asn1evp_SOURCES = asn1evp.c +# asn1object +TESTS += asn1object +check_PROGRAMS += asn1object +asn1object_SOURCES = asn1object.c + +# asn1string_copy +TESTS += asn1string_copy +check_PROGRAMS += asn1string_copy +asn1string_copy_SOURCES = asn1string_copy.c + # asn1test TESTS += asn1test check_PROGRAMS += asn1test @@ -60,6 +99,11 @@ TESTS += asn1time check_PROGRAMS += asn1time asn1time_SOURCES = asn1time.c +# asn1x509 +TESTS += asn1x509 +check_PROGRAMS += asn1x509 +asn1x509_SOURCES = asn1x509.c + # base64test TESTS += base64test check_PROGRAMS += base64test @@ -83,6 +127,26 @@ TESTS += bnaddsub check_PROGRAMS += bnaddsub bnaddsub_SOURCES = bnaddsub.c +# bn_isqrt +TESTS += bn_isqrt +check_PROGRAMS += bn_isqrt +bn_isqrt_SOURCES = bn_isqrt.c + +# bn_mod_exp2_mont +TESTS += bn_mod_exp2_mont +check_PROGRAMS += bn_mod_exp2_mont +bn_mod_exp2_mont_SOURCES = bn_mod_exp2_mont.c + +# bn_mod_sqrt +TESTS += bn_mod_sqrt +check_PROGRAMS += bn_mod_sqrt +bn_mod_sqrt_SOURCES = bn_mod_sqrt.c + +# bn_primes +TESTS += bn_primes +check_PROGRAMS += bn_primes +bn_primes_SOURCES = bn_primes.c + # bn_rand_interval TESTS += bn_rand_interval check_PROGRAMS += bn_rand_interval @@ -101,7 +165,6 @@ bn_to_string_SOURCES = bn_to_string.c # buffertest TESTS += buffertest -buffertest_CPPFLAGS = $(AM_CPPFLAGS) check_PROGRAMS += buffertest buffertest_SOURCES = buffertest.c @@ -179,6 +242,11 @@ dtlstest_SOURCES = dtlstest.c endif EXTRA_DIST += dtlstest.sh +# ec_asn1_test +TESTS += ec_asn1_test +check_PROGRAMS += ec_asn1_test +ec_asn1_test_SOURCES = ec_asn1_test.c + # ec_point_conversion TESTS += ec_point_conversion check_PROGRAMS += ec_point_conversion @@ -204,6 +272,16 @@ TESTS += enginetest check_PROGRAMS += enginetest enginetest_SOURCES = enginetest.c +# evp_pkey_check +TESTS += evp_pkey_check +check_PROGRAMS += evp_pkey_check +evp_pkey_check_SOURCES = evp_pkey_check.c + +# evp_pkey_cleanup +TESTS += evp_pkey_cleanup +check_PROGRAMS += evp_pkey_cleanup +evp_pkey_cleanup_SOURCES = evp_pkey_cleanup.c + # evptest TESTS += evptest.sh check_PROGRAMS += evptest @@ -270,32 +348,33 @@ TESTS += igetest check_PROGRAMS += igetest igetest_SOURCES = igetest.c -# keypairtest -TESTS += keypairtest.sh -check_PROGRAMS += keypairtest -keypairtest_SOURCES = keypairtest.c -EXTRA_DIST += keypairtest.sh - # key_schedule TESTS += key_schedule check_PROGRAMS += key_schedule key_schedule_SOURCES = key_schedule.c -# md4test -TESTS += md4test -check_PROGRAMS += md4test -md4test_SOURCES = md4test.c +# keypairtest +TESTS += keypairtest.sh +keypairtest_CPPFLAGS = -I $(top_srcdir)/tls $(AM_CPPFLAGS) +check_PROGRAMS += keypairtest +keypairtest_SOURCES = keypairtest.c +EXTRA_DIST += keypairtest.sh -# md5test -TESTS += md5test -check_PROGRAMS += md5test -md5test_SOURCES = md5test.c +# md_test +TESTS += md_test +check_PROGRAMS += md_test +md_test_SOURCES = md_test.c # mont TESTS += mont check_PROGRAMS += mont mont_SOURCES = mont.c +# objectstest +TESTS += objectstest +check_PROGRAMS += objectstest +objectstest_SOURCES = objectstest.c + # ocsp_test if ENABLE_EXTRATESTS TESTS += ocsptest.sh @@ -341,20 +420,26 @@ pq_test_SOURCES = pq_test.c EXTRA_DIST += pq_test.sh pq_test.bat EXTRA_DIST += pq_expected.txt +# quictest +TESTS += quictest.sh +check_PROGRAMS += quictest +quictest_SOURCES = quictest.c +EXTRA_DIST += quictest.sh quictest.bat + # randtest TESTS += randtest check_PROGRAMS += randtest randtest_SOURCES = randtest.c -# rc2test -TESTS += rc2test -check_PROGRAMS += rc2test -rc2test_SOURCES = rc2test.c +# rc2_test +TESTS += rc2_test +check_PROGRAMS += rc2_test +rc2_test_SOURCES = rc2_test.c -# rc4test -TESTS += rc4test -check_PROGRAMS += rc4test -rc4test_SOURCES = rc4test.c +# rc4_test +TESTS += rc4_test +check_PROGRAMS += rc4_test +rc4_test_SOURCES = rc4_test.c # recordtest TESTS += recordtest @@ -366,6 +451,12 @@ TESTS += record_layer_test check_PROGRAMS += record_layer_test record_layer_test_SOURCES = record_layer_test.c +# rfc3779 +TESTS += rfc3779 +rfc3779_CPPFLAGS = $(AM_CPPFLAGS) -D__unused= +check_PROGRAMS += rfc3779 +rfc3779_SOURCES = rfc3779.c + # rfc5280time check_PROGRAMS += rfc5280time rfc5280time_SOURCES = rfc5280time.c @@ -376,10 +467,10 @@ TESTS += rfc5280time endif EXTRA_DIST += rfc5280time_small.test -# rmdtest -TESTS += rmdtest -check_PROGRAMS += rmdtest -rmdtest_SOURCES = rmdtest.c +# rmd_test +TESTS += rmd_test +check_PROGRAMS += rmd_test +rmd_test_SOURCES = rmd_test.c # rsa_test TESTS += rsa_test @@ -392,20 +483,10 @@ check_PROGRAMS += servertest servertest_SOURCES = servertest.c EXTRA_DIST += servertest.sh servertest.bat -# sha1test -TESTS += sha1test -check_PROGRAMS += sha1test -sha1test_SOURCES = sha1test.c - -# sha256test -TESTS += sha256test -check_PROGRAMS += sha256test -sha256test_SOURCES = sha256test.c - -# sha512test -TESTS += sha512test -check_PROGRAMS += sha512test -sha512test_SOURCES = sha512test.c +# sha_test +TESTS += sha_test +check_PROGRAMS += sha_test +sha_test_SOURCES = sha_test.c # sm3test TESTS += sm3test @@ -428,6 +509,11 @@ TESTS += ssl_methods check_PROGRAMS += ssl_methods ssl_methods_SOURCES = ssl_methods.c +# ssl_set_alpn_protos +TESTS += ssl_set_alpn_protos +check_PROGRAMS += ssl_set_alpn_protos +ssl_set_alpn_protos_SOURCES = ssl_set_alpn_protos.c + # ssl_versions TESTS += ssl_versions check_PROGRAMS += ssl_versions @@ -438,7 +524,24 @@ TESTS += ssltest.sh check_PROGRAMS += ssltest ssltest_SOURCES = ssltest.c EXTRA_DIST += ssltest.sh ssltest.bat -EXTRA_DIST += testssl testssl.bat ca.pem server.pem +EXTRA_DIST += testssl testssl.bat +EXTRA_DIST += ca-int-ecdsa.crl ca-int-ecdsa.pem ca-int-rsa.crl ca-int-rsa.pem +EXTRA_DIST += ca-root-ecdsa.pem ca-root-rsa.pem ca.pem client.pem +EXTRA_DIST += client1-ecdsa-chain.pem client1-ecdsa.pem client1-rsa-chain.pem +EXTRA_DIST += client1-rsa.pem client2-ecdsa-chain.pem client2-ecdsa.pem +EXTRA_DIST += client2-rsa-chain.pem client2-rsa.pem client3-ecdsa-chain.pem +EXTRA_DIST += client3-ecdsa.pem client3-rsa-chain.pem client3-rsa.pem +EXTRA_DIST += server.pem server1-ecdsa-chain.pem server1-ecdsa.pem +EXTRA_DIST += server1-rsa-chain.pem server1-rsa.pem server2-ecdsa-chain.pem +EXTRA_DIST += server2-ecdsa.pem server2-rsa-chain.pem server2-rsa.pem +EXTRA_DIST += server3-ecdsa-chain.pem server3-ecdsa.pem server3-rsa-chain.pem +EXTRA_DIST += server3-rsa.pem + + +# string_table +TESTS += string_table +check_PROGRAMS += string_table +string_table_SOURCES = string_table.c # testdsa TESTS += testdsa.sh @@ -521,3 +624,8 @@ x509_info_SOURCES = x509_info.c TESTS += x509name check_PROGRAMS += x509name x509name_SOURCES = x509name.c + +# x509req_ext +TESTS += x509req_ext +check_PROGRAMS += x509req_ext +x509req_ext_SOURCES = x509req_ext.c diff --git a/tests/Makefile.in b/tests/Makefile.in index 8ab9a31c..c20d7c65 100644 --- a/tests/Makefile.in +++ b/tests/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.3 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2020 Free Software Foundation, Inc. +# Copyright (C) 1994-2021 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -89,70 +89,84 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HOST_ASM_MACOSX_X86_64_TRUE@am__append_1 = $(abs_top_builddir)/crypto/.libs/libcrypto_la-cpuid-macosx-x86_64.o -TESTS = aeadtest.sh aes_wrap$(EXEEXT) $(am__append_2) asn1evp$(EXEEXT) \ - asn1test$(EXEEXT) asn1time$(EXEEXT) base64test$(EXEEXT) \ +TESTS = aeadtest.sh aes_wrap$(EXEEXT) $(am__append_2) \ + asn1_string_to_utf8$(EXEEXT) asn1api$(EXEEXT) \ + asn1basic$(EXEEXT) asn1complex$(EXEEXT) asn1evp$(EXEEXT) \ + asn1object$(EXEEXT) asn1string_copy$(EXEEXT) asn1test$(EXEEXT) \ + asn1time$(EXEEXT) asn1x509$(EXEEXT) base64test$(EXEEXT) \ bftest$(EXEEXT) $(am__EXEEXT_2) bnaddsub$(EXEEXT) \ + bn_isqrt$(EXEEXT) bn_mod_exp2_mont$(EXEEXT) \ + bn_mod_sqrt$(EXEEXT) bn_primes$(EXEEXT) \ bn_rand_interval$(EXEEXT) bntest$(EXEEXT) \ bn_to_string$(EXEEXT) buffertest$(EXEEXT) \ bytestringtest$(EXEEXT) casttest$(EXEEXT) chachatest$(EXEEXT) \ cipher_list$(EXEEXT) cipherstest$(EXEEXT) clienttest$(EXEEXT) \ cmstest$(EXEEXT) configtest$(EXEEXT) constraints$(EXEEXT) \ cts128test$(EXEEXT) destest$(EXEEXT) dhtest$(EXEEXT) \ - dsatest$(EXEEXT) $(am__append_6) ec_point_conversion$(EXEEXT) \ - ecdhtest$(EXEEXT) ecdsatest$(EXEEXT) ectest$(EXEEXT) \ - enginetest$(EXEEXT) evptest.sh $(am__EXEEXT_4) \ - exptest$(EXEEXT) freenull$(EXEEXT) gcm128test$(EXEEXT) \ - gost2814789t$(EXEEXT) handshake_table$(EXEEXT) \ - hkdftest$(EXEEXT) hmactest$(EXEEXT) ideatest$(EXEEXT) \ - igetest$(EXEEXT) keypairtest.sh key_schedule$(EXEEXT) \ - md4test$(EXEEXT) md5test$(EXEEXT) mont$(EXEEXT) \ - $(am__append_11) optionstest$(EXEEXT) pbkdf2$(EXEEXT) \ - $(am__append_13) pkcs7test$(EXEEXT) poly1305test$(EXEEXT) \ - pq_test.sh randtest$(EXEEXT) rc2test$(EXEEXT) rc4test$(EXEEXT) \ - recordtest$(EXEEXT) record_layer_test$(EXEEXT) \ - $(am__append_15) $(am__EXEEXT_7) rmdtest$(EXEEXT) \ - rsa_test$(EXEEXT) servertest.sh sha1test$(EXEEXT) \ - sha256test$(EXEEXT) sha512test$(EXEEXT) sm3test$(EXEEXT) \ + dsatest$(EXEEXT) $(am__append_6) ec_asn1_test$(EXEEXT) \ + ec_point_conversion$(EXEEXT) ecdhtest$(EXEEXT) \ + ecdsatest$(EXEEXT) ectest$(EXEEXT) enginetest$(EXEEXT) \ + evp_pkey_check$(EXEEXT) evp_pkey_cleanup$(EXEEXT) evptest.sh \ + $(am__EXEEXT_4) exptest$(EXEEXT) freenull$(EXEEXT) \ + gcm128test$(EXEEXT) gost2814789t$(EXEEXT) \ + handshake_table$(EXEEXT) hkdftest$(EXEEXT) hmactest$(EXEEXT) \ + ideatest$(EXEEXT) igetest$(EXEEXT) key_schedule$(EXEEXT) \ + keypairtest.sh md_test$(EXEEXT) mont$(EXEEXT) \ + objectstest$(EXEEXT) $(am__append_11) optionstest$(EXEEXT) \ + pbkdf2$(EXEEXT) $(am__append_13) pkcs7test$(EXEEXT) \ + poly1305test$(EXEEXT) pq_test.sh quictest.sh randtest$(EXEEXT) \ + rc2_test$(EXEEXT) rc4_test$(EXEEXT) recordtest$(EXEEXT) \ + record_layer_test$(EXEEXT) rfc3779$(EXEEXT) $(am__append_15) \ + $(am__EXEEXT_7) rmd_test$(EXEEXT) rsa_test$(EXEEXT) \ + servertest.sh sha_test$(EXEEXT) sm3test$(EXEEXT) \ sm4test$(EXEEXT) ssl_get_shared_ciphers$(EXEEXT) \ - ssl_methods$(EXEEXT) ssl_versions$(EXEEXT) ssltest.sh \ + ssl_methods$(EXEEXT) ssl_set_alpn_protos$(EXEEXT) \ + ssl_versions$(EXEEXT) ssltest.sh string_table$(EXEEXT) \ testdsa.sh testenc.sh testrsa.sh timingsafe$(EXEEXT) \ tlsexttest$(EXEEXT) tlslegacytest$(EXEEXT) tlstest.sh \ tls_ext_alpn$(EXEEXT) tls_prf$(EXEEXT) utf8test$(EXEEXT) \ valid_handshakes_terminate$(EXEEXT) verifytest$(EXEEXT) \ x25519test$(EXEEXT) x509attribute$(EXEEXT) x509_info$(EXEEXT) \ - x509name$(EXEEXT) + x509name$(EXEEXT) x509req_ext$(EXEEXT) check_PROGRAMS = aeadtest$(EXEEXT) aes_wrap$(EXEEXT) $(am__EXEEXT_1) \ - asn1evp$(EXEEXT) asn1test$(EXEEXT) asn1time$(EXEEXT) \ - base64test$(EXEEXT) bftest$(EXEEXT) $(am__EXEEXT_2) \ - bnaddsub$(EXEEXT) bn_rand_interval$(EXEEXT) bntest$(EXEEXT) \ + asn1_string_to_utf8$(EXEEXT) asn1api$(EXEEXT) \ + asn1basic$(EXEEXT) asn1complex$(EXEEXT) asn1evp$(EXEEXT) \ + asn1object$(EXEEXT) asn1string_copy$(EXEEXT) asn1test$(EXEEXT) \ + asn1time$(EXEEXT) asn1x509$(EXEEXT) base64test$(EXEEXT) \ + bftest$(EXEEXT) $(am__EXEEXT_2) bnaddsub$(EXEEXT) \ + bn_isqrt$(EXEEXT) bn_mod_exp2_mont$(EXEEXT) \ + bn_mod_sqrt$(EXEEXT) bn_primes$(EXEEXT) \ + bn_rand_interval$(EXEEXT) bntest$(EXEEXT) \ bn_to_string$(EXEEXT) buffertest$(EXEEXT) \ bytestringtest$(EXEEXT) casttest$(EXEEXT) chachatest$(EXEEXT) \ cipher_list$(EXEEXT) cipherstest$(EXEEXT) clienttest$(EXEEXT) \ cmstest$(EXEEXT) configtest$(EXEEXT) constraints$(EXEEXT) \ cts128test$(EXEEXT) destest$(EXEEXT) dhtest$(EXEEXT) \ - dsatest$(EXEEXT) $(am__EXEEXT_3) ec_point_conversion$(EXEEXT) \ - ecdhtest$(EXEEXT) ecdsatest$(EXEEXT) ectest$(EXEEXT) \ - enginetest$(EXEEXT) evptest$(EXEEXT) $(am__EXEEXT_4) \ - exptest$(EXEEXT) freenull$(EXEEXT) gcm128test$(EXEEXT) \ - gost2814789t$(EXEEXT) handshake_table$(EXEEXT) \ - hkdftest$(EXEEXT) hmactest$(EXEEXT) ideatest$(EXEEXT) \ - igetest$(EXEEXT) keypairtest$(EXEEXT) key_schedule$(EXEEXT) \ - md4test$(EXEEXT) md5test$(EXEEXT) mont$(EXEEXT) \ - $(am__EXEEXT_5) optionstest$(EXEEXT) pbkdf2$(EXEEXT) \ - $(am__EXEEXT_6) pkcs7test$(EXEEXT) poly1305test$(EXEEXT) \ - pq_test$(EXEEXT) randtest$(EXEEXT) rc2test$(EXEEXT) \ - rc4test$(EXEEXT) recordtest$(EXEEXT) \ - record_layer_test$(EXEEXT) rfc5280time$(EXEEXT) \ - rmdtest$(EXEEXT) rsa_test$(EXEEXT) servertest$(EXEEXT) \ - sha1test$(EXEEXT) sha256test$(EXEEXT) sha512test$(EXEEXT) \ + dsatest$(EXEEXT) $(am__EXEEXT_3) ec_asn1_test$(EXEEXT) \ + ec_point_conversion$(EXEEXT) ecdhtest$(EXEEXT) \ + ecdsatest$(EXEEXT) ectest$(EXEEXT) enginetest$(EXEEXT) \ + evp_pkey_check$(EXEEXT) evp_pkey_cleanup$(EXEEXT) \ + evptest$(EXEEXT) $(am__EXEEXT_4) exptest$(EXEEXT) \ + freenull$(EXEEXT) gcm128test$(EXEEXT) gost2814789t$(EXEEXT) \ + handshake_table$(EXEEXT) hkdftest$(EXEEXT) hmactest$(EXEEXT) \ + ideatest$(EXEEXT) igetest$(EXEEXT) key_schedule$(EXEEXT) \ + keypairtest$(EXEEXT) md_test$(EXEEXT) mont$(EXEEXT) \ + objectstest$(EXEEXT) $(am__EXEEXT_5) optionstest$(EXEEXT) \ + pbkdf2$(EXEEXT) $(am__EXEEXT_6) pkcs7test$(EXEEXT) \ + poly1305test$(EXEEXT) pq_test$(EXEEXT) quictest$(EXEEXT) \ + randtest$(EXEEXT) rc2_test$(EXEEXT) rc4_test$(EXEEXT) \ + recordtest$(EXEEXT) record_layer_test$(EXEEXT) \ + rfc3779$(EXEEXT) rfc5280time$(EXEEXT) rmd_test$(EXEEXT) \ + rsa_test$(EXEEXT) servertest$(EXEEXT) sha_test$(EXEEXT) \ sm3test$(EXEEXT) sm4test$(EXEEXT) \ ssl_get_shared_ciphers$(EXEEXT) ssl_methods$(EXEEXT) \ - ssl_versions$(EXEEXT) ssltest$(EXEEXT) timingsafe$(EXEEXT) \ + ssl_set_alpn_protos$(EXEEXT) ssl_versions$(EXEEXT) \ + ssltest$(EXEEXT) string_table$(EXEEXT) timingsafe$(EXEEXT) \ tlsexttest$(EXEEXT) tlslegacytest$(EXEEXT) tlstest$(EXEEXT) \ tls_ext_alpn$(EXEEXT) tls_prf$(EXEEXT) utf8test$(EXEEXT) \ valid_handshakes_terminate$(EXEEXT) verifytest$(EXEEXT) \ x25519test$(EXEEXT) x509attribute$(EXEEXT) x509_info$(EXEEXT) \ - x509name$(EXEEXT) + x509name$(EXEEXT) x509req_ext$(EXEEXT) # arc4randomforktest # Windows/mingw does not have fork, but Cygwin does. @@ -240,6 +254,35 @@ arc4randomforktest_DEPENDENCIES = \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_asn1_string_to_utf8_OBJECTS = asn1_string_to_utf8.$(OBJEXT) +asn1_string_to_utf8_OBJECTS = $(am_asn1_string_to_utf8_OBJECTS) +asn1_string_to_utf8_LDADD = $(LDADD) +asn1_string_to_utf8_DEPENDENCIES = \ + $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_asn1api_OBJECTS = asn1api.$(OBJEXT) +asn1api_OBJECTS = $(am_asn1api_OBJECTS) +asn1api_LDADD = $(LDADD) +asn1api_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_asn1basic_OBJECTS = asn1basic.$(OBJEXT) +asn1basic_OBJECTS = $(am_asn1basic_OBJECTS) +asn1basic_LDADD = $(LDADD) +asn1basic_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_asn1complex_OBJECTS = asn1complex.$(OBJEXT) +asn1complex_OBJECTS = $(am_asn1complex_OBJECTS) +asn1complex_LDADD = $(LDADD) +asn1complex_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) am_asn1evp_OBJECTS = asn1evp.$(OBJEXT) asn1evp_OBJECTS = $(am_asn1evp_OBJECTS) asn1evp_LDADD = $(LDADD) @@ -247,6 +290,20 @@ asn1evp_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_asn1object_OBJECTS = asn1object.$(OBJEXT) +asn1object_OBJECTS = $(am_asn1object_OBJECTS) +asn1object_LDADD = $(LDADD) +asn1object_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_asn1string_copy_OBJECTS = asn1string_copy.$(OBJEXT) +asn1string_copy_OBJECTS = $(am_asn1string_copy_OBJECTS) +asn1string_copy_LDADD = $(LDADD) +asn1string_copy_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) am_asn1test_OBJECTS = asn1test.$(OBJEXT) asn1test_OBJECTS = $(am_asn1test_OBJECTS) asn1test_LDADD = $(LDADD) @@ -261,6 +318,13 @@ asn1time_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_asn1x509_OBJECTS = asn1x509.$(OBJEXT) +asn1x509_OBJECTS = $(am_asn1x509_OBJECTS) +asn1x509_LDADD = $(LDADD) +asn1x509_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) am_base64test_OBJECTS = base64test.$(OBJEXT) base64test_OBJECTS = $(am_base64test_OBJECTS) base64test_LDADD = $(LDADD) @@ -283,6 +347,35 @@ biotest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_bn_isqrt_OBJECTS = bn_isqrt.$(OBJEXT) +bn_isqrt_OBJECTS = $(am_bn_isqrt_OBJECTS) +bn_isqrt_LDADD = $(LDADD) +bn_isqrt_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_bn_mod_exp2_mont_OBJECTS = bn_mod_exp2_mont.$(OBJEXT) +bn_mod_exp2_mont_OBJECTS = $(am_bn_mod_exp2_mont_OBJECTS) +bn_mod_exp2_mont_LDADD = $(LDADD) +bn_mod_exp2_mont_DEPENDENCIES = \ + $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_bn_mod_sqrt_OBJECTS = bn_mod_sqrt.$(OBJEXT) +bn_mod_sqrt_OBJECTS = $(am_bn_mod_sqrt_OBJECTS) +bn_mod_sqrt_LDADD = $(LDADD) +bn_mod_sqrt_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_bn_primes_OBJECTS = bn_primes.$(OBJEXT) +bn_primes_OBJECTS = $(am_bn_primes_OBJECTS) +bn_primes_LDADD = $(LDADD) +bn_primes_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) am_bn_rand_interval_OBJECTS = bn_rand_interval.$(OBJEXT) bn_rand_interval_OBJECTS = $(am_bn_rand_interval_OBJECTS) bn_rand_interval_LDADD = $(LDADD) @@ -312,7 +405,7 @@ bntest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) -am_buffertest_OBJECTS = buffertest-buffertest.$(OBJEXT) +am_buffertest_OBJECTS = buffertest.$(OBJEXT) buffertest_OBJECTS = $(am_buffertest_OBJECTS) buffertest_LDADD = $(LDADD) buffertest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ @@ -418,6 +511,13 @@ dtlstest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_ec_asn1_test_OBJECTS = ec_asn1_test.$(OBJEXT) +ec_asn1_test_OBJECTS = $(am_ec_asn1_test_OBJECTS) +ec_asn1_test_LDADD = $(LDADD) +ec_asn1_test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) am_ec_point_conversion_OBJECTS = ec_point_conversion.$(OBJEXT) ec_point_conversion_OBJECTS = $(am_ec_point_conversion_OBJECTS) ec_point_conversion_LDADD = $(LDADD) @@ -454,6 +554,21 @@ enginetest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_evp_pkey_check_OBJECTS = evp_pkey_check.$(OBJEXT) +evp_pkey_check_OBJECTS = $(am_evp_pkey_check_OBJECTS) +evp_pkey_check_LDADD = $(LDADD) +evp_pkey_check_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_evp_pkey_cleanup_OBJECTS = evp_pkey_cleanup.$(OBJEXT) +evp_pkey_cleanup_OBJECTS = $(am_evp_pkey_cleanup_OBJECTS) +evp_pkey_cleanup_LDADD = $(LDADD) +evp_pkey_cleanup_DEPENDENCIES = \ + $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) am_evptest_OBJECTS = evptest.$(OBJEXT) evptest_OBJECTS = $(am_evptest_OBJECTS) evptest_LDADD = $(LDADD) @@ -543,24 +658,17 @@ key_schedule_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) -am_keypairtest_OBJECTS = keypairtest.$(OBJEXT) +am_keypairtest_OBJECTS = keypairtest-keypairtest.$(OBJEXT) keypairtest_OBJECTS = $(am_keypairtest_OBJECTS) keypairtest_LDADD = $(LDADD) keypairtest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) -am_md4test_OBJECTS = md4test.$(OBJEXT) -md4test_OBJECTS = $(am_md4test_OBJECTS) -md4test_LDADD = $(LDADD) -md4test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ - $(abs_top_builddir)/ssl/.libs/libssl.a \ - $(abs_top_builddir)/crypto/.libs/libcrypto.a \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) -am_md5test_OBJECTS = md5test.$(OBJEXT) -md5test_OBJECTS = $(am_md5test_OBJECTS) -md5test_LDADD = $(LDADD) -md5test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ +am_md_test_OBJECTS = md_test.$(OBJEXT) +md_test_OBJECTS = $(am_md_test_OBJECTS) +md_test_LDADD = $(LDADD) +md_test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) @@ -571,6 +679,13 @@ mont_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_objectstest_OBJECTS = objectstest.$(OBJEXT) +objectstest_OBJECTS = $(am_objectstest_OBJECTS) +objectstest_LDADD = $(LDADD) +objectstest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) am__ocsp_test_SOURCES_DIST = ocsp_test.c @ENABLE_EXTRATESTS_TRUE@am_ocsp_test_OBJECTS = ocsp_test.$(OBJEXT) ocsp_test_OBJECTS = $(am_ocsp_test_OBJECTS) @@ -623,6 +738,13 @@ pq_test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_quictest_OBJECTS = quictest.$(OBJEXT) +quictest_OBJECTS = $(am_quictest_OBJECTS) +quictest_LDADD = $(LDADD) +quictest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) am_randtest_OBJECTS = randtest.$(OBJEXT) randtest_OBJECTS = $(am_randtest_OBJECTS) randtest_LDADD = $(LDADD) @@ -630,17 +752,17 @@ randtest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) -am_rc2test_OBJECTS = rc2test.$(OBJEXT) -rc2test_OBJECTS = $(am_rc2test_OBJECTS) -rc2test_LDADD = $(LDADD) -rc2test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ +am_rc2_test_OBJECTS = rc2_test.$(OBJEXT) +rc2_test_OBJECTS = $(am_rc2_test_OBJECTS) +rc2_test_LDADD = $(LDADD) +rc2_test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) -am_rc4test_OBJECTS = rc4test.$(OBJEXT) -rc4test_OBJECTS = $(am_rc4test_OBJECTS) -rc4test_LDADD = $(LDADD) -rc4test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ +am_rc4_test_OBJECTS = rc4_test.$(OBJEXT) +rc4_test_OBJECTS = $(am_rc4_test_OBJECTS) +rc4_test_LDADD = $(LDADD) +rc4_test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) @@ -659,6 +781,13 @@ recordtest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_rfc3779_OBJECTS = rfc3779-rfc3779.$(OBJEXT) +rfc3779_OBJECTS = $(am_rfc3779_OBJECTS) +rfc3779_LDADD = $(LDADD) +rfc3779_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) am_rfc5280time_OBJECTS = rfc5280time.$(OBJEXT) rfc5280time_OBJECTS = $(am_rfc5280time_OBJECTS) rfc5280time_LDADD = $(LDADD) @@ -666,10 +795,10 @@ rfc5280time_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) -am_rmdtest_OBJECTS = rmdtest.$(OBJEXT) -rmdtest_OBJECTS = $(am_rmdtest_OBJECTS) -rmdtest_LDADD = $(LDADD) -rmdtest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ +am_rmd_test_OBJECTS = rmd_test.$(OBJEXT) +rmd_test_OBJECTS = $(am_rmd_test_OBJECTS) +rmd_test_LDADD = $(LDADD) +rmd_test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) @@ -687,24 +816,10 @@ servertest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) -am_sha1test_OBJECTS = sha1test.$(OBJEXT) -sha1test_OBJECTS = $(am_sha1test_OBJECTS) -sha1test_LDADD = $(LDADD) -sha1test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ - $(abs_top_builddir)/ssl/.libs/libssl.a \ - $(abs_top_builddir)/crypto/.libs/libcrypto.a \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) -am_sha256test_OBJECTS = sha256test.$(OBJEXT) -sha256test_OBJECTS = $(am_sha256test_OBJECTS) -sha256test_LDADD = $(LDADD) -sha256test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ - $(abs_top_builddir)/ssl/.libs/libssl.a \ - $(abs_top_builddir)/crypto/.libs/libcrypto.a \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) -am_sha512test_OBJECTS = sha512test.$(OBJEXT) -sha512test_OBJECTS = $(am_sha512test_OBJECTS) -sha512test_LDADD = $(LDADD) -sha512test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ +am_sha_test_OBJECTS = sha_test.$(OBJEXT) +sha_test_OBJECTS = $(am_sha_test_OBJECTS) +sha_test_LDADD = $(LDADD) +sha_test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) @@ -738,6 +853,14 @@ ssl_methods_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_ssl_set_alpn_protos_OBJECTS = ssl_set_alpn_protos.$(OBJEXT) +ssl_set_alpn_protos_OBJECTS = $(am_ssl_set_alpn_protos_OBJECTS) +ssl_set_alpn_protos_LDADD = $(LDADD) +ssl_set_alpn_protos_DEPENDENCIES = \ + $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) am_ssl_versions_OBJECTS = ssl_versions.$(OBJEXT) ssl_versions_OBJECTS = $(am_ssl_versions_OBJECTS) ssl_versions_LDADD = $(LDADD) @@ -752,6 +875,13 @@ ssltest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_string_table_OBJECTS = string_table.$(OBJEXT) +string_table_OBJECTS = $(am_string_table_OBJECTS) +string_table_LDADD = $(LDADD) +string_table_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) am_timingsafe_OBJECTS = timingsafe.$(OBJEXT) timingsafe_OBJECTS = $(am_timingsafe_OBJECTS) timingsafe_LDADD = $(LDADD) @@ -848,6 +978,13 @@ x509name_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) +am_x509req_ext_OBJECTS = x509req_ext.$(OBJEXT) +x509req_ext_OBJECTS = $(am_x509req_ext_OBJECTS) +x509req_ext_LDADD = $(LDADD) +x509req_ext_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ + $(abs_top_builddir)/ssl/.libs/libssl.a \ + $(abs_top_builddir)/crypto/.libs/libcrypto.a \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -864,13 +1001,18 @@ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__maybe_remake_depfiles = depfiles am__depfiles_remade = ./$(DEPDIR)/aeadtest.Po ./$(DEPDIR)/aes_wrap.Po \ - ./$(DEPDIR)/arc4randomforktest.Po ./$(DEPDIR)/asn1evp.Po \ - ./$(DEPDIR)/asn1test.Po ./$(DEPDIR)/asn1time.Po \ + ./$(DEPDIR)/arc4randomforktest.Po \ + ./$(DEPDIR)/asn1_string_to_utf8.Po ./$(DEPDIR)/asn1api.Po \ + ./$(DEPDIR)/asn1basic.Po ./$(DEPDIR)/asn1complex.Po \ + ./$(DEPDIR)/asn1evp.Po ./$(DEPDIR)/asn1object.Po \ + ./$(DEPDIR)/asn1string_copy.Po ./$(DEPDIR)/asn1test.Po \ + ./$(DEPDIR)/asn1time.Po ./$(DEPDIR)/asn1x509.Po \ ./$(DEPDIR)/base64test.Po ./$(DEPDIR)/bftest.Po \ - ./$(DEPDIR)/biotest.Po ./$(DEPDIR)/bn_rand_interval.Po \ + ./$(DEPDIR)/biotest.Po ./$(DEPDIR)/bn_isqrt.Po \ + ./$(DEPDIR)/bn_mod_exp2_mont.Po ./$(DEPDIR)/bn_mod_sqrt.Po \ + ./$(DEPDIR)/bn_primes.Po ./$(DEPDIR)/bn_rand_interval.Po \ ./$(DEPDIR)/bn_to_string.Po ./$(DEPDIR)/bnaddsub.Po \ - ./$(DEPDIR)/bntest-bntest.Po \ - ./$(DEPDIR)/buffertest-buffertest.Po \ + ./$(DEPDIR)/bntest-bntest.Po ./$(DEPDIR)/buffertest.Po \ ./$(DEPDIR)/bytestringtest.Po ./$(DEPDIR)/casttest.Po \ ./$(DEPDIR)/chachatest.Po ./$(DEPDIR)/cipher_list.Po \ ./$(DEPDIR)/cipherstest.Po ./$(DEPDIR)/clienttest.Po \ @@ -878,38 +1020,41 @@ am__depfiles_remade = ./$(DEPDIR)/aeadtest.Po ./$(DEPDIR)/aes_wrap.Po \ ./$(DEPDIR)/constraints.Po ./$(DEPDIR)/cts128test.Po \ ./$(DEPDIR)/destest.Po ./$(DEPDIR)/dhtest.Po \ ./$(DEPDIR)/dsatest.Po ./$(DEPDIR)/dtlstest.Po \ - ./$(DEPDIR)/ec_point_conversion.Po ./$(DEPDIR)/ecdhtest.Po \ - ./$(DEPDIR)/ecdsatest.Po ./$(DEPDIR)/ectest.Po \ - ./$(DEPDIR)/enginetest.Po ./$(DEPDIR)/evptest.Po \ - ./$(DEPDIR)/explicit_bzero.Po ./$(DEPDIR)/exptest-exptest.Po \ - ./$(DEPDIR)/freenull.Po ./$(DEPDIR)/gcm128test.Po \ - ./$(DEPDIR)/gost2814789t.Po ./$(DEPDIR)/handshake_table.Po \ - ./$(DEPDIR)/hkdf_test.Po ./$(DEPDIR)/hmactest.Po \ - ./$(DEPDIR)/ideatest.Po ./$(DEPDIR)/igetest.Po \ - ./$(DEPDIR)/key_schedule.Po ./$(DEPDIR)/keypairtest.Po \ - ./$(DEPDIR)/md4test.Po ./$(DEPDIR)/md5test.Po \ - ./$(DEPDIR)/mont.Po ./$(DEPDIR)/ocsp_test.Po \ - ./$(DEPDIR)/optionstest.Po ./$(DEPDIR)/pbkdf2.Po \ - ./$(DEPDIR)/pidwraptest.Po ./$(DEPDIR)/pkcs7test.Po \ - ./$(DEPDIR)/poly1305test.Po ./$(DEPDIR)/pq_test.Po \ - ./$(DEPDIR)/randtest.Po ./$(DEPDIR)/rc2test.Po \ - ./$(DEPDIR)/rc4test.Po ./$(DEPDIR)/record_layer_test.Po \ - ./$(DEPDIR)/recordtest.Po ./$(DEPDIR)/rfc5280time.Po \ - ./$(DEPDIR)/rmdtest.Po ./$(DEPDIR)/rsa_test.Po \ - ./$(DEPDIR)/servertest.Po ./$(DEPDIR)/sha1test.Po \ - ./$(DEPDIR)/sha256test.Po ./$(DEPDIR)/sha512test.Po \ - ./$(DEPDIR)/sm3test.Po ./$(DEPDIR)/sm4test.Po \ + ./$(DEPDIR)/ec_asn1_test.Po ./$(DEPDIR)/ec_point_conversion.Po \ + ./$(DEPDIR)/ecdhtest.Po ./$(DEPDIR)/ecdsatest.Po \ + ./$(DEPDIR)/ectest.Po ./$(DEPDIR)/enginetest.Po \ + ./$(DEPDIR)/evp_pkey_check.Po ./$(DEPDIR)/evp_pkey_cleanup.Po \ + ./$(DEPDIR)/evptest.Po ./$(DEPDIR)/explicit_bzero.Po \ + ./$(DEPDIR)/exptest-exptest.Po ./$(DEPDIR)/freenull.Po \ + ./$(DEPDIR)/gcm128test.Po ./$(DEPDIR)/gost2814789t.Po \ + ./$(DEPDIR)/handshake_table.Po ./$(DEPDIR)/hkdf_test.Po \ + ./$(DEPDIR)/hmactest.Po ./$(DEPDIR)/ideatest.Po \ + ./$(DEPDIR)/igetest.Po ./$(DEPDIR)/key_schedule.Po \ + ./$(DEPDIR)/keypairtest-keypairtest.Po ./$(DEPDIR)/md_test.Po \ + ./$(DEPDIR)/mont.Po ./$(DEPDIR)/objectstest.Po \ + ./$(DEPDIR)/ocsp_test.Po ./$(DEPDIR)/optionstest.Po \ + ./$(DEPDIR)/pbkdf2.Po ./$(DEPDIR)/pidwraptest.Po \ + ./$(DEPDIR)/pkcs7test.Po ./$(DEPDIR)/poly1305test.Po \ + ./$(DEPDIR)/pq_test.Po ./$(DEPDIR)/quictest.Po \ + ./$(DEPDIR)/randtest.Po ./$(DEPDIR)/rc2_test.Po \ + ./$(DEPDIR)/rc4_test.Po ./$(DEPDIR)/record_layer_test.Po \ + ./$(DEPDIR)/recordtest.Po ./$(DEPDIR)/rfc3779-rfc3779.Po \ + ./$(DEPDIR)/rfc5280time.Po ./$(DEPDIR)/rmd_test.Po \ + ./$(DEPDIR)/rsa_test.Po ./$(DEPDIR)/servertest.Po \ + ./$(DEPDIR)/sha_test.Po ./$(DEPDIR)/sm3test.Po \ + ./$(DEPDIR)/sm4test.Po \ ./$(DEPDIR)/ssl_get_shared_ciphers-ssl_get_shared_ciphers.Po \ - ./$(DEPDIR)/ssl_methods.Po ./$(DEPDIR)/ssl_versions.Po \ - ./$(DEPDIR)/ssltest.Po ./$(DEPDIR)/timingsafe.Po \ + ./$(DEPDIR)/ssl_methods.Po ./$(DEPDIR)/ssl_set_alpn_protos.Po \ + ./$(DEPDIR)/ssl_versions.Po ./$(DEPDIR)/ssltest.Po \ + ./$(DEPDIR)/string_table.Po ./$(DEPDIR)/timingsafe.Po \ ./$(DEPDIR)/tls_ext_alpn.Po ./$(DEPDIR)/tls_prf.Po \ ./$(DEPDIR)/tlsexttest.Po ./$(DEPDIR)/tlslegacytest.Po \ ./$(DEPDIR)/tlstest.Po ./$(DEPDIR)/utf8test.Po \ ./$(DEPDIR)/valid_handshakes_terminate.Po \ ./$(DEPDIR)/verifytest.Po ./$(DEPDIR)/x25519test.Po \ ./$(DEPDIR)/x509_info.Po ./$(DEPDIR)/x509attribute.Po \ - ./$(DEPDIR)/x509name.Po compat/$(DEPDIR)/memmem.Po \ - compat/$(DEPDIR)/pipe2.Po + ./$(DEPDIR)/x509name.Po ./$(DEPDIR)/x509req_ext.Po \ + compat/$(DEPDIR)/memmem.Po compat/$(DEPDIR)/pipe2.Po am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -930,82 +1075,96 @@ am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = SOURCES = $(aeadtest_SOURCES) $(aes_wrap_SOURCES) \ - $(arc4randomforktest_SOURCES) $(asn1evp_SOURCES) \ - $(asn1test_SOURCES) $(asn1time_SOURCES) $(base64test_SOURCES) \ - $(bftest_SOURCES) $(biotest_SOURCES) \ - $(bn_rand_interval_SOURCES) $(bn_to_string_SOURCES) \ - $(bnaddsub_SOURCES) $(bntest_SOURCES) $(buffertest_SOURCES) \ - $(bytestringtest_SOURCES) $(casttest_SOURCES) \ - $(chachatest_SOURCES) $(cipher_list_SOURCES) \ - $(cipherstest_SOURCES) $(clienttest_SOURCES) \ - $(cmstest_SOURCES) $(configtest_SOURCES) \ + $(arc4randomforktest_SOURCES) $(asn1_string_to_utf8_SOURCES) \ + $(asn1api_SOURCES) $(asn1basic_SOURCES) $(asn1complex_SOURCES) \ + $(asn1evp_SOURCES) $(asn1object_SOURCES) \ + $(asn1string_copy_SOURCES) $(asn1test_SOURCES) \ + $(asn1time_SOURCES) $(asn1x509_SOURCES) $(base64test_SOURCES) \ + $(bftest_SOURCES) $(biotest_SOURCES) $(bn_isqrt_SOURCES) \ + $(bn_mod_exp2_mont_SOURCES) $(bn_mod_sqrt_SOURCES) \ + $(bn_primes_SOURCES) $(bn_rand_interval_SOURCES) \ + $(bn_to_string_SOURCES) $(bnaddsub_SOURCES) $(bntest_SOURCES) \ + $(buffertest_SOURCES) $(bytestringtest_SOURCES) \ + $(casttest_SOURCES) $(chachatest_SOURCES) \ + $(cipher_list_SOURCES) $(cipherstest_SOURCES) \ + $(clienttest_SOURCES) $(cmstest_SOURCES) $(configtest_SOURCES) \ $(constraints_SOURCES) $(cts128test_SOURCES) \ $(destest_SOURCES) $(dhtest_SOURCES) $(dsatest_SOURCES) \ - $(dtlstest_SOURCES) $(ec_point_conversion_SOURCES) \ - $(ecdhtest_SOURCES) $(ecdsatest_SOURCES) $(ectest_SOURCES) \ - $(enginetest_SOURCES) $(evptest_SOURCES) \ - $(explicit_bzero_SOURCES) $(exptest_SOURCES) \ - $(freenull_SOURCES) $(gcm128test_SOURCES) \ + $(dtlstest_SOURCES) $(ec_asn1_test_SOURCES) \ + $(ec_point_conversion_SOURCES) $(ecdhtest_SOURCES) \ + $(ecdsatest_SOURCES) $(ectest_SOURCES) $(enginetest_SOURCES) \ + $(evp_pkey_check_SOURCES) $(evp_pkey_cleanup_SOURCES) \ + $(evptest_SOURCES) $(explicit_bzero_SOURCES) \ + $(exptest_SOURCES) $(freenull_SOURCES) $(gcm128test_SOURCES) \ $(gost2814789t_SOURCES) $(handshake_table_SOURCES) \ $(hkdftest_SOURCES) $(hmactest_SOURCES) $(ideatest_SOURCES) \ $(igetest_SOURCES) $(key_schedule_SOURCES) \ - $(keypairtest_SOURCES) $(md4test_SOURCES) $(md5test_SOURCES) \ - $(mont_SOURCES) $(ocsp_test_SOURCES) $(optionstest_SOURCES) \ - $(pbkdf2_SOURCES) $(pidwraptest_SOURCES) $(pkcs7test_SOURCES) \ - $(poly1305test_SOURCES) $(pq_test_SOURCES) $(randtest_SOURCES) \ - $(rc2test_SOURCES) $(rc4test_SOURCES) \ + $(keypairtest_SOURCES) $(md_test_SOURCES) $(mont_SOURCES) \ + $(objectstest_SOURCES) $(ocsp_test_SOURCES) \ + $(optionstest_SOURCES) $(pbkdf2_SOURCES) \ + $(pidwraptest_SOURCES) $(pkcs7test_SOURCES) \ + $(poly1305test_SOURCES) $(pq_test_SOURCES) $(quictest_SOURCES) \ + $(randtest_SOURCES) $(rc2_test_SOURCES) $(rc4_test_SOURCES) \ $(record_layer_test_SOURCES) $(recordtest_SOURCES) \ - $(rfc5280time_SOURCES) $(rmdtest_SOURCES) $(rsa_test_SOURCES) \ - $(servertest_SOURCES) $(sha1test_SOURCES) \ - $(sha256test_SOURCES) $(sha512test_SOURCES) $(sm3test_SOURCES) \ - $(sm4test_SOURCES) $(ssl_get_shared_ciphers_SOURCES) \ - $(ssl_methods_SOURCES) $(ssl_versions_SOURCES) \ - $(ssltest_SOURCES) $(timingsafe_SOURCES) \ - $(tls_ext_alpn_SOURCES) $(tls_prf_SOURCES) \ - $(tlsexttest_SOURCES) $(tlslegacytest_SOURCES) \ - $(tlstest_SOURCES) $(utf8test_SOURCES) \ - $(valid_handshakes_terminate_SOURCES) $(verifytest_SOURCES) \ - $(x25519test_SOURCES) $(x509_info_SOURCES) \ - $(x509attribute_SOURCES) $(x509name_SOURCES) + $(rfc3779_SOURCES) $(rfc5280time_SOURCES) $(rmd_test_SOURCES) \ + $(rsa_test_SOURCES) $(servertest_SOURCES) $(sha_test_SOURCES) \ + $(sm3test_SOURCES) $(sm4test_SOURCES) \ + $(ssl_get_shared_ciphers_SOURCES) $(ssl_methods_SOURCES) \ + $(ssl_set_alpn_protos_SOURCES) $(ssl_versions_SOURCES) \ + $(ssltest_SOURCES) $(string_table_SOURCES) \ + $(timingsafe_SOURCES) $(tls_ext_alpn_SOURCES) \ + $(tls_prf_SOURCES) $(tlsexttest_SOURCES) \ + $(tlslegacytest_SOURCES) $(tlstest_SOURCES) \ + $(utf8test_SOURCES) $(valid_handshakes_terminate_SOURCES) \ + $(verifytest_SOURCES) $(x25519test_SOURCES) \ + $(x509_info_SOURCES) $(x509attribute_SOURCES) \ + $(x509name_SOURCES) $(x509req_ext_SOURCES) DIST_SOURCES = $(aeadtest_SOURCES) $(aes_wrap_SOURCES) \ - $(am__arc4randomforktest_SOURCES_DIST) $(asn1evp_SOURCES) \ - $(asn1test_SOURCES) $(asn1time_SOURCES) $(base64test_SOURCES) \ - $(bftest_SOURCES) $(am__biotest_SOURCES_DIST) \ - $(bn_rand_interval_SOURCES) $(bn_to_string_SOURCES) \ - $(bnaddsub_SOURCES) $(bntest_SOURCES) $(buffertest_SOURCES) \ - $(bytestringtest_SOURCES) $(casttest_SOURCES) \ - $(chachatest_SOURCES) $(cipher_list_SOURCES) \ - $(cipherstest_SOURCES) $(clienttest_SOURCES) \ - $(cmstest_SOURCES) $(configtest_SOURCES) \ + $(am__arc4randomforktest_SOURCES_DIST) \ + $(asn1_string_to_utf8_SOURCES) $(asn1api_SOURCES) \ + $(asn1basic_SOURCES) $(asn1complex_SOURCES) $(asn1evp_SOURCES) \ + $(asn1object_SOURCES) $(asn1string_copy_SOURCES) \ + $(asn1test_SOURCES) $(asn1time_SOURCES) $(asn1x509_SOURCES) \ + $(base64test_SOURCES) $(bftest_SOURCES) \ + $(am__biotest_SOURCES_DIST) $(bn_isqrt_SOURCES) \ + $(bn_mod_exp2_mont_SOURCES) $(bn_mod_sqrt_SOURCES) \ + $(bn_primes_SOURCES) $(bn_rand_interval_SOURCES) \ + $(bn_to_string_SOURCES) $(bnaddsub_SOURCES) $(bntest_SOURCES) \ + $(buffertest_SOURCES) $(bytestringtest_SOURCES) \ + $(casttest_SOURCES) $(chachatest_SOURCES) \ + $(cipher_list_SOURCES) $(cipherstest_SOURCES) \ + $(clienttest_SOURCES) $(cmstest_SOURCES) $(configtest_SOURCES) \ $(constraints_SOURCES) $(cts128test_SOURCES) \ $(destest_SOURCES) $(dhtest_SOURCES) $(dsatest_SOURCES) \ - $(am__dtlstest_SOURCES_DIST) $(ec_point_conversion_SOURCES) \ - $(ecdhtest_SOURCES) $(ecdsatest_SOURCES) $(ectest_SOURCES) \ - $(enginetest_SOURCES) $(evptest_SOURCES) \ - $(am__explicit_bzero_SOURCES_DIST) $(exptest_SOURCES) \ - $(freenull_SOURCES) $(gcm128test_SOURCES) \ + $(am__dtlstest_SOURCES_DIST) $(ec_asn1_test_SOURCES) \ + $(ec_point_conversion_SOURCES) $(ecdhtest_SOURCES) \ + $(ecdsatest_SOURCES) $(ectest_SOURCES) $(enginetest_SOURCES) \ + $(evp_pkey_check_SOURCES) $(evp_pkey_cleanup_SOURCES) \ + $(evptest_SOURCES) $(am__explicit_bzero_SOURCES_DIST) \ + $(exptest_SOURCES) $(freenull_SOURCES) $(gcm128test_SOURCES) \ $(gost2814789t_SOURCES) $(handshake_table_SOURCES) \ $(hkdftest_SOURCES) $(hmactest_SOURCES) $(ideatest_SOURCES) \ $(igetest_SOURCES) $(key_schedule_SOURCES) \ - $(keypairtest_SOURCES) $(md4test_SOURCES) $(md5test_SOURCES) \ - $(mont_SOURCES) $(am__ocsp_test_SOURCES_DIST) \ + $(keypairtest_SOURCES) $(md_test_SOURCES) $(mont_SOURCES) \ + $(objectstest_SOURCES) $(am__ocsp_test_SOURCES_DIST) \ $(optionstest_SOURCES) $(pbkdf2_SOURCES) \ $(am__pidwraptest_SOURCES_DIST) $(pkcs7test_SOURCES) \ - $(poly1305test_SOURCES) $(pq_test_SOURCES) $(randtest_SOURCES) \ - $(rc2test_SOURCES) $(rc4test_SOURCES) \ + $(poly1305test_SOURCES) $(pq_test_SOURCES) $(quictest_SOURCES) \ + $(randtest_SOURCES) $(rc2_test_SOURCES) $(rc4_test_SOURCES) \ $(record_layer_test_SOURCES) $(recordtest_SOURCES) \ - $(rfc5280time_SOURCES) $(rmdtest_SOURCES) $(rsa_test_SOURCES) \ - $(servertest_SOURCES) $(sha1test_SOURCES) \ - $(sha256test_SOURCES) $(sha512test_SOURCES) $(sm3test_SOURCES) \ - $(sm4test_SOURCES) $(ssl_get_shared_ciphers_SOURCES) \ - $(ssl_methods_SOURCES) $(ssl_versions_SOURCES) \ - $(ssltest_SOURCES) $(timingsafe_SOURCES) \ - $(tls_ext_alpn_SOURCES) $(tls_prf_SOURCES) \ - $(tlsexttest_SOURCES) $(tlslegacytest_SOURCES) \ - $(am__tlstest_SOURCES_DIST) $(utf8test_SOURCES) \ - $(valid_handshakes_terminate_SOURCES) $(verifytest_SOURCES) \ - $(x25519test_SOURCES) $(x509_info_SOURCES) \ - $(x509attribute_SOURCES) $(x509name_SOURCES) + $(rfc3779_SOURCES) $(rfc5280time_SOURCES) $(rmd_test_SOURCES) \ + $(rsa_test_SOURCES) $(servertest_SOURCES) $(sha_test_SOURCES) \ + $(sm3test_SOURCES) $(sm4test_SOURCES) \ + $(ssl_get_shared_ciphers_SOURCES) $(ssl_methods_SOURCES) \ + $(ssl_set_alpn_protos_SOURCES) $(ssl_versions_SOURCES) \ + $(ssltest_SOURCES) $(string_table_SOURCES) \ + $(timingsafe_SOURCES) $(tls_ext_alpn_SOURCES) \ + $(tls_prf_SOURCES) $(tlsexttest_SOURCES) \ + $(tlslegacytest_SOURCES) $(am__tlstest_SOURCES_DIST) \ + $(utf8test_SOURCES) $(valid_handshakes_terminate_SOURCES) \ + $(verifytest_SOURCES) $(x25519test_SOURCES) \ + $(x509_info_SOURCES) $(x509attribute_SOURCES) \ + $(x509name_SOURCES) $(x509req_ext_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -1029,8 +1188,6 @@ am__define_uniq_tagged_files = \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags am__tty_colors_dummy = \ mgn= red= grn= lgn= blu= brg= std=; \ am__color_tests=no @@ -1256,6 +1413,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ @@ -1266,6 +1425,7 @@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ +ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ @@ -1367,41 +1527,67 @@ top_srcdir = @top_srcdir@ AM_CFLAGS = AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \ -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \ - -D__END_HIDDEN_DECLS= -I $(top_srcdir)/crypto/modes -I \ - $(top_srcdir)/crypto/asn1 -I $(top_srcdir)/crypto/x509 -I \ - $(top_srcdir)/ssl -I $(top_srcdir)/tls -I \ - $(top_srcdir)/apps/openssl -I \ + -D__END_HIDDEN_DECLS= -DLIBRESSL_CRYPTO_INTERNAL -I \ + $(top_srcdir)/crypto/asn1 -I $(top_srcdir)/crypto/bio -I \ + $(top_srcdir)/crypto/bn -I $(top_srcdir)/crypto/evp -I \ + $(top_srcdir)/crypto/modes -I $(top_srcdir)/crypto/x509 -I \ + $(top_srcdir)/ssl -I $(top_srcdir)/apps/openssl -I \ $(top_srcdir)/apps/openssl/compat \ - -D_PATH_SSL_CA_FILE=\"$(top_srcdir)/apps/openssl/cert.pem\" + -D_PATH_SSL_CA_FILE=\"$(top_srcdir)/cert.pem\" LDADD = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a $(PLATFORM_LDADD) \ $(PROG_LDADD) $(am__append_1) TEST_LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) $(top_srcdir)/tap-driver.sh EXTRA_DIST = CMakeLists.txt aeadtest.sh aeadtests.txt \ - arc4randomforktest.sh dtlstest.sh evptest.sh evptests.txt \ - keypairtest.sh ocsptest.sh ocsptest.bat pidwraptest.sh \ - pq_test.sh pq_test.bat pq_expected.txt rfc5280time_small.test \ - servertest.sh servertest.bat ssltest.sh ssltest.bat testssl \ - testssl.bat ca.pem server.pem testdsa.sh testdsa.bat \ + aes_128_gcm_tests.txt aes_192_gcm_tests.txt \ + aes_256_gcm_tests.txt chacha20_poly1305_tests.txt \ + xchacha20_poly1305_tests.txt arc4randomforktest.sh dtlstest.sh \ + evptest.sh evptests.txt keypairtest.sh ocsptest.sh \ + ocsptest.bat pidwraptest.sh pq_test.sh pq_test.bat \ + pq_expected.txt quictest.sh quictest.bat \ + rfc5280time_small.test servertest.sh servertest.bat ssltest.sh \ + ssltest.bat testssl testssl.bat ca-int-ecdsa.crl \ + ca-int-ecdsa.pem ca-int-rsa.crl ca-int-rsa.pem \ + ca-root-ecdsa.pem ca-root-rsa.pem ca.pem client.pem \ + client1-ecdsa-chain.pem client1-ecdsa.pem \ + client1-rsa-chain.pem client1-rsa.pem client2-ecdsa-chain.pem \ + client2-ecdsa.pem client2-rsa-chain.pem client2-rsa.pem \ + client3-ecdsa-chain.pem client3-ecdsa.pem \ + client3-rsa-chain.pem client3-rsa.pem server.pem \ + server1-ecdsa-chain.pem server1-ecdsa.pem \ + server1-rsa-chain.pem server1-rsa.pem server2-ecdsa-chain.pem \ + server2-ecdsa.pem server2-rsa-chain.pem server2-rsa.pem \ + server3-ecdsa-chain.pem server3-ecdsa.pem \ + server3-rsa-chain.pem server3-rsa.pem testdsa.sh testdsa.bat \ openssl.cnf testenc.sh testenc.bat testrsa.sh testrsa.bat \ tlstest.sh tlstest.bat DISTCLEANFILES = pidwraptest.txt aeadtest_SOURCES = aeadtest.c aes_wrap_SOURCES = aes_wrap.c @HOST_WIN_FALSE@arc4randomforktest_SOURCES = arc4randomforktest.c +asn1_string_to_utf8_SOURCES = asn1_string_to_utf8.c +asn1api_SOURCES = asn1api.c +asn1basic_SOURCES = asn1basic.c +asn1complex_SOURCES = asn1complex.c asn1evp_SOURCES = asn1evp.c +asn1object_SOURCES = asn1object.c +asn1string_copy_SOURCES = asn1string_copy.c asn1test_SOURCES = asn1test.c asn1time_SOURCES = asn1time.c +asn1x509_SOURCES = asn1x509.c base64test_SOURCES = base64test.c bftest_SOURCES = bftest.c @ENABLE_EXTRATESTS_TRUE@biotest_SOURCES = biotest.c bnaddsub_SOURCES = bnaddsub.c +bn_isqrt_SOURCES = bn_isqrt.c +bn_mod_exp2_mont_SOURCES = bn_mod_exp2_mont.c +bn_mod_sqrt_SOURCES = bn_mod_sqrt.c +bn_primes_SOURCES = bn_primes.c bn_rand_interval_SOURCES = bn_rand_interval.c bntest_CPPFLAGS = $(AM_CPPFLAGS) -ULIBRESSL_INTERNAL bntest_SOURCES = bntest.c bn_to_string_SOURCES = bn_to_string.c -buffertest_CPPFLAGS = $(AM_CPPFLAGS) buffertest_SOURCES = buffertest.c bytestringtest_SOURCES = bytestringtest.c casttest_SOURCES = casttest.c @@ -1418,11 +1604,14 @@ destest_SOURCES = destest.c dhtest_SOURCES = dhtest.c dsatest_SOURCES = dsatest.c @HOST_WIN_FALSE@dtlstest_SOURCES = dtlstest.c +ec_asn1_test_SOURCES = ec_asn1_test.c ec_point_conversion_SOURCES = ec_point_conversion.c ecdhtest_SOURCES = ecdhtest.c ecdsatest_SOURCES = ecdsatest.c ectest_SOURCES = ectest.c enginetest_SOURCES = enginetest.c +evp_pkey_check_SOURCES = evp_pkey_check.c +evp_pkey_cleanup_SOURCES = evp_pkey_cleanup.c evptest_SOURCES = evptest.c @HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@explicit_bzero_SOURCES = \ @HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@ explicit_bzero.c \ @@ -1437,11 +1626,12 @@ hkdftest_SOURCES = hkdf_test.c hmactest_SOURCES = hmactest.c ideatest_SOURCES = ideatest.c igetest_SOURCES = igetest.c -keypairtest_SOURCES = keypairtest.c key_schedule_SOURCES = key_schedule.c -md4test_SOURCES = md4test.c -md5test_SOURCES = md5test.c +keypairtest_CPPFLAGS = -I $(top_srcdir)/tls $(AM_CPPFLAGS) +keypairtest_SOURCES = keypairtest.c +md_test_SOURCES = md_test.c mont_SOURCES = mont.c +objectstest_SOURCES = objectstest.c @ENABLE_EXTRATESTS_TRUE@ocsp_test_SOURCES = ocsp_test.c optionstest_SOURCES = optionstest.c pbkdf2_SOURCES = pbkdf2.c @@ -1449,25 +1639,28 @@ pbkdf2_SOURCES = pbkdf2.c pkcs7test_SOURCES = pkcs7test.c poly1305test_SOURCES = poly1305test.c pq_test_SOURCES = pq_test.c +quictest_SOURCES = quictest.c randtest_SOURCES = randtest.c -rc2test_SOURCES = rc2test.c -rc4test_SOURCES = rc4test.c +rc2_test_SOURCES = rc2_test.c +rc4_test_SOURCES = rc4_test.c recordtest_SOURCES = recordtest.c record_layer_test_SOURCES = record_layer_test.c +rfc3779_CPPFLAGS = $(AM_CPPFLAGS) -D__unused= +rfc3779_SOURCES = rfc3779.c rfc5280time_SOURCES = rfc5280time.c -rmdtest_SOURCES = rmdtest.c +rmd_test_SOURCES = rmd_test.c rsa_test_SOURCES = rsa_test.c servertest_SOURCES = servertest.c -sha1test_SOURCES = sha1test.c -sha256test_SOURCES = sha256test.c -sha512test_SOURCES = sha512test.c +sha_test_SOURCES = sha_test.c sm3test_SOURCES = sm3test.c sm4test_SOURCES = sm4test.c ssl_get_shared_ciphers_CPPFLAGS = $(AM_CPPFLAGS) -DCERTSDIR=\"$(srcdir)\" ssl_get_shared_ciphers_SOURCES = ssl_get_shared_ciphers.c ssl_methods_SOURCES = ssl_methods.c +ssl_set_alpn_protos_SOURCES = ssl_set_alpn_protos.c ssl_versions_SOURCES = ssl_versions.c ssltest_SOURCES = ssltest.c +string_table_SOURCES = string_table.c timingsafe_SOURCES = timingsafe.c tlsexttest_SOURCES = tlsexttest.c tlslegacytest_SOURCES = tlslegacytest.c @@ -1481,6 +1674,7 @@ x25519test_SOURCES = x25519test.c x509attribute_SOURCES = x509attribute.c x509_info_SOURCES = x509_info.c x509name_SOURCES = x509name.c +x509req_ext_SOURCES = x509req_ext.c all: all-am .SUFFIXES: @@ -1537,10 +1731,34 @@ arc4randomforktest$(EXEEXT): $(arc4randomforktest_OBJECTS) $(arc4randomforktest_ @rm -f arc4randomforktest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(arc4randomforktest_OBJECTS) $(arc4randomforktest_LDADD) $(LIBS) +asn1_string_to_utf8$(EXEEXT): $(asn1_string_to_utf8_OBJECTS) $(asn1_string_to_utf8_DEPENDENCIES) $(EXTRA_asn1_string_to_utf8_DEPENDENCIES) + @rm -f asn1_string_to_utf8$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(asn1_string_to_utf8_OBJECTS) $(asn1_string_to_utf8_LDADD) $(LIBS) + +asn1api$(EXEEXT): $(asn1api_OBJECTS) $(asn1api_DEPENDENCIES) $(EXTRA_asn1api_DEPENDENCIES) + @rm -f asn1api$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(asn1api_OBJECTS) $(asn1api_LDADD) $(LIBS) + +asn1basic$(EXEEXT): $(asn1basic_OBJECTS) $(asn1basic_DEPENDENCIES) $(EXTRA_asn1basic_DEPENDENCIES) + @rm -f asn1basic$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(asn1basic_OBJECTS) $(asn1basic_LDADD) $(LIBS) + +asn1complex$(EXEEXT): $(asn1complex_OBJECTS) $(asn1complex_DEPENDENCIES) $(EXTRA_asn1complex_DEPENDENCIES) + @rm -f asn1complex$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(asn1complex_OBJECTS) $(asn1complex_LDADD) $(LIBS) + asn1evp$(EXEEXT): $(asn1evp_OBJECTS) $(asn1evp_DEPENDENCIES) $(EXTRA_asn1evp_DEPENDENCIES) @rm -f asn1evp$(EXEEXT) $(AM_V_CCLD)$(LINK) $(asn1evp_OBJECTS) $(asn1evp_LDADD) $(LIBS) +asn1object$(EXEEXT): $(asn1object_OBJECTS) $(asn1object_DEPENDENCIES) $(EXTRA_asn1object_DEPENDENCIES) + @rm -f asn1object$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(asn1object_OBJECTS) $(asn1object_LDADD) $(LIBS) + +asn1string_copy$(EXEEXT): $(asn1string_copy_OBJECTS) $(asn1string_copy_DEPENDENCIES) $(EXTRA_asn1string_copy_DEPENDENCIES) + @rm -f asn1string_copy$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(asn1string_copy_OBJECTS) $(asn1string_copy_LDADD) $(LIBS) + asn1test$(EXEEXT): $(asn1test_OBJECTS) $(asn1test_DEPENDENCIES) $(EXTRA_asn1test_DEPENDENCIES) @rm -f asn1test$(EXEEXT) $(AM_V_CCLD)$(LINK) $(asn1test_OBJECTS) $(asn1test_LDADD) $(LIBS) @@ -1549,6 +1767,10 @@ asn1time$(EXEEXT): $(asn1time_OBJECTS) $(asn1time_DEPENDENCIES) $(EXTRA_asn1time @rm -f asn1time$(EXEEXT) $(AM_V_CCLD)$(LINK) $(asn1time_OBJECTS) $(asn1time_LDADD) $(LIBS) +asn1x509$(EXEEXT): $(asn1x509_OBJECTS) $(asn1x509_DEPENDENCIES) $(EXTRA_asn1x509_DEPENDENCIES) + @rm -f asn1x509$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(asn1x509_OBJECTS) $(asn1x509_LDADD) $(LIBS) + base64test$(EXEEXT): $(base64test_OBJECTS) $(base64test_DEPENDENCIES) $(EXTRA_base64test_DEPENDENCIES) @rm -f base64test$(EXEEXT) $(AM_V_CCLD)$(LINK) $(base64test_OBJECTS) $(base64test_LDADD) $(LIBS) @@ -1561,6 +1783,22 @@ biotest$(EXEEXT): $(biotest_OBJECTS) $(biotest_DEPENDENCIES) $(EXTRA_biotest_DEP @rm -f biotest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(biotest_OBJECTS) $(biotest_LDADD) $(LIBS) +bn_isqrt$(EXEEXT): $(bn_isqrt_OBJECTS) $(bn_isqrt_DEPENDENCIES) $(EXTRA_bn_isqrt_DEPENDENCIES) + @rm -f bn_isqrt$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(bn_isqrt_OBJECTS) $(bn_isqrt_LDADD) $(LIBS) + +bn_mod_exp2_mont$(EXEEXT): $(bn_mod_exp2_mont_OBJECTS) $(bn_mod_exp2_mont_DEPENDENCIES) $(EXTRA_bn_mod_exp2_mont_DEPENDENCIES) + @rm -f bn_mod_exp2_mont$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(bn_mod_exp2_mont_OBJECTS) $(bn_mod_exp2_mont_LDADD) $(LIBS) + +bn_mod_sqrt$(EXEEXT): $(bn_mod_sqrt_OBJECTS) $(bn_mod_sqrt_DEPENDENCIES) $(EXTRA_bn_mod_sqrt_DEPENDENCIES) + @rm -f bn_mod_sqrt$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(bn_mod_sqrt_OBJECTS) $(bn_mod_sqrt_LDADD) $(LIBS) + +bn_primes$(EXEEXT): $(bn_primes_OBJECTS) $(bn_primes_DEPENDENCIES) $(EXTRA_bn_primes_DEPENDENCIES) + @rm -f bn_primes$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(bn_primes_OBJECTS) $(bn_primes_LDADD) $(LIBS) + bn_rand_interval$(EXEEXT): $(bn_rand_interval_OBJECTS) $(bn_rand_interval_DEPENDENCIES) $(EXTRA_bn_rand_interval_DEPENDENCIES) @rm -f bn_rand_interval$(EXEEXT) $(AM_V_CCLD)$(LINK) $(bn_rand_interval_OBJECTS) $(bn_rand_interval_LDADD) $(LIBS) @@ -1637,6 +1875,10 @@ dtlstest$(EXEEXT): $(dtlstest_OBJECTS) $(dtlstest_DEPENDENCIES) $(EXTRA_dtlstest @rm -f dtlstest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(dtlstest_OBJECTS) $(dtlstest_LDADD) $(LIBS) +ec_asn1_test$(EXEEXT): $(ec_asn1_test_OBJECTS) $(ec_asn1_test_DEPENDENCIES) $(EXTRA_ec_asn1_test_DEPENDENCIES) + @rm -f ec_asn1_test$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ec_asn1_test_OBJECTS) $(ec_asn1_test_LDADD) $(LIBS) + ec_point_conversion$(EXEEXT): $(ec_point_conversion_OBJECTS) $(ec_point_conversion_DEPENDENCIES) $(EXTRA_ec_point_conversion_DEPENDENCIES) @rm -f ec_point_conversion$(EXEEXT) $(AM_V_CCLD)$(LINK) $(ec_point_conversion_OBJECTS) $(ec_point_conversion_LDADD) $(LIBS) @@ -1657,6 +1899,14 @@ enginetest$(EXEEXT): $(enginetest_OBJECTS) $(enginetest_DEPENDENCIES) $(EXTRA_en @rm -f enginetest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(enginetest_OBJECTS) $(enginetest_LDADD) $(LIBS) +evp_pkey_check$(EXEEXT): $(evp_pkey_check_OBJECTS) $(evp_pkey_check_DEPENDENCIES) $(EXTRA_evp_pkey_check_DEPENDENCIES) + @rm -f evp_pkey_check$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(evp_pkey_check_OBJECTS) $(evp_pkey_check_LDADD) $(LIBS) + +evp_pkey_cleanup$(EXEEXT): $(evp_pkey_cleanup_OBJECTS) $(evp_pkey_cleanup_DEPENDENCIES) $(EXTRA_evp_pkey_cleanup_DEPENDENCIES) + @rm -f evp_pkey_cleanup$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(evp_pkey_cleanup_OBJECTS) $(evp_pkey_cleanup_LDADD) $(LIBS) + evptest$(EXEEXT): $(evptest_OBJECTS) $(evptest_DEPENDENCIES) $(EXTRA_evptest_DEPENDENCIES) @rm -f evptest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(evptest_OBJECTS) $(evptest_LDADD) $(LIBS) @@ -1717,18 +1967,18 @@ keypairtest$(EXEEXT): $(keypairtest_OBJECTS) $(keypairtest_DEPENDENCIES) $(EXTRA @rm -f keypairtest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(keypairtest_OBJECTS) $(keypairtest_LDADD) $(LIBS) -md4test$(EXEEXT): $(md4test_OBJECTS) $(md4test_DEPENDENCIES) $(EXTRA_md4test_DEPENDENCIES) - @rm -f md4test$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(md4test_OBJECTS) $(md4test_LDADD) $(LIBS) - -md5test$(EXEEXT): $(md5test_OBJECTS) $(md5test_DEPENDENCIES) $(EXTRA_md5test_DEPENDENCIES) - @rm -f md5test$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(md5test_OBJECTS) $(md5test_LDADD) $(LIBS) +md_test$(EXEEXT): $(md_test_OBJECTS) $(md_test_DEPENDENCIES) $(EXTRA_md_test_DEPENDENCIES) + @rm -f md_test$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(md_test_OBJECTS) $(md_test_LDADD) $(LIBS) mont$(EXEEXT): $(mont_OBJECTS) $(mont_DEPENDENCIES) $(EXTRA_mont_DEPENDENCIES) @rm -f mont$(EXEEXT) $(AM_V_CCLD)$(LINK) $(mont_OBJECTS) $(mont_LDADD) $(LIBS) +objectstest$(EXEEXT): $(objectstest_OBJECTS) $(objectstest_DEPENDENCIES) $(EXTRA_objectstest_DEPENDENCIES) + @rm -f objectstest$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(objectstest_OBJECTS) $(objectstest_LDADD) $(LIBS) + ocsp_test$(EXEEXT): $(ocsp_test_OBJECTS) $(ocsp_test_DEPENDENCIES) $(EXTRA_ocsp_test_DEPENDENCIES) @rm -f ocsp_test$(EXEEXT) $(AM_V_CCLD)$(LINK) $(ocsp_test_OBJECTS) $(ocsp_test_LDADD) $(LIBS) @@ -1757,17 +2007,21 @@ pq_test$(EXEEXT): $(pq_test_OBJECTS) $(pq_test_DEPENDENCIES) $(EXTRA_pq_test_DEP @rm -f pq_test$(EXEEXT) $(AM_V_CCLD)$(LINK) $(pq_test_OBJECTS) $(pq_test_LDADD) $(LIBS) +quictest$(EXEEXT): $(quictest_OBJECTS) $(quictest_DEPENDENCIES) $(EXTRA_quictest_DEPENDENCIES) + @rm -f quictest$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(quictest_OBJECTS) $(quictest_LDADD) $(LIBS) + randtest$(EXEEXT): $(randtest_OBJECTS) $(randtest_DEPENDENCIES) $(EXTRA_randtest_DEPENDENCIES) @rm -f randtest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(randtest_OBJECTS) $(randtest_LDADD) $(LIBS) -rc2test$(EXEEXT): $(rc2test_OBJECTS) $(rc2test_DEPENDENCIES) $(EXTRA_rc2test_DEPENDENCIES) - @rm -f rc2test$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(rc2test_OBJECTS) $(rc2test_LDADD) $(LIBS) +rc2_test$(EXEEXT): $(rc2_test_OBJECTS) $(rc2_test_DEPENDENCIES) $(EXTRA_rc2_test_DEPENDENCIES) + @rm -f rc2_test$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rc2_test_OBJECTS) $(rc2_test_LDADD) $(LIBS) -rc4test$(EXEEXT): $(rc4test_OBJECTS) $(rc4test_DEPENDENCIES) $(EXTRA_rc4test_DEPENDENCIES) - @rm -f rc4test$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(rc4test_OBJECTS) $(rc4test_LDADD) $(LIBS) +rc4_test$(EXEEXT): $(rc4_test_OBJECTS) $(rc4_test_DEPENDENCIES) $(EXTRA_rc4_test_DEPENDENCIES) + @rm -f rc4_test$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rc4_test_OBJECTS) $(rc4_test_LDADD) $(LIBS) record_layer_test$(EXEEXT): $(record_layer_test_OBJECTS) $(record_layer_test_DEPENDENCIES) $(EXTRA_record_layer_test_DEPENDENCIES) @rm -f record_layer_test$(EXEEXT) @@ -1777,13 +2031,17 @@ recordtest$(EXEEXT): $(recordtest_OBJECTS) $(recordtest_DEPENDENCIES) $(EXTRA_re @rm -f recordtest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(recordtest_OBJECTS) $(recordtest_LDADD) $(LIBS) +rfc3779$(EXEEXT): $(rfc3779_OBJECTS) $(rfc3779_DEPENDENCIES) $(EXTRA_rfc3779_DEPENDENCIES) + @rm -f rfc3779$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rfc3779_OBJECTS) $(rfc3779_LDADD) $(LIBS) + rfc5280time$(EXEEXT): $(rfc5280time_OBJECTS) $(rfc5280time_DEPENDENCIES) $(EXTRA_rfc5280time_DEPENDENCIES) @rm -f rfc5280time$(EXEEXT) $(AM_V_CCLD)$(LINK) $(rfc5280time_OBJECTS) $(rfc5280time_LDADD) $(LIBS) -rmdtest$(EXEEXT): $(rmdtest_OBJECTS) $(rmdtest_DEPENDENCIES) $(EXTRA_rmdtest_DEPENDENCIES) - @rm -f rmdtest$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(rmdtest_OBJECTS) $(rmdtest_LDADD) $(LIBS) +rmd_test$(EXEEXT): $(rmd_test_OBJECTS) $(rmd_test_DEPENDENCIES) $(EXTRA_rmd_test_DEPENDENCIES) + @rm -f rmd_test$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rmd_test_OBJECTS) $(rmd_test_LDADD) $(LIBS) rsa_test$(EXEEXT): $(rsa_test_OBJECTS) $(rsa_test_DEPENDENCIES) $(EXTRA_rsa_test_DEPENDENCIES) @rm -f rsa_test$(EXEEXT) @@ -1793,17 +2051,9 @@ servertest$(EXEEXT): $(servertest_OBJECTS) $(servertest_DEPENDENCIES) $(EXTRA_se @rm -f servertest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(servertest_OBJECTS) $(servertest_LDADD) $(LIBS) -sha1test$(EXEEXT): $(sha1test_OBJECTS) $(sha1test_DEPENDENCIES) $(EXTRA_sha1test_DEPENDENCIES) - @rm -f sha1test$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(sha1test_OBJECTS) $(sha1test_LDADD) $(LIBS) - -sha256test$(EXEEXT): $(sha256test_OBJECTS) $(sha256test_DEPENDENCIES) $(EXTRA_sha256test_DEPENDENCIES) - @rm -f sha256test$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(sha256test_OBJECTS) $(sha256test_LDADD) $(LIBS) - -sha512test$(EXEEXT): $(sha512test_OBJECTS) $(sha512test_DEPENDENCIES) $(EXTRA_sha512test_DEPENDENCIES) - @rm -f sha512test$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(sha512test_OBJECTS) $(sha512test_LDADD) $(LIBS) +sha_test$(EXEEXT): $(sha_test_OBJECTS) $(sha_test_DEPENDENCIES) $(EXTRA_sha_test_DEPENDENCIES) + @rm -f sha_test$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(sha_test_OBJECTS) $(sha_test_LDADD) $(LIBS) sm3test$(EXEEXT): $(sm3test_OBJECTS) $(sm3test_DEPENDENCIES) $(EXTRA_sm3test_DEPENDENCIES) @rm -f sm3test$(EXEEXT) @@ -1821,6 +2071,10 @@ ssl_methods$(EXEEXT): $(ssl_methods_OBJECTS) $(ssl_methods_DEPENDENCIES) $(EXTRA @rm -f ssl_methods$(EXEEXT) $(AM_V_CCLD)$(LINK) $(ssl_methods_OBJECTS) $(ssl_methods_LDADD) $(LIBS) +ssl_set_alpn_protos$(EXEEXT): $(ssl_set_alpn_protos_OBJECTS) $(ssl_set_alpn_protos_DEPENDENCIES) $(EXTRA_ssl_set_alpn_protos_DEPENDENCIES) + @rm -f ssl_set_alpn_protos$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ssl_set_alpn_protos_OBJECTS) $(ssl_set_alpn_protos_LDADD) $(LIBS) + ssl_versions$(EXEEXT): $(ssl_versions_OBJECTS) $(ssl_versions_DEPENDENCIES) $(EXTRA_ssl_versions_DEPENDENCIES) @rm -f ssl_versions$(EXEEXT) $(AM_V_CCLD)$(LINK) $(ssl_versions_OBJECTS) $(ssl_versions_LDADD) $(LIBS) @@ -1829,6 +2083,10 @@ ssltest$(EXEEXT): $(ssltest_OBJECTS) $(ssltest_DEPENDENCIES) $(EXTRA_ssltest_DEP @rm -f ssltest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(ssltest_OBJECTS) $(ssltest_LDADD) $(LIBS) +string_table$(EXEEXT): $(string_table_OBJECTS) $(string_table_DEPENDENCIES) $(EXTRA_string_table_DEPENDENCIES) + @rm -f string_table$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(string_table_OBJECTS) $(string_table_LDADD) $(LIBS) + timingsafe$(EXEEXT): $(timingsafe_OBJECTS) $(timingsafe_DEPENDENCIES) $(EXTRA_timingsafe_DEPENDENCIES) @rm -f timingsafe$(EXEEXT) $(AM_V_CCLD)$(LINK) $(timingsafe_OBJECTS) $(timingsafe_LDADD) $(LIBS) @@ -1883,6 +2141,10 @@ x509name$(EXEEXT): $(x509name_OBJECTS) $(x509name_DEPENDENCIES) $(EXTRA_x509name @rm -f x509name$(EXEEXT) $(AM_V_CCLD)$(LINK) $(x509name_OBJECTS) $(x509name_LDADD) $(LIBS) +x509req_ext$(EXEEXT): $(x509req_ext_OBJECTS) $(x509req_ext_DEPENDENCIES) $(EXTRA_x509req_ext_DEPENDENCIES) + @rm -f x509req_ext$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509req_ext_OBJECTS) $(x509req_ext_LDADD) $(LIBS) + mostlyclean-compile: -rm -f *.$(OBJEXT) -rm -f compat/*.$(OBJEXT) @@ -1893,17 +2155,28 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aeadtest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_wrap.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arc4randomforktest.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_string_to_utf8.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1api.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1basic.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1complex.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1evp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1object.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1string_copy.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1time.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1x509.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/base64test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bftest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/biotest.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bn_isqrt.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bn_mod_exp2_mont.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bn_mod_sqrt.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bn_primes.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bn_rand_interval.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bn_to_string.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bnaddsub.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bntest-bntest.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/buffertest-buffertest.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/buffertest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bytestringtest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/casttest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chachatest.Po@am__quote@ # am--include-marker @@ -1918,11 +2191,14 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhtest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dsatest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dtlstest.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ec_asn1_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ec_point_conversion.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ecdhtest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ecdsatest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ectest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/enginetest.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/evp_pkey_check.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/evp_pkey_cleanup.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/evptest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/explicit_bzero.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/exptest-exptest.Po@am__quote@ # am--include-marker @@ -1935,10 +2211,10 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ideatest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/igetest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/key_schedule.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keypairtest.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md4test.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5test.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keypairtest-keypairtest.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mont.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/objectstest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocsp_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/optionstest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pbkdf2.Po@am__quote@ # am--include-marker @@ -1946,24 +2222,26 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs7test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/poly1305test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pq_test.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/quictest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/randtest.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rc2test.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rc4test.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rc2_test.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rc4_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/record_layer_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/recordtest.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc3779-rfc3779.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc5280time.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rmdtest.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rmd_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsa_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/servertest.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1test.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha256test.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha512test.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sm3test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sm4test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_get_shared_ciphers-ssl_get_shared_ciphers.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_methods.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_set_alpn_protos.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_versions.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssltest.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/string_table.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/timingsafe.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls_ext_alpn.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls_prf.Po@am__quote@ # am--include-marker @@ -1977,6 +2255,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_info.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509attribute.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509name.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509req_ext.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/memmem.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/pipe2.Po@am__quote@ # am--include-marker @@ -2024,20 +2303,6 @@ bntest-bntest.obj: bntest.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(bntest_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bntest-bntest.obj `if test -f 'bntest.c'; then $(CYGPATH_W) 'bntest.c'; else $(CYGPATH_W) '$(srcdir)/bntest.c'; fi` -buffertest-buffertest.o: buffertest.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(buffertest_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT buffertest-buffertest.o -MD -MP -MF $(DEPDIR)/buffertest-buffertest.Tpo -c -o buffertest-buffertest.o `test -f 'buffertest.c' || echo '$(srcdir)/'`buffertest.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/buffertest-buffertest.Tpo $(DEPDIR)/buffertest-buffertest.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='buffertest.c' object='buffertest-buffertest.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(buffertest_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o buffertest-buffertest.o `test -f 'buffertest.c' || echo '$(srcdir)/'`buffertest.c - -buffertest-buffertest.obj: buffertest.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(buffertest_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT buffertest-buffertest.obj -MD -MP -MF $(DEPDIR)/buffertest-buffertest.Tpo -c -o buffertest-buffertest.obj `if test -f 'buffertest.c'; then $(CYGPATH_W) 'buffertest.c'; else $(CYGPATH_W) '$(srcdir)/buffertest.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/buffertest-buffertest.Tpo $(DEPDIR)/buffertest-buffertest.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='buffertest.c' object='buffertest-buffertest.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(buffertest_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o buffertest-buffertest.obj `if test -f 'buffertest.c'; then $(CYGPATH_W) 'buffertest.c'; else $(CYGPATH_W) '$(srcdir)/buffertest.c'; fi` - exptest-exptest.o: exptest.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(exptest_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT exptest-exptest.o -MD -MP -MF $(DEPDIR)/exptest-exptest.Tpo -c -o exptest-exptest.o `test -f 'exptest.c' || echo '$(srcdir)/'`exptest.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/exptest-exptest.Tpo $(DEPDIR)/exptest-exptest.Po @@ -2052,6 +2317,34 @@ exptest-exptest.obj: exptest.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(exptest_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o exptest-exptest.obj `if test -f 'exptest.c'; then $(CYGPATH_W) 'exptest.c'; else $(CYGPATH_W) '$(srcdir)/exptest.c'; fi` +keypairtest-keypairtest.o: keypairtest.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(keypairtest_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT keypairtest-keypairtest.o -MD -MP -MF $(DEPDIR)/keypairtest-keypairtest.Tpo -c -o keypairtest-keypairtest.o `test -f 'keypairtest.c' || echo '$(srcdir)/'`keypairtest.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/keypairtest-keypairtest.Tpo $(DEPDIR)/keypairtest-keypairtest.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='keypairtest.c' object='keypairtest-keypairtest.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(keypairtest_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o keypairtest-keypairtest.o `test -f 'keypairtest.c' || echo '$(srcdir)/'`keypairtest.c + +keypairtest-keypairtest.obj: keypairtest.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(keypairtest_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT keypairtest-keypairtest.obj -MD -MP -MF $(DEPDIR)/keypairtest-keypairtest.Tpo -c -o keypairtest-keypairtest.obj `if test -f 'keypairtest.c'; then $(CYGPATH_W) 'keypairtest.c'; else $(CYGPATH_W) '$(srcdir)/keypairtest.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/keypairtest-keypairtest.Tpo $(DEPDIR)/keypairtest-keypairtest.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='keypairtest.c' object='keypairtest-keypairtest.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(keypairtest_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o keypairtest-keypairtest.obj `if test -f 'keypairtest.c'; then $(CYGPATH_W) 'keypairtest.c'; else $(CYGPATH_W) '$(srcdir)/keypairtest.c'; fi` + +rfc3779-rfc3779.o: rfc3779.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(rfc3779_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rfc3779-rfc3779.o -MD -MP -MF $(DEPDIR)/rfc3779-rfc3779.Tpo -c -o rfc3779-rfc3779.o `test -f 'rfc3779.c' || echo '$(srcdir)/'`rfc3779.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/rfc3779-rfc3779.Tpo $(DEPDIR)/rfc3779-rfc3779.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='rfc3779.c' object='rfc3779-rfc3779.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(rfc3779_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rfc3779-rfc3779.o `test -f 'rfc3779.c' || echo '$(srcdir)/'`rfc3779.c + +rfc3779-rfc3779.obj: rfc3779.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(rfc3779_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rfc3779-rfc3779.obj -MD -MP -MF $(DEPDIR)/rfc3779-rfc3779.Tpo -c -o rfc3779-rfc3779.obj `if test -f 'rfc3779.c'; then $(CYGPATH_W) 'rfc3779.c'; else $(CYGPATH_W) '$(srcdir)/rfc3779.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/rfc3779-rfc3779.Tpo $(DEPDIR)/rfc3779-rfc3779.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='rfc3779.c' object='rfc3779-rfc3779.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(rfc3779_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rfc3779-rfc3779.obj `if test -f 'rfc3779.c'; then $(CYGPATH_W) 'rfc3779.c'; else $(CYGPATH_W) '$(srcdir)/rfc3779.c'; fi` + ssl_get_shared_ciphers-ssl_get_shared_ciphers.o: ssl_get_shared_ciphers.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ssl_get_shared_ciphers_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ssl_get_shared_ciphers-ssl_get_shared_ciphers.o -MD -MP -MF $(DEPDIR)/ssl_get_shared_ciphers-ssl_get_shared_ciphers.Tpo -c -o ssl_get_shared_ciphers-ssl_get_shared_ciphers.o `test -f 'ssl_get_shared_ciphers.c' || echo '$(srcdir)/'`ssl_get_shared_ciphers.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ssl_get_shared_ciphers-ssl_get_shared_ciphers.Tpo $(DEPDIR)/ssl_get_shared_ciphers-ssl_get_shared_ciphers.Po @@ -2286,6 +2579,34 @@ arc4randomforktest.sh.log: arc4randomforktest.sh --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +asn1_string_to_utf8.log: asn1_string_to_utf8$(EXEEXT) + @p='asn1_string_to_utf8$(EXEEXT)'; \ + b='asn1_string_to_utf8'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +asn1api.log: asn1api$(EXEEXT) + @p='asn1api$(EXEEXT)'; \ + b='asn1api'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +asn1basic.log: asn1basic$(EXEEXT) + @p='asn1basic$(EXEEXT)'; \ + b='asn1basic'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +asn1complex.log: asn1complex$(EXEEXT) + @p='asn1complex$(EXEEXT)'; \ + b='asn1complex'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) asn1evp.log: asn1evp$(EXEEXT) @p='asn1evp$(EXEEXT)'; \ b='asn1evp'; \ @@ -2293,6 +2614,20 @@ asn1evp.log: asn1evp$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +asn1object.log: asn1object$(EXEEXT) + @p='asn1object$(EXEEXT)'; \ + b='asn1object'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +asn1string_copy.log: asn1string_copy$(EXEEXT) + @p='asn1string_copy$(EXEEXT)'; \ + b='asn1string_copy'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) asn1test.log: asn1test$(EXEEXT) @p='asn1test$(EXEEXT)'; \ b='asn1test'; \ @@ -2307,6 +2642,13 @@ asn1time.log: asn1time$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +asn1x509.log: asn1x509$(EXEEXT) + @p='asn1x509$(EXEEXT)'; \ + b='asn1x509'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) base64test.log: base64test$(EXEEXT) @p='base64test$(EXEEXT)'; \ b='base64test'; \ @@ -2335,6 +2677,34 @@ bnaddsub.log: bnaddsub$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +bn_isqrt.log: bn_isqrt$(EXEEXT) + @p='bn_isqrt$(EXEEXT)'; \ + b='bn_isqrt'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +bn_mod_exp2_mont.log: bn_mod_exp2_mont$(EXEEXT) + @p='bn_mod_exp2_mont$(EXEEXT)'; \ + b='bn_mod_exp2_mont'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +bn_mod_sqrt.log: bn_mod_sqrt$(EXEEXT) + @p='bn_mod_sqrt$(EXEEXT)'; \ + b='bn_mod_sqrt'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +bn_primes.log: bn_primes$(EXEEXT) + @p='bn_primes$(EXEEXT)'; \ + b='bn_primes'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) bn_rand_interval.log: bn_rand_interval$(EXEEXT) @p='bn_rand_interval$(EXEEXT)'; \ b='bn_rand_interval'; \ @@ -2461,6 +2831,13 @@ dtlstest.sh.log: dtlstest.sh --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +ec_asn1_test.log: ec_asn1_test$(EXEEXT) + @p='ec_asn1_test$(EXEEXT)'; \ + b='ec_asn1_test'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) ec_point_conversion.log: ec_point_conversion$(EXEEXT) @p='ec_point_conversion$(EXEEXT)'; \ b='ec_point_conversion'; \ @@ -2496,6 +2873,20 @@ enginetest.log: enginetest$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +evp_pkey_check.log: evp_pkey_check$(EXEEXT) + @p='evp_pkey_check$(EXEEXT)'; \ + b='evp_pkey_check'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +evp_pkey_cleanup.log: evp_pkey_cleanup$(EXEEXT) + @p='evp_pkey_cleanup$(EXEEXT)'; \ + b='evp_pkey_cleanup'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) evptest.sh.log: evptest.sh @p='evptest.sh'; \ b='evptest.sh'; \ @@ -2573,13 +2964,6 @@ igetest.log: igetest$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) -keypairtest.sh.log: keypairtest.sh - @p='keypairtest.sh'; \ - b='keypairtest.sh'; \ - $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) key_schedule.log: key_schedule$(EXEEXT) @p='key_schedule$(EXEEXT)'; \ b='key_schedule'; \ @@ -2587,16 +2971,16 @@ key_schedule.log: key_schedule$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) -md4test.log: md4test$(EXEEXT) - @p='md4test$(EXEEXT)'; \ - b='md4test'; \ +keypairtest.sh.log: keypairtest.sh + @p='keypairtest.sh'; \ + b='keypairtest.sh'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) -md5test.log: md5test$(EXEEXT) - @p='md5test$(EXEEXT)'; \ - b='md5test'; \ +md_test.log: md_test$(EXEEXT) + @p='md_test$(EXEEXT)'; \ + b='md_test'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ @@ -2608,6 +2992,13 @@ mont.log: mont$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +objectstest.log: objectstest$(EXEEXT) + @p='objectstest$(EXEEXT)'; \ + b='objectstest'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) ocsptest.sh.log: ocsptest.sh @p='ocsptest.sh'; \ b='ocsptest.sh'; \ @@ -2657,6 +3048,13 @@ pq_test.sh.log: pq_test.sh --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +quictest.sh.log: quictest.sh + @p='quictest.sh'; \ + b='quictest.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) randtest.log: randtest$(EXEEXT) @p='randtest$(EXEEXT)'; \ b='randtest'; \ @@ -2664,16 +3062,16 @@ randtest.log: randtest$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) -rc2test.log: rc2test$(EXEEXT) - @p='rc2test$(EXEEXT)'; \ - b='rc2test'; \ +rc2_test.log: rc2_test$(EXEEXT) + @p='rc2_test$(EXEEXT)'; \ + b='rc2_test'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) -rc4test.log: rc4test$(EXEEXT) - @p='rc4test$(EXEEXT)'; \ - b='rc4test'; \ +rc4_test.log: rc4_test$(EXEEXT) + @p='rc4_test$(EXEEXT)'; \ + b='rc4_test'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ @@ -2692,6 +3090,13 @@ record_layer_test.log: record_layer_test$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +rfc3779.log: rfc3779$(EXEEXT) + @p='rfc3779$(EXEEXT)'; \ + b='rfc3779'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) rfc5280time.log: rfc5280time$(EXEEXT) @p='rfc5280time$(EXEEXT)'; \ b='rfc5280time'; \ @@ -2699,9 +3104,9 @@ rfc5280time.log: rfc5280time$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) -rmdtest.log: rmdtest$(EXEEXT) - @p='rmdtest$(EXEEXT)'; \ - b='rmdtest'; \ +rmd_test.log: rmd_test$(EXEEXT) + @p='rmd_test$(EXEEXT)'; \ + b='rmd_test'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ @@ -2720,23 +3125,9 @@ servertest.sh.log: servertest.sh --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) -sha1test.log: sha1test$(EXEEXT) - @p='sha1test$(EXEEXT)'; \ - b='sha1test'; \ - $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) -sha256test.log: sha256test$(EXEEXT) - @p='sha256test$(EXEEXT)'; \ - b='sha256test'; \ - $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) -sha512test.log: sha512test$(EXEEXT) - @p='sha512test$(EXEEXT)'; \ - b='sha512test'; \ +sha_test.log: sha_test$(EXEEXT) + @p='sha_test$(EXEEXT)'; \ + b='sha_test'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ @@ -2769,6 +3160,13 @@ ssl_methods.log: ssl_methods$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +ssl_set_alpn_protos.log: ssl_set_alpn_protos$(EXEEXT) + @p='ssl_set_alpn_protos$(EXEEXT)'; \ + b='ssl_set_alpn_protos'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) ssl_versions.log: ssl_versions$(EXEEXT) @p='ssl_versions$(EXEEXT)'; \ b='ssl_versions'; \ @@ -2783,6 +3181,13 @@ ssltest.sh.log: ssltest.sh --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +string_table.log: string_table$(EXEEXT) + @p='string_table$(EXEEXT)'; \ + b='string_table'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) testdsa.sh.log: testdsa.sh @p='testdsa.sh'; \ b='testdsa.sh'; \ @@ -2895,6 +3300,13 @@ x509name.log: x509name$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +x509req_ext.log: x509req_ext$(EXEEXT) + @p='x509req_ext$(EXEEXT)'; \ + b='x509req_ext'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) .test.log: @p='$<'; \ $(am__set_b); \ @@ -2909,7 +3321,6 @@ x509name.log: x509name$(EXEEXT) @am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ @am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ @am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am @@ -2994,17 +3405,28 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/aeadtest.Po -rm -f ./$(DEPDIR)/aes_wrap.Po -rm -f ./$(DEPDIR)/arc4randomforktest.Po + -rm -f ./$(DEPDIR)/asn1_string_to_utf8.Po + -rm -f ./$(DEPDIR)/asn1api.Po + -rm -f ./$(DEPDIR)/asn1basic.Po + -rm -f ./$(DEPDIR)/asn1complex.Po -rm -f ./$(DEPDIR)/asn1evp.Po + -rm -f ./$(DEPDIR)/asn1object.Po + -rm -f ./$(DEPDIR)/asn1string_copy.Po -rm -f ./$(DEPDIR)/asn1test.Po -rm -f ./$(DEPDIR)/asn1time.Po + -rm -f ./$(DEPDIR)/asn1x509.Po -rm -f ./$(DEPDIR)/base64test.Po -rm -f ./$(DEPDIR)/bftest.Po -rm -f ./$(DEPDIR)/biotest.Po + -rm -f ./$(DEPDIR)/bn_isqrt.Po + -rm -f ./$(DEPDIR)/bn_mod_exp2_mont.Po + -rm -f ./$(DEPDIR)/bn_mod_sqrt.Po + -rm -f ./$(DEPDIR)/bn_primes.Po -rm -f ./$(DEPDIR)/bn_rand_interval.Po -rm -f ./$(DEPDIR)/bn_to_string.Po -rm -f ./$(DEPDIR)/bnaddsub.Po -rm -f ./$(DEPDIR)/bntest-bntest.Po - -rm -f ./$(DEPDIR)/buffertest-buffertest.Po + -rm -f ./$(DEPDIR)/buffertest.Po -rm -f ./$(DEPDIR)/bytestringtest.Po -rm -f ./$(DEPDIR)/casttest.Po -rm -f ./$(DEPDIR)/chachatest.Po @@ -3019,11 +3441,14 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/dhtest.Po -rm -f ./$(DEPDIR)/dsatest.Po -rm -f ./$(DEPDIR)/dtlstest.Po + -rm -f ./$(DEPDIR)/ec_asn1_test.Po -rm -f ./$(DEPDIR)/ec_point_conversion.Po -rm -f ./$(DEPDIR)/ecdhtest.Po -rm -f ./$(DEPDIR)/ecdsatest.Po -rm -f ./$(DEPDIR)/ectest.Po -rm -f ./$(DEPDIR)/enginetest.Po + -rm -f ./$(DEPDIR)/evp_pkey_check.Po + -rm -f ./$(DEPDIR)/evp_pkey_cleanup.Po -rm -f ./$(DEPDIR)/evptest.Po -rm -f ./$(DEPDIR)/explicit_bzero.Po -rm -f ./$(DEPDIR)/exptest-exptest.Po @@ -3036,10 +3461,10 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/ideatest.Po -rm -f ./$(DEPDIR)/igetest.Po -rm -f ./$(DEPDIR)/key_schedule.Po - -rm -f ./$(DEPDIR)/keypairtest.Po - -rm -f ./$(DEPDIR)/md4test.Po - -rm -f ./$(DEPDIR)/md5test.Po + -rm -f ./$(DEPDIR)/keypairtest-keypairtest.Po + -rm -f ./$(DEPDIR)/md_test.Po -rm -f ./$(DEPDIR)/mont.Po + -rm -f ./$(DEPDIR)/objectstest.Po -rm -f ./$(DEPDIR)/ocsp_test.Po -rm -f ./$(DEPDIR)/optionstest.Po -rm -f ./$(DEPDIR)/pbkdf2.Po @@ -3047,24 +3472,26 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/pkcs7test.Po -rm -f ./$(DEPDIR)/poly1305test.Po -rm -f ./$(DEPDIR)/pq_test.Po + -rm -f ./$(DEPDIR)/quictest.Po -rm -f ./$(DEPDIR)/randtest.Po - -rm -f ./$(DEPDIR)/rc2test.Po - -rm -f ./$(DEPDIR)/rc4test.Po + -rm -f ./$(DEPDIR)/rc2_test.Po + -rm -f ./$(DEPDIR)/rc4_test.Po -rm -f ./$(DEPDIR)/record_layer_test.Po -rm -f ./$(DEPDIR)/recordtest.Po + -rm -f ./$(DEPDIR)/rfc3779-rfc3779.Po -rm -f ./$(DEPDIR)/rfc5280time.Po - -rm -f ./$(DEPDIR)/rmdtest.Po + -rm -f ./$(DEPDIR)/rmd_test.Po -rm -f ./$(DEPDIR)/rsa_test.Po -rm -f ./$(DEPDIR)/servertest.Po - -rm -f ./$(DEPDIR)/sha1test.Po - -rm -f ./$(DEPDIR)/sha256test.Po - -rm -f ./$(DEPDIR)/sha512test.Po + -rm -f ./$(DEPDIR)/sha_test.Po -rm -f ./$(DEPDIR)/sm3test.Po -rm -f ./$(DEPDIR)/sm4test.Po -rm -f ./$(DEPDIR)/ssl_get_shared_ciphers-ssl_get_shared_ciphers.Po -rm -f ./$(DEPDIR)/ssl_methods.Po + -rm -f ./$(DEPDIR)/ssl_set_alpn_protos.Po -rm -f ./$(DEPDIR)/ssl_versions.Po -rm -f ./$(DEPDIR)/ssltest.Po + -rm -f ./$(DEPDIR)/string_table.Po -rm -f ./$(DEPDIR)/timingsafe.Po -rm -f ./$(DEPDIR)/tls_ext_alpn.Po -rm -f ./$(DEPDIR)/tls_prf.Po @@ -3078,6 +3505,7 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/x509_info.Po -rm -f ./$(DEPDIR)/x509attribute.Po -rm -f ./$(DEPDIR)/x509name.Po + -rm -f ./$(DEPDIR)/x509req_ext.Po -rm -f compat/$(DEPDIR)/memmem.Po -rm -f compat/$(DEPDIR)/pipe2.Po -rm -f Makefile @@ -3128,17 +3556,28 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/aeadtest.Po -rm -f ./$(DEPDIR)/aes_wrap.Po -rm -f ./$(DEPDIR)/arc4randomforktest.Po + -rm -f ./$(DEPDIR)/asn1_string_to_utf8.Po + -rm -f ./$(DEPDIR)/asn1api.Po + -rm -f ./$(DEPDIR)/asn1basic.Po + -rm -f ./$(DEPDIR)/asn1complex.Po -rm -f ./$(DEPDIR)/asn1evp.Po + -rm -f ./$(DEPDIR)/asn1object.Po + -rm -f ./$(DEPDIR)/asn1string_copy.Po -rm -f ./$(DEPDIR)/asn1test.Po -rm -f ./$(DEPDIR)/asn1time.Po + -rm -f ./$(DEPDIR)/asn1x509.Po -rm -f ./$(DEPDIR)/base64test.Po -rm -f ./$(DEPDIR)/bftest.Po -rm -f ./$(DEPDIR)/biotest.Po + -rm -f ./$(DEPDIR)/bn_isqrt.Po + -rm -f ./$(DEPDIR)/bn_mod_exp2_mont.Po + -rm -f ./$(DEPDIR)/bn_mod_sqrt.Po + -rm -f ./$(DEPDIR)/bn_primes.Po -rm -f ./$(DEPDIR)/bn_rand_interval.Po -rm -f ./$(DEPDIR)/bn_to_string.Po -rm -f ./$(DEPDIR)/bnaddsub.Po -rm -f ./$(DEPDIR)/bntest-bntest.Po - -rm -f ./$(DEPDIR)/buffertest-buffertest.Po + -rm -f ./$(DEPDIR)/buffertest.Po -rm -f ./$(DEPDIR)/bytestringtest.Po -rm -f ./$(DEPDIR)/casttest.Po -rm -f ./$(DEPDIR)/chachatest.Po @@ -3153,11 +3592,14 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/dhtest.Po -rm -f ./$(DEPDIR)/dsatest.Po -rm -f ./$(DEPDIR)/dtlstest.Po + -rm -f ./$(DEPDIR)/ec_asn1_test.Po -rm -f ./$(DEPDIR)/ec_point_conversion.Po -rm -f ./$(DEPDIR)/ecdhtest.Po -rm -f ./$(DEPDIR)/ecdsatest.Po -rm -f ./$(DEPDIR)/ectest.Po -rm -f ./$(DEPDIR)/enginetest.Po + -rm -f ./$(DEPDIR)/evp_pkey_check.Po + -rm -f ./$(DEPDIR)/evp_pkey_cleanup.Po -rm -f ./$(DEPDIR)/evptest.Po -rm -f ./$(DEPDIR)/explicit_bzero.Po -rm -f ./$(DEPDIR)/exptest-exptest.Po @@ -3170,10 +3612,10 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/ideatest.Po -rm -f ./$(DEPDIR)/igetest.Po -rm -f ./$(DEPDIR)/key_schedule.Po - -rm -f ./$(DEPDIR)/keypairtest.Po - -rm -f ./$(DEPDIR)/md4test.Po - -rm -f ./$(DEPDIR)/md5test.Po + -rm -f ./$(DEPDIR)/keypairtest-keypairtest.Po + -rm -f ./$(DEPDIR)/md_test.Po -rm -f ./$(DEPDIR)/mont.Po + -rm -f ./$(DEPDIR)/objectstest.Po -rm -f ./$(DEPDIR)/ocsp_test.Po -rm -f ./$(DEPDIR)/optionstest.Po -rm -f ./$(DEPDIR)/pbkdf2.Po @@ -3181,24 +3623,26 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/pkcs7test.Po -rm -f ./$(DEPDIR)/poly1305test.Po -rm -f ./$(DEPDIR)/pq_test.Po + -rm -f ./$(DEPDIR)/quictest.Po -rm -f ./$(DEPDIR)/randtest.Po - -rm -f ./$(DEPDIR)/rc2test.Po - -rm -f ./$(DEPDIR)/rc4test.Po + -rm -f ./$(DEPDIR)/rc2_test.Po + -rm -f ./$(DEPDIR)/rc4_test.Po -rm -f ./$(DEPDIR)/record_layer_test.Po -rm -f ./$(DEPDIR)/recordtest.Po + -rm -f ./$(DEPDIR)/rfc3779-rfc3779.Po -rm -f ./$(DEPDIR)/rfc5280time.Po - -rm -f ./$(DEPDIR)/rmdtest.Po + -rm -f ./$(DEPDIR)/rmd_test.Po -rm -f ./$(DEPDIR)/rsa_test.Po -rm -f ./$(DEPDIR)/servertest.Po - -rm -f ./$(DEPDIR)/sha1test.Po - -rm -f ./$(DEPDIR)/sha256test.Po - -rm -f ./$(DEPDIR)/sha512test.Po + -rm -f ./$(DEPDIR)/sha_test.Po -rm -f ./$(DEPDIR)/sm3test.Po -rm -f ./$(DEPDIR)/sm4test.Po -rm -f ./$(DEPDIR)/ssl_get_shared_ciphers-ssl_get_shared_ciphers.Po -rm -f ./$(DEPDIR)/ssl_methods.Po + -rm -f ./$(DEPDIR)/ssl_set_alpn_protos.Po -rm -f ./$(DEPDIR)/ssl_versions.Po -rm -f ./$(DEPDIR)/ssltest.Po + -rm -f ./$(DEPDIR)/string_table.Po -rm -f ./$(DEPDIR)/timingsafe.Po -rm -f ./$(DEPDIR)/tls_ext_alpn.Po -rm -f ./$(DEPDIR)/tls_prf.Po @@ -3212,6 +3656,7 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/x509_info.Po -rm -f ./$(DEPDIR)/x509attribute.Po -rm -f ./$(DEPDIR)/x509name.Po + -rm -f ./$(DEPDIR)/x509req_ext.Po -rm -f compat/$(DEPDIR)/memmem.Po -rm -f compat/$(DEPDIR)/pipe2.Po -rm -f Makefile diff --git a/tests/aeadtest.c b/tests/aeadtest.c index ed0c6898..b4a08618 100644 --- a/tests/aeadtest.c +++ b/tests/aeadtest.c @@ -1,64 +1,33 @@ -/* $OpenBSD: aeadtest.c,v 1.12 2019/01/22 00:59:21 dlg Exp $ */ -/* ==================================================================== - * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. +/* $OpenBSD: aeadtest.c,v 1.23 2022/08/20 19:25:14 jsing Exp $ */ +/* + * Copyright (c) 2022 Joel Sing + * Copyright (c) 2014, Google Inc. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include +#include #include #include #include -#include #include -#include -#include #include +#include -/* This program tests an AEAD against a series of test vectors from a file. The +/* + * This program tests an AEAD against a series of test vectors from a file. The * test vector file consists of key-value lines where the key and value are * separated by a colon and optional whitespace. The keys are listed in * NAMES, below. The values are hex-encoded data. @@ -122,106 +91,305 @@ hex_digit(char h) } static int -aead_from_name(const EVP_AEAD **aead, const char *name) +aead_from_name(const EVP_AEAD **aead, const EVP_CIPHER **cipher, + const char *name) { *aead = NULL; + *cipher = NULL; if (strcmp(name, "aes-128-gcm") == 0) { -#ifndef OPENSSL_NO_AES *aead = EVP_aead_aes_128_gcm(); -#else - fprintf(stderr, "No AES support.\n"); -#endif + *cipher = EVP_aes_128_gcm(); + } else if (strcmp(name, "aes-192-gcm") == 0) { + *cipher = EVP_aes_192_gcm(); } else if (strcmp(name, "aes-256-gcm") == 0) { -#ifndef OPENSSL_NO_AES *aead = EVP_aead_aes_256_gcm(); -#else - fprintf(stderr, "No AES support.\n"); -#endif + *cipher = EVP_aes_256_gcm(); } else if (strcmp(name, "chacha20-poly1305") == 0) { -#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) *aead = EVP_aead_chacha20_poly1305(); -#else - fprintf(stderr, "No chacha20-poly1305 support.\n"); -#endif + *cipher = EVP_chacha20_poly1305(); } else if (strcmp(name, "xchacha20-poly1305") == 0) { -#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) *aead = EVP_aead_xchacha20_poly1305(); -#else - fprintf(stderr, "No xchacha20-poly1305 support.\n"); -#endif } else { fprintf(stderr, "Unknown AEAD: %s\n", name); - return -1; - } - - if (*aead == NULL) return 0; + } return 1; } static int -run_test_case(const EVP_AEAD* aead, unsigned char bufs[NUM_TYPES][BUF_MAX], +run_aead_test(const EVP_AEAD *aead, unsigned char bufs[NUM_TYPES][BUF_MAX], const unsigned int lengths[NUM_TYPES], unsigned int line_no) { - EVP_AEAD_CTX ctx; + EVP_AEAD_CTX *ctx; unsigned char out[BUF_MAX + EVP_AEAD_MAX_TAG_LENGTH], out2[BUF_MAX]; size_t out_len, out_len2; + int ret = 0; + + if ((ctx = EVP_AEAD_CTX_new()) == NULL) { + fprintf(stderr, "Failed to allocate AEAD context on line %u\n", + line_no); + goto err; + } - if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY], + if (!EVP_AEAD_CTX_init(ctx, aead, bufs[KEY], lengths[KEY], lengths[TAG], NULL)) { fprintf(stderr, "Failed to init AEAD on line %u\n", line_no); - return 0; + goto err; } - if (!EVP_AEAD_CTX_seal(&ctx, out, &out_len, sizeof(out), bufs[NONCE], + if (!EVP_AEAD_CTX_seal(ctx, out, &out_len, sizeof(out), bufs[NONCE], lengths[NONCE], bufs[IN], lengths[IN], bufs[AD], lengths[AD])) { fprintf(stderr, "Failed to run AEAD on line %u\n", line_no); - return 0; + goto err; } if (out_len != lengths[CT] + lengths[TAG]) { fprintf(stderr, "Bad output length on line %u: %zu vs %u\n", line_no, out_len, (unsigned)(lengths[CT] + lengths[TAG])); - return 0; + goto err; } if (memcmp(out, bufs[CT], lengths[CT]) != 0) { fprintf(stderr, "Bad output on line %u\n", line_no); - return 0; + goto err; } if (memcmp(out + lengths[CT], bufs[TAG], lengths[TAG]) != 0) { fprintf(stderr, "Bad tag on line %u\n", line_no); - return 0; + goto err; } - if (!EVP_AEAD_CTX_open(&ctx, out2, &out_len2, lengths[IN], bufs[NONCE], + if (!EVP_AEAD_CTX_open(ctx, out2, &out_len2, lengths[IN], bufs[NONCE], lengths[NONCE], out, out_len, bufs[AD], lengths[AD])) { fprintf(stderr, "Failed to decrypt on line %u\n", line_no); - return 0; + goto err; } if (out_len2 != lengths[IN]) { fprintf(stderr, "Bad decrypt on line %u: %zu\n", line_no, out_len2); - return 0; + goto err; } if (memcmp(out2, bufs[IN], out_len2) != 0) { fprintf(stderr, "Plaintext mismatch on line %u\n", line_no); - return 0; + goto err; } out[0] ^= 0x80; - if (EVP_AEAD_CTX_open(&ctx, out2, &out_len2, lengths[IN], bufs[NONCE], + if (EVP_AEAD_CTX_open(ctx, out2, &out_len2, lengths[IN], bufs[NONCE], lengths[NONCE], out, out_len, bufs[AD], lengths[AD])) { fprintf(stderr, "Decrypted bad data on line %u\n", line_no); - return 0; + goto err; + } + + ret = 1; + + err: + EVP_AEAD_CTX_free(ctx); + + return ret; +} + +static int +run_cipher_aead_encrypt_test(const EVP_CIPHER *cipher, + unsigned char bufs[NUM_TYPES][BUF_MAX], + const unsigned int lengths[NUM_TYPES], unsigned int line_no) +{ + unsigned char out[BUF_MAX + EVP_AEAD_MAX_TAG_LENGTH]; + EVP_CIPHER_CTX *ctx; + size_t out_len; + int len; + int ret = 0; + + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) { + fprintf(stderr, "FAIL: EVP_CIPHER_CTX_new\n"); + goto err; + } + + if (!EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL)) { + fprintf(stderr, "FAIL: EVP_EncryptInit_ex with cipher\n"); + goto err; + } + + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, lengths[NONCE], NULL)) { + fprintf(stderr, "FAIL: EVP_CTRL_AEAD_SET_IVLEN\n"); + goto err; + } + + if (!EVP_EncryptInit_ex(ctx, NULL, NULL, bufs[KEY], NULL)) { + fprintf(stderr, "FAIL: EVP_EncryptInit_ex with key\n"); + goto err; + } + if (!EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, bufs[NONCE])) { + fprintf(stderr, "FAIL: EVP_EncryptInit_ex with nonce\n"); + goto err; + } + + if (!EVP_EncryptUpdate(ctx, NULL, &len, bufs[AD], lengths[AD])) { + fprintf(stderr, "FAIL: EVP_EncryptUpdate with AD\n"); + goto err; + } + if ((unsigned int)len != lengths[AD]) { + fprintf(stderr, "FAIL: EVP_EncryptUpdate with AD length = %u, " + "want %u\n", len, lengths[AD]); + goto err; + } + if (!EVP_EncryptUpdate(ctx, out, &len, bufs[IN], lengths[IN])) { + fprintf(stderr, "FAIL: EVP_EncryptUpdate with plaintext\n"); + goto err; + } + out_len = len; + if (!EVP_EncryptFinal_ex(ctx, out + out_len, &len)) { + fprintf(stderr, "FAIL: EVP_EncryptFinal_ex\n"); + goto err; + } + out_len += len; + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, lengths[TAG], + out + out_len)) { + fprintf(stderr, "FAIL: EVP_EncryptInit_ex with cipher\n"); + goto err; + } + out_len += lengths[TAG]; + + if (out_len != lengths[CT] + lengths[TAG]) { + fprintf(stderr, "Bad output length on line %u: %zu vs %u\n", + line_no, out_len, (unsigned)(lengths[CT] + lengths[TAG])); + goto err; + } + + if (memcmp(out, bufs[CT], lengths[CT]) != 0) { + fprintf(stderr, "Bad output on line %u\n", line_no); + goto err; + } + + if (memcmp(out + lengths[CT], bufs[TAG], lengths[TAG]) != 0) { + fprintf(stderr, "Bad tag on line %u\n", line_no); + goto err; + } + + ret = 1; + + err: + EVP_CIPHER_CTX_free(ctx); + + return ret; +} + +static int +run_cipher_aead_decrypt_test(const EVP_CIPHER *cipher, int invalid, + unsigned char bufs[NUM_TYPES][BUF_MAX], + const unsigned int lengths[NUM_TYPES], unsigned int line_no) +{ + unsigned char in[BUF_MAX], out[BUF_MAX + EVP_AEAD_MAX_TAG_LENGTH]; + EVP_CIPHER_CTX *ctx; + size_t out_len; + int len; + int ret = 0; + + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) { + fprintf(stderr, "FAIL: EVP_CIPHER_CTX_new\n"); + goto err; + } + + if (!EVP_DecryptInit_ex(ctx, cipher, NULL, NULL, NULL)) { + fprintf(stderr, "FAIL: EVP_DecryptInit_ex with cipher\n"); + goto err; + } + + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, lengths[NONCE], + NULL)) { + fprintf(stderr, "FAIL: EVP_CTRL_AEAD_SET_IVLEN\n"); + goto err; + } + + memcpy(in, bufs[TAG], lengths[TAG]); + if (invalid && lengths[CT] == 0) + in[0] ^= 0x80; + + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, lengths[TAG], in)) { + fprintf(stderr, "FAIL: EVP_CTRL_AEAD_SET_TAG\n"); + goto err; + } + + if (!EVP_DecryptInit_ex(ctx, NULL, NULL, bufs[KEY], NULL)) { + fprintf(stderr, "FAIL: EVP_DecryptInit_ex with key\n"); + goto err; + } + if (!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, bufs[NONCE])) { + fprintf(stderr, "FAIL: EVP_DecryptInit_ex with nonce\n"); + goto err; + } + + if (!EVP_DecryptUpdate(ctx, NULL, &len, bufs[AD], lengths[AD])) { + fprintf(stderr, "FAIL: EVP_DecryptUpdate with AD\n"); + goto err; + } + if ((unsigned int)len != lengths[AD]) { + fprintf(stderr, "FAIL: EVP_EncryptUpdate with AD length = %u, " + "want %u\n", len, lengths[AD]); + goto err; + } + + memcpy(in, bufs[CT], lengths[CT]); + if (invalid && lengths[CT] > 0) + in[0] ^= 0x80; + + if (!EVP_DecryptUpdate(ctx, out, &len, in, lengths[CT])) { + fprintf(stderr, "FAIL: EVP_DecryptUpdate with ciphertext\n"); + goto err; + } + out_len = len; + + if (invalid) { + if (EVP_DecryptFinal_ex(ctx, out + out_len, &len)) { + fprintf(stderr, "FAIL: EVP_DecryptFinal_ex succeeded " + "with invalid ciphertext on line %u\n", line_no); + goto err; + } + goto done; + } + + if (!EVP_DecryptFinal_ex(ctx, out + out_len, &len)) { + fprintf(stderr, "FAIL: EVP_DecryptFinal_ex\n"); + goto err; } + out_len += len; + + if (out_len != lengths[IN]) { + fprintf(stderr, "Bad decrypt on line %u: %zu\n", + line_no, out_len); + goto err; + } + + if (memcmp(out, bufs[IN], out_len) != 0) { + fprintf(stderr, "Plaintext mismatch on line %u\n", line_no); + goto err; + } + + done: + ret = 1; + + err: + EVP_CIPHER_CTX_free(ctx); + + return ret; +} + +static int +run_cipher_aead_test(const EVP_CIPHER *cipher, + unsigned char bufs[NUM_TYPES][BUF_MAX], + const unsigned int lengths[NUM_TYPES], unsigned int line_no) +{ + if (!run_cipher_aead_encrypt_test(cipher, bufs, lengths, line_no)) + return 0; + if (!run_cipher_aead_decrypt_test(cipher, 0, bufs, lengths, line_no)) + return 0; + if (!run_cipher_aead_decrypt_test(cipher, 1, bufs, lengths, line_no)) + return 0; - EVP_AEAD_CTX_cleanup(&ctx); return 1; } @@ -230,18 +398,18 @@ main(int argc, char **argv) { FILE *f; const EVP_AEAD *aead = NULL; + const EVP_CIPHER *cipher = NULL; unsigned int line_no = 0, num_tests = 0, j; - unsigned char bufs[NUM_TYPES][BUF_MAX]; unsigned int lengths[NUM_TYPES]; + const char *aeadname; - if (argc != 2) { - fprintf(stderr, "%s \n", argv[0]); + if (argc != 3) { + fprintf(stderr, "%s \n", argv[0]); return 1; } - f = fopen(argv[1], "r"); - if (f == NULL) { + if ((f = fopen(argv[2], "r")) == NULL) { perror("failed to open input"); return 1; } @@ -276,17 +444,25 @@ main(int argc, char **argv) if (!any_values_set) continue; - switch (aead_from_name(&aead, bufs[AEAD])) { - case 0: - fprintf(stderr, "Skipping test...\n"); - continue; - case -1: + aeadname = argv[1]; + if (lengths[AEAD] != 0) + aeadname = bufs[AEAD]; + + if (!aead_from_name(&aead, &cipher, aeadname)) { fprintf(stderr, "Aborting...\n"); return 4; } - if (!run_test_case(aead, bufs, lengths, line_no)) - return 4; + if (aead != NULL) { + if (!run_aead_test(aead, bufs, lengths, + line_no)) + return 4; + } + if (cipher != NULL) { + if (!run_cipher_aead_test(cipher, bufs, lengths, + line_no)) + return 4; + } for (j = 0; j < NUM_TYPES; j++) lengths[j] = 0; @@ -295,10 +471,12 @@ main(int argc, char **argv) continue; } - /* Each line looks like: + /* + * Each line looks like: * TYPE: 0123abc * Where "TYPE" is the type of the data on the line, - * e.g. "KEY". */ + * e.g. "KEY". + */ for (i = 0; line[i] != 0 && line[i] != '\n'; i++) { if (line[i] == ':') { type_len = i; @@ -347,31 +525,52 @@ main(int argc, char **argv) continue; } - for (j = 0; line[i] != 0 && line[i] != '\n'; i++) { - unsigned char v, v2; - v = hex_digit(line[i++]); - if (line[i] == 0 || line[i] == '\n') { - fprintf(stderr, "Odd-length hex data on " - "line %u\n", line_no); - return 3; + if (line[i] == '"') { + i++; + for (j = 0; line[i] != 0 && line[i] != '\n'; i++) { + if (line[i] == '"') + break; + if (j == BUF_MAX) { + fprintf(stderr, "Too much data on " + "line %u (max is %u bytes)\n", + line_no, (unsigned) BUF_MAX); + return 3; + } + buf[j++] = line[i]; + *buf_len = *buf_len + 1; } - v2 = hex_digit(line[i]); - if (v > 15 || v2 > 15) { - fprintf(stderr, "Invalid hex char on line %u\n", + if (line[i + 1] != 0 && line[i + 1] != '\n') { + fprintf(stderr, "Trailing data on line %u\n", line_no); return 3; } - v <<= 4; - v |= v2; - - if (j == BUF_MAX) { - fprintf(stderr, "Too much hex data on line %u " - "(max is %u bytes)\n", - line_no, (unsigned) BUF_MAX); - return 3; + } else { + for (j = 0; line[i] != 0 && line[i] != '\n'; i++) { + unsigned char v, v2; + v = hex_digit(line[i++]); + if (line[i] == 0 || line[i] == '\n') { + fprintf(stderr, "Odd-length hex data " + "on line %u\n", line_no); + return 3; + } + v2 = hex_digit(line[i]); + if (v > 15 || v2 > 15) { + fprintf(stderr, "Invalid hex char on " + "line %u\n", line_no); + return 3; + } + v <<= 4; + v |= v2; + + if (j == BUF_MAX) { + fprintf(stderr, "Too much hex data on " + "line %u (max is %u bytes)\n", + line_no, (unsigned) BUF_MAX); + return 3; + } + buf[j++] = v; + *buf_len = *buf_len + 1; } - buf[j++] = v; - *buf_len = *buf_len + 1; } } diff --git a/tests/aeadtest.sh b/tests/aeadtest.sh index 132b1fd5..9f59595a 100644 --- a/tests/aeadtest.sh +++ b/tests/aeadtest.sh @@ -4,4 +4,10 @@ TEST=./aeadtest if [ -e ./aeadtest.exe ]; then TEST=./aeadtest.exe fi -$TEST $srcdir/aeadtests.txt +$TEST aead $srcdir/aeadtests.txt +$TEST aes-128-gcm $srcdir/aes_128_gcm_tests.txt +$TEST aes-192-gcm $srcdir/aes_192_gcm_tests.txt +$TEST aes-256-gcm $srcdir/aes_256_gcm_tests.txt +$TEST chacha20-poly1305 $srcdir/chacha20_poly1305_tests.txt +$TEST xchacha20-poly1305 $srcdir/xchacha20_poly1305_tests.txt + diff --git a/tests/aes_128_gcm_tests.txt b/tests/aes_128_gcm_tests.txt new file mode 100644 index 00000000..3ca8cbfa --- /dev/null +++ b/tests/aes_128_gcm_tests.txt @@ -0,0 +1,532 @@ +# The AES-128-GCM test cases from cipher_tests.txt have been merged into this +# file. + +KEY: d480429666d48b400633921c5407d1d1 +NONCE: 3388c676dc754acfa66e172a +IN: +AD: +CT: +TAG: 7d7daf44850921a34e636b01adeb104f + +KEY: 3881e7be1bb3bbcaff20bdb78e5d1b67 +NONCE: dcf5b7ae2d7552e2297fcfa9 +IN: 0a2714aa7d +AD: c60c64bbf7 +CT: 5626f96ecb +TAG: ff4c4f1d92b0abb1d0820833d9eb83c7 + +KEY: ea4f6f3c2fed2b9dd9708c2e721ae00f +NONCE: f975809ddb5172382745634f +IN: 8d6c08446cb10d9a2075 +AD: 5c65d4f261d2c54ffe6a +CT: 0f51f7a83c5b5aa796b9 +TAG: 70259cddfe8f9a15a5c5eb485af578fb + +KEY: cdbc90e60aab7905bdffdfd8d13c0138 +NONCE: 9d987184c4b4e873d4774931 +IN: cb75a0f9134c579bebbd27fe4a3011 +AD: 7dc79f38e1df9383e5d3a1378b56ef +CT: c6a899758b6c11208241627c8a0096 +TAG: 7525125e650d397d0e176fa21315f09a + +KEY: 819bc8d2f41996baca697441f982ad37 +NONCE: 08b7a15f388fafb16711ce19 +IN: 9b1ddd177d2842a701b794450e3c81f151f195a1 +AD: 277c372784559784b0e047c6f8b7e9efb6f7491e +CT: de9b9c8fe09f705f558c62dc6d40b75e3aa625b6 +TAG: 52e2d2f153a4235eb6fac87ff6b96926 + +KEY: 682769d52fa0bfeaebe0d0c898d3cda7 +NONCE: 6af0738b249d09547837883c +IN: 3461523cd98a6e8bdddd01150812e6c58d5cfa25d385cdbbc4 +AD: abe8302d7d5595698d9f31011c24d4d180a637597098361354 +CT: aa3ecb46b9330554b36d0cf6f6ac4cf5e27bfd5f602da1b3c9 +TAG: 0ba547961eba5c58726c418f51d31311 + +KEY: e2b30b9b040bce7902c54ca7eec00d09 +NONCE: 28ccf218e8de56ea91422a25 +IN: 483080d7e2fb42580dfb862d2d266fad9fdce7cdcdb1158d415f84b6e269 +AD: 9f06fbe67eb2ace15c8011032feeaf72fdf6d316e1e08ef4cc0a176588af +CT: 67e1980ced4cd232ce893938e40b0798b17a1692476342e520b480a18570 +TAG: 9994185d4329cfa5f4bbeb170ef3a54b + +KEY: eaafa992ef6dbcc29cc58b6b8684f7c7 +NONCE: 1ded022dbc56e9ad733e880f +IN: 900951f487221c7125aa140104b776ba77e7b656194933fa4b94a6d7f9722aad51b2fe +AD: 863ceb297cb90c445dbcf2fcffe85b71db88d8c935158f697023e2cea103ec39766679 +CT: e0b3aaa890e45f1c39ad4f13ba7592f5251d6a02ca40fe3633651b35fba74a579f48c5 +TAG: 5c95fd941b272bafbd757553f394991b + +KEY: a43859049b2702e8807ac55b0ad27b0e +NONCE: bbe8c571342cac7fcc5d66cd +IN: 8673d6ee2903265c92446ce110d5bb30aa2dd1b1ac5558029f23974acb8a2fbf4c74858fc73d6104 +AD: f77c998ad3ace0839a8657e350bed15ffbd58f152a0dc04ffc227d6beb5738ad061d0f83c2a26999 +CT: 40e201a513979b093637445275b2db5ed4cb1fa050af0e20e43b21af6bc56dec654541e55b295b72 +TAG: 41bbef45727d19ee544fba5b360312f0 + +KEY: 68fd608c8697243d30bd3f1f028c5b74 +NONCE: 319a210b33c523d8bc39fbea +IN: 2c088f38f7a58e68bdd92632da84770303cd1ff115d6364479fb0aa706571f68d51be745f5c1d1b44fa1501cd5 +AD: 1417a65249b85a918622472a49df50bdb2766aae7bc74a6230b056549851b3c2f0cef727dc805ba2160727fbb2 +CT: 9d376b147620c2ac6a5eaa8ee44f82f179f61c9bc8acdd21680a7ff03acec953437a3cc9660c7ecb1204563944 +TAG: 05a4fb5be11e3edd89e34d0b7132d0fa + +KEY: 6edd3bd2aa318f78b4a51103cb08d489 +NONCE: ef0027b144691bc9716fbeca +IN: e98f2f99680dc748fe0b57390df38a99950faaf555a888d463d005ef4e4b1c22663d3d3daa812b20ae35ac934c2e187cbba7 +AD: 97337902507391de0f15c88462aa5ffc5e4760543850719ccd8a0cfef89484d8095c23ff8c1d06eae4ff6d758c95e65cc3b5 +CT: 3c54842c2099b73daa9c3f1cb64bb913c0527955d923510f3f3046df471c1365db97333bc5a86dc7c5f23047e938fac976c0 +TAG: 375b2a25421434e5e3a021d434fb2d04 + +KEY: f70482d53d3ef70cdc3cd3c4a37aeb2b +NONCE: e69d3de363e225749cb1666f +IN: 4cb68874e69125e1a6f6e68669b48317e1b361d0f7f95ec4cf613b7da2c835832010e8f95eaef4e6800b79bd86cd7cda869d2df258c267 +AD: d72975f15721bd0957f5cb1edecaad2d1ef047afb0e779035f777f94cd7ed1bdf8ca9d4f357d2a1e195f195e7483dea1476133235f7e6b +CT: caa1e48decbda18e314057c5ec32f8733a5cf03ed0d05c3654531bf56faa70751a6c7f70fbd7d39f7e9775a772aba8fe7731cd0230beab +TAG: 47d909cbdd1c7f8b485fc3232bb7185f + +KEY: 98a12fe16a02ec2a4b3a45c82138ae82 +NONCE: 4b3404684825dfcf81966e96 +IN: 899710fc8333c0d2d87f4496436349259cf57c592e98ec1e3c54c037bc7ef24d039a8c573ec7868e8ce9610b0404ea1b553ae10cc8cec26468cc975c +AD: ea1a99cee666bf56c8c3667ef4c73c2e1e6534800d6e39a97de3bd5d39068bb3e2f74f96c03463afa18f1ee88c21209bae87f37e5d0269b68db370fe +CT: 0431b7fc4889ae401eab5edba07a60f9682fe58419d4140cbf4f20c62d79d8a3cc1f23fabead0e96e1c8c90929756ea1efab508336e1d0ed552eafd0 +TAG: 01053ceeb4f9c797eef9426930573d23 + +KEY: 6538e8c8753928960ffc9356d43306b6 +NONCE: eee386a2b1e310665e335746 +IN: a92eb9a93a90fdbb2c74dea91d273a48efe9582f8af7a4e3a377b114770a69ca45421959fcf36107815e53dc61b7bf018fc42965fb71d1eafce0961d7698fabbd4 +AD: c5e572e464718398374c8b45ff8749cd9f517bbd97767f77a96cd021176c49c0acec8b055ef761f49aa6d910375a45b2f572cd5420b99153971a682b377ac88f09 +CT: f36353de609d0b5246f64a519d89a4dfcd9d53325a2d2cf910e7692e68391b0357b056b944e0b53e41568f304bea8822f9ff7a0375a5a8087509799226862f707f +TAG: f7f9b891089d02cac1181337d95b6725 + +KEY: cabdcf541aebf917bac019f13925d267 +NONCE: 2c34c00c42dae382279d7974 +IN: 88cc1e07dfde8e08082e6766e0a88103384742af378d7b6b8a87fce036af7441c13961c25afea7f6e56193f54bee0011cb78642c3ab9e6d5b2e35833ec16cd355515af1a190f +AD: dd10e371b22e15671c31afee552bf1dea07cbbf685e2caa0e0363716a276e120c6c0eb4acb1a4d1ba73fde6615f708aaa46bc76c7ff345a4f76bda117fe56f0dc9b939040ddd +CT: 049453baf1578787d68ed5478726c0b8a636337a0b8a82b86836f91cde25e6e44c345940e819a0c505751e603cb8f8c4fe98719185562794a185e5dec415c81f2f162cdcd650 +TAG: dce7198728bfc1b5f949b9b5374199c6 + +KEY: fd1dd6a237a12d7f64f68eb96890c872 +NONCE: 459ced97ebc385ab3a8da8d5 +IN: 04a9709fdc0a4edb423fe8cf61c33a40043f1a585d5458c7512ec8e4e066a0f95e2e6609abf3c95a5d3ae2c738269533855daedd92eca20bdedbbd5677cd4eee84b7a1efae0904364f1e54 +AD: d253b829a2fbc5877b0fbe92e7b79f38886a49ca889ae72b91f2c3aebe257a3ffe0d390b5d320bea22d6a5536cd9213612f5ed6e3b0ea33ac91cfee284cb25eaaf6b85b15f7ca894317182 +CT: 4a565d3ba4f2ec461c9bd8dd0f96bc00d2a561bfb56443c8cf47681bdf1c61f55854bea060c4219696cac79c09aa9400a7e5c59c6b6ca556f38c619a662905fc5f0e8437b906af6138e3fb +TAG: be5f93201d7980af4c5bceb24ac1d238 + +KEY: b09a4d99112e1637d7f89a058988b417 +NONCE: 74348f7126c0cac836e9de5d +IN: 6b3c4cfd1eb139b62d91ed5d1d8b0f3b52278d5c48787ce46f12b9f026e3eed1bfbc8c6684c6662f06614c69440b3d7cff7c46b2e4aebaa4b5b89236a3cc75535bc600104f240d01de91e0fb3bcad02c +AD: 7883ad259fa5d856ce283419f6da371b444b9b64ea0ddb371b17ec0a9ada27b0eb61b53bd3605f21a848b1e7ed91162f3d51f25481f32d61ec902a7f2cbd6938a7ce466a37e4467e4ec2b2c82b4e66ca +CT: 5e1b783b20fd740310333eddde99a06b5740428cb1a910812219fabd394b72a22a6e3ca31df0afae0a965f0bc0ae631feeaa5ce4c9a38cd5233140b8557bde9f878e65e8932b9e3c3f6e57a73cda36cc +TAG: 784b73ee7824adf7279c0a18e46d9a2b + +KEY: 284bd8c4b5d7b16aebce1b12988fa1d3 +NONCE: 7ff05007c5d018b17562f803 +IN: 903416331583dcbd31420906c64dc76e14d0c5044d728cd9b605b531ddc350fdaadeabe67d08f0b4c7179f82a1044696716cd96459506453141e9ec3130e893d8c2ff9b8b4c241b73866ca4fc1f712d17d7a88bf4a +AD: d0a1f92f80094c1fad630ca584edd953bf44cdde404f22c8e476df8708a97a0712e7fbd8054caa7d65144d0be3b30442d0dfa5469ba720afe1d00aa6bb53c79c1c178ed42fce596eeb6c638c8a8dedf76a431976c5 +CT: 9bc3708f70a68fc16bcc33099325c821a0ae9a2fd0a6a98382fa21b42ddb3a9ac6c34a13c4805d3beb92586cdf0f4dce3885793d49abce33190685e7009a79242dd93594722a1ceaa44886371c30bcc8312fa2bf67 +TAG: 3fd8a4d760d5b878852b1ca2d34dde6e + +KEY: 6d76dd7dea607a5cf5c21cd44c21a315 +NONCE: c1d13e56b080a500f1cb80bd +IN: cb959b92e777f835afc4ae4149b190638851238b7b13c9bf65343adb3130e8ad2356101037f30997d4a5fcc0a1d6415210179fdec881236a799f6e90dd43ea3817819b432611eaafd072368b9c7036c7a88c8b7774a8ed986134 +AD: 92a2bc3b6b6ca9de0cef10d8bdeaadf6f54782cdb2b09e66cce8cb5b56895636e982f7a3c7bd9d221ade62c9ecf68bde70becf683804386606ab1c48ac764c4e11620064545c5beaa5911c118856dfc5cdb8df50052b01762c6c +CT: 522ba9bfb47efc624cd8933fc9e17784919d2b3ccfaeec46af414c1b316355f65b9f9fd7f0be6ac3064b4016e43b8fb2028459f0fa0d81fb6656be0ab8fd841d05d24682b4a57c7c59d89af384db22c2f77ce10abc4d1c352a1a +TAG: 5ea4a77381679876e0e272b53519d533 + +KEY: 1dbcbe45a47e527e3b6f9c5c9c89e675 +NONCE: 98f2da8ed8aa23e137148913 +IN: bb23b884c897103b7850b83f65b2fea85264784737d40f93ecf867bfdba1052f41f10d2c5607127da2c10c23b1fbd3a05ce378a9583b1a29c0efbf78a84b382698346e27469330a898b341ec1554d7bf408cf979d81807c0cc78260afdb214 +AD: 46f1bde51f6c97a9dae712e653fcac4da639d93a10b39350956681e121fb9ea969d9dc8ef6ddfb2203fad7ab7e3ef7b71eb90b5089844d60d666e8b55388d8afb261f92b6252f4d56240fe8c6c48bfde63e54bd994ff17e0bf9380ebfb653b +CT: 0d90e869d2f4c85b511fdf85b947ba3ab75c6b1845d8191634770413d7574a6fbd9d86897cb3d3b5d3d8e6f74fac3bd2a9b783cb16cfbec55dd7d2f7fc5c39fe85d39bf186a3fdd3564bc27d86f4019ae0cb73f5f516b602331433689c1b08 +TAG: 8777f2002d5a5214a7bd8ef5a3ccfbbb + +KEY: fe33f47136506e5cc14114eb62d26d64 +NONCE: 9534a10af0c96d8981eaf6b3 +IN: 3ca38385513eaf1fcd03ac837e4db95c0ed1a2528b7ab3ac8e09ecc95698d52b7d90bf974bf96d8f791aa595965e2527aa466fb76da53b5743eda30bb3ebd9f6a8a7721fbfe71fe637d99a7b4b622e6da89e0824ac8aea299ea15e43250d2eccb0d4d553 +AD: 50b7bd342df76bea99b2e9118a525c0f7041c7acdf4a3b17912b5cbb9650900246ed945cfc7db2b34a988af822c763451ac2e769ec67361eded9bcab37ac41f04cdb1d2471c9520a02db9673daaf07001570f9d9f4ac38f09da03ff1c56fdefe16a855ac +CT: 927fe3c924d914a7aae6695ddad54961142b7dd5ff4c0ba5ca3e0cf3d73bdb576afd59bd2b54d820d2a5da03286c124507a48008c571c28a0ce76f0ed68dbac3a61848e7e2162be8e0bee8147b9bf60da625cdab8601bfb37dfcd165f533e94a32c26952 +TAG: 9bd47a4a2acaf865a8a260179aabf8ad + +KEY: dec1b34b7b81fb19586c6ec948ecf462 +NONCE: d9faf07e72e3c39a0165fecd +IN: f7b0bbe9f0ff4dcf162792e9ee14d1ed286114f411c834ad06b143cadbbe10a6fbc86f6664e0e07ff7c6876d4543e5b01ff5ddb629f896c30c8cefd56c15d9f24dfd2ed590304a6aae24caac5870ddafc0e672ac3aacae1867891942998c712d45efbfa4d99a8a6f03 +AD: d3c4fc4838cb3cda3937455229ddaf1cb9102e815cb9f519a5434677c68b11a0bae1280faee82f1a5bee593e669e6f81d5ece3675b8af63f1491bb298531aacc940f53678ba56ae96fc66be92b904bc35f2d5b68b3ed98569a4d04e8f8a9689ad9fa4b51db0938a9f3 +CT: 2f44ecf549077b98ba551819538097bb80304a55c48ef853e20ed8c3f808dc8cb5eb41c2463d19fed2606b59cee4b458958ea75715f7654146df4519dc63524a0569a00d7bbc4b32a372f82d955be5f190d09d35c267da1017e8b16096ae84f8a671b45aaf0d1ca59c +TAG: bc3af80cf9388d35deadecff5455d515 + +KEY: 021add6030bd9f3fed8b0d1f16f83783 +NONCE: 4e460f51fe6b5eb9558c4571 +IN: d9aa1d0db5de536cfbacb59bb75c592ae3f34a5f9c5ff4f22d14e8e4bd0754af19570221893797f60c89a251cd6a19c2953662dca51264afc21099ed5c80077b0e10a5295b3c4c6fe47d3c1c84fee69ebf7d8a7d9b1b338dae162e657e6cf5277ca70d47b9290aa7efe67b0ce574 +AD: 38d99cfd7578d40ffa1749d5fe83500362ceee76c5af38935806837b2f2d1b3422a5057bf617b07868dd95d8e5f4a24e74f96177d53a0275450b429a2b1f364805030765e376151ae35001d6a4872200142fdce82017f3e976ab0edac1a08d2649d297648320e7dd9143b554fa3d +CT: 8863ad51578fd1c9dc40702e34236adee885955f0478ad9a094a6941f95f900e466882dcd5b86e1563ba89aa105f56f3ba5ed860ec3338ee1b750a2f9332acb3f0f61718de7e40fb80442d046b35f147f178bd05362f0559a20a53ebbf78e920fe14c9d80d1c9fb21bee152f8ab2 +TAG: 614539247fdcf1a2aa851102d25bb3bc + +KEY: 311c2045d5486bfadd698e5e14faa58a +NONCE: f1cd8b373cec6451ae405618 +IN: bd154e428369aac5c13128d29bd3031364939abd071c34bacac6ea7292b657b794b2e717d9bcb5d7d01496d805283fffd8f7de6a3493ddd8d1dd7f58835a44d43ea22d95468d1239ca5567d6c80bdf432fce2afc544a731a2852ef733667b9f8f4f8923eaa9de3aa32addddf99b607efce966f +AD: f70cb7e67b2842207df55fc7582013bbddff8c7f3bd9ebbaf43827aa40f8490e65397934ee6a412de6272cd568566ea172789a006a92e5920140ca5f93f292b47dc262cefc66b75543f94365c08795b7c5e9c6c29b7dc67b2532fbf8a6487d40a3eff504e75c3f2bb2cc3969621028e2112e67 +CT: f88f4ef0431d0f23911aaa38a4022e700d3a33c31e0c7bdebe00f62ca3b55d358385de25ceb0538242871eb9c24530e557d7981fa0182436e1e49272d52689541f09517fd147a8da0f0d2bb32d54911a36eded0b87bcba54d6842edf461b45839df1cab5176e2c82c871b3be4ec1bced67ec5d +TAG: ae8d847f106e914ffadbdfe7cb57beba + +KEY: ceab57de6220b2c80e67f0c088e97b36 +NONCE: 8cf438aeb0cb29dd67506b9c +IN: ce2a7a5663449cf6e0068085e3c373c5ca6f027544e327bbc09ac00f1571268bee186d51a00bbc16da7429e4d3d5235d8d54ac96b6ecb2fb7d77a6e5b9e70d431dd4dce78ceb972e9e4b63059e350efaff841c2c42bc29c139b7fd070097556b6281b58e074d5271d9f66c6744ec6dd3b9db2f4a21aeeb7d +AD: 03e464d111ac9228d39d22a00120c6ee671fe5bbf462b1ee3fdf348b34999518998ac4e175ed48189c29b49b5527c27c43094eecbeaeacd3cdb48cd15aa82573e884a7b97bbcdad610a6955f7d8b04f6f98a13a907bc2bec4c940b77582b248f5fced1771f810977b2d0a4fa48bd4d78e4bc383bb92743fd +CT: 1fa9c379c78b92fa3c1e478443ae38d7b4b50235448ce2a88467514bc9db95844ec1baf4dbdbd1b0720e377d05d82c3b58b52af8c9c50417b39ad225e373c7ff18ac5a6ea5d182b255f1c8a2766e31e3e4e3d55dc08dfc64b818ead40a0e824b06ab24f0dc9f4f0c383db7cd4d40016b31701bb401b126dd +TAG: a9a885578467430504731d1a8f537e3c + +KEY: 585bbac0ab4508afb8b72d84167551aa +NONCE: 774c82af194277a5506e45ba +IN: d788112213d2b8b5b66b056e8b3e344a7876f6193b59a480c51fc04d3ec2e5166344c833187b14117276fd671a20937a4553181c29d3d85afe385dd86093708226f082a2ea4ec3288f372c772ca7ceae86b746ff428e8add17b0f34f8553e3db63f55224c39edf41f138a2c28be49d56aa8b4c93502b9794a16310f78b +AD: a29665261a8eb58c88803bcf623dd1a14e76af49ec5db72a267f2ebcbc479385fb6b32bafcb1239515d74a8282b228e83daf282d1ab228099b315bbed0f0e6b3427e029cc28c025460a8bf0914bd584c13e7de7830ab77fb4a9258dfdc9fdaa96ca941546477f04cea19a365a27de34e23e154e7419aefb0be0e871bbe +CT: 24f2856e4e40c0b2b8b47e43d94c1faba498884f59d2ae1cdf58c73770279c96feeee3025ec698cd8f0ae25bf0c9fbf2b350674c317e52bad50aa6ed9845e194f294eb71ff192604af50ac7192f308583a3edaf6c7aeb588990be81b801dc916ffd621dd4016e2b76e9078c89fac9da39f3a88f6548006a48b0199a732 +TAG: a5c8f9daa30b045bd3e1c1b01f438518 + +KEY: c5d727d159dd328b4160ff45a183226b +NONCE: 881c0802db519ce1595573ff +IN: 88b4be77bb8a2f37bc5e84ef9da92a4b8c3777dbcccfed13b97e93c19674c8c3f13119363ace377a14e5f36501ba9a3898fc09340886d91bf0a17ef0d028f2a92ec150071623a4a5db8e56e99e764629679943ea879ec7634fad1480e8617fe834c26210276d7db208b13f9b4c2060f2867aacb1b47c8e110830beff721dd8d120de +AD: 5f6513ad3d490f784dd68ca1df41e8c8e1ab9a240ea8e9bc22d0b1d7353da94d5d37c94f0dcd1a2dedd6d8e1c79a383e7e214cbb6ee2ccb7c6d894ffce5d01b6cf13876ae2648d36adccd88710d7d2ab6d43826d37ee0ee3b434972a2cb8f4db1c3304cee0a352bbef76f05de0e6f55a410eea5e697afb197f2483f0200d0abee224 +CT: 66bbee209eb11c675ecd3303c38cf1087b010c532e1357732c4911ca9db78c67805c95c829194cd413b635a900a08454c6eb9cfa3597ab531fc9ddfdc5b02b290be2a618df7d03b1ab465d6d03e8b87a430bf4e80d8cb9916145cf2d2342a91fc79defa151b1f3c695608e76ca2abc4c0383897f1cbb9d4bd9969b2f33813e2b5502 +TAG: 43daa08e6eac70e3238ce655adb65005 + +KEY: 16af56326046c92afca49fe173d643ad +NONCE: d32a935b4e56472d92d9f2ce +IN: c49c8e5769670384d23d9af9834026395d3f3bd32d88e61ed06b2e00e52a5ae4fe3867993c2af95203cd4006470a89677864431fb9edbed17412913bad4bb3eaff0fccaa150c9b13f83b9bf06698af844841a640d6f94d845296638ac27fb5ed87c310dbbd36415161310b284b8f84b4e025267906e0a4c822b76a682d44a70f9afde9bcf48ac2 +AD: f713886f4086026779a7e479fa646cb33574e6c977d70b8da49c8fdbb395dc7c149a59e219db8e4fff053cb00e2a1df9850fce94e52fd34661fd3d4cd8ad3ffe0b4bc7ccfbbf42eeef3e30ce13cdfd77dbd067ae9f5aebfa068f6b7ae2c17ad956dc03511dfcc38eac9fa3c0c0e9a340f5c58e39d868b77dede54fea1173216c0bb8f0a6c2990f +CT: d5d7d1ed0ae3e3481e2ccee201857ce1f427734fbb4fbe82a2b90601104008b8ad4daf74514b8ab3e42b6f6b509159ca04489b1175ce1e3fe33d36ea521e0aedff8c69fd00aa588d7a2eb9d2d551e2b8fea321f573e2a1df147535a873d540a3169d3ebc099ea6c33cefc04a2d55dc2d47237b95ad269fcdcd3c3750af426beb4edfe7837b413f +TAG: cbe0fb9509c224bb0e8e33f7ef9b49e6 + +KEY: b3df227e6dc2c846095e2a3b825d7645 +NONCE: 578bc24ca3845e23204df661 +IN: bf69be81cf0b340b006badc9f644d10376f4f9a7a78c997edb8729e3786447f21e97e4c1e0c0c74e01ef655d0a84ffc04ff7c6712ad65adc9a0da2e3078d4c9e796c9bcd71e7a9da26b987990d366b5e00a23a93652e10942e07a6aa01375af27080c9cbab5f554497abc48260937a6fe895361e79cd3d5e78c1a65c6723d4a4fbe9b3dcae3c05699cf6d3fb +AD: 00898eedad307fc017917a3296bcedabaad8a505edd34e93d92f3b61797ddccf3fc31144ef70f255be3b0c165c97eb8706f14c495f4aa9b3f15d2dafd65bf6741d67fe240967efbf0e75e610db9a8f722035e039b5e9246d258084a04c12ee8ad1668032f8caec737481fd894dba2ef702d3e6089acbb0fe0bdd6daa2a5cd47fc62603499fe3ea37365072e5 +CT: cfeb249551a695ddfec5f789e7f0a9f916abc8ee01d6233c32744c10a09b5b19ff9ed15e9f10de8f93c8ca1ae3c34e26fdbbb7f3b0f5f8b064501830d3cc982da99b294ce51bd33085c98b0ac0bfe44a8f4a5a26511afa3461aa88b770f076fe119ec90f33d8c9e7777f30b8cc95864f06e04dd8e328ad7a2c7dab83b03abfdde065bcd0c7d6dd47389108c4 +TAG: 3dedd1054f1a29286a51817264317b83 + +KEY: 58a57f04d1d5cbdd1bfbe01dd5f7e915 +NONCE: 47affabd7dbb4cce76661081 +IN: 5f82d481a6a3856c6f0be2aca54d666f16de88294a4d763134dd51ef03661bab45da94b9871d94e5b574a52214b22c92cf9690ecbffca9b108fe796abed9e608778c0b99d7bea1daec08dae89d5f7229c04fd52cc906b5f5b9fc0f0fc1e0b2272dcf4865286ee22bd9edcce1afadb579ec72cdf6038cfc75c2dbab5a1fd64b6f8e200d1ad0afcf25863293fdb7276648de +AD: 4b662822b48005fbd85bb99e6a946eaa74403909f646d914a236eecc5f4558b60b2efb1584b1f32d936b90428dda6568515801d21d24d6fb622e6463897c70be01f81fef741d6dd5c6556d163c3f048abe49f21817b41850ce79d7ec1fdfeba32935b58d898e964fa4b36f79c0f1f560b0afec3887ab325e1a025fa7662f9baf8e08a9ee714b8369621a2f1e6d2e96896a +CT: 31ab08ce0aaa883628f4b33369e5f6e5a54ee4a6596f25ecd54eeea30e81b41d357cb6c671adb6acd3d4e6654feb2ab1f3259692502efb33c5121e0852cbcb2dc5d9a4c65752debe9c4bf5e995fc909a2881621d46cc220806703795e61c0fe74c99e3c1230521b1f97bcbf4e95326e2d581f0cc879a2fc06ef88226a4413f9e9985edc913c418cc198c4df13cd46afc24 +TAG: 1e54066c6cc37f35c62b47426b609457 + +KEY: 64011470970333b7b677d4ad8ebf3ea2 +NONCE: 17031c5133a426d96de93123 +IN: 882cac1ece2d22a1db7f8339332379eb68516c8b7dcb3c089a5bfecceb49f48a169215313686eb5708135f379d89962af478cae865841e0c97ab47a57a456f634282c4e03c99abf7f7cc4e8360deb48160288f06e96cb09114877f9d91dae98828285626a1528aac87f39cfb8ad3db344fe4318aeef6f6ba14bd1edf9caab548c09f8eea091229a90dbc4b0fa34fda2bf13d300a1f9c +AD: 0394bb920cf58806b909d90c046402c745f6876af85d8a281081e22a1908f8475126594b39a0e191a070bda7c78d30dc4867e69ea522cfc962fa5f9915daea9133e998eab22f32a18957a3cf7d91c6f3d54cea94875d60be694ee841fef01e69bf5997ba4f25e846558431eb592605265f235211c2bb2d4807278f4b9c314039d0768df24e9c098c6a01c689d6a143073fb1a29f4400 +CT: dd347d6a3d4a71b2bcae0a0c690ca311f012c6ceda4f7fc054b8f9b59bad54237b64b93331b99f1305801640a68e7d50cef581a57ff2564c90995a8dbf57fa8cff046d0b946af5f68e0aa3d73262965622fe6d35c78f949a6cf9e4f62ba71accbf403b690e31f610305faa6737a19efba1e1ee97084cff2d125bd69a5a4ff99aa399df650452daa835b3e54114b295f00d94fc60e2f8 +TAG: e5e72cda6755bfb3a44377945adb5ca1 + +KEY: 4852e546fdea545d7dd12493a687e895 +NONCE: 7a3e136cd961191570c1b0b7 +IN: 30c10d7a63b614bcae1b79b07c252dc55f322554ac34ca664910fe4a0c9a33e30698e124d91cbb55cf34e931807cbe591a87667f2284c1c18dacd108163aa7a82e274ae659c4ea144191e3fc0f82d4cac929969a50b98ed9fbee52cdf465a1f0535d7d7df15a9a6eff3f4a14e254571cc47f82716d7a835dfa839213677c4da8c8623517244891993ad5956f65d318d9bba16f1eb54d2974a741ac +AD: c5ded7f545d2eaccbc2cf5cbd1b38b0ec3b6bbc054ba25a16efdd448e5a47b0085974e469c1b0df22441340170d6677f5158e4ccd71446d7ac73dcf5fcfe4ad7248c4ddcfab4c8ccab0968d74d66d9c9561650eb98c088d87766440fc9967e8463febcd12ed07f7e44fef47cabf05274002d0014c4e31f230a41171868db68bf5a83c902724397ed181dd8c6768a898e0c78f6aeb886df95442e99 +CT: f798de4998683da7fa9ca030a23dbc493f36c48bb52cd1113c3ea97ef2b67433c00195000777fa3b75a3f689a66b148159524a1fe9576587948760b279cda56164a23748564ec66ea51368ba2a900c97169eb33cf1e557f46100193575737dba670175035f0d921675d45415c6591cae079698e6b1f74e82d4b9216c20e907b148a1d514b2cf653d2e4994f7f668dcfe88dc49c29c544de96d8dd0 +TAG: 3663fb2672223154981b4c580ed3d2d9 + +KEY: a65b520a2ab67a24fb8fc669c41f2753 +NONCE: 3bd6c7e8d29242abecc4c108 +IN: 9d1559d283f7a38847088116f2156b19a8feab0731f04d0d499c6b0d21b8563a89a9c284230c1298b28a622cbdd38dbceb098ab896a7259caaabfcc7b0d9ea797178c18aaaa351c7f516342dcb9d3e91405882c8faa9a28f7c67f3db8913b31c0dcd56472d8ebbfb20cda2896a66bff2706b12ae0d9bc8c6c123c02f1f0bbaa418c1806482423eac72d718cad0dbccd208eb81663a9d9043d6ae7a52cf32b1fa +AD: 2538529cc6eec03f70df2ab085027ce015279484981422f31e58aeee31e79703d72752af2b8822dce9b385f1530f19e692e00e20ef973d333f4bd585ecf122bd4ed9b0626cef46baff0302c71411d27e372361f36c7245096faff21f0236f3dd675646760d5687b3cf1544dbcaa863f1267bce04bca976616b890c7c6ff3448d16072c3938f9b62377609950ff7818cbdd21fba2560bf1954a93517962181b18 +CT: c3194fbb5c319a94c0f61c432a730ce7611a005cfc78266ac4e5d7c95351e71d613f06f52d9d008b9d886f4d9a57bcc232d47e0c75ab755dfccc057a9c7558d7fb696a8c29843a8b9199e2406d23cd6507d35a872fa54cb95e2cb9af45405ebc6b6ee353e8a80debc393329bb9499c61c6344a6380c118f30fcd76376a9765517652e1b21ecafa63c0d19c1875658f1eda89c15ac2daf1a6f526ca72ee792a4f +TAG: fc16cd532c926ba01e2e6b15327bfb3a + +KEY: 84215d2c8f86e5b7bf93cb0620da6bb7 +NONCE: b35e99ce89dffd1ec616ed92 +IN: dfe500919f97713f6d9c4f53913175b162b8b7587d85d5b63f0cd5f51def23119e2e02c224142ecfba7f0a519aaea3c28be20b9c2a9c98eb145afd4db523b7f0b822e67dad630846b2a192bb146dcbeae00198c81b80c290d881125c24a6b01ec901b8912bad5b081ec7d97d6997b33052ec287f692489df928ce36cba1e3d6a41cf10c697a9e1f4aaf75dc5be054b98965ec3ce173be7e127c4c5387048ae6ab5a8d247f3 +AD: 6bf6222e64a46c90f83f47305554d090bc8d3838b7a856f0e5e1d92c4e7231eda6af1d9eb7ff6ce914f2256a3b0c853453b9bc75e46109cf8d7e8a9dca224e022d3d1a139d00476775622799541edf9d53eb645a40f6d98ea559e181d96e4df0141e51fe067542300581c0424f534d2c2e3b1b27153c0cd496a1c03301226beeed2b5cce0710d1f485e68b44a918b63fd8db610c7ff894514e272b6ed7ae33a38907e0698b +CT: 6c6faa54df62ba5659d45f64a5f014684138c93bf152da8a495e9d067b13a30b9fb84847f56231b2da4d87e6cd509a3e38a9ff47589c627e5b5a1196e27fc7afaa14a8432c2d10d8fbfd5d6d394e4b947c456420708a76c2aa638df7de119c160636fc8dfba32227c5de12e5ef429da933ab04e77b489f2eb761d0c753738647ad6793cad64b8942f621ac67b13bd0cab106ffeff21f24c79de69424e50ae550f2241d4029 +TAG: 202b232472d050b9bbc68b59a0c02040 + +KEY: 7c02b6bc3db61e23736c5f36faddd942 +NONCE: b958decc680d5f79ea7b8632 +IN: 7e5992ed0474f4224b8da1d038eeb78413fc2f9614fab7120043e75986a4bf1114a80703780a149fcc8dfd115b768f45917065c85176a3f00be40b427fe3765d3919a5b741708624e29bcae876d251fd46dd8d36a8ef66f671c25f984761cf7f75f4329de7093937cdabe32f130b77531ab1aa0a1bc38fbe2758c2664eded828b2589fc5c34d9a0d57a5a4463163736f419b65f0543f50207fff4cf1065a551bc00ffe9466538b673b2a +AD: 76e430fce1a7d8340104e6001f1c2048d457ac335c5453e48727244b75c3c4f04f55afbb5ce55ba6f8632dbc168ed715b83968a32e5b8e91cb24abc9efee6dcb7a8bed9394a546f0b9efc5823ecaa192df061eb41c671bd863498c2130f322074a711ee43791a1cc02b5cacccf25119ecdd99233abf3b131c83ddb8c62c93a0d653e91499e7481303adc8dbac615ec464eb8640ea138f6236b0ee31cea060f97ea9145a22d15e28eaf6b +CT: 14cfd190ae0521f94ee6b36bfcc403139782bfac3d33fe95c81f53e83c7d0c9a8fdebbddd79746b550a383ece1b5c93316b2fdf5aa36b4e97f739f78ccd2de9963ee7fb4d77b581cf676bb679b2dc4a48d977b45564f21181dc60ecee84d736f2324196c20327495d18973660ccb5dae69b79853d12e48ee0706c8ed821b7f722e46f35c8dee2b7b55ebee01dd3ea1e8ef80493cab6b27c264a67596cee06c15062e3a96b140d0d9ba38 +TAG: b6c47410e6f4a2f2b172c6a4490732f8 + +KEY: 1f58ccb33649d0dc91c50f2aedc95cbc +NONCE: b3a392b1fff0157e95f82a44 +IN: 738e04dc5a8188d775262c2cdaa04468844755dc912a4edf9db308efb3c229b8e46b2b34aee2c6330219bcd29d3493e3cead142cef5f192b043502b8a4cf0419f9b3f5e001a640541c84141e36d585b05a2f702356bd39bda518c42b461564326969983d22c3ac5a2aa214807ede803d57a61c9547505dd7e08402cc43e6ed1574a48366cf5b5573afcc7aa3c4d4721b362d20a58cbf251315f2b5f9e2c97c5ef6bff44beaa5004e5b7c7f28295df2 +AD: 93f7f5054605edc769efc30b35018ee6c929a83bc6454352c69ba9c72e4b4ea6f51c9ed06f314b5682be6a701c719087765d0a7022e5c9d495f28a9053bd435b8b834045c3670856149b08dae742b372a15a0184375d50eb09877bf94f63859e64228606791c516e76c5695a4e529b9dc5f76eff1d4641a22597e4460aea4eff107348077d4ed2d6262744b0a2d6610f25264d905133309ace10bb52f7138674c25e5d43ededbd87c13dc8fd9d3b1b +CT: a002b47b18d1febaf64842fe9011484d618a2e855c4efcccc7d08f02dc9b53d0bd4fc8013e01e21fbf2d9bc7fdda69e68be0c06d32003d045dca6bd251c0bb8c2cbe3693b252265c8694295772b767f83661ecefd57353f6f1c442f9d21ed98c55cbe1db8171ef7b54fe3e3a1a253b4dd48416b5fbc7c18d73692e9fc90dc75d4b88de1fa47c9ad33ddfa4e582d3fc61ca2a8b1eab898b9992c8e56d170730454ca50cd4f28d2759388cb8e302be10 +TAG: ac502a9a52fb3a68a7e90dc639c7ad42 + +KEY: c67510714f556ea1744af9207917eb60 +NONCE: 71b347a21653cec3d113087a +IN: 7040fde3513cf7f1886d7be9c0f371a3b75415e94c3bdfbef485081199bec4494beeee76dcea05b6601ebd4c8fe231fa16d3b0f046eb3e9c9ed8baef25bb0ff6bc85469b2eb41b929fe904735f819b241b01230c68c0b61577899426bf0dd30e085cccb4ac290244d8c1cd7514412a3ebc51aecb6bb4be1a5a4a8d2ff3fc99191f7d7d0b44fe2cc4ec34deccf901f54e3dbe19d2dfe663855fa9d93a01ab14faed7f00c14834f63e1d153441c6fabb3cf22506e8 +AD: 6d28b410c788dba025c387f5b94c0bc392c69ef646b9cdce53dc169326359de26a721703d9a7c5017631a469da13b2d9ad9115de7d06922ed6f093792ac25ae2e27993ad6be5217dc4f6c51e18f230d4eabb01a474704b71b1407d9cff921bd98e28bb60c4fc019b4d609667c747e83eef779ee62000b6800ba2666f415dccb12d43af4f585d3185d66ba2ecf0b0fcddf762445dd1b6154591dd069f03977243b45b113b6f9b110f9fdd96f0b74e2c9843a45c6a +CT: f2a2cdb4f890241f44e00b3373769542cc3dd24c3d07502ed162dfa10be9906871051b991f36b2d5c4240df483c2ad704be14b9efe79ca704e8eeb9dc250e75a92ebf5800c59fb9a6a32228fa1121d21e0b423b77e20010d36b9e6c68dbc000f69bddbd521a1f7bbc9d7e431e4e46e5094be96a928c6729293d2d805c468a3993fb7439f192b1142272a78585e3b7fcedd2f7cced52ab2bc42e2521603b89ba7633fa3b4d07d9a314d1159d7bd5b2dc5198b0c34 +TAG: 0b386c3a58ad23e9a45f00ae107d319c + +KEY: 171d25e195bae2eaf666993f3b42d690 +NONCE: fc16bde0c69d5c894642f1f3 +IN: 8775d6aa2e46ffea6ad4439000a968bcd4fce86535b7265684071a498e0bfb37646f56fad79e0fdc4d6016fd1e935dac5ad74b11c69f5261c3321efdb9cf03f9b7ec681a7f708ba8e3f66648b24c41485a5147df31385809c800155d0d4bbf41d248453302c3754eed4909b267893309ba5249588cb4a4a14b4a29496f1e799559ac9f4baba7a9b4cb5bace1c11dc0e7ef7a2ddd2596c29cdaa378b97c7d3c50db49bcadb8e1840c6b9fa12ad88c0b8152fd753efb04ead427 +AD: ebb169a863dd05cffb9deb866bdd130a1c6852046881f3f8e9013158c83bfcbaa98743957ed4b0619eb88d7ff69b3a5d06da74076c3cc2dff83dc0375236d363c0e2b1fb60c9cf10ecc0fec94757b1b719abc7066af15ff9b66788b38083f766d67005369319967995407ea20339ba27e7bf1dc263fdd54ddd8088232a500f605ba825fedfed69cccca75c207b06594d1d0070ed12a259d4f574f352d2e2ea6fa45199213b6a42d53a7c717250715e0404f2fe7b64e3ec7e89 +CT: 8694eac2bb3968303f795bf0118e43c132c9dd22ec320ecffefbe878ebe6b1e0833d19515c07ebc83f12cd9bb50d2658e6d7fe44a9fbcc2225e93ed58e1bebd78edecbe6c8b3491eedfdcc957cc8ddc95d8116d50cc50b1999ac420802605cc652134ce51a41533e00fe232344e805df146a952b40ce27a2f5c6bbba2154489ca40cbb617476ce6ceac1a6b9c0175ee33615f252377f52583e970f77795b573610baf5cbf5edc6d2837244f88bc155f71588c9c4c1c802be9c +TAG: f6725998336b3ef020b99818e0d932ac + +KEY: f7db0fd345ca6ca82ec8624950f8e672 +NONCE: 3e7ee1a209b1a191f0a00370 +IN: fa86869e14df0fd8e77eba7fe5a933fd1bc58654deab310a03aa7202a089713e323a323f4932b4b8f6b40982d6738aef48951f621aeb82a747d290d93d1eb5bdec6a62fe66774209a4aea7261acff80af9512af090e0eb0f5905ce8baf2a0ec50ed89906d8d67f370639e6f16eafbdfa982897cd5a3f88929d7f1032a8b3355223bf666be94ba9945fb5cafe655d59af69829ef92365f54ff3eebc45e01ffc439b16e23ce892ba6db7e661fc3676a175a8ede746000ca147db57a14303a1 +AD: f7b826afe62356f985e8e10ff356dc9b5b9d9df24486523c3bab7db355c84ec7e4bbdf66482b74fc6b4c6aaeccd7717fba44eb4820a40f03639076776719ea7aabd3a815c201146428bf4c6bf1e8b056b5a22ebcb214fbba64de54089a20ababda5c860ec301f36e1801fc55fe8fa189f35722a2cbf83ae921a9537be2b4f060d918af9b12f9111909d59db7cad24418896ce49762223d8a20a3a83fdf24b64703c19c78f528daecaa8689f307da7fe0befa1d6b1bef24ac8d9f5f12b6c1 +CT: acdacc648833698eff4d42a5dc0b123cdf6f2985ef05e6f2d42c9cd04663635d240648da18dce158b21cc0a3f7a2c35441799a4f1f5622e11051c874b2bcc64314bf0b94c2589d2a24d996af57d22085a64f10135322cb68428fbb951d8b14683bf6fc96b1395829a0b05ec83eeb20e54daf7a413e070ae1e0b73bde56faac630363fe215f1883cd9eef9c3b7d076bbb56f6f5ffcce0d31570f79be8864482b6b3666424dadb674f873a1b52ae6e3d8ec8984edf54186e38c71602098308 +TAG: 4dba5b1385565427a987c9d0b030f4b2 + +KEY: ca80ac4cf4057182d06d65dcdc09763a +NONCE: 63cdd8090e041baa9dca5bec +IN: 701c739ba0c146983b9e1fe0a9723850caeb818514860c3d4adef10dc5e020a8dd7f2fa282896170f9039d5b3fa629dbee3bcb81db44d0d68f9522477619269a59ec1a9ed399d4902f25271dff5c42f3747ab0f4b61c26a2c1bfe1c0fed02282fc2ef88b47825cdfb11df3ced0fe0227e8264132dd62af2d31f23d0c0e253f01c80400127c37806762eb28bc71f31807229172c78ae994b4ad800d6247ea12d3f4f902bb50b72c132902dd4faee05e67836facc7001c8f58475366668ed20d4899aec4 +AD: 0e91b38fdc70951b97e43aa9ea2c6f78d445d90ddf4faabd3e6e0ef74f528fbd5c3d4da18cc3d8bd3167b756da495cba49ea35e2db849bc37f6db8370b492d7f82f2efafa5444ac62835cb5602796cdbe85caa50084e51eec2651996d2da0dc18fe10bd6f374168d4c9ea0a36ba665148192252ce9d05cb78429c55256fbb65f1bbffb8799d63bf41701d1d706a44e3f27eb245cf720f2a329ea24fbea803c575513830fff579a1bde3daa975eecdb8d3956ddd374fe252637aac86ed3c702c4ec63e6 +CT: ca46eac0addd544bb45a97a4989d45d21599ec70f843d9db38157d186716dc39a5d1a5c0624e6c825b5b7f1fd41aa542ac846ec0edfe6bc28f727823667a33cf6cb5ba1ba6654cd023857c53ff00a63b34d2c17ebae5d46dbd073edb7b2f9e02842dbf663bbe36238f3eaeb7a23e328b0d3d50f49674253898f360c0243722af266c934f021e4f2fb8747fae728d06717b2d68cadbff762956826c910cc8ad2d4aea4518d5ac4deec978a13072fd1675a272539ebea31d736c759227f31abc911e0e76 +TAG: 9f0202c228ec48f4be6b2f876fd05a83 + +KEY: 9c2daabcfae974ae165a2ea58ecb212a +NONCE: 4b9317e4be2256a467e2831c +IN: 09169c1f5d873f03821393bef013bbcafcd82314cc986675922e2d43031417c8e65e625ce737af4621aabea6fe75030b84acf96967e791f8427b8f052051d6247a897006c6ddedd49cb7148afa5109a561e78abff7c55b97091f356e31b5667270d5653a497e2503d75e5856ac1efdcf3fb6e80b8deba8802acc064905e2b09d45e446d7d810971e5996540ee9c01fac1b4331f99ad329565a8db38eb93f2e2a8ca37d64d73cc8a7f4fe3234cc155226393f1f2ad17d0f01d5e60537ea44835dea853e027dd597f7 +AD: 1feb0ca13b3022456a4801d8f5382cad95f7a50e466a102d2208e7482dc8ba5c710d1721de7103000fe8811bb13fdf698844257dd164f1e21b0707251f228ca8bd437994526ed5684c4165c9754d1cefe7eb18f9e116a455c28db1f7c04feab74ab06af029819f51ed96f453fb6a634f73ba8c80e19dc62384e82feac70a12d42e3125c360ec2a97f4ce0a07039687ffc37c5dc1df1ed24f05a37591fcd5c34a3fc5f825c79213adbbdef65078f5e41a4062517334a67560ab215fedde53cd8129a51f27baa80f53 +CT: 8a4d4ae0842f8032d83b2e4eecfaea439f745f1d0d07808bee4b68e3b58fcb65a4c8fd9b93cba2d5b4781d28a9cc01508e9e85796551064867551f9083cce342ba1aac4d2b8f5b0b0e4e3d7c82082c441467e47aa2b0f47e167b28fd29cb8d5ee52c2298c1f87cf811061d922f056214346c1ec3d2534045c5c485ccddac7d9998d3d08a80a62eceb2ee18e1a27f97616969df52ec486015974f160745667d6be25ffc20b143d89bcc8b6eab9dff82ce3c8f95a034316a8f2f2a52674105f1246b2daa28edfd829d +TAG: 0361e65b1fdb9d967492ded32e1fe811 + +KEY: c98ed84949749efd2ee41eaeec51edba +NONCE: 7b056c9c7b393b0b04382946 +IN: 41b87fe62c82bd34cbdc70033ca8d2ec5f13eb2c14947f97fbb5d97da7323f8eb5c2eba210be11b1ab9554feaa516aa493822af4a264c8849e9c6ff41f690f44966bb49c9c1df5995de8070a2fcfa42d0b0b5115a36738102134f571988ba4fb210edc3202d3c74b5f8801a7d1e217b90caa27acb49ece590ebe6637fb6e2f5f0b849f29804efdeb8c102b3e3d2abfc4f6f2c5f71f0a6e4d5daa5cf16561914f14601edc40547d55f7d11eb4768d5c64fc621d04e8c64aa3aa1245c7192852d2ccaaabd448e06f806eae66da1b +AD: 2fdac5a70356c2c8d70def497321c6bee8ebb08a5abc8dd508d83f03bf1a09942d7f7a387d4f875a1ff16c7b5abb53d32bcc372012eab7a3b848a93f7af634eff8c5deb3269d418be698a3026f6f08f55a6e31543105cf1ccf56193cd1af802f32e10512a6bcd3101b7b54a8f3efdba03018d5f2475b51bd65e5e183a62ab11c9462450883e3e87a9640eac909f72b83da8bbd34431ed87d14c6f7e79957067c1cf2a12b5fa083496f903269a3c6c8ccd5e3f9cc287904223ee62bffc4f157f0db409e82101e3ca5e05d962378 +CT: 384ddc8e7ed6868aa722f6785fab15eb69caadf43246521b97c8d016afd976360365bbfc9f48c08b0eaf5437af8a9c23061dcbdd0d22e1d58c92951b43e013689afa6b1587f79fe9ad3104ee1f80b3c95388e35b0b9a5a3b733b32a3e62fc143e6255d0e5b1b55bc9439d3c1cbed610d36c3667378bbc1ac20d93a5a7e5563409a5b94ec799a5281213d724e46f4987588e6bc7e9e6468bbcf340d5f1a1eb1b45dc9fe9c832befff54c8a85db9c07196d7d45cc389fc9d62f4bf1f4bb82801cfa9c408498331eef4ae1ee2809e +TAG: e8cbdc1d6d51ac64f16cf08725f81370 + +KEY: 42ece9aeffc9d2e8ea02e73d1a4de834 +NONCE: b59e0770c689d60823c06c69 +IN: eccbb9a2c1241c88d17204cb0f0c069e20512bb1d31f966349add203d84cbb79d88f7add957a0a8370b9a0e04c9f17215531cd48d08c4612bbeeecf3dce68d41724166e06a331e7897e8c7c6a6affb7bf07dae1874bf3bec044d38227bef5c228f4cface9ea37255e15d6b27e154b349b16048b0e7984f17cffa03da07924b190f9b91d6222db1124c1e4e77c2b989fe2a7c338c7316a49c7df0be173d0420e8790bad669f6da96745cf34cd2eb429d18eeb61a8e80a5e03294dcf3a5886bd1865e2a55a72574db8db04a9560f969711aa7a +AD: 2aeb8ee162a7aafe5a72a8d8873ce3bc43a65fd7bbdef1f6ba71b61e5a9c3bd033e7e8eaa55e08ae381362ad0991d65bf22c99a425019c4cd7768622f108f5917a4be22b4ab65ede66c58191e402f8cdad69decf6552dd52b62e8d62268b84122b64145c97115373a26d2d5e59e69b7dca5f96c48106e9fb3f7fc7e0ab11c78a1fafc697fc73603d3f08fdfc0ee885f84572fb04fda718a21744c7e5dbace91b0e141fa82fbd4d1a7dc35edafaba7c5894778c5952ec787bb547a37e509b035c684a8f51ceac5e12ae71b165dfe957c6de15 +CT: c5874137f5e75ef02521b37f0759b5724798aaab8a1e62df81b73175690ca1d32cab6e7a9d7803a8aea420ab273fb46eab9e5f0773b7f5457d7a8c0058ed9675a6e1a7f15805c7fb695d277ba06adc3963606ead0cedb342614cb410f4197f4fad0b5df2187f8d2ebfe85ad3d5f59bbf652364c7e8c3542c5d7f15bc6e6c24eeb1d3232bcddf6588ab1c1953085bd0a1516046b76714d2b97718ce57ad23cd213507f6cda95ee9c5c23036cc7d4133c84a1d36393979f9d1bbc613350252a6de78d905607adf51368175a20106f81aa9ff9d +TAG: eab1c7790a5941270f2ae49895b3113d + +KEY: 6ace8b5fa16054558c9d0e272573a7a1 +NONCE: 358c73828e032f0e0db608fa +IN: 915466e994705239afebb8025aa965626973e41a750bd75f9e8ccc7c1078ec555fa618120b4f4b5e273fb9b262df73d39950fe5cc1c265c06a08e2318efa83c63dfc689de80966f45cab0d2dba603bf116b9ef7242bf4d9cc691a775f78148d2c75059d6049c861da5dc40d5f94848c7247a724db956d050975d613433066ab89bf91936e0fc85c61af5c2c61cd1eb414b9df0dc125a31a3805903a886b427fb78551bc696610833a9e55c7776ec1622abf839d733594864de06999be8d483f8dbc4da99f541c6f7e21d946cce229a104a57e4b823bfea +AD: e54b90d037c375238f4989910d423bc58d32ccc06ddee558dc6a0c2f9a0f13b2332883e2c4ef9cce41d72cd636516b3506f28f914dcc88311fd7c79bff0ad32770e4847362affd98ad468117cf0daa0f5747c86359615ad6087ee18e6c58453be60f3bf30f8c61c1466d107116f88499fb1b5df9a01eb762317676d5413b839c66e5c1b74121f6f2f7408825745fafa2b10ba7450f4ce207a9cc682d1e1442f972a86d5d4039c4856ccbc00c43b5b3412f5b3f87c16508ffa527c8080a556944d359f388f787f9cbc033fb3333e72127e94c455b433222 +CT: 37be446820f5635c1b5ca1d8ccc2c5ab5b393243ef5229999a2c084fbb54a330bb338963740ba470973adc86e640fcc167a88bb940e5ad1723a01089b5e804b932138efed6fa0ed99c1ac4e9c607f466c829af04407a4a2e5cba486685f693a7b973921746902ad8a0242e02075cab66204084e6b281d58430f2d62bf55ad56ad279bdab0fc8c3d570fc3371dc3280ef3aea70d686c855d40ff205c04d457adb518d904f5715fc6a9a5f30bf1cc74703b175d70a1470cc810a366cb8927fb937aecc200928db6b73873935c429e2f8d595b418c5b1bf9c +TAG: 01b05fbaa9f2257b3c23ed3cf91bcbd0 + +KEY: c5bf40aa1127073b03c114b10f3f78f2 +NONCE: b4ac4fe9920fbb4e032f6aa6 +IN: 164906110c34354a0d4cb6370e1ccc17a739350cbb11d6570f398d50efe3d9db1a97f00d031a579f56d23da2441295af18a640a4e33c29dfdc848d722786d9b73550bfb76da1676af24a7bdf5fd3301090bf342369a24ba830c7f8883db6ed77a2ced83bb85205ca31f75a16a58fbbbd163a3af5e5021bee2d2cece33c08442e89d3f4d6d2359b94a7ec6cac388208a689b584d5dd1103fcf6af10ea2c7cda4f690ea0e4c7376fe2c3e69365d982da28c5bc18d58fe384c9ad2689f4047f9575e54970961a02419d9f2bac8061ce943f132edae1b9622738593cde52 +AD: 9f05d0391cb128690cd8bd120120f21725a79e5d2d0ef9e8322c04bf775f7215a82ce1ffdcf0f6562c188e84cb520f30842b8dcbdec36436725633325020cfdda7ed1af3323d86b2bc72d1b4a326f02be2231fcf133762c4fa76c8a7d5d3ac31cd19f63411a220eba4fcbdec40b8eb01e4ef33c6620978d09a8d428ce0e74d02c140881f46f6f81c2850edd82dc46f3460b5d5fe0b54f09a3f31548dc520f1dd46ed657995e63297b6834df57525408b944badf56234eb2b9a43b1422a5c6a59bc58be683e47753803f7341cbb0075b5795228b586cc571c1bca70d5 +CT: 5c75ee10a917651c49eab6a1187ed631c7069134e492bdb5e5698f8ccd5503cea5b1902d779c2f6e6c03b0108cee3fba03f2b47803e390930060ee4ac984b1ceb9488b4cce80e329d3427851aa7da2213eca2dc5f79366caf601c49a6b7a8ab068f1a9bb899b81a23c99a9de20466fe01398bc071c724b2942640cb1a00489e0ca7052f7a06398ad42500780f194078e3e77142df5710ae88540761b902084f57d87c2b0ec57bcb7eacee6743d419d8877d61666f93a127d22ccb49b5db0b93e4f4ac0dd9393d6351780dafa412380205a90fc8daad3dfcb1b7ffaff +TAG: 8048088e7e9dadc4ef98777c0f6cb661 + +KEY: b628ee6726a4d7925734ab1db3ec4645 +NONCE: c830b0d1b4113f4c9aae46b2 +IN: cdccda3718f2b0963414d965a3c36bce0a165f8e88aa70ca9eb3de6510d02b0b49c29cda4a7f6d439c18cc8fd80b932d0a4190236a13edc9994b1c4a71dbdb694ea5dea53ef781ed398e453ce372a99c204a138739edf5b606160e38cc8444c8fb6e9cfc3aeecc1760e90d13d01692ca894572a0bcb02e13f61d8604a75bb98e96f5f36d10e70a48bbb4f73771ef97031c7da23550b3a12554c2c436115fe56713dd303d1c3d87bcebf25f61710eecc9f01c555494facac496c68ef44344aae40bbe1199de793096d4630018a725b130a27d38ab2e8c629e61d2d8d37b5974f9b7 +AD: f4d345e55ebd1ef9faf967d76736f7ef38e5eb9d659bf8a89fd3c6c3c674161bb54758f1c14856281a7dff7c9cec16cc138384f644544881d50c7692bf22513223b63274e3cb7509c8a410a389277f86cefc801d026b0049c13d85b26da1dbcc7cb387084a3d4a469788ef85b6da02ed2ba0412ba999c8cd83c9c6716cd66b65760c42d4ef3e324b470c2a5e031846fde97cadc448e87bec15164da006c10d3a846adab2b09c29ecc27ec8a9134d5fcfd2c54f17fb23f1a05dc8da46e737f317db42e927818ed00d36af8dabfef09c8641159fabfcfaed344b03a1dd6f9b883f7e +CT: 4f39b8fbd8ecbc8aaea871db2e67583a5b06cb83ed8035ff639dbc9af92c4e3f9fe57b970f4e998a0262dbf77dc024d5e208d3678ae0d90e6fa5d45e2c7f0cf90676368c8784c851d3818e221abaa87c5e54298229a2f4d3f82505ef7bf45686aaf12e8322210a727cfd57c74a5f23bb5d8222115b28503eae7a5c600ebc4765011161736a346b535e1bfcded85c198c6ce6fccfcff0fdb0c2fc480bc6e71fd5de77355932d82f8eae245091bcf5abfa0d62123302e5805ab1f5006a976bc1468e3bed0452c5844029d7d4ea6cbd4a907e905dfc796c01bbeb69c54807354a5bd8 +TAG: 2b55edb998ac9971e53ebc8973c4e8fc + +KEY: 095b26bf096971842fae34af6833c77c +NONCE: d59d30bd5384b86b19b33c13 +IN: 3be9eeac265ec4eb947dd32583ac2e595505b363d660f8b8c2ef631390bb152f016ba7c75bf7c2e5e23c980d6967772ca4535bcbf4871ac1bf70b53826a34174e5a2e6118d7ff86d4836736c9a1f9de44c80b236c5530bb5f80e5fbce9814f3b0843a088afd029f4cd2e6190dd51fa804f8216448e7acc785ddc5478287b101bab80256977494fae87d0c13054fa4470c3827b2e8172224944c8c4f78b0a33dd78ee2bff16fabff15e5909f62c49beb455dd655ee1188b8eff35bfba72f2ec5e4ebad63d7db8b6338660f9b818c6832954241860925ea9b7eb07479dd6de27489d64b1a9191b +AD: 2ff9a8d12980e63a378d6d635d319c26e8f747435aa5d797c6e21aa69fe21f653f56da7db7d67cbf54451f336f683aa9cf373ab40c16738c44efd3e664ecc6eec40d6af82df2b3e58d7abcf26b1d9ebbe6263176ce4ef8087d14b0d5ae1c16917141d2ebdc76a0834e8d83c4ef76add82e957ae376b210ce2d94d2684a045a109454799f3cb453279d89c60ba9d038a1dcb99540fac078d7216ee94f96f5cce939eca9b5f9715b1cf3c9f1e6be982897c2f25225919db3e31595713a4e281e9919bc2c5a88c46835ce05411d0757eb738ac9e45ab3f1a42ffcd6dbd09f17f656f40f1cc2c050 +CT: 4723fb7339048f811434eaaf1db24759fc232466f5f53926b84e740b67f457c8c76f902f4d70ebfd97696380de95e8e40e62434ab1089e3a5308cb066fd4cc7e862a391c2f727a63a01bfd9fdb8ceae55067fd9d6f55312f73bc2c38e4b12b3aa96edd156dd758e9175e67a64a17aedd27c9c70945a065216773d756f533b035f2ab53335a159d9ed3f97b2b7a57aef676fad95c46e3b82eb800197c03812ca4e580916c5f7cdbd4aa1308ab16096a8af5290a0a2330902966a58dcf2e72eea7ce799a8f05c986c6457b05e3eec2adfdd4ed38926a3dc07ef208c91a619848917b96a082ac27 +TAG: 3ff349a628f7fa8d3f970aff8a6302f0 + +KEY: e27171ed1baad563d3d299abc0968b75 +NONCE: 5931a4414d5a90e93d2ac47b +IN: 1d209b32a772e87c5bc593fe943d3d7a1497f390ecdccfefac50ce14595b98b682111f82957278241f291e655b3af108a9cc1523721652b6d446f34cdba2e61464a3217b29344e18ce8f47f10da88c2845a009b7491bbd1e1f36ec49997a0fb09764ee25355de29e56eae7af42a8c96aa137c02268078b7f145fb1249bdd74f2d4e4685de75be4dd7fcf29482eb26b5dfa5028accbd23c3c654bc202c1c0ae7a597ef15f4d14f7b8a14fd45698470ac6355e04fe4a14e3b2907bcade18e4152c68631f313cbef48341008482f434c017bf8e1dbd048f0d6d207446e697fea68202be7283188d1227f21ae4 +AD: af2f6abc40ca82d92901de02113cb8f7638f0a510f6a03bf056a75b02beb10157c97632320fe14fdf0610235e3a06172b6b6e80d2fe18263b11e9a5e3a07758c55131ffca0a6c9b121c37a0c85658125d5bc2edc8e4e247a636d7793a1cde364ac22bf754844607daec0a6b939d05fff5a8c44ad030181aad2361ff61f20a224f2bbf2083b2fc2a5b92f5a66bf2f9b4c49b39dcc23cd3ba66b5e7c19c5b7b74a766c3da0c2b02ac80ac22c006e8eaddf48ce6f6887f69fff1fd0aaba0a0f70ef84b54280830a62d8b0dba55ddaa5b0385c586dee60d1a05a28863a081cb9b41edbf3ee9ebff98cff983917 +CT: 673ae48b6080a3dbd08034312c36201d18508f4e1ee178ae2632a9a5ce0938687ac7e6cb238cff852ecfc736bb8b3c04b42752fe65cbf6ff897e207582e85533f7c238b0be14bb1deb4cdaff524b013661e4f2c96807bcd928e15e4e159390e1eeed036ce776b579d9f3fadcad81adfcbb99986babc9a8465def3de8de0cae19bdbf6488c12534a9b6b7d6fdaeb1d4c3be36b4adf7444a0b9fc69c69a46f7bdeced1214743f3357803d2eae24dc50933a733defc653dec56f0e0bfb8928de76699d4f7029fce9175b3b7cfb6c7ab1018f6f3eeb2b9401115c8cd382b06e4b9b43a097f42bebcc1493a49d4 +TAG: 285c1a0028fed3ab2a4d68946399d700 + +KEY: cfea8c059d7b866051aa54b8977befe3 +NONCE: e54e684ef16a2fa8e25786d9 +IN: 5a20333c4dd9b7378bfb773b7d64ab80379d16c0a56eb1f48f53c19d0fc4519d0b5f478e37f16d6e5085af31dc63488f9f2cbde3e49ba954b674b0a4e20df811098f7b8e716efaee6a4109f16afe128ddb0e54034d66bd00d13a6c69c9ef2e5a065825701f5e85634e118c69ff0fd71bfccc25030fe94e778e7f474136cd3722eb5bfd88bc99fb45dbc3060a24ac2bdadc5c82d883c5c63ccc0f7aaf5384f4c7fb07310b66a7c767d025c1a02dc9aa3d7aa921a72084906ae6039f837454493aac3e3549ad3722a735dfce4211819a2d7ec279221d43360edd9a4cb930815c8565c22b94b4849a979d5e2a57b2da8ecb +AD: 376d8e02071a93c892293902e369b8c7c44a4c9541b5050347b016243935408d0c9557b0f66c6cd493c1b8da68c8635f4c868e685674aed42f196ee9b6e56ee44510eb9b9e89108d878be917454dca0c62d207fa462a563a267270d6b1602d6795717475bc6fb5c87b747589328e39b1d4db3cb19f0fbe9791aa4232e33abd9e14b5fa3abe4705ee988c657677fa063aa349f1a05de045f3ee66da03af18b6b8b83e29b203e12bb02a4cbaf79eab3cfeb83a5a997daaf8f36fa9e12faee86c9cb351ff361351d98ee3a10af999799955a02fc46ddf56c23070319b3fe0cb42d07d811ae976f242670e618eed113b4342 +CT: 06ccc7336773919c2b1bd832e7c48ae4a569db96545363ae0b28061fede28a25ab6cc0382aae3e6b31efaa4c225073640d0148878524a7f381f53b4d21a43e39afd4c12cfdcda442d5023a8d2a8ad49f4a002ecc8354c86520524017e561fe891b6962682d168a860210e0def1cb4be1bfc6590121c1b1988254757fc5a37ef916827a5fc258ae772773a6902b084817f3641c21d3d1d1e8818b9851dd05aa49ea74e16778593f6f486957345462732ab92b1e4b06c32b5ad3270c5ef3d80b4e4bd08451e92c26acebcac1a4592e08ea434a1fbc6dfedc677151ae9471661913db19723184d9ef4bb49342606f784d98 +TAG: e7be877dad60c889d397726bf1b6ea89 + +KEY: 40d35704108a944f1e7582503018cc85 +NONCE: 26048431289e7e100481e2bb +IN: 515f9bd4935dc10e77dadd81f5a4e0b53eb858ded393979ed75330b80adb36f6b81288dcbc581e8d93b0e4705c07be3e200422397ca3648c9676952e60ea26d12198add3e33cdc589ee5a800a750d77978976344dd5dc710e56dbad462fab7fbd08c057a9f8765c4caa9418e6380038d288e09a90befeffb1e8d60e79925dcb3772cbb3258b15544f9c9554181df3483784b89b73bb6f9ca55f6d644c02fbd7e31bfbff45cc40132d2bbd08db6a27f5a302e1dce2f0afe4ef5bd4ca844c7900ba18faa1896a36896a1c80307cb37162174205665613b39cabd0a5b2dd1d5f8b6fee948006f0b2e31488c0c613c1d178b7800dddcfc +AD: 9c86692c874fa785e0d9384061bfce8d8332871ecc195621ed478706c46057bb4fff80515ed65b5fbbca3d463a62e227c228a340143bf012233b1c05a50fdb4ed04b840d983f47e00e001844a0d2ce14f6dcea58069c9b0bd8824537d2420147be7caf4a88dc9912853a7fde6d2a5cc21f85eeabca7902b94eb79d5fa143d02585acd57b93e4eb6bcdbe289a51c6631f7aea7bd9dc0f6cc2ee8426b37220216f834033fde15e3543422612fb3d972b8eacaece9614a4b759d93dcdeed026cc90ea058d7dc985c10859d4ef14ac5cb14849d4ae404badbcd98c28663eaf7274aade4bb7527c4f960875ca703ee6732c9a3720b629f2 +CT: 89a21a1d502ba947ac1921efd3c998bfdb437c2da0802e5eefff66de3af00bde934fb9109e961f179771c52de783680683f4bb752f877897882103146d030bea5bc3c03f923b477443e640450244cdf66d7d346954f6e862a3a577820d49151a82f4205340ccf2e11e4575b53f7ffeef09ec640df65a0b8c04b37f6dad7f940cf2d7446a6fc5bc2dc31854c27567b2badf6f8e94294ed5d899a458a080f38d6e72df59f13f5c8f736264fa2b302d5375d6e3f8c3abe4811f4f85cb6e302e2c12a892a1e7a78a5a33e4b555c02917330ea7a45f20cb59fa991f183d1e2a5bb1761005b73fb728124fa2082f41cdbc88bb06389eb165 +TAG: 5476c08e9561442745fd2f222d08b535 + +KEY: 2c6796d0773d12455829a3242ac7d480 +NONCE: b43c0e7842006f6a7953d598 +IN: e0f7ac13e8cdf4da6c17f1221df18b98267277e79c362ec2793dbb842bb9662b5e2fa34e43cea12f71b4eb53d9c862f176efc5d91f06b5c532d9c30206eb4355ad442127d325ae2c30ec436889e3d7a56b683ee09c7d79768d6876ebeb67b5a2cc13df02ab93646386106e0473149ed77ad0ec91dd282712d0aa26f30bfc44f93cad39504356e3472c5bfcbbf9557cd85b53e33e1a88d2f08686955a3d876e4eacfe783e5f6089b3106295899d4a73fbbdc1bd22e1408a2b93a9d89c9489cfe7a9a7cda7c92b06560a189f5ed04d1f02489685c602f8741baeef3fddf610b1a25ed26d88daf9a05aa0a476c8000dbbf798de92b0ab8779add7b7 +AD: 1048769719a44958dbafe1a59a159ddf2427c5dd8746a8454180dbf59f48ff6467d760f8e06aae8d2d2a79efefaef2dd2abf33ba1929073685d0320a583a56e8748288b50c7eac551aa859b274629f3d3cdca5fd7b2a08f0bc830e929584bcba85f80e2eb12bf83de607e4749eaf7631c3545f06ac236d55769c8a08427abce0174c52718c2c08b02afc7e418bd7aa7715de95a930eaf92f54c7dfa2f3ff3691187a21c6bb9b238d2fe2dac7266de30c94c7ee96fa60caf5ec0f5aae5cef28264933cbbc295cade787321f4c12f63ddd85185997a63fec48fc5ddb83be3b47a94e15dda3f315e7495098bc7a0b7d26802e12fdfc6a94bc6c5a76 +CT: 794ba0a7df144e66e6e7fc83ee290431818d149673d1821e1df496565aa7996f9e581fcfe9499c01d8716fd3f6d67acd6641285b70f8457108063933126c95b665e551925722af60aed5343e429e645574a65cb6fd767b204ca8fa91979c6fe49377fe4b43fb9994e619e1dd962fa49a8ae5ae0b8eb630f112c43a4e9c28ad91fee9b5bec0b27c5472e30c2699e984dcd9f984a3eb7a7b7209a165b2f4a74bca555dceb81e3495a3d39115d32609f372d8dfce820aded274ac567112d295de5b261b10c01f4939ac532d4a0591f87742d9502d7a2201178b4cb4c069b1873c44b73a901e299d4a41e57dabdefa39907dc559b44e99f2b950e09c +TAG: ae5afc2bc4096e308cffe8063277ef88 + +KEY: 092e4a78c47bcd0b169aa35343c885f6 +NONCE: adb73023c873661f02bf4ea6 +IN: 0751fac5f54602181fac252cd2fc408ea3763fe229b80149bfb4b0044f541801843c8a20ffa1ec931830bdbde31efa998e0875c09eadaba6906c870549dcc650b865665c56b5cf29b75da63de088fe4d79cce59499518a04a17dce18879e3e33ed11ad808d470b2811da4617039758109f56fe75eeee696ff51c18d5ac04fe895518fe59435ed1f073b56079dec1701999ce0e5ab45829cbb85cb1f94dc67c9ad28815728f6de85fb7ae12203eff28420393c1ae5cf644bfb5633156e9189beb02294d7199e54ca0d2012bee2dcd6322eb90f41b3c6086cf0ac6b3888b21131f3e57643f2ab60141aeb17d9d07daa213658b52503482fabc4a0ba17bbe3a1a +AD: 60fbcd82efaa99e17f3cb16a4d2a1e04659d13d84a83135a5e332366ba5e6716bb3674d27e6b2df4269180a0df25841e2235eed7d8eaba571b34178ac1a1041623138641f500a7d4ceb28efdc0ab45274cf26c0dd16174c77dcdbb79a7980e04d48b35efd3656e501e352b605bdd1b57cb7f9ceca5ca14a3953b2dc77d18fe1c4e1b859d2b02feffd3da7e259fbbf27721d330049f0d1c2729ed2f8048abfdc0e7b3609d2e6b4f5b42ece472f0fc330247880fd04768b678fbe20ba9581f3db18bf3668fa0c80751d78286e1927aa6e27ecce63fe883ee88e7a05f8ca2a387b86246f7d1a4791881b14f619a340163da62f4130b2a2c0bf39f463ef0af4120 +CT: eb0fffeb17e3309d1104c9a9c211bfbd585f9516f775793c365d36352e93af1b4db15430b454d1e7aa913f2af994191c365d76a4d49eda531fa7ce9c49b98bad4d591c868fb066a2e00a6bf4b1bf529002d403313c5df306ae34b8c62e939569bb5401eb7ba87080ba505e5c40a3856d2e177d247a5d8c727b32a13014a00a57e9f01cdeacb4d1abd16f1548256d661c45da12c2fe3ab561375875c7b6e273bbff5659749631fe26cef86e02742d0cc3f63a76ae5ece59b6556ab27da9de1a20c627da8bef3c596ebd7b246505006d1a381c2a24dda70e52b126b919471acfce274b89e07d125bc69bd94f2c65bddb82441897973566014fef625bca7e342f +TAG: 8f2dbbcc01538ccc45436e7176c2df47 + +KEY: ab1405116f454a3b1f106fd491cdfc8e +NONCE: a9e9a06e4bb83c215fc59a00 +IN: f64f0ed5ca25e118f2a2dbf069a9dc0169ab0079d91c6552d4a7e8d0314c910ce0614e1f6157b0f758ed6d3fb3fc3e2eaaa9718ef30e8d0c136c8bd6dcff97c0f5ff8a5d3808d8c23f2a9ccc35fb9427afd10dc1c298e95b335044b8d33e414ecc17d7b34901608284bc175418910116410a40b29dbb379eacf4ead521db3ab2a3d9956081af6d7438714c0631147b7d1e9ee4789751d4260b57630bb573739a3fd0b19a7ee8c301d7f1b09f86e60e31d5f2a86c7a65b244d5e4d591df3df3caab80887ea5f1dbb569516672eee351db5d5ee4d662a3d3c0e48cca108966ac6dfa6e4f9b88e5e577752826d2da05f2677dac7c31774eb64b1b0fc938580a78e4a296889c +AD: 3726f25fea1d10c2712d157e1a1bfa75d6f9e5bda448944ea2b7b85c7d4ff4ac00f68988f2a290cff3d5dfd6af33770a021b03fadd5741bffb7532924f3f2841a7f7658c49c6b915b1dc41ee4bb9ee89386c9911974979f43e71297bcb34ad6ed085177ea91300c9b42524503bbbbfcdcaea03e3f2c939d6b1dfc9c6b6e53e221568d2557bc3055752f4fd487b903a2a0bb7697a19a763fb7c615c7edd099f72e87849f57722cb0987651bfc476a0acfe13d02d6b01f761784d247301bf514a14a990cd4b59664f826649e0f389787641c1e5b87388cff42fec144d6ff3f382b85062bc21368c93019bacb56b643808a848c60bb3d804aa64e2b8fa1c128d6914663d9d3 +CT: bc1c14f1df6ca46e6b4daafb016daa235718fcccfc1ac698a061885c33479c0a7fd44e46e805869383232168940b1a9379bc652c565059ba81b4ec2ab435eb9b91de5bc03cb0a7dc11805690ed9abbadafeab2add15f9fd69b5ff4bf4ab5cdb4a6fd3164ceb7820530641d8460b83929b13860bd2e64b984407dbfd2de51e865d88c63554ea1f04305ab72bfc991fa5573bd6b41c4f8c848fff4b0c5d2398a57b4de4678ca4dfcb16a7612773a24088893444a8ea3d0916e4b460b33657f41d2b04d0c28653ed068a3653975402c31088cd74722d3bc09c50679d0ec94c1e84844886b1a56c4fc3b14614634f08c5b0868d276e9f8f992f94b2c55be5f2e408a498d27c7 +TAG: ee43dba528a9ce84a53ed8fc1fbcd871 + +KEY: 7990cd12d13fbb929fa541bdb8e3107e +NONCE: ff7b2818b62e856952aa2cac +IN: 5ba2afc1da8c18d8be3936a2e515bf9eabb93e44905a86773a38de7f959c49ca56d7f1fb43213cf7fe394b49733b031334729ce6c7ef17d843790fde814672ca982807b76475350210871ddf8309f59fb280a7d41726ba7f00ed2fd96b4a17aeb7d157130cb7e49c8a454cd08622824d20f86b4ba062bb3b3f9d4a9c1402a9d80f3324e4127ee57ad94f87d6ccfda76145363fa70df95341d483dfcc304757da7541a0f148036b2e2dc7f93697d8d275456107a016b425542a89ee33ec02289f5260257176369d990c8c89df73892d7e67227086c0c2c258e5fbfff8bf9129a230c229356fb0935738d2d6fb82992c3465ca5a9472ec06c7b5a29240b611837225c61a0e14ca2dd30f +AD: 865a9b2706eea62f3fd3164805cd8fe4740d1ba7be809cad9fb39cac26f7c57d4c449f4eac03d87f87dcf219c562b9ee07ab3ce22abd46237eef8221049fe499c9189f789948af92bc434b24aa44fff600c2d698593bdfcaea878f8780adbe8dad2cf453d253e8668631a6eb831be01db9c7f1b7b8bfedfae83bcdfef3501cf2b2ea48bcb19f40a70733f3e4c3dd90e17912d5797fa46ec852edcd49b0780bf6287679aaad13a926f750ad7d3ca1ccab577b74fc0ce4cb22e5c619d2d668292c9db4a98c5acc4c49561a77275c06f5c3fd514ed8555db3e2f50dde5c23e84a38129e7a91cec8d168bc828d09239a5c6bbb180bf69950540d8876f9fac5d1a258543a771610991b92ec +CT: 1901c8f9b5a99c46c9cbdf8ace9db03f36ac17183295544d8170fdc3a16c7194a2fda400f8f0b251a3eccf639f539cc356ed3fd09383954a8119b536290865c30a629d44e467acff5fc323d2be97f29fb9b4ef7cf2c18a63dabfefd7f75e696c574372f4a35249897a3387a2b10c1a50ae23ea74560b498c9d06bede78f4c8c9d879667c8c8e137a0a254f3f881ce8d183588546e066314bf1989d1acadbae61f7836fa633de9fd0fcc5b3f72aa03ac432be8f7a14c8e86b45bee416acfdace44b783137e3135a801342061781007ab939a52c68d686f5e3b401240bb10e764211a059fb0aa00e2f635ef214322918fffd0326ae38ee939b4045c6039df7e7def36fdad7f5b65c20dd +TAG: 3e003897b4d9411cbd449cd8dca5b58b + +KEY: 64f0a8065987a4713e35dede10afb708 +NONCE: d6ee984b82f1097331400f38 +IN: 29327f95b41119679b80c3b51fb5240490689880ebb5ff7b59a62ae5e08f7cf0993c09b13fd845ffb32a99ce18c22bb8825c137c3aa622cf3a8390042c6a1a159aa1dcb6b6b21f4e07fada584dd21620b2fe0aef64dc609aac925d8b8d26915fc101031b68a4bc89898bb92146a0a580103da265cad1946791c5735b95d85d3f0f1f39a88f47b9c52e61307627c084d68d14bd14e3572825e190bc7146080bca423099f643d53ee3989386b87fe3dd9c383f6a58fc0437fdb2087b5211df2069bfd981d8ca785384cab31545ecfc35345f38837883dbde917155e631a46ed1444ea0ea8a5441bebd54e5f6ff914fcdd66d62efd223f34e16a880370a529b2ce6ade88e907102021dc87aba9900b6 +AD: c8116196a12363785d4d6fc593b23226a5fe83b00a77ba24c69644d2e52291dc59d2af3c6ae102707439f22c33251a01c41867f54ecc552396a5aa98ffc687e3a88d8d0dcf826645bc78ff9c1a3052481933c3e8ba8e30bc249e6d095699ebdc51684696a15dcc9e28d09cac757e51336f79a0cd5ce8d070579e12956a740666d28ead49c47bae10db20fff8dfe6fb0260a87cc6f5a879cd0b2f949dbff046d90cf42c7ab51337e8908302935e50755a4503107c84fc94f7db3d3f0e8eac9c0def7435676701c9acd7f4c2349c3b7324622dfc4d6ddd8265a810c000158260aa6a7e3af973f8b178959de409792652e9c4ed1d50fce2e5e6bcf205c6889ed717db7f4b14500aa8641b8514150cab +CT: 3e04445e0ba21e8788f6f192b710b466d5d3433463f0308a3c0fbf7f1666fe01853b9d340f496bb0c2212ae3e3d34b0fa1adaf33f039201d1962f2b51031c2a4dd9aedc08f7c895682d1352e9a21225d81c98ac7fd4b4de6efe3dbe437d255e4464a1258d4497e2a1d4ef6c319869b78fdbcf4632743825112fc21acc0a1431d8cf8eb8865e695c0f3668ff5acd8e850373331ed7ae3bbe515b42c1d0ca0b9caa4df0048425fcd08850f23a86b4adc859291b5c49ed54e41778c7ee2a11da9598396aa889dda9513afb9fa0b66c0affa555bf76849d754702163004fe3e77ae5a7c46f3696bbd52cb8680583aa5cac22608c6d45b96770dbbfca14312fba61b3fd0d7041ded80d8dfbdc3f901b10 +TAG: f42a0e4e6e6a1e0654aca2ab7877350d + +KEY: 2c351f0b77cf0920873fb57c910cea15 +NONCE: 4f844d27dd26df3015608119 +IN: 227ae9330bfd5a662af4137ca7fa164f383a63e5bc33eba94726a0e7a27f666887fe484680899ad8aaf6fc5426600760f5e6ba53b0484615d0089d9b1e75f5952ce0665d16a045b272c3c50194ab7b3831b313dbd800168a24e576cab5dca4319660fc6add76bb400376fa29cbcaa25adf3cac81f3e66a6baeb0d94ed92aa37271d2cbd8219c0647f0af6a4ba8a8e169c10cf6354122054a547ba046e67cf1fb424271d3d3eee5b51e94019d450de6c1f770395316421b61c5ee9ff00c910103e58d423946c68369730a974a392c21be3fc8223cd816e7432200390fd7cc3f5160795422c9daffed23df42a7f8259e295d43fe57f75f674886c6405bc6954d17c2a36348761ba09694964646cb86c0d8c64c00 +AD: 9d7d5e5f63267154bab863a7b53e0ba159a6d8a57a8c49e084b513b463a1e812e94611116dce9c1ceab2b7e18b4d69f7dfd225d2bdf5b7750d0d9dc131f22987bc812da5b0a8ecbe9d0ca2210cf6ed8a791d95c3f72898497226f69c8971c2da342500b75367842d14983384b5985041eda7f1cd73e2b5c71bbbec6537390313583bbd53d2d563848fc93d81579d8db321d1bec973f7c4e8f34b6cab8bd7b5789a7b40f599f2f8c43f6d7f8fdf940577ca8b5159e699d449ffb00acee0940937d491a71a81ee9da0949f8fa1d780f3957908819221941f0c5d011bfb2560acf2d7386f973358d68487954e26ea9ad3068c65b797307831e03aef7d1f1bba9ddbba2f251329e85172ed8efb1a689f8026b5068c +CT: 4ef2a097a8e507143b6354ecd94d072c0068c68698fd04f2211a771bec45d616d8eb7eaf90140850c135cf468dab9e9f3dbf059b56efcf616b32992df407bdb735a8b5ac2c361973abf47029bcde46dd5b13728add772264f2faf60f3de10494b0606618c383c8929377f2390c4a104141a11711ba7e3a3c83396761d7d62a997e8782822f51ffd0eaa0e6c9e02ae4effc0686af29f2805039c1cabc8b826d1ceb75c4274e95f854a9f5be709ddf1002481272586aa021acc2fcfe3e6cb0b2a47d124bd8b83585b43bc38599a497d0de3979c30c81536ab06a1649a3cf5dc2c2a6e52bcbb05a76e35139c668dc8a3c038ffd1fde8c1b4a31de48341b5fd586c674e35bef3b104e4b84063889907c268226dc73 +TAG: 12aa2a46a9014800b3243d1020290d1b + +KEY: d94582550b2e0d42255f13a8753f8e82 +NONCE: 82f7abb31dfc28491697b347 +IN: 53ba297d691fc3abd93ea8b6f3d629584370ac045934b1b738a73c09a8236bf5f99f357b1cbb120414c68ee64d304b7751c88c563d5d16fa094602c0ad3c803a8f116f3a5071c049a4b88f19ba2d500a171565c719fa64e691bd4a9c4588077b0c2b91733a30a214e474d868ac6b301898dc85346523bdd4f6c9807ef69941a5369b4b7ff7fdfd252729d3829a7bde65427639de0b2b154b4830f57ac13894bbe705f02362f8b75367ec7962c53bd6aebbf15d72b25c08570392592b6a83d4f44d2037da8cbfea2456696cc39a3272e46a5b4fb837bc6e4bcd9606afa58d3b260e9f6f58bb5d0f07438f378b6a36c1931e9eaf923c2a3679a789e7ef5865c7e799ff4633f1b2acfb79a5a0fe9cdda9cf347b9664568def93 +AD: 2bfb6a6726c6564b31cca749bec29a8c9fd7bfa22f26af0a80db5e6b13a3b10367be6ad87325abc59252453422535466347059b7d57fd2b1eda1d6d37dcfa9da7df34746e1bbc98baeb4bae17281a537fff85c0785f9f27617e77333f11be28f9aa3704651e4ddd72502c79cb2a810c4686147cedf056b5f035566eb34d117c83ae7815e7e1e83163907020cf0736ff1862371e87269e5c8c1926e0bafbc10610a6ba6cfc273c9d9bec0922726dea04acf72b3f88a5fffc57e0af6dddd0396b4937d2e7d52feaf60d29dddc5b4cc139eb855acbb794b99d74b8a93e3731f9092b92b9bd50c846eecb6eaed2e51290cd1f98dccf3fe746c5293e0b970dde72835c44b3a445dc1f2bd67fff6b1a7e378611eaa42889fb92de1 +CT: 1afa2fec98728ce39fba26bcc769e9766993c8276f88613db574773c84c91fce6ee7dc6ba4281b8d2dfe13820723526f0d6f20cc21f305b792e9a2bb1622c742fbc05ca1f0121cb9f6e1ad6c3ba80891e2043adaac4f1bdf29260a44a182cb165f58f480be5f16b51fddfd0d264bc4a18bec589d24817f586fc8bad15df7cb4d48d788fe7fbe69f821b5558b0a664ee12ba8ddc6bbd325f9b83a024245b4e68b310f2282f4cc6005209f7b7aa6ccc025d435441e3bb990e81bcd4c8218b8360163ab266be4a1f5603059db2bb67e541e1edbe8e7762ac522a81f495f5ff8bf99948050e61c86e83134f4e1212f879c86f7fccff472fd9753e27a0601f914655a5f803061cc986431445021c907b3ae0f060fac13f3723867 +TAG: 5ef1ed1e2bf562893b094d58516c11a9 + +KEY: 31d93fd51c2d6450cf35d9edd71413f4 +NONCE: 28f6f0c288c9f92e80252e1e +IN: e78eba6c58f93cc2374932fc21e54f695f2daeda3bd1e0121a77d178e3bf5c0e824a99042e8f2522df829d014e4d35a756780e8c07f53ca8fb78db6fb76754ad461665051c4572b2514804d0a9cbae1a1a013b796565eee13a7832ab8834b8406b1185332552d38754dde2344ff4f6e4823390964ba2dc43de136f2235b1d919e0f4ad60813d30f0ac1dad35abe3bee9479337c7b430841d2c722f12aeaf931cedd8a82053f697fff8d07f0af6013da7da58a5dfcf45561943e7ccdfd8d11fbe96a68a5a27982e47346500c0284caf8e6b63c6621e80503a7365d6693dc9a249093dc45221cfd88562e25910034c2c123e44e3b09d8a8a15547285d2596b98c7a0ee9d10b2cdb032d08a6caee1212420b6854181a583c15e046aa202dd +AD: a4fdd42aad5475ffc1b122170024486406033c8640233cd9b23c286fdd40c5b69eee39cfbf965f7a10c73663f9804e6821c4f62980f8362a580bab446325b009a004b60b1dbd12566b55b42e58d8037d86c1050cd6ecaaac2fb0ef616a15bc5bcd8252fd459165795c500bbb2fb1476e5cfef9549db733be65bde391c810d099e3745a2cc7a94debe1f4ff6653b338123ef7d2f9a602bc9a4bbe757a63f932a802014f2f06c6688faf14332a355b1025f33687124399f55b6a5adb4864727ec6c5334c41d78d1463400925f6c29c0f611f35c9640045a740dad5b4f0dcb632e7f9a3478b526aa9f97cd9f8d3ad094b7922890e7b6d9c67fcc4f747d04ddcd115fba0a8f0433c6fb1bf6011a9cd153f866c76b26d427a25aebc60d10540 +CT: 8d668fb50efda82552aeb5d075ff3977c37929d73f6639289e7c6da8c89c664df80b2387e788d12398d62d3c0ed2f9f918010d41021c464d54f016c4e10e85e29ba3a45793df2ebd6cdf30045363434387bb0d20439f4986e6eb7ae9fd85fe776f7b8035025624c2413ca8491cc6e79fe901b9c40ff3a0e37a7c7e88b56de4fee65861865162821e046846d253982e4ecd17bd26214b0923a4297d4ed9423395d856940829ca5ee74488c3b4d8aa3c5ceade17d8a3f2e45d3ba91360ac1c76d6a29f8243bf49c1d75aa41ba239fa6f3b123e198ba799e3b70c674607c5371894800954eda0264b3b82606433f71371dabc5f1fb3d703232533662920a241f613c38d16b0bad24f4aa3b336af89cdcd2f371e1bed7aaa47c56d17100a01 +TAG: 594ee5c93636cfb5fde940e3d561440a + +KEY: b06d694a83b14768ae26a8f00fb78ecf +NONCE: af11369ee342454cddb8db62 +IN: c01130afd7d3f4276dcfc1ffaf4bb636a85d18e0778df6c6791b6edb92a617894b84cffef6556c834a4800b336dc295e80b699b28cf478a01c54052ab0d0d4208e1865edd6906e3a263862c05f033668d7eb5b42baf36c702d102a6a5c723974e63bec848c89d16584f0d1ec429c87686b1ccffd7626e0a83f9c471cb615541ccb02cb58d10e63ffef171f1affca492ace4d39fbf33bb5126c575963e6b6ef9fd2ee4d6efcae5afe422bbfd9c3dc22b6b47cab8dc04127ff93b016e0f92f5d8518d5bd3bc6edd45e0397440f1a4a0c7c9c2773c0a0cd3b890effb010dbcc00237dbed1177b86bf60913309bfda9376b4192da59a360afc5bcfaf8be16ea8313de97b417aaddceadc63a1c3a355693616413ed4101ad68f6e6aaa99c839dd2a9ff536 +AD: 18e3195358bae4ccf43ff8daa34902fe48f99fc1371d34060aaa442a43016a1d756f795fa5c9c4a828525554571e18c27134f46094790dd1e68471ee40c17bfa02f175b2c2f7f2aef20f00e4d71926560b58f015de19c871d808acdd341675d8fc19d1e6d4028e1e8926df500c4685c14729c6a056898cf919bf3ae429fa3ca8746495716d78c9a8f2ecde596f985b1c25ad0e73aa305a86259319176b4c4f3bb231fdaa478a856f46416ddb10a14ed23c96dcb86f5bea3114568a44d8fc6ff4bb47fd0e2538b70d964842910a682e7bc7c7263249832c21b7083a1e8b143828de0f3dea8b404cbd82efb19a11e4d60aeef13abd86621ccbc3d8f220715730eabbe04a6bf0e11a4f78cd2c4369ce2447a76f4fa48ef8d322a8a28a67039c24c4bfbf +CT: 6beeb306c71318cedabe3877ec916ce2074b2c3f1df887cc3a3e8019c10d353854b6b65c947359138d5decc62a42d50921dc8f6cf63a16062af47aa8cd50d0b2dcbc3300ba0d7d069a5e4b4fe03bbf7062c6001e276be116fdd00d15a6399d1b0db71c58f396f8bc7e51c2b1f47430d4ebd6c5d05328b29aa79bcb26927ea5a40c82715aa0e36cc83ca6d250812c1305c02ed4291a25762cd709cb3d808031b5f918ce253f622c1afcb83c43707edc493d18ec6f0dba4353a1cde7184db65654088fa13baf45f7643f0dfedf4058e6095156b791ed30827c556a7721658314356e7a3f3c62cd62fe938b008cda56ceca71442fa0ffeb78b13c5847a3ee9668bcd2a01c753bd797c240378505d1e8f2b8905428b23bf589de9af390f94f21630d1826 +TAG: df5a21a399354b2b3346a9eb6820b81f + +KEY: 06a4c6a8aa189134f5784a525d46ff10 +NONCE: 0f765d3893af99f5c3e6d9e1 +IN: 706b754094869313523493089e591d34868b708cbde9bd8b42cba8175d1fdb6a8769bb9ec156d44bcb8f9cbf2685a0dc18b5a802dcf7a12570bb9042a0aa53dfb19af8c0f13763f388d9626a480d6d435dd90fbdbb4292d9015a5633252aa0583498d6f7ec54460d8589c1d6a6d16a349d10ec6070e1cc52e5fb996f810d333675a7130e4f3db9f4db0e3fd3541d32e0b2efbd40ba70cd59295bc8d08481f0f137832b01bac1778ffd7450376e174067b3ec23d0495cbf936bdc176cabc3f42e2991947a4fa87dd8343c32fa3d7ac0e2d22660a0c128a00e1b51a8742fdb2aff44540e39e588c5920ea16293aaa522513c944d3b77f3a0e90bd9105319c170886202e336893d100b0a25aa609a49a8255f78233561f7b88256386d1c3c002c3ee68f2775585c65 +AD: 18e2ed6d500b176e49f7e1b5074c0b7dbfdefdf00a63d9fa2fea8c5e78a1c4ae00f17b23442933543ac864097629e112a099f3dce6d5beb1e3f3c8e19522c6b8f615cbe23444bc91a802edf8a08995a55125da805ebb073fd89863996ef708f7293069a744ad95db8c17cbcfedc331119e85020df8852d74b8092fd38ad424f3da41b4775beac19536ed801ac1069925b12303d8ad2c52c36ca5b4ec95e96f02ebc5725ee6cdc099e666d9055b789e39ded77a8fdca0fe2d94b8039be55b6a75209cbee4fc7864957402b50427db71bc75a0b1e3d2ed6ea20f12a980c5ee916067d0dde7d686570d075da4df7088fe5dccf0d440064a96998da6f318b603d513104c723f27484780bdad586ee358d821b480f9569e4dbdd1a45ab9056f8d8e5a879789a0d65338 +CT: 5f3627bd53f8da0bbe6f3c9246d6f96fe9abb91cdecf66ddd42f833d98f4d4634c2e1e1ad4088c84c22191bdb9d99ef227320e455dd112c4a9e9cca95724fcc9ae024ed12bf60a802d0b87b99d9bf22590786567c2962171d2b05bec9754c627608e9eba7bccc70540aa4da72e1e04b26d8f968b10230f707501c0091a8ac118f86e87aae1ac00257aee29c3345bd3839154977acd378fc1b2197f5c1fd8e12262f9c2974fb92dc481eeb51aadd44a8851f61b93a84ba57f2870df0423d289bfdcfe634f9ecb7d7c6110a95b49418a2dd6663377690275c205b3efa79a0a77c92567fb429d8ee437312a39df7516dc238f7b9414938223d7ec24d256d3fb3a5954a7c75dbd79486d49ba6bb38a7ccce0f58700260b71319adf98ab8684e34913abe2d9d97193e2 +TAG: e690e89af39ff367f5d40a1b7c7ccd4f + +KEY: 31323334353637383930313233343536 +NONCE: 31323334353637383930313233343536 +IN: 48656c6c6f2c20576f726c64 +AD: +CT: cec189d0e8419b90fb16d555 +TAG: 32893832a8d609224d77c2e56a922282 + +# AES GCM test vectors from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf + +KEY: 00000000000000000000000000000000 +NONCE: 000000000000000000000000 +IN: "" +CT: "" +AD: "" +TAG: 58e2fccefa7e3061367f1d57a4e7455a + +KEY: 00000000000000000000000000000000 +NONCE: 000000000000000000000000 +IN: 00000000000000000000000000000000 +CT: 0388dace60b6a392f328c2b971b2fe78 +AD: "" +TAG: ab6e47d42cec13bdf53a67b21257bddf + +KEY: feffe9928665731c6d6a8f9467308308 +NONCE: cafebabefacedbaddecaf888 +IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 +CT: 42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985 +AD: "" +TAG: 4d5c2af327cd64a62cf35abd2ba6fab4 + +KEY: feffe9928665731c6d6a8f9467308308 +NONCE: cafebabefacedbaddecaf888 +IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +CT: 42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091 +AD: feedfacedeadbeeffeedfacedeadbeefabaddad2 +TAG: 5bc94fbc3221a5db94fae95ae7121a47 + +KEY: feffe9928665731c6d6a8f9467308308 +NONCE: cafebabefacedbad +IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +CT: 61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598 +AD: feedfacedeadbeeffeedfacedeadbeefabaddad2 +TAG: 3612d2e79e3b0785561be14aaca2fccb + +KEY: feffe9928665731c6d6a8f9467308308 +NONCE: 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +CT: 8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5 +AD: feedfacedeadbeeffeedfacedeadbeefabaddad2 +TAG: 619cc5aefffe0bfa462af43c1699d050 + +# local add-ons, primarily streaming ghash tests + +# 128 bytes AD +KEY: 00000000000000000000000000000000 +NONCE: 000000000000000000000000 +IN: "" +CT: "" +AD: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad +TAG: 5fea793a2d6f974d37e68e0cb8ff9492 + +# 48 bytes plaintext +KEY: 00000000000000000000000000000000 +NONCE: 000000000000000000000000 +IN: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +CT: 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0 +AD: "" +TAG: 9dd0a376b08e40eb00c35f29f9ea61a4 + +# 80 bytes plaintext +KEY: 00000000000000000000000000000000 +NONCE: 000000000000000000000000 +IN: 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +CT: 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d5270291 +AD: "" +TAG: 98885a3a22bd4742fe7b72172193b163 + +# 128 bytes plaintext +KEY: 00000000000000000000000000000000 +NONCE: 000000000000000000000000 +IN: 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +CT: 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d527029195b84d1b96c690ff2f2de30bf2ec89e00253786e126504f0dab90c48a30321de3345e6b0461e7c9e6c6b7afedde83f40 +AD: "" +TAG: cac45f60e31efd3b5a43b98a22ce1aa1 + +# 192 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF +KEY: 00000000000000000000000000000000 +NONCE: ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +IN: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +CT: 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606 +AD: "" +TAG: 566f8ef683078bfdeeffa869d751a017 + +# 288 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF +KEY: 00000000000000000000000000000000 +NONCE: ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +IN: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +CT: 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606872ca10dee15b3249b1a1b958f23134c4bccb7d03200bce420a2f8eb66dcf3644d1423c1b5699003c13ecef4bf38a3b60eedc34033bac1902783dc6d89e2e774188a439c7ebcc0672dbda4ddcfb2794613b0be41315ef778708a70ee7d75165c +AD: "" +TAG: 8b307f6b33286d0ab026a9ed3fe1e85f + +# 80 bytes plaintext, submitted by Intel +KEY: 843ffcf5d2b72694d19ed01d01249412 +NONCE: dbcca32ebf9b804617c3aa9e +IN: 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f +AD: 00000000000000000000000000000000101112131415161718191a1b1c1d1e1f +CT: 6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3dcee23ad2f1ab3a6c80eaf4b140eb05de3457f0fbc111a6b43d0763aa422a3013cf1dc37fe417d1fbfc449b75d4cc5 +TAG: 3b629ccfbc1119b7319e1dce2cd6fd6d + diff --git a/tests/aes_192_gcm_tests.txt b/tests/aes_192_gcm_tests.txt new file mode 100644 index 00000000..cacfaaeb --- /dev/null +++ b/tests/aes_192_gcm_tests.txt @@ -0,0 +1,44 @@ +# Test vectors from NIST: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf + +KEY: 000000000000000000000000000000000000000000000000 +NONCE: 000000000000000000000000 +AD: +TAG: cd33b28ac773f74ba00ed1f312572435 +IN: +CT: + +KEY: 000000000000000000000000000000000000000000000000 +NONCE: 000000000000000000000000 +AD: +TAG: 2ff58d80033927ab8ef4d4587514f0fb +IN: 00000000000000000000000000000000 +CT: 98e7247c07f0fe411c267e4384b0f600 + +KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c +NONCE: cafebabefacedbaddecaf888 +AD: +TAG: 9924a7c8587336bfb118024db8674a14 +IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 +CT: 3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256 + +KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c +NONCE: cafebabefacedbaddecaf888 +AD: feedfacedeadbeeffeedfacedeadbeefabaddad2 +TAG: 2519498e80f1478f37ba55bd6d27618c +IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +CT: 3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710 + +KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c +NONCE: cafebabefacedbad +AD: feedfacedeadbeeffeedfacedeadbeefabaddad2 +TAG: 65dcc57fcf623a24094fcca40d3533f8 +IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +CT: 0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7 + +KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c +NONCE: 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AD: feedfacedeadbeeffeedfacedeadbeefabaddad2 +TAG: dcf566ff291c25bbb8568fc3d376a6d9 +IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +CT: d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b + diff --git a/tests/aes_256_gcm_tests.txt b/tests/aes_256_gcm_tests.txt new file mode 100644 index 00000000..9a30a231 --- /dev/null +++ b/tests/aes_256_gcm_tests.txt @@ -0,0 +1,467 @@ +# The AES-256-GCM test cases from cipher_tests.txt have been merged into this +# file. + +KEY: e5ac4a32c67e425ac4b143c83c6f161312a97d88d634afdf9f4da5bd35223f01 +NONCE: 5bf11a0951f0bfc7ea5c9e58 +IN: +AD: +CT: +TAG: d7cba289d6d19a5af45dc13857016bac + +KEY: 73ad7bbbbc640c845a150f67d058b279849370cd2c1f3c67c4dd6c869213e13a +NONCE: a330a184fc245812f4820caa +IN: f0535fe211 +AD: e91428be04 +CT: e9b8a896da +TAG: 9115ed79f26a030c14947b3e454db9e7 + +KEY: 80e2e561886eb2a953cf923aaac1653ed2db0111ee62e09cb20d9e2652bd3476 +NONCE: 5daf201589654da8884c3c68 +IN: 96669d2d3542a4d49c7c +AD: e51e5bce7cbceb660399 +CT: 4521953e7d39497e4563 +TAG: 2083e3c0d84d663066bbe2961b08dcf7 + +KEY: 881cca012ef9d6f1241b88e4364084d8c95470c6022e59b62732a1afcc02e657 +NONCE: 172ec639be736062bba5c32f +IN: 8ed8ef4c09360ef70bb22c716554ef +AD: 98c115f2c3bbe22e3a0c562e8e67ff +CT: 06a761987a7eb0e57a31979043747d +TAG: cf07239b9d40a759e0f4f8ef088f016a + +KEY: a6efd2e2b0056d0f955e008ca88ca59fb21a8f5fc0e9aa6d730fbfc5a28b5f90 +NONCE: f6775dca7cd8674c16fdb4ee +IN: 5dc495d949f4b2c8a709092b120ac8078cdfd104 +AD: 86a597f5e2c398fff963fcfe126eae1bc13f097f +CT: 04416e23586ee364b1cf3fb75405f8ef28fddbde +TAG: e7b9d5ecb2cf30162a28c8f645f62f87 + +KEY: 8d6ed9a6d410989e3bd37874edb5a89f9ab355fa395967dcbbfa216ec9ce3f45 +NONCE: 55debbb289b9439eb47834ab +IN: 52939c7416220822a77435a46687f134cebc70a2f1a4c33d37 +AD: 7790af913d84a04c1b72d4484ea2e09fdaa802d8b1733b8470 +CT: d7bddae8929ed6bbc9ac077e2415d9fbafae4a0432f8f7eb6b +TAG: e6383b16ed9c32521dcaeef3a7b9b67f + +KEY: 525429d45a66b9d860c83860111cc65324ab91ff77938bbc30a654220bb3e526 +NONCE: 31535d82b9b46f5ad75a1629 +IN: 677eca74660499acf2e2fd6c7800fd6da2d0273a31906a691205b5765b85 +AD: 513bc218acee89848e73ab108401bfc4f9c2aa70310a4e543644c37dd2f3 +CT: f1e6032ee3ce224b2e8f17f91055c81a480398e07fd9366ad69d84dca712 +TAG: e39da5658f1d2994a529646d692c55d8 + +KEY: 630b506aa4b15c555cf279dc4a7ee9add213219d2c68163ceaeda903fb892c30 +NONCE: 79eca200a5cdf92b28be5a7a +IN: b12e6f1f8160cd65278c48f68ad53c8c82fd17c2c39bbb109f077c17fdcb8a0b3a5dbf +AD: 46cb18593b3b26ba75e4cb20a252caef31d00be31093d2369e93572a393d650c68313f +CT: 9a9ad1f78b4d411afe450d2e46347a7df98f39daa4fd478b9ab6e6b417878bcd52743a +TAG: 55453a003b021c8a247379cdc4fa6da6 + +KEY: d10bb6641e9ba0a3f1b016317831ad4232f81c2137adac0940ecd7fa36de0563 +NONCE: 99c922d37c95ebeda8e81ae8 +IN: 8b9089df5bb048cebbe709cb61e178ec768515a0031288d95b7cc4dfffeb51b836e126a237ec50cc +AD: f1cbf6c83493b2087d9f88e02121a114f45ed51817e46ffc0b66a783350eae89c6700db3f3be5f4a +CT: 8a838c51a8ef8134481e9951033295ae686624aa4df72f869d140980347a5e69a6d7cb3d7119b303 +TAG: 9152bef766579a3e9a1e36abd7ebb64c + +KEY: ca665229adcc7554f1b1c8f50e7444c6d4059c525f9c0da1406ffb35d50cae97 +NONCE: 8e2df19123ce0ad41df416d4 +IN: 12365eaac86b270e9c61b3ae7702a6f3583ef4accb80a98454c56e34e2ab97d8afa23ddee34e7e3a522497f985 +AD: bf539d8e9e3a02f3e5834970e7efd40cc7cb340a075041428d6a69ed9fa5105e4bc63720be9a7040ce5b4af6e1 +CT: 96027efdcd4433df8e7f6181c05be365cdce550b09d45cfc96fe258eab6d55976a9306a0070c9589ef08cf7a42 +TAG: ec9fb5e79cdf8ad4c8a79c900975159d + +KEY: 5033338bf7526cca0425f4a620424662ebc58364c8d985d130e525fd1f598f3f +NONCE: b40842b30758aa3eef7cda62 +IN: 69a62b8c5f9b81cebee3a9345f4e49ea089b0d9c1cc57b4ef707956d0287de83fcca6d8f5270a9393e00693075028189bda7 +AD: 3efe0ed6fbafa61070388abc59c0d06589309736b02418df5534c8c594d61a2afefbee17af8283d01634b6ca3e8e2aeadff8 +CT: d6184677a21978b6443d99d7de1fd01c6b6334cf01b7e7d58456267453f4de96708b62301172c8c87e970f91c5301e0ff61e +TAG: f8ac7aef208712845d137b8b176c89f1 + +KEY: f33c39140999a2cb69e43129cb5df18fffeb3513ec3560792e9909784daee43b +NONCE: 70608463f1dfabb1fc4451e9 +IN: e2802c4d290468177fdb031a717345753cd7c3028ed07dea428db84e7c50c3eb7b24f7381a167b4ee31bf88dcaf5251fdb90ecbb74ac2f +AD: 10a6f463dc59d4791b3c2b4c93cbe2dec579a154962cb2c4cc77664e8c2b106c574fe115fd43dad94b8b1bf2f74820e28435b4444b2b82 +CT: a27419a46037323c033d7cf2a716777fedc02a5ddd8bfbdbca82ffbdea3037bc1cc80df7c5e502b32276ae88ad6fd0f0cfe72604648812 +TAG: b1ae330d47fd399aaaa687e141e23fc7 + +KEY: 2121056225a7b2316a93c4bfeb970486fa9c586c14ba8b40be5844a31e9449c0 +NONCE: b4b7d1e8fa7d0e2334c92315 +IN: 2038e2c6cdf5282f081292448f8febbb60a1520fa3771cbfef387f48c5915a1438ab709628e8d4c81623ddbc2f6f159c3c9a8922905c4994269898b8 +AD: b07f66508a39c4932b04c16172d6462d78273cd9463e52284bb73e3b8b8e7047bdf10c5ace1f903e5a5eacbf67c9351f82c74bda140df2fe0480c80a +CT: 7b54618ae09b37ee72e51873c82cdd20b6dca37c334af89548f52f34df3a757e632cc0d453fc97270898eb50ce2f2a98c4cbd4cbb22a5b7c7564406b +TAG: de3a9e2aab2439675c4f7f0b61216d5a + +KEY: efb15235bc91771aa32d51472877b0eb364de2f88766908eebc6e6b57a702099 +NONCE: 1a510b42dc20d1d0fb34fb52 +IN: 4eff604dd4bba67f143dab0728b8597e269d4e0ecb4ce80c9850afc645d96da239d9db360605bb4268d74e1fe3431a44242ae862fa2340c076db13315f615b85f0 +AD: e8dad34f727e77444a96cf06425640f1fc80fe3b01dafd1d91476140afe8204286d01b0ebdadc0270a3d218516ff5f08a69a7ba251ac325983caccbe0d9e1de359 +CT: 989fef0145e2fe93b9f99fd90123632d83d9df8f37d8e1f80dac329dbe0c214c2191009e31232538fec63a29665f0fc1c77dc86b2f5f2050b86b3ae48e85d63116 +TAG: 6816304faeb45da4e4772f5c35730f8a + +KEY: 998c22912d5687fc3faac262a902783fcb0c738520b5c4135a8dd2cdbd7b0dfb +NONCE: eeb535c5bd6edfd696655b60 +IN: 1f6ae10d425923c882b7d2f556571acfc10333ec665b07bfad9f8948a3b8c5e5f163a4e99d4726da1a35359c657c848f327b7fd9b5f61987440ab12b9399db24715715a2d1c8 +AD: 9a3c76dbaeb69a6481a89318caeb6358267ef51a1a364a48387bf77526837c9c70afb6f105cd47d2b976dbda7d2b6bfea7b76b135810c53437472f7b80ffc8ce4dc95c7e5045 +CT: 87f4e2c80a4f15f92a8e94f468e70fe7f0e0f83c0a7799a1d465043d25210ac6f0f39a5e9765b4daca637864d1bcc090d2ef33ddfccded2d2dad61dab443b3cfcc683147c490 +TAG: 0744d928a5b5ec95f3087cc2623f0031 + +KEY: e12effa8da2c90a5d35d257c07d1b467991bd5f75fecd7129aea4e26b9e27ff1 +NONCE: 4edd0b4cc349d37eb77f5576 +IN: 21dc87984edca46a629ed95ffb04471397da8806c525a781d9a71818422e344e4af577f38e7cdbc556d4766770a9a3c95bea59ad497fe0127816ec4dcecb6b999486719b0b86cdb2c9d09e +AD: bc158e6570fb0a08d73367dba65b80a8c8e57ba6c7b99493ebdaef0424e18d8ab1f7c88670cf51c4d91b77eb9ce0f89a46ed1316141e4299ec6c3d6e712ec9e92d3db44640402aa4ac00ba +CT: 07ab8c623d683ff83030392e2864edd4b8e3d296d60579a226a8d2aff6bc5af3c4598a18cc1e8d7db4ac8eb56a082af864ac52a324851dd29af51a0945cee4bf303ea111b9b627aabf5ff8 +TAG: 53e69b7be969c39560c016c6bc1aa4e1 + +KEY: 3d9723c9235939df8647529b7e4a57b8536476d5b71b424e2c27ba4d0b82b0e8 +NONCE: 60163d2eb7822af7fad64c04 +IN: b44face0f45e4a8da19aa0c5cbe3aa960ed6b74fe3d3d9201f52523dfe7651756b2ce482e759c87bde4ec670a0e808fb4883e437c7cbcf2f6470352174327824200cb0897edc4def1736f51e229addaa +AD: a4b2b7bf36a70a5246feee52c474058100bc618fb0e3d32e8c1f76153edec47fab3045dcc7eed9ca1886bb2593703c9ffb8883c45386d2f4e3fbb0b7c722d19f2eca94767174d9127450549e8993ae33 +CT: 66fa63ded066ac67bf218af7bc21169a875f4bd695f44fbdff906f0a9b8a067be721fd260571c53a8b51661c8d49fe178dcb28c31deb3fa71b096b387f9fc8f3657d280404c05d2b6443eba7e60b562e +TAG: 59d5450872510c4bfb590d9497524331 + +KEY: 75b0a20935c4a5e2126ac7420d632bfda8d41bc947c2402bed4759b6e617ff92 +NONCE: 0c3edf0dcd1125d7e263b897 +IN: 8edc98e70030e40bea1548f6f56b4561272be0c333f3b7ae53ff3e27c35a91b1aa42d39e6305ec4811e75931e5cae2261d88a6f7d6c5b05bfb48802264e9cac782411f1de579e29d464ba56840b126a3fad07f01c4 +AD: 7e35081ef652424da6304852243ce43ff711da17f7881d5e0433b1ad7535e755a8531b93d67ce99ffe66e59fbb24f6b42655524b39f2c84daa5cdacb5e7916266c05711a118b2128930b95de83ff1a67e53337474a +CT: 858dc74dbec6fdbe4ef15a3596ff7201c8f4fcca765bf5452f678b1493a66ed9852a6fa174a73099acf951a35699f33289ec50625538c01eaa456dc658013a29e4d133b856eb969c1f221f99e11fadc98b0ee08243 +TAG: 3d8f17838c4fc69f04d7e2b76eebbc0b + +KEY: 7a3823191abcebadb7970d1b65c2a8dab8a908151737bd5400b3b6c0d59e3b08 +NONCE: e32eb00e5106097e2ef0e8ba +IN: 220db5400dce604adee4cb698cdc02d2ca61622bbdeebe347b0bfef55cc45319b940f93773a9878725c5f55485d7a26363251b9ce0d3da1f8f6e34ad5329dc9f752ec7dc12b2d259ac89a8059085996a431a56cc2dc2400a26b4 +AD: a83b6dc78931cb7500eddcf77792e810c1edbd5f4e33f85018807a8539a3cace094fb794fa9ea058e82c830d42d5a6b3e22b7785698774aec5c73edd92731c51106a23c569c0c0fef18d13da1562a9a42aa435b243c4fbc9fe42 +CT: 5ce6ec0e1d67ced5a6aa46c909b9b8907b372be03331dd0940ceb6d87e928c14a1a1e8ef9096c9b63ab4cd93242ec7be7e38b80643f9c52e7e90ffa06b8f2d238fa63dcd97af74ae37802d124623b8a272e68ca18b3432b7c017 +TAG: e21c61d604253bc5b5d58283756b9eb3 + +KEY: 53ff6dc0af3e89fc2de7370caa433f539d068609fcfed6400a5b9fda4c83e3aa +NONCE: 91a824c5e023283959858062 +IN: fc23e07b4018460279f8392e86423ecfe465b25b60382f58995ef5fa1f9ca235e4bf87112554aa0e72836831d7b5f39125df11518b8aeb1809d804419beb05ae013482213012e4ce980ddd1c58e11608b775d12b450ecace83e678c69d2c5d +AD: b3a1db2d467780480f166859e0e7aab212738b85e88237c2782496c9c503347de02f3dad6bfc671fda71a04ff1e4661767c11303daa0c36d944346d39e3e29ec63d695cdcd83b2b57181582c5ac692b13e4299ab5e86c59d09c2dc6194ebe9 +CT: 88af588ec33bdac2cc748a01ee3eec97e5bbfdf69de1d66176f42b66383bbffa8b185cdedc25b11a62237d334d68120fccfd68c2f9447b3b8e1f623f33f7f97ad8815d29bf11bc0c65641ba8fca4a087783f4694fb1d574450191825f84402 +TAG: 2c4973323e635a885f78ee106eddf19e + +KEY: ca2b4d335598f26d3d3607e62b9ef853d3543e741350f92f3050894721d3d450 +NONCE: 2431b5cee8c3ecec4caad278 +IN: 75e29e46350d1fa99403b1e5baa414e41a8e714910f313f8e850cf3076508ff650011af766b51283fbd5626166d775fd4b4cb7124d26d77b41eb17bf642bf67a34c1caf0fa9b43eec12103f864e56c5ccdc81b89c1a35e394362688d05dd94eda3d05dd2 +AD: 31c3ce532bc1bae65b5ced69449129b112019cc6078268b853dd17c41832ecae07f9c6b068ef6cba2b55f352904afd6096ff8432081aed408d9340c319fd8e2029c389b6e3a4bdc38853444c3f7be9385ff1ca27e59c43b542e99799bb4ce56b8e26d6c1 +CT: 90c13ec26d01b7b96bdd6816d3ee57df57efeabdb15ba602229ff71d71793fe8081eb1b462e8b2967bc4af96fd6dc72cee3d2b6495c7f04c9068b2ad0b073e11cd5999df541ad705c6315eefa8da49c5dbc258f7ba922908489c1ce672971c3bfb6e8482 +TAG: 3a7741a094be92b838850c32e4b06c6d + +KEY: 49fbbdb5ae21cd955be7f7603cb8563ea0b02b77a9ea14016baa5cffc55d20c9 +NONCE: c0a4463350506d2af9e35d8f +IN: f31003aaf5d8fd6261c01c5bb1e7bf6af248e0be3cf8aac67ccaeb0b7468a40d98be526a8e4f692dd23763563e601915ebcb59ecbf03bf9c665c4c5313c318939a911888fd427d5297b9b2fd91dd33eb7ed38e2f0f6ab74ec263989cdd9915811a022d4a46ed35eef0 +AD: 17e01af2386531ce67d5bc3325d8f83b53a87b38f1c305f99c0798380a7e59d3ecddf33a5ad23a82e33f0fa34eb2438b17e958451439774ab642fafd3794f80a0ee1b9bc165f32df705a6175310670ba54af3a204e446db35170ab02670086c47a475c22d1f14cbe44 +CT: bd661836d1b74244baca62d7d1cb6717e17e2fb0bcbc8d36b3265a983d557c562b0be60708499d0e7e9626825bc049db79a0ef4d2393fef6024d849089455e55693fd4da3d910eac11496492a645e4376855732765e1b3580461a2a2533cebb482736ac928cba175bb +TAG: 4596e3802109c899f27f6cfcbdceac5d + +KEY: 30d0e4f6425e38c92ac34dcaa06a815166f301289ca9cb0ed08156617d87bdf4 +NONCE: 525618ac9e317405c7d44367 +IN: 06f2204ca864dd3f7c9d0290f6fe3d0337eb9442cd5d2b586d1d5c30e58951fc2f4e99831ac7bca4356db4609a0428c482f2580b9e8cf5fd00d86d474fd88ac3b2413f44c1ff66e59e7538c090b2444396f02004ff636aca05ec40439f4e3f470a24916fa4033cb60127223addc1 +AD: 23c1a3e1083904f7226be7242027abb7af9d62f1115340cd4a57611be88303955cbcbeba44eab5488c80aed3e063c70cb7bbdd9ac289c8c8977868c3702be63d0358836838a97b31f6aee148f2b8615ad7c5dc0de7c48db7752e5f1ae8637f8c70335bbecf1313ae1b972ffb9442 +CT: afe3e71953bad46ad28113b7c8f2092fdebaeb81626bf94bd7e9dd59e000e8ba31c1ce7f728fe19dbbb42322e54aab278e3c29beb59b2d085e65cb8e54ea45d6a9fb1f561bac0bb74afe18cc8de51abf962c2fbc974c7ed54ccf2c063ff148b3e6cccdaa65cc89ab19fcd9cd0436 +TAG: e9f5edea1fdfc31cd5da693b50b72094 + +KEY: 661309741227606892db13ab553070b456c5e421cca59087144873ae6d59e590 +NONCE: 9f07692c017e1391a981e70e +IN: 40b5f8081b5dd173203e02e90a6c171fc41f804b2903ea18109edcf77c03dba687b47ca389c55389bd7b0ac59bfaefaf43b5f97065df6a5375c1fbb95d95cad589c2a45cd9e1e7960b1d13622440f7180aa565863b4f9dfe26ed336ff4318653e1a520bdb830e01db78a7e598f251834d0c9bb +AD: e8540d084f24b80414af554f470048b29a5af8adb2f9d55c9759e5ff1595ca74884af67027324587131d90c77ca72b2d15b66564549ce93df7f667d0218a6e874848563a33886c6a0c5a9d00fa435dfabaa9053243b4c8c25779a4dbf79eb4b8530a7c7bf4263ea824713a90cee92dec78c449 +CT: d543f49e6cbe26f1d8a6e058769d5b16e6f8255a28b4d73ba2cbdf664bbc5ded73f9dea12a11b86b6a6acd578f685afabc232dbe9ff8431a5318ec7f0202959a310595b147353a7ca89c9d1fc2d2b92ea610cf6d9ad2716df2dfed70f5b74d498edab114058c22c96873a2a64abc254c82af46 +TAG: 31a8441886d0e4c6bfcd6d74f6a5ee5e + +KEY: a248b0d683973d205ef2d3f86468cf5a343d6ad7c5aaac0b9b6b2a412eed3552 +NONCE: 8f62ffac4027f4dfeacf3df2 +IN: c2d7d29256832def577392acb9fe4f249eb4859025ea55cc0c4a67806caba3e1cb81bc7f5717d94e1c91ff06607b23c238daafcb0fa96905616f02205b702508970fe3bfca87270ed1102a9ab96df57ebdcfd86ef6e9c4c4242b4febd82b0220b0d6f76d8c2d0fba33ca49279907f6bcf7e8401d1419ed58 +AD: c738cdbde6dc277ab81dae20fbbb4a50d71bcf0ac1ee0ec6a39747ccd87be40b1f0f2c37f2c6b32ea99722979fcfddd0ddc2e4ff34a2e6113b591cbfda317c6f4b021ad30325276f8d8dd78f757618b53297fec091f029f9b00850b35f3863a3801c882422b318b4a1bdd89002f928371ea05c6fabcb1792 +CT: 7a837df292ad2e58f21b89da43a74de411e1746556fe47db55a136757513bd249384bf67887a5c1f605e7f7e3057596e17039701ea351e5ccaf0fd4882559e87197144632977cf07cf9e86784a959fa7399476a4fd196d7c507fe3876d759e2b37bd37edb3c12b89716f29ddc8b64974263a1ec1b6364b0e +TAG: 291098a2376a0faa5da6fb2606b4f2a4 + +KEY: 80634a8baea1c4fe5dedb664c9b5d714422dd1726d642e60d15e02364195206e +NONCE: 725ee5023ae08fece15d621a +IN: 4d1d8855b4d155e77bd1bf34b3d049ef09b2b94f4e604306406b015a2d520e8772b084ed668b868e32c7563085f2a82e7d99219da549e507aff9515e45a045c7cd5292c0e09a3a38c769acfd0a11826b27d8bf05184971670200e79c49754debbfc57d9ebc661b25f22f241c4d143bd922f7b0981a48c6a63462cb5cfd +AD: 12b3fa94a64454dc5b47433df1ce0a7dd5e8066d05b2433c6cbcb83087bb7d22d153a19c05aeb76141431c5f9801cb13531691655939c0c812611c6a30083ed3ec27e63e6868f186be559c48367a00b18085ffb8c7727638e833a7b907ff8465e3a01d654b52432767b18b855c05a9cfb5d4aabae19164f0dc2ca6346c +CT: 6b01e934916823f391cd0d2829c224a12eeddc79f18351d2484ef6cb5d492ec9ec4d8c4bd3354f01d538bbd81327f6360a7d157feee64b539489bfdd1be4d7f724d2a6dfa1af91e4108dbfffd529afa71388b07e5079236644da289ae236100b2fbeda0c17bf2a01e76cd1f88081682c2d074223fb8a41d59e70a37870 +TAG: 55762e95d897a33c4c75106449112986 + +KEY: 4f2edc967b11983f05ef5ee2a4364039ac02dbcccef3f3719913ae2719c8217c +NONCE: 255f8209b0c67a6277bdb42e +IN: f8217163bcaf77c1383089e396b271e22c517e8ccda244256cc39315fab7d0c291078d90e9b6e336992f015282caa1ec0ea858a179c9735b7a2f0d50f6f1eecaf3b9308772279ebb95f8aa53826e9dd60fb354de0c50c10001c98812b59d7c0f36daa1aecda6782ca36130fbb559363fe07704b0b91ea85be319ada027e47840c764 +AD: 1dc7065f1585384b88be47598ca484782716c78f49b3b6bf5d24a5b0d24fbd7831f18d77d80951d2c4fafb6f939d46362a69b558afadb3bb4d8aa27f7fcf3dd9624e1e075fce9bb239926d51ea9dff03619d64d5828103a414e360adcda8fd864fca55c21df86c76972c3765ab1d68ce89f708e7e5a3e06cd4de08573cf750c6f5f9 +CT: 6719849b7cea3f7f2a8e4de13d7a864d581b7c638f49fb06378a768d2034548179963c33f0ad099254c2edda9ef771daf5d299f58850033e2e449d7bc21ca3f7d3b7408429b596da615c8582886a6d8c1a9ba81fec4a41a38b7cbf1a80ee0ec8bd71451e727051fbf2a1d1e3c6ca98ee113e47650ba4fe80451e79b04abc8bb99a2a +TAG: 2ac7f962553a8007de3369c7795bc876 + +KEY: 51c5cf1f0c76ec96f4a5f9aa50a36185521f3ba259145ac6cb4da3cd12467696 +NONCE: c751e5e7e3d75874acfd2bfa +IN: fcda42cd098b7936f4bebaa37d5850cb0fdd6526966b1b5734f23d5050ee44466627576e1144957929123198e40b64eaef74476870afecd7b70f7583208603a1b5247074c6c77e10b9bbd41a3d468ff41db89895b0e9ca95be77526ddb30d4c5eb0796ba97d7d5c56d0eece344dde3ebd7de586226c00da224b04e74d9abe832686797df067c52 +AD: 343ae5e73fd1da48dce92ba7b86d21de0a203ba8587536fbaf4646bc45051a7feb343e38916f6c4c75b65f940045e830857c7b62b34a44622a36b34268b8a397892ed3e4de5df3fa7384d4ca50202b5b0833f921349c877931f4b735cec45db6b95410c8042ba49c1a39870276e0165f09c73b14bdf7f36d19084f958695c7ad2cc56f0487eae9 +CT: 04192659d6a2f1b7be472372c8f969a7de388c97d37b4a89653593e48b630947d2160b569379698e94de49b21572ef0b4dd330487a8be814a84e959a1a8e3cf33dcc9f7464fd44814d0cd7ab85e4c01c9d015f42ce3723c8ef8c311222b0c78eb83d81696c217992be725faf27701b4922c6e6099442787ddde2b7572500a5320a4d0c787b786e +TAG: 23c7a866574976dca8f401c4b5b58292 + +KEY: 1cec3efc0311d623f34b6853b3dc97e470fa728cdfd65993d9d48fdc192b28e9 +NONCE: 320fe742ef171b7b8cb615cc +IN: 722e503a97166a07974dcbf136fbaec6c03668fa52495b040383433ca59f6311103f2fc6a95ba4c925f8637167537321eff6949aa3051269fc094393a7b17d1ac8d29af052760835665b0ee89adda5dae7738656af9e8513c96e8a532a46ef34cd7430832d2be51c586a14e9aaec2458c1911bbc0f90b496737e838a12ff37d3db058bda9360d7d33e11629a +AD: fd5ccf6b6948c3eb96543aa40f107fafe94e5206c326dd8900ea510c6b61d1bcf746151a75404e31406c8e991fbf6e660db7c18e243fd2608aa22dd7ca9de88f277037661ce6dea4ff0a86809dbfe1708cd47d3061a34657cad143e6577549c9944e081f79c276300bb406378b26f349a91fa87de02a1405d712c516ae11b4bcf30ac9d56e677d03eb33e3be +CT: 363c1d6b806a6d97e2fddf53b242378e1d2b818828863fbb3f856f7737d63998a84e02d6c91e1df5f5eb6cf89f7ef53e16d10ad52f82362292d3acafaa02c23be7da7616a8b8daf8ee3ae74ee1078742c4ddc3e5a110e510417b9f43fbcbb00e17af3301b2fbcb784fb0a05b66469e771fbd78114fce3c4352c42928bf5a0ecc49228a3c930b0790bde7ad7b +TAG: 669482999be99149f9b723b60fec62d3 + +KEY: d3465cdecaecbf25943b7bbf8084ccabc15474a4228c46cbe652a99be24a861b +NONCE: 04fc836de3a1420b8e7136ca +IN: 81e0e984ce0a4074a44524f93e375eabc650a847a42393f5c524c65523368d38a7e2b677fe08502dd3bc42311775016b5689c660cc0ca8cb33a09b89f3ed3d02fa0fb75ca5bf0dc3c27c546b369ab5e7731f93bc074d37ee50d6f8366f6c8a45f73ac92b05c4aa552ecc5266041dc122a0df69a36ad625a26edb57bfff43a84e527ea0d9d3cf076f8de9eda28eb09de3ff +AD: e4adc14ac4bbf3ae7ec7d97f5c0e6090bf8127a75e8b70e9b86496a62a759dba5a4eef64a8c679c362785501260d29b58e1af647782564947950428dbf14edab8e6841c7afaf9e7949b560419c44bae30315c597f6f6e02204da7ec605a4d9a8753de1268bb0b1c84c972b4e7296da5c969781feeb35a44d2aef799ed228aa399ea04e21cf9f7d5600a2c07b047aa78388 +CT: d7995e7b610eede708526c05c584039d48b9b4356fc71b0c37ec2559309a688a7c69ac9655f94e178cd2311db58587863b0fbb990554dc9a6aa849571f945c61e5611ae7e1a96903be725a1aa75adc381b86e43fbc68a36f44e0e0cb8fe5c494caa91f758597b6ef3b80a879154cd8a7e5f570893b4f768105b24b58efb67c5f07c6db60e0f48eba9563f17d38aaf0847e +TAG: cc3fe61642c2d7fcbd579048fdfb19ec + +KEY: 1a0dfe2a6bc6a69659c68942ad0858e1df905890f47dab728ab9c73f742f469f +NONCE: f8f76b014116ba61392597de +IN: d93eead436e835a061ca061e3a53c3f9c66c6f011b21682b8a6fed098bde2018a2462aa5ab542c69bfa2805612cf6146c9150888b9720db1dcd0f359c1fa3416df4cd225dd0b0d949e917adfb3e83bf5ba2b967d48908e6b6d8aabc545335014d951a67390d7b5c7cd7dcbcf66e4e3f02aa4e5e9cccaf73e75622bad006c63433d36cb1c6aa4aa253dd1b2eacac75c548aa6648ecf9d +AD: 56ca2d5340629ca75de4e98921da352941559bd79f47ef0ab42d1d5857059352f96ee877f5458f090ca237e4eef5b08a53311c8dfd4c4582f18a93aaa8cf75080734cb2ea3389c9c74d2b04ead614eb54512ea93f0e3434e9a9366454b303a8129d6ce6cf96b1d6dd4f751311c736b517dcb50a6f6e0962c46637b4f5aaf0f34bff518cbd551a7aad3fa615708b17cf6d8fbc864f580 +CT: 8dc4d8483dc665b174ba32d6b6244da5f2a8fcc4b1865d662ec23057838b332a07ff073ecc893d413696f3fffc6dca5d107a5673f14abe8e0457a02e61138380d25e269686cbbd23cb7da3060f482f62bf80a40dcc2e711ecf5f7836ca14e456c4b73a48bef90749024393f5f8af01b73302e81bc37c4110dc26174702231d831cd14231905d2dd3f375cf2bef0425084d5b19f1039f +TAG: 825e7b7e195f65c454ce9fdd637138c1 + +KEY: 03cec87d0a947822493b5b67b918b5c6a6bbdebe45d016ec5cb6779c3ddfb35d +NONCE: eb7d261a6b56a179c88e88ad +IN: 2326102c58524326759ad399222c5b5a563cd01a29809d6aed4d49772a4723cfdf30c9f85f031063e838f543c201412d6f085a8f5435b0b2fe94659aaf70cf7bde99309239ed5b815b48342d4f81011f5aefe10ba105ac15601c64a91076c29c3cdafaa12bdd5706dd7305b48e923873cf06944b5027b210c59d79856f602bd6481980ea909152216756d77362c59d57673cedb91ee6f56a40061e +AD: 4d0fbeb69c1869d2d23198ec49b3dc23149005a84aace7025293c3afb8cb2e38c167a822e25c2fdf667d3677f4e94ed6574529c987de506d26b7ffccf3b7a36d9adac48bca76084710338eeb5bfca9df1bf6b403e33e90761a0b3152afac333071a5ef4f54010b945d03b51f123865673e8877f41ca23359e60518f076cc64232b306bd858634417e92e546ede4ac6231635c9cfcf43aab1f8fc1e +CT: 06746f993843901ce72f2fcd4af7d15e64b3102d2f9bec0fe72cdd0b97e43177a1a2238c9c1dfc3311f701196653249e767a73dbe819b660cee07a5f3bb8f25823875fb4b4d34a5a3a212d2e166311bbe11fb1d36f4e725c3b74054ed7fffb7082203ccb5e9d65873cb8a1ce28d5c6e2b6555c1a864a725e6c7d5555d37dcaf1d0884264be72d38cc4b65bc2f0d039d542c5055da56c57e084b804 +TAG: d36a4b6d2f592d4f0d347d906fc319cc + +KEY: 7f4b4bfa26719d9610c80ba3f474c43127f4aa3414fb070fc2f389e5219886e1 +NONCE: b144d4df961d4f1c25342d12 +IN: 638982b95d66ddb689b7b92e3adb683ac0ac19480148bac9db550be034cd18dbd10f2459c915e99c385cd8dc4dc6ec48b75f97e818030fc2d8fcdf66d66b80df64f0ca4af91bba83a74f3946b17af405bbbc6e216435641f5633ad3ee24c1a2ed1b39f649acce59ee56c282a3aebaee6e97f96b34cfc63d5b0482fec20d755f399dd5f61688fe55878713cc55d562c2d72236eb674a340d1a64932cdd8534a06 +AD: f2fe3d27bfc278cdcf16fffc541846d428b31534ec5cf51c30c8b6d988dc36cd6c0d41a4485a3f4469e92ea0fc7e694065bd8130c2854c95549630bd9cbaab2205f27a6efdc2c918c3be53f2d12f8f7cc8e6a81dc8be7cccd217be1fa2e6887cea7d637d2e2a390f50d2c5be10a32a9b380a400cddbdd40eac67f1fe9ba6033d4bfa88c563eaf57272c8a7052916cf4460f31ad026a0ac2588a45d082fbb5c0e +CT: 0d4de3489e09c7239972b675063579e409acbb663bea76bee8fb3f7e8785158ebe1c26db9219a9b97ea29e74762999518613249c3a87fbcd0128f651e2db8e2167f10ab532eced3464b56bcaa09780e5ece18182a6e092477ad933bd8de015c80e67c6802257a97a647fe2b1e9ab6a76c1cbf7d905deeb824aba2a34095f84b276d55ff940d6ab788c16cd63d9b16e0908d718c851a3230b0a37257751df5a38 +TAG: 9f0a882d4456847f44c7287c8ff3ba04 + +KEY: 9799ae8045d58250e4d9c3b0ccc8897a04b5b9fb164e54019dc58d7d77b65459 +NONCE: 0f20d002dbcd06528a23d5e0 +IN: 8f323018b1b636617c935791e1c8023f887da67974080af07378b533a7573424f1de9193c5d38f55e9af870f6c60ab49c80d7d1ad1f18f1a34893fd2892d49c315ee668c431f5f35e3f60ecfd534b4b09b64cc77cd16b0e1b8882872cd109a5ca377518e5b660d75052e9a4228e3935705b6bf6b4f4249346b7bf4afb891641a76621cd315cd75de391c898959be945ccca7a96073f2569f217617b08502f7d569bd2f80e0 +AD: 3f1e297bd91a276a4a4b613add617b0488414a57ede2ac75d10934e03be58ec518a418e98a4dbb39d2365889db7c5f389b2a16d8c702cf21b888a4cbf77b356df48a30298c825fb86128de45d7fa0e5f4b0b7bf82a2c4cad2470f33c231802263901fbda54a6edbf2df638716492157ec1407e7fc2eb6c663d9a215afbec3612778b8115e78a5fd68cf6ce66c12c0ca26e5c1f7ab079bc09c3bc7b673d21835671a13dd2a0 +CT: 9a5758dad7997a766db05d698b43fd491bdcec21352032cc023bcf10e136523219745a56f0360efee75a37de55da23cc7d8184a50ccebb110bcb960dcf6b25fe731e21f26290281d9c1c7715c4e6ff3dc0026cce52929163ba222f123d4f50e1d3cf67725fb4737f4010ee2b5b163ca6251c50efe05c5ab0b1ff57b97ffa24c98653f5c82690d40c791047a3d5e553a0142fa2f4346cfcd1c849a9647885c0daaac9efe222 +TAG: 5b85501a476217f100be680b2f5882cb + +KEY: a26c0e3864a7dd3b589d17a74a7c9c1f7e8f9adb4aafa0e75c083d10956b6bf6 +NONCE: b54a2a43ca3f84aef3824375 +IN: 6fd4ec60613646490791d82de30ded1a12e61fd270f1642d2221272dbb150ef63ef2604213e203b740dfc9c4bcdf722b3c85aa20abb1197949de710d7e8311956c8649524afc72a9bf5eddf0b284c7fc6d48a741b82c215a0dcd73bb8afd08d5532a6f7f99b5c6beb2ad793d6da53a81e6523b2240729924ddac996a723421f57125f928990daa7a55a5b6b53d7361d9728f66590d969659aacd9aa5c0ec627d991b55e9fd0bf9c3210f +AD: d6d8b570eca29a48a4d408d5b27ec6aec291d70cfefcd02bbfe8d8ba8aeb6db770bfd723d2c3a4859f1992767d24e7b33e3e241874292af640e2bd22a5b77e0e9e1e0d5e485041cac41d4694ac929ae1fbc08e7591e1cef689028f5db26f95fc9e0868887fb9c635579fc6335757697f63b4f2b46664ae338eafdd827988c8f2ebad80ea9787871ed8d6b302d5dbf7e8019f2e139c59036cb5964a3701ec049b839e19e33e68b83539c8 +CT: 2420e09adb24098038b2750c946551a5f6a5bdf23b126947348ddb5e938b3fcb874b33fbac6407095e05ce62df999e7234cd2b4e413009c71d855b23993cd58c1e26ba0deed891dc88f099fdf852cec0aab45f488a90edd8feb6f4c837036945bd304edbf7a2737921a2f8c1b00a1daaf9e25b908a65a8f69963fc767bc975b5b7bcc215ce37009009dc90b5c7edb1a1174a10ad28f4c1d1a2241e7ffc215edef4f847ceedf7b64f2d15 +TAG: 20521b35310385ae66557740b435d204 + +KEY: 53ef3dc7a10e435650dd20550cf3ec2b997afc8d9e79cca8f7062622afac3496 +NONCE: 257a205ed0f84016183f4613 +IN: 081e2769935f945419aa06fb5fa7d8412efd1f9b52a45863808022850836c1974d53d2b2c5c0cd420711a71e6d1a09e984366b8b677e6c61bbce8f3adf9f5a9fb5860887617a08c923171d681c4fbc6d569690f6a183d42b52a80ef0693862efd22bf83b7b4014a7008424c356b5022df1842309b3a4a2caee0fd3f4d3fc52a17d53959daccf8e0ca889578ee2905dd8c17d52e76712dc104344148e8184c82af8165ea8386f91de585b54fc8535c3 +AD: 5b73ae02bf4a70e57f5d48fbf45f85b8496ae8514c8aeb779c184f9cf823d8c1883c9e5a42b2c099d959c2298ace2d86c4479059256d6a4325e109fa4b6c4ce90f84a8228316e80aa86de9b5e111d88b2be447a29297b35ca90a8eb280d4c0fe92a1d593cb966cb0010bc06831efb0c72c1e222b031e900ef06ab8da542a5abe2870a0efbe92351d5915ab545b14900e41a27c5ca9d75d6277afafe7ae861131c2767eb314c0c3da5c264f8f2b4ac7 +CT: 20ecb6cda861b660656d692c626436227bd4ac17a9bc71f6c84a1917ef3b5a0f6ba370f00fa2e7f1bd5aa8d6c15032572090482c23e4ab7376ef1f4dfb77f79d5dc065792fe3476c9c37614e32f493e461981b519dd7d10234c2c69264ffe5be06a8e14c81022b652c8cfa24adcc7c7536a55a2fc41e9ffcd09e1c483541cba814eafd5e09e9e44477018a41b073e387c9257c07d97e40f0761fe295d015e1f2df5be65b13f34b6ef0fe1b109ad109 +TAG: c129ba4c10bc9e9c2b7d67f5f249d971 + +KEY: 15ddf0d794b1bf2e67db1af47b45b8abb0c62ff5fe09b29659f63ff943815c39 +NONCE: a6e6b4fd129bee3ab8144da1 +IN: 9c82ac83e3dd227d0cb9692703dbf41292fbaf4961e28b7407ef069e33850371ce2838b1808ec1f837511dae9899a867959183ef3d988ac20758d7a1a6859cedf687d8a42f3dd53fa4b5843e5be61422fb8774c9eb0fd22cbda5950155caa0ceaa00417f1e89a863fcc08cbf911776fbea8d7c14a6d819c070c9abe76a7f0d04598188d07fcbb822758081172e654c025703bb24c523cee2dfdc31c8d2c84534a60e7efa9f52f7e74e19c859889f9bd024f28763 +AD: 892bc04375e9ad5ad2b5c117d1aacc202a74ee4cd4125019f38ed4d716ce361b8b50463ec3255a00670f5f95d361e79349e90bfccbf084586cb5fa145b9eece8a10187c13055ba0d17c0fa526ba7985f00f3eb4a2cd53b6da488827fa8481cf47f6be58771d1e40125652732a7dd5adc49cf99ed6b085fa9fe8721c86f7241b6efb6002e65ae5f72e16ce6a09ce81365485b20f1fc2e092216024b1acd0bb4c2b4ffe28d62a9a813fcc389774688eedd76c0b041 +CT: e30465518e7dab44b9ca4ab6c86fd7b701e334b050a7889fefd08aa12c9e381acc7875ad5f8574fa44f8550bfc820b6d9a5600cfb82d1f98721a875610a91c8f47960ea64445c0e22fd3ebe94b3564e98b9b00a68e9bd941eef5382a67782c5e24ac44b928fc986c62a02fc702b145843b1c6882188dcbbb6f6b51ce1aa7784da03cbdc3efb1a01c1cfd7e90dc3332fc6e912a6a967ef1f239cfdc9752e235dfe75dab8088f8cc207a4a28994f122859aeb52d01 +TAG: 62e7455cd6b95319efa3ae0d14b88452 + +KEY: dc0cff51030582f29676482ec8dbf0490a135a4cf3e444edfb7d1ec733cdf7b9 +NONCE: 58c892d618ceb6027afbabb9 +IN: d6c4d49a9431d51bfda5bd4b07997690748fdc3df196d27d219a62480dfcb6300c5a234d675aec1239280446cc134bd4e0e0b5ebf6f10bb11b788caf949c0c3553497b62e729f08700b66c6720c35f1f434f16b15a4e404d627fd054ae1394a77d5ba728f3422aad5d99a608c2aa52b058946a76a408c5dfb210d280629ac999e86ab1f9da8f2b7b79ec07cb666105582564974180ace98c63bdb962e4580692abe58929d29f066d2f7e25c23a3824483d9e49cb6f5fc4a1b0 +AD: ee3bc8d875a4d43c278cfeefed8ced8a3da946adaef93dc356001da151010548990fe08b62edda46634db320601c7f4b50956e29868bda9ae5df186f15c3ab4a19d7cec274209cecc71602e45c37c273b7e4b2a168de5c29278042a3dd1fbea0998d7d9707d412f476ac8de7936e2e5c268a2f22646f682e664e526f88004e7c461bd42337dd21b1cb39ff678974adb67c2ea1b7055ca98697ec16c4b3bfa95b4dcbd7fb015480135634c34acb20f58549f7e7e11e20a991a1 +CT: 54eedf8ca21f31d21067af5a05dc3cb99c3dc046540d2cd1664abb32fc7714ac057d039cebdeb124e1ca9511bc71f92ddfd4c6bd3edc8a1934f2fa2511503944f2a0818e30b9bdd26bd3c51b9673f55ad3f2ee5e41de114ccc55abcdce06a5bcf63a5bd61fe71dbbfc97e1c7f3417fcb9c1462e244ad91725081c9176a0b91d3485400d273a16eecd870ec1e9e016a7f4af2fab39a0bc93576ffd1eeef9cc15b7e47feaef85b21de422666ec722cbaef26edd1941e7dc03f72 +TAG: 1cc8c395b2ccae3a685183667ee7bd34 + +KEY: 90da49f8f64e8a585697a43644a48bcbef33a8ed23c1a93c65e59a217c04a1e0 +NONCE: 0812f87792508dee6868d454 +IN: 26dac57d9f30bae5831f98ed074cbc9af9731a52b2322cdd23f1f0abbf78092c48d6d24a43c7d49edb3fa66086030f37dd9dc67847714437b11577d2bec645b3210baa8f7a540cbfc20deec5973b7489b7607eafe72e249df5d0fed95e29f03cf7f0c7a22fb2f06a0bc75214446b06d25a45ab8087270eec56af3960f53b80412a4ea7b45e54a2c374e8a3789e8eb57e656e22107503920313ee3e4025836b9e1a98541446c23bd5674cb83483642f2f3e8270bd1f77c85bcfb205a9133c +AD: f2168cef97c27a902d93cbca07b03f35c5c3ed934192d29a743c3a6c480c5a62172c088fc89cb2d8651b8979e5bd1864272ff179be8003c6dee18789c17583dc1de4e8b4fec80e5c7575838e621cac4b5b51ce5952f22e06b1c196101d2ac8d05e797323e5baacc49d1e74db97142e1bed723d46ab858d59fd36d5d08eaa63f696b610eebdc9662e504992fd3481de1264bcac8ac426b09fbc641ebc93f72c5d460088fe0b08420d88fae219b6a5a67420a5f9d1201bf8d64b2ab3e9050a +CT: 82196d89624689bb172e4ff71619046a91149c8ea99ebbaa3f2c32c77938b5ac466481575dd82a008c7f5867bc46ee44faf95fa40b6237c8c3b62474af2efcf07c771e23a63e65b48b0bd8ed26fc64dffe03e71fac6d3857b1248df63d888567d7d3618c68d6b8f1c88029bd7af8677d3b51f70ccccb4eec9e100768515637ad8a4b2e2e317902e456974ce9fe23095cc68566e85cd913e8b64119444f124640d16ef3e98136f32d618eef78f7ffbafb64227b3185bda8f541c0e7ee8405 +TAG: 71fffdbd6358f755dd22f1dbe42c4aca + +KEY: 0b1b256665284390a9193b7b7aa4e3ad15a3d2a58e79d75da8ec284c02fa3a2f +NONCE: 346ae65660de8920605fe8d1 +IN: acfa83f56f137ac39d6447d98c5f7d5e812d1d8e7c7fa7f7beea9a87c59961449683fcf5332c9ef1587135030309a1c2d95257114b790b18cc32f65f4c7d1652c0106e3331f826e9b8b0dffc50aa6723d0827076b71c668370ddc8156db3831559a72e48266b3886a6d88318e6ca646ff561ed4f71e665abb7a60089f0a115c7b7fad9cbba6c4cb0c242b9e1f17705825d98f4bc10bacd8ab2e11cf579f29b2a0b085d8c96a372434785856b483c3fc9ae909029b0c931098d7e59f233cb6450fe0b0d +AD: 64347fc132379d39cf142ca81d7e49c010f54f354ca3365d5195a7e43175c9a47603062c5ca61aaf2b381f5cd538bbf48f50d620ff2b5980c086049a378aca69570ab7c406b510a6aa6b7e8682ade6a091b1f822a97ce671fcf7c911c43c4795b78ce1c86e990e32bc5c9fa34a8a4b22a20d6f7c46722d1bafd49443b4da9634db4615f7cabc3d5bd9a8921e67de45dac261f54bcd0af2b2f845e255a16f2d2f1ffe26e88238f5dbdbe111393aab3409e08dee8b9bc85c51b385c191ee9290454236ab +CT: 9d7421330f0c2a525495bc360cd5c2273531d050d461336a254c9af8611d07c3559931cd6804fbdc6e6c9c997283cf40bc23596efd1bf116fffcc6620e45d1c738569af012a7ed0d575ace3c12662f88f3ee480af30ee015ae70db112bf4a185e220660a912f9ad840346e7cc0715e853dcd9b415ca9e865d5e4de2321e6a1b7cd8a35c760abd3f099d395576a91503147bdd51cb4bd1452c4043b42dd526de6f61bcbe819cfa3c122c6f62e0d4c38b443f5a138325a5f0ff8a9a2071c2773ce62edda +TAG: 2af508d74bcf8157ae9c55b28b5d2db9 + +KEY: c055bfc7828d9fe8fa8d9851d33f3e4888e0f7e286e1eed455e14832369f26fa +NONCE: 2804e5ec079eada8bb3946e4 +IN: a26a9b189ada0ccafab92a79711360c7c396374c6170de395bd8ed80dc5db96ef1534adc4dcd419fdf1801add1444a195367213e374eb1ab093f1f54cd82eaba5c1cde6b867e0d8fff99cdab4d96e69aee0c58a64120ce0cfd923f15cdf65076a12e06e53ab37463096d9ccb11ec654e401c24309fda7afa45ee26e5e4b8adc8febbddaff1e7cecacad1d825a6b16a115287b4b3c9f8a29b30fa6236ca6e883abda412177af38b93e0e64b012d33d7bf52ed18c4219bdf07f36151b7ea4c53091ddfe58b6c9beeca +AD: a184e4811d5565849a08d0b312f009143ac954d426ca8d563ad47550688c82dbddc1edbdea672f3a94a3c145676de66085ded7bcf356c5b7e798f5ab3bb3a11bd63c485fbcded50c3b31f914d020840cbc936c24e0b3245fead8c2f0f3e10b165d5f9c3f6be8f8d9e99b97efda5c6722051d5b81a343a7d107e30d9319c94dbc7c31c23b06a4ae948f276d0eabd050394c05781712b879317ac03eb7752462f048bcd0dccb5440f6740ad0a3a4c742c3da32a49dfda82ed1b66380a8cfd09dda73178ffa49236d20 +CT: 58dca29b5008f74bf132947df768dc85e2492a381429f151a3bad3132e63a4a977aa09f10879d206f43f27a26909495d0a2c8cb252fbcb3abd953f6e0ef0f6d5e89d89a1d9ecdb0e44686fbf5567a6fe7557a084a8a5ef5316890917bc432164266a331118c828fad4f5d1776645d163dc5444c2e12def608efb47adeb8f9928a5ffd3c46f963a749c310688e78525e34a510f529472a14bc7a5b65594338f6f5ea1d95bb5bddc6e8e1d1a449d126442accd162e4e03c10824fd48b32df763de5d7700dafc54206b +TAG: 141c80e1d044e1e9cf1c217bd881589c + +KEY: a54a347a7a388c2e0661d4ae1b5743d1c2f9116c0a7aa2d6c778a21e2bf691a9 +NONCE: bd3456b0dd0e971451627522 +IN: 3d17e3d9b5020d51295f7bd72e524027e763b94e045755af4b3cc4f86bce632a1286f71734e051dbcac95780b9817b5f1b272c419e6bc00d90c27496ac5ab8a65d63c2ea16eeeebe4b06457e66beeed20fc8d23a9b844ba2cc3eb3d87e16e1230fdb6a9134bad3e42eadccd49baed5e03e055f389a488d939c276982e4bc77f0a1c738fcdee222e2641b06fe12ed63ede2ab2fee3c54d7901d0911c32980b7c663a67d35ece23136c77f8e4536464225ab427d937e7a4260460d55bb5fdd7ea2f105604c4b0cf129dec49b81b1 +AD: c12d1ffb08acf27d51e63f5c0e311180b687438e825204074d4456d70b7c5ba9903ad0b0778a5fe36c3e12e82718c00f5d1ce585e5c73b23d6c5e41ac4a180c97c9418b07ccccbfc58c678e97882ea36395c0a05572b4cd25ddb3c32fa580c89c48a0e3066b8032e3823893a5721a4fd1e59c7d012a01b9e9afc12f3bea93e9d1a2cf5cab26e064576b36bb65606de62fe2887ace0cf399dec08da618954ce55362c8a2bcf31457a1804bbfff68a76d752f9aea81be8868bbca8f1af3375f7137941a1924b8a2b178f06a9e33f +CT: 938f8f596e17eae6920410f602c805ad9715833087e1d543eb20b1b313771266dc6a8f86f2ba033609fadec92ac38c1f1f0f728e568fe8bcecbae2ade7b9c4128fb3133c8b4107ad5c29cacbd5937f66905e18cc52d9239c14e4c8edbb2db89b26f5f4a9ff0f2045192fd212af6c65e448834580deb8787b612d6345466483dbec00b03fee4751f543a6155f2dbb745c1094e9721aea3e544a894e4a19a14645725cb8fdc21d259e086b1e411fb1bdb11293d0224ada25da2896dfe0d35095230af6894404d27d901540b0ec35 +TAG: c55c870a5eac5c0c774dd10dbadd3fec + +KEY: b262f6a609c4ad6da3710d58530b634fd7bed875956d426bf4b2412209902233 +NONCE: 0b455031d28e4e17a45b7a60 +IN: 9cff6ec8832bd0e62d9063e43821db6a1e0f3ae7947ab4d029643b0e7db8224f8bd00a2c011b246a4d5eccf9801fb314aeadc0532fa71cffe188e801d7c045e81b9dfc5cf6ae1e310b363adec4e7ca52fa754ece2540545a5161eaf9ed5748070b6e232125fa8e0fb7548fd3eed57a6be72ce0a9112f166776816a0a4ccf8151b6b93780875d03ea3d59ac57e7904c83b90b7666de85f055b25f9e342af4cb04b0c3f123ea0906c04f252f2b16b28d612e37b2a7b788d66beb8b361385efb73a825ccfb1a5ca55d60afde0349e5dad8096c7 +AD: fb99bc661b51464c0df92ba4f64c4c56d601622287bb1bf8e0a082ed3793e74db6a2f5a546391ef55dc45fd2f24878834bdc2903054d9d02ac05bd5ff122b65555d7ab1664cc36b630039e4432315445f303837e57149fdf6bf8d6856ba97abc5a18b6cd2f8f28cd3ac079355b314561c50126812861c39180fd94f9aa24edbec37bead760093d32b96ce30e389f63b2b271fc051b42952b3f5cf3950def581f7cbb2b4aa5b151a16ed3773166761232c106d3ff57851895640ea12befd69daadecc4122b4a481e85088edb093e02d5d3d8a +CT: 5341e8c7e67303d5374e3f5693c28dd9f9a5c9368efaaf82d900b4a4ab44337f7d53364544bbd822020d79443e2ab0fd2381bc73750203caa3d28858a8f9a6dba57a7c5248361ebb152a81a89c00b1bf49de9e2d08c0243b38eefe316ef89164b4907515f340468291e0b51009c9d80cf5a998d9cd8fce41d0c7405fc2d1854aae873f0e24cfad253ee07d9f4cd27080ee8ec85d787459080a06d290e6e721d23738470835f173ed815f1a15f293ffe95ad973210486372e19a9cc737c73928572cbc03f64201d1b6fd23ebb7b49d12f2eef +TAG: 5e0ac1993ceccc89d44cfa37bb319d1c + +KEY: 9b4387e01c03d2e039a44ca2991aa8557dea6179d19259d819d70ab2d5179eb0 +NONCE: 852124b4e04d7d1d63743d74 +IN: 92c6f01cd2cd959495bd8aca704f948060bee01ca61c46005b4db43e2e7655af4c0d96656cd75d904325ecc325f5fc9a5fff3eeafde6f81323b0e3b64269028cb64c9fbe866b400e76487f1759d6ab8fc66589e23df0c008974e1613bb4ec556bd1a6a0751f6dbbbaeff219874c57dffca59a955e0aae62e8fd6a904a50fa7eaacccc6dfd4a2b8c6c040505d3448ed2217b7024224bbc4335c63b2ae8172d7d3088b819edbaa17991a4729bcd5a456cad20ba20dbee99ae56f8ef669dff93c99a995c8f5dcb5d113db4178a49516206a1cba7d872682b1 +AD: 92a1d2574182f850e37aa62338b19f403fe99dbc7ddbe1e6524ac67c4092cfe296b5ee9b94eddb5c228c902c18ec1ec26e1ef0263d05c5caf1c71ed9e5ff987e9964b46f27be05a83e20867f1f2107db26b6bc7066af2b0efdcad2b65f2ebe8b31fbe2f3c30171f2e4969f1650c9642ae47c8db5bda47e57e8a9af210a6fd4894dcc2934b4ecf823cc841cdb3c93ecc779b455b8cc796d7d60437da201c3f848dcd5f45e88973e06364e7cd01afd2d49fd3032550f1c1a60c4ba48137398f4d58e5fd0093c06042b103ce0064f2cd1cfdd39b7440121d7 +CT: 28b87d324854d5c9c6ebb303fb802b12d946ed681ed5b3384dce2cd782bfbd022f213f193bcac579176440bbf2af378b019d21dde5d70e42d257722d15417a9fecc8e56430551ea3bee798a01faf74d0fb09be6dd0c14cd03feaae29c7d17581e1fda0b4bce632ef790202e98c8c4f8f842fb3e33b3fa5e8700c8644ed6d64280652bc2a5d40b3ee0e47dd5a9f3535e15b1fabb30264515afd4f9b1caa5c224574636935baebf6d1992bf1a7a3d698d457db4248a2b38a803837ac4fab7998722d52de61bfab4f98e1933a77046bfb3941bb7988acebce +TAG: 1b07d58be48b81f7007e5683b399dc28 + +KEY: 9d36155d429b90b5ff22ded128c9f0cfe77ed514d410998091bfca4dce7e3c88 +NONCE: a7b73ba1b2b0e846c3f635aa +IN: 2510210b420b12300d51ee4a7ad233c9c97d71672c0f9a7b9041d32172fdf3a6ce274aca77a0db6961d7921d1681ede2c1088a7618382481296778e7f56d2c0074c7c545ccda313495ae2a6dfd042474b07d2b59c79a0cd8c3dc16132beff1687111a48ee3d291ac556987e73c5a3807923c2deb3b9a59a135a8fa0d85d5b39016edfe0649dc13be672a639db58839d3362eaeca046767fa1182ef8a63abc104e7cdc8610b1e956aac89af76b40844a358fe6f7343d217e1838aad19587ab4b1c765d2cd7bf7018e338c0207d4c9dabdb1625af0c75749e9a20a0d8d +AD: 39e96c8d824bee306189a3bc8a8d4862df55e8016726222a528d76de169746a363e82e82e359b774d061a6e98e3c35aca8ba802a5956a2c512501fed44ae341cfa65ec9d95485763d99cbd9aea078ce551f7f82272bf54dfb6420ae7653f275ef145b2c87720c9ccfa56bd286c61cb822d0473dc2cc3fa22d50fd16bc0358e7c615aa1791b990f30b1d737f798219f4446d173e80fa62380dfdfebdb36b1284a62c2b6638f28fc370034812d09b57d27e5b7d589075bbab42fcd6a91fa2714538be6286e4c7b2657b80f045df7f8954738efa7d49a38e5a55a2af934 +CT: 8cb991b10218bfefa522e2f808dc973620ea391623947cb260b852efd28939ccca4c8b1f02d66fd6d0d7058854fac028fa0f23e8de801ed9a4361bf7e5a23e6a7086624a64a29815bedd5e5ebe4d9f9386d47e1408286971654b38ff8e5dd1fef7686d7614ef01900ad33bf97896b4ad02e7445782b1794b45af967ca3ba72a2e5cd5252a9ff0ff550ee56fdd8aa555bbb0bf8a5dd534fd65b13235fa6650761dfe2a28b2757077a2680ef88c84eaada743d1f0d25de38fdd1974ffc07dbb9c7fa67cacca309a10753c6e2561c4784470f5c7e116e12070fb3d87131 +TAG: 665fe87506f8df07d173fedcc401d18b + +KEY: bd187500219308edd6ac7340d72813ee20054d6d4b1bc2ebcde466046e96a255 +NONCE: aab93d3181e7a04cedf17031 +IN: 55b824816e045702526f8b5def71a0d023a2e42257fc1e06f9a8531ef9f7717474ba4f469e442b471d5da6e71aa635a307205c0a935a54b8a59be8856144dec435e29aa1a3568073aa6bd3439bc0f219fa1179ba0a316f7d966ea379da16be4db2f1fdac2fa6d00bef9351b78bb2773bc30ddc9d019e6e7d78dfaf38010080027afac33e751c0429ef6c70a1f2d01f103482818e9353e39a3a4b785a7dd2c7e1ba7a4c36a5f3836d5465c002bcd1ac576d90ad276952ac155dabba6873e6d92b5278280a540071b205ba99b77b7568862e70e6ddbd804906c33fa130f8b0862001 +AD: 11b35743bbcd0113d2c188f75d382df44e874a2d4b3c3148ecf8e0406479305f29197a3a71dc7bcd71b6136ab11a7cf46de80140e15046acfa18774cbcc755e9f3beb37202fc308c03b1c20470b3128f5b91d925bd6703dfb3277d65159688f656d5ccd83d2beadfd778854472b1cb8fe440bdb7efe806f4cb95249cddf69fa0013dc5a626eb8ab69a48b3ddb1a317b35f7772f711221cee1cee9469e2639c44448c5942c95324dc2fcfdc952e05aa336ddbaf57cec2d1b33981ecb8f70ccd34a279b211c50a7784906f2981a2d2ad8fb130100c4f6bdb09c95dfcf4b0eb7ac6d5 +CT: 1e99d06f82333ec8e4fa1e81014458c81325e5d69db561449b153727da35c0b540c570b60488aca6aae58f75f84792388d0160dc45e4e5bef552c49228d806fcc22259f0f94da2f786cc94a3ecf3cc15ac67719379d86abaa54ce41e868110ed2b56dbeeaad4a444eab51a96aed404a4f4b9677d22345fdb67ed0df091d23d8acd70bf6cd29f19c99910888b3281b65637590af984e493ac70011486ca88e72fd14ef1cba06a50070f138dfaed35ab12690a14b1c8ac319f597bb690cae28019d64c868acf9a58fde1d8aa18dc1ec9c3c4a0ee9c4cfff8912b1bf23c805af6df48 +TAG: 1a43147e6e097a46b61f8b05c7dbbe1b + +KEY: ce53e967bb4675a51652a9e6e87da6be36d16245c1e37ee00bae09cc30ed8528 +NONCE: 0f53ed18bfdd28918c3993d9 +IN: 3f2416477ff2ce7da3e5766f043e7a06ea2b87fdf06320d296c71cbaec4b115da356f8c7f34220f91e90c97a5cbbb7fcf0048fb89414eddeb2ec1062d08cc75a39a1f9f214fc3efd6fc8e70d78418007d7d28944b3f37fa5667ff79098d7af36a9324419b53efa76e98a311e1436ecedd977397cd02cc8d377ea8558edca35ff4c71ec31943119b76af4c78a435033eafe73c7079224bf2328b49ed58acef9b043ae3c7ff17a66b521e190d6ca2b2835ed8edc2c173f04616af237391a4440fc5306366c834f6a504e902dca6d3e9e1554088eaf5b15db7fc1fa19f0867ece90ded639ee8072 +AD: 64a596ffca0889833fcb537f58d94791f9ba9b6b7ce0c7f144f2f1a95d62ce334f7bf7f0d2ef0c6e7afa2324b069dc6a7a522f19a001c335cc0252ac4a26079c3f267cdca1e3f933069f52fe72e1a00c83d8fcbd2e76149a912c7b37663c2e7967a3a80656c87094d349af6b9d64b3873f467ed376eaa1e0abae06180c847e981c6a12d32b580acd34f779c343f8b79df1b5004d333a5c37a8be7a94c6f6400f819ffbe6d54d3c1a92824fb15c279fc8121c735b6c42248ee22e665245966d40eadc51f12904cd64110d69354cc9d9fc415b3469317d5e4643942dd4b649de0ee2fc5d200701 +CT: be462da8cc9d8cdf343f7025df0b8b41c24f7b6060cea2d3c63338b6c3e83f0797e966b8c5dd889bf1b5058fb4d694be2178fb33d9be1a351812046a6d3bd36c84ee3665d39fb98159e4d30f8a25a60064caf980f744fc519e2dc451f5fbcc0834b72920d32f0492abedc1022b0db4f2f44b91ec48c588334775fac91f174a4714b3825e96fa53cad3de94807f3b888950c8776189cc18fdf379cdc9d6054952c6ed2b3fb7f6b49beebacee7ddcb19a3eaee2b2e2b7a5d6476e5fc1f216ca443b859a9a661dcf2f7709f87361186368a62f255d78150f09ad4ab1a20e7329f3d96fa2a33cbf6 +TAG: 1cf74908f6fbfa5b2b309ebeff2f3ad1 + +KEY: 093d932ed969cfae63f07e0c04c7f9eaf1b36f656095f8d5f112517dfc430cdc +NONCE: ce36a837ae93a280d2fffc63 +IN: d9da99635f8d728843dd587cbb24e68e1df2f81b5f7abfe233a224cdbd48cd8b82da3711d2ab6c1ca722610b87f426a2cdee4456b50781e3b25da037ca636f2a5eea01f4eeea52d0feb7f1f6c2594d63d8c05c2adf339839449cb1d2aca94852d1b64b5641a572c2da02ebe299c7d1ff4da8706f44b14602f44c0ced711fc78005f87b1686106250d3d3860b67f5b38788db1891150f88d4c5276751afa0b2e37a59587cd8b718767455e65eef25bddaf787d52b88556710f740f117b02f244edd47cf0e45646d40e789671ae61ab06336e24fad8b64cd8f60b427ea1f58af443c6f55d54028edd5f40d78 +AD: 5e9c95c3449cee3f9f726be031089b2358ee92fe7b408b355739c8da6369304f3b287ca60dde4685bdc59879e1530ffd8f6589449196abf0f0dc6dcd82ba7fba481f13376cf29b32af2ecca24a161e6e57b6db70a7e02ee2154cc0bb5280b08f8dca35b1a342fa18b8025c7a805cebaed99e30b43c139de7c37adc25b0b6b5d873ed86530622ef2d0ed3ab19e9c27df98a4a15324f902c35a23adcad4598c6e990c64893355be15fa7320c1935b4ad3c069c068d6b3c8f43d6fe0588b59170bf567ac3a53a50db68e4be17964f55acfe695638cb5fdea5c40805334a385c2d35aa836637ccdf71390487d9 +CT: 40380718f069f44c88932af22a10f80513821caa71fd7a9e5c4f37e1c756c43fe491ac13f244bd1299844cc78d7812110f570b693e63614e639ec7395cf65c206eb6fc9bba86f89d03dd19e45d5ec64c7d3a308ced4ac1f59cf4e13be64e49acd9ebee209afc508c97ac817f1367629af9d59b0cd48f138d23abb61f92dac530351f46a4e7f70ac87388e44f6e9548d3e6a26884bb7611f632da7db2a12fd9174773e685df316ea9401d8b352135b6b32a374eef8661b77eeedc34fa4178d0a5731ac9bfc14bce1dfe96af095b0088371ab1a04b2062625f0c4fdf01fc0a6bbf1661cca11932e93690501a +TAG: ef7f960b146747ba4f25c705d942f8c7 + +KEY: 86875efa72ec1827f133a8935193292463ecef801bf3b461c96b0312cfcf32e1 +NONCE: 738136465c8935d77c8d4ea4 +IN: d692d3ef47a5c9d0d9a3b6a0d498e90a3ea06278134ce90cc1d69da2159d9a1f5d0a9ef4b4ce5f873e26e8f9d53ced79991491325ba5511be4d9e6563b70459b10e60d8c5da45d3b0b34dad86772b0560314f0215bef7b55c6ae53999cb2d6a14a35b50fe5a1598adb7ebeee097968ee7624bde42862824900c8cb45b12785d9c4d50ef38133d31a66a612d8638008d03edd19c4d7edb5f9b9f195c60883a7d6aa85bc3ca3b59c395b85dbe9bb30ef6896c4ebae8d72cbecfadfa451bf36631aefddd3feb36978aa8d9a45c9fa09bfa0b2c040d9a422840e68f4dcc3eb902f6be1d91b11e1749183d89715761b6cf22c +AD: 17208cfe5a96adf0ec903c7618d994492d3eb77275fe5bfce5ab1f67d27431c7746314e52934b8c44481e5760cc8f6b0e17d1fcac7fd5b476196e3152c3dc90adeb58c2c9c62cd684b4b18d4a94f8e5b4336ed3f1758b58a254f48b3aecd9cfa63cf758f2df54c52eb246d046198b6eabc90b2a0dd6c5323e915a117235174fc9089cc9bcb1a3bb49080cbcc24367e7f4e17e27a2054bdda0ad8996df1cfc6bcf43f70cd854f4d97aaa4badb5826dd86765d36a2ecc83d3daaf31594eff02999a423185356d693f26025a576037336c156543353423dd3b5da75f45e297c60dd8e091b961f60eb6786fc988f6324f9e8 +CT: 55f48dc2b6836b8603e19264382ddfc568b1bf06e678de255d355fd865ef03339f644312c4372494386589431d4ae7af2eaee5dd3c16340ecae3e87dda9220a5f9b9fe6cc3eaa226d9608385b7e8a6216e7da71997088eaf7c67b5402be01c0b182383ed3c0e72e91fc51fc99c59cc8271660dd7a59ee0e7d9626ccd4439bb9a1499c71492807f8126891ce09451d07d9c5525c5f185559ec44aa31498be3fc574389cf948640dcc37d0b122249060bb7d5d7e5194d4b7a7bb64d98d82a1155e30970a854f7c0d294fbb1a9e058f3b9f4762972c21086e0bf228768d0d879a9cdb110f9e3a172feca7417d48b3fa0b0b +TAG: e588a9849c6b7556b2f9068d5f9ead57 + +KEY: e9467b3a75dde39b0dd44e7cbf2b70ba1757ba6a2f70cc233d5258e321d5b3ad +NONCE: a9756c7b8e2e2f4e0459f1bb +IN: d6d7f6112947be12e7ec8d27ce02924503f548456d0ba407bf23e848b9ecc310e4a0c7b00c0de141777a94cb4b84a5cc34b2b05c8a37cda08b6c2dba80e80853f2a18bcc41341a719f84262b601610a93721f638a8ca651a2f6c03c3cf1070f32b92c4ab7a4982a8f5e8ae70800f7513405f3ae28ba97a9ce8241608eeb5351e6cef5560c4209790ee528b3876896846e013a0bd3a1aa89edaefe08fb4b73b3fa64c0c8b0f7ab70653ee138456319230174f0f1f7f3477f0cfc80eab8a96e29e85e20658cebb830ba216b1d8281ce499f729278dcfeb59cde3a043ef3fe2c42705f311a422e9f80fc3b58ca849dd4b99e5e66a958c +AD: ccab7afe4d320e94f77963d779ade1343e66ae80446eaa5f9ec4d3e3bb3166255e4aac5707ab407b284dfcdbb18ff515cf08790f0470cf335946040438c7de2d2a342096d7607e1920d86b519e96cec1715f4b0dfe375c5959644bd664d23d879b825dffbbdc458ea9da5ede5682ce1ad1cff33dd8820761b1c067cec638873a3cae79c7682ee8d4f97cb96a413dbbded1c242ca669d50ebb6de3c27eca3041fa8aee8974c3d17b0cf79c32c7bbfe20dcfd57303cc40334fbdc43e925df1d63fde57bf60553d7790fc56bd95e675db934dabb1125eb97cded95f397b32bfb3a2d40703e3f11c6c226633b3cb7f9da1e3367de2ba4d +CT: 47bb258ddc0945079a0b99ed5cdc0186f453f8e0393cfea258412e423dde4a00c014ac298c4dfe7c03b0d9bbd4ad189624cb6fbaf13e60ec2b4d83c5bc3294dfec30bd6c8f7125e11d7be145a966dfd78fd77af68099b855989fe077cd9f427d4381b4930abc1daae55722540e4bcbe1b560fde208ef1c2dfcaa2c51b76072e67da311c2556eaa2c25413bfc43d00dd84aa8859b296e05945683e028699d60a29227de1363c4138b9ec2db8f3b502fe09d368c5f2ffd81abe50cc1ec1ef216f27f401456d061429d1910623af00bcf500cbc6509c5aebf7de9c956e40a3f0b0d562775b03c282c204e33c0b380ce1475eb5c0441f6 +TAG: 9ea19333f5050354a7937fed68e38dd4 + +KEY: 4e323dedb68bb5cc4cf2edfe3a54a19b410f849492ed6f66fc053d8903c3d766 +NONCE: f77b876eff796db621eabe88 +IN: a7514c4111d7d8bce2d56faee25d9f5fbb527162576b444fadebf42d48d2631cfed344b0437ce8a7609bf30bf0a44aef172f8b12ea7567cfa5dccbd08bb3115efec59437ff02e7128df9d9e5193794373e30dff7b3d8ec0fcd6cd3872d755c0314f1cd9cb996e4c6ca8ee2e35f9b64a1f0bd1669369f9b333a356ba58e553ff9bf9cb6c5522599dccca2f7f57a91006e7dca4095d11955e5aabff69febb98a408aee92293c0abc12ff23482ebe9d541bf8fc7493eef2c68044dd185eb243b54a2bad9844d831d9b0766a0ef013ad3ac03627b1feeb287e5e61875bb1d0a01315761bae6323a9d678cdcd3c4a85be71b70213d081b348c63fc603 +AD: 9bd10dc97ab5e9b35e1c8c36ef37f90a11bae7dd18af436fa8b283eafe04a5bbb16bede6ce1260187299ae6474628e706cc08b3627f5243f1a9ab469455666e6d5f2ab597b6799bd60a365a9248341decc36d473fa52ac5ac469b965cb2023d43b437dded84ad49de95a6dfc6ae4bbefaf86f9b06e3a33ec90d32ea3af541fd2c43387c75dbd94d44b9582e8ea41afba5e49f1d158d48e979d04888fbd42876e12bfd6695cb99640c537f2f9223d37cf6b627207b9318bd1f4c64556b5db1101c486c53dd8dccd7405e148d6d9b38b7ac875a44bd6df75edfa4da8594a9c43b223e7a6f5b81a5cb8dd6e06e9a976ef156e45520af332e4d56035 +CT: 9885d7a11004ec546955fb7a8c77ae57588fa2e7fedcc8e9000123495b9016d1a101fec1e6724302e93eb8e01bd05efbe8502eb97b1064bafa9bba5658b1677819cec4998dbf02df1f1eef51bb3e75c19f570efdda98b0b8dc5dd9250eae8396090ca9ebecdb90f32c5e2085e86b64e57464d251af62d9f8c01d7bd6cec5f9dfa5eb7c4cd412077571bd071a4eff5098883940d63b917c08bf373916cccd7a446abff0aa5c687518703c25cd8d3c5d724f348e20be54f77fd18dbf6344d1d25c788ccb5a5747d575435829b1825e31f9e94abc33c0d2750fb62ae167a7a74fc9e39db620d43e0b8514d5f70a647e53dd5764254b7785b1519474 +TAG: 936072d637b12b0b6a4141050f4024ce + +KEY: e57e74595d230e8eae078df1dbc071c66a979a912e2252257e28447e97fc82a7 +NONCE: b613d6d5fff507e917674f2f +IN: f1ecbb2a45f04ca844616528b10ffa4d2c5d522ed4ae3366888fb371b6ee7eb4be53c8204783e43265931f58f308623f7b2733384c173540aa0bdf879fad0283c2be6c42a7b4feb2b29265fffdb518ea77d33507dbbff7d9921bd97fd27f1100402e02135f7df4b5df85f7472fa75618facca3e24d487453e831efa91242e62ee9d32880bc20f7ec016eb12edb589dc8a669f7c78375f915d7c2b03457b00ac2aceaf37c0369a85c3f6fe7c0447c022d66bb5acaee62163837a36e882cfb8579ba9182d3153a25623f339758ede5a62f67b199fc8abe235fe4b607a6804fd4d15378c76e0c26c1edf1cd637b7ea59edc66cd5ef9b8cf79b95ff89c235ab195 +AD: bf4c0737e461c1d6fc45b87175fd7833625c98a03e089c4e3d47c6b21f4bf38cb4b7666322217eb8fa022afae473df56ba3502c88cf702276bf39c6fcccf01e629925a83816a5096e612458af6380dcb7f63cfc0eae99d63475616b18b44111a1927b05503c4ce46ca48321b0f8f247a54919fc844fbabd3a2481e83bed8a5ee8086d7559db00fd1d64f4892ee9363d59829ce1e10af66696c28e86297b43190800251f346bec1b577446120529d486266a271c71011528b24ff4caf2c30f9748a2b03c788dd583541368a643075a52127c48b3b6f0c6ef413e61479c9afdbeb4bda44340ff0d81c7bc0321d3de4080cf7e108dda3fd4e480e685b202c6bfc +CT: afb2aae2dce03cb0bd3467447ef6895a132cec06b9f7764ee24d90078660dc820b8384c01375e03c20a6c688a780d7d7fbe5837d477e8f3d7ab3ab865dacb0eedb5694d3276ea914a421b03b9d4e4f586227a3af7e8d5d579bd832450f038eaa7bac57aab996df55367ddf59b338e5d370e310124e8ef43c9fe54e5d23d60023aee266054ea66c9f32170ce97998b527073fd178ed4e1752cb9c515c0b32766b363c39c513c2e9ff6d1c24807afb43af3c5a317f1536087d8576fa3be3b007d3a77ab0422303cd0b142c4ad194e1bb86471b91861235dc336dfe9666f4f2c6a32a92b8fc52b99873f9792cb359476a2aea21996d21c17ab814de4a52eeeb33 +TAG: 05906cbf531931559cf2d86c383c145e + +KEY: 847eb274561fdf0c1af8b565a92da74641f17261a0ea4cf63ba5f36ba7028192 +NONCE: a379511688390ade6f0318bb +IN: 1e588cd0636f34b656b140b591a9adafb8dc68d0abb75531942e3c6ec1d29e4f67853e3d718dbe61b733490525c7f9ce6746f8639e4d271267a95f0940b3406c67ded0aaed36374b9a4bb8c753579051c6dc3244d6126a8a97d4a912569ba139d55dd00c380e7ec450d44f6c7b9482c2594b21f61ef8d165666c830867139262be5ad3a31f44a286d7e86d4e5c9bd6118147efc8e606c522ad0e9a218aea4daa39d1653157e4c3730240fff67a42e4f34186de1c13ddcb1e44020b7a31d21ba6ba96b3f42360dd1d754a7bae75b6fdb6eb3c76412cc1fd8e900d7aacf4d897f4224f19a1d44a77e06c95eda5fe76b11c6f5088e8ca75c87e07edc64c09a6a31371552449 +AD: 331d48e814f660516f3a796b08afb1312625b3b17218819cfdbbbca4c333378b57fd93482d971992b5b15b62f0724d6e7b9beb5ddffd3c70b6f8bdd3cd826663eeb91d37734a686c987efeb4d4906b80c5378fcd07806d2dbf3eb528472a110743df8cd96b6eb67e98b13ac506c9bda167f045a412c93d78e860c9b4bbd7a2d71adbd3530f30253847b4112d4b898b520c7a14fd075e62605b05084f26fd138179c2791fd6e8d3bfbb2735002ae12d986f92d7d300fd6f1dc12c993449f8522f6f32f506a677c8a981aef9815e83019713b2f9943acc8d5b3f6f65b9e2b9a14ad2e300d636166da2d35a6a0a756a76d08709a043d65341695490124971a7574cf0b5845a +CT: fc1f0d7309e6420b42d59740c9b9d4b97075b874015251ad55483068b00f87502b18182b140db07c70a80fd884fd79b7b5fef1d307ca4db0ff046494443e1cae83478d275c31402035f1fc24e26214b78d9a4dac78d074150012f9fee810a121d87a16d8e1eec5700e9facba350029788480a259d9f30df1c2b8df7691629314391719853c0b68614134f6028865700b1fc4e7f34ff28f449c6abc3027f38d7a7f6d84b8f27f7cc5afa09478c809eec346bb58244ab42a3bef61a14ae7640d76591343983de9fe5f1b985ce56c9fcfb2e3f6220779ca6f92a6b8aa726573b38ed7663ebe4c85066ae3f488ea3309593fa41dba8efd2b8f44b9fa8f7a427823c1228093a3 +TAG: f1832022e06228c36181856325d4eb68 + +KEY: 3828b138f72f8fe793d46c55ad413bab31a51e7a9093cdd10fddb4739e28e678 +NONCE: a60413c0ab529ccf3de58468 +IN: fec017c1c51da5ce9dcd8e84cdc03a43145b31edfd039c7c85d8811a2f58efe7a2d7590149a98cf0b5af82d3e0a325223bc9d5585ceb1afc4cdd96024be6c8064c2abac14f68e65de49e25e3e967500ce5b4504d00a9cbad1e86bbdcf65c01a7a92de27583b7b92122b6a4923b7192994a1edf00b75d14a982f92559dbc2d5e427a75ad29715375d90193ddbb39b9a52c1a23d75629c539e0a6ce822c7c08fc77dcd3adc357893215df4694673a16d34513de21217ce86897c8f0575d213ce0c66eb1d1985fe73dd86da3ab5e89df4243e1be9dd95af94f878995d02929ee42a062100d6d4d3884730f54593d5ff7b7ae53e03d4f0e10f6f4c3077206499ab7d4de1e825d532d0918f +AD: e2b16ff2b6c73c9374704ffb4cdfe7bad9eeee32157f2eedf427f99c2cce80c5aa4d9145e85af0cb08e6ed477cbe79ee168ded5c0895f9f4f939c21916b3dd5c9d268b3aabdefb85d953bce9b70732fc9acf6c7b727f78d8c9aaca9e022d7cf0f95583e81744227d87fa34ae19de44d202ba01e3d03993f38c9b2fb00b54dfb677d67e6f5a15f46c29eb5597ae3d5384b37bbeca3f3d825e2b7cceaaeb36a8c1273062259608956dd0c79877cc460d0268de27355e34b9d8d1188c062ac5e10a73f2d70fd0636304b3de06cffeedd246e2db19b8b66785f9f9c62b8f0198f29d37a4ab5280f4aa0320559810f89a1618844d0ad5f3a4f5a0e834ab31e56798b7158217f834d372c36f +CT: 88ea11ef6b6ee6fb0be77bcbf227e77508922550ef0d7534bf05668ae5fcab2f4defe643747716e7e000950e36c6cb24b79987389a150382c091d39ddf841b0a5e31d763d9c59753a3ef36a23b81f38e6e715357395ce715d30c14d6ab5b7454804ecf633daa39b6107f562fae6a646efb25c1119dd17955bb9e640105a21566345408f72f2acc8f2726a0be465551f9ae566da559fc0b92c36764c5ca20a18a316c02e606030a53450e7ae1146050a48a64c600d33cb84389b0bdac7ff45d3d1f2f669a6e365ef722d76d2fe9bef2df93c58bbdd6965e18111b5de0f4a62dbb874161bf8adfa61e9cdecd97b4fff668b3efeb3e32eeb929cf58d94ad8077c0a2ca79e80877c5d9329 +TAG: 9b47afc5816b7229213cd3c9135545ed + +KEY: 91ea63dc27d9d6bbc279ec6cecdce6c45ff0b247cfb8e26b6ab15f9b63b031a4 +NONCE: 80a134fac73eca30459d5964 +IN: a848e41c77ac8c733370435b5b6a9960af36031e96260d5703ce15b003606875a7901cd11e4571bf88dda29a627c0b98065a8b4e6d382852dfa4f47d86fa08e48ad8f5a98e55c305900b83200d44029f304abd21e0264115192a3fd7b0eb69b9f8ca7865b3be93f4ba5a28468fd7bbb584c32ae867f5146efbeb1412d3ac36c30cb308c327a6f207e30f561d6efe0a535446c693e14176e9e714ffb5a5b1075812909a362a6c4bbe18322e15690c2c9cf5a18e0120c11551cb7055b5aee97e7a56d7c24fdf1214641c8eacb196d74f3d96a7fbecdd4fe52dc7b6ead9041cafd5a3fdf91fd3614e63189b488d4d7c1ea3c6351d112a2223b29d390ac3ab7f09a60bbd3df6e0d606d902aa44244334 +AD: 47940a0694183b2fcb5e760c9ef6dbe4cbff6ccf33208337a981138f9d35c03f8adbd810e94636acaebef6791b531a65e99b03fc78e7eb48036615874e97cf762fa6ca5d880bb2c2f644f1aed70c667880f98834d501caa277cb8ef1095ff882e79c3a92ea8982abebf63ea9ed7e9a24d32cb81d5d98e891974e3d636a59e165984e00f05a040d33f07b39eccb924fb24780a422a6b2b7bddb5b316beddcf6fad20e4cee7d0141c2f7c4e4f759db8691dc7b8525ccbc3ee6071a2ead63e750d6d92dde7eb1303d5b1194702b6c3e0c2e6f9649e60eeddec9c1f71cf309af0672cd2ffcf94ba7e6c3d7cee020a224a9a956274d1d36ba16030e215d90a165756666eff066a8e51bf7d4babe8b7d8d +CT: b90449af99327afb1124bb24f1c8b5cb878423b0370d5f7cd297b28cc4135ee77d6f1913a221cfeee119bafa873072bfa79e303fe377bbed05add41ce3a42ca4632b98f40a36227de1a9ba84d6176c01eca9d33d954d0ebdf4e40f136e0f6a56156fbb33b344a8a433941fd6e08774bd00075aedb0e396c2bc37d1250541248dbeb899e1b5170cdfeaf7b89995b049428bb277c501354f8cd48fb58f6f04f956dfd099c48778dbdbb4c95b7c9d6797cf6d3bcd1d00e88cea885ee4a10d94356509e148990a0e10dd89103a9d5c8434a7bdbed6c0ac1271e0709eba144abf3cf075c020e9f7835d5a98fb2439b399e377ae6e19fc5f32df9ddfb9e936190d3e9c62de99835249d1f32ca3f92ecd44 +TAG: 6ccaf7c142d86b83e4d0b4289b49c4d4 + +KEY: 1344db082889367fd48c5f06bc39f9cb9e3ad4b92fa484ccf49418dd4caa2e19 +NONCE: c04a98e7e29326b5330818d4 +IN: b0e12e3122c1ebfdcadded5a45163a6208548e9bdf95cfd18ea504e5d2e97372e58dbfe460a57b724d38f3bc0ce02a54015779bcf127343474d7d4c1402d598bee56897203b903da5b819e2218bd0d1a2af11c542544f02c46969cd2bfac683b76a8de61698ccba63361a1a0b570adf69d24e9a7e466873c8c12e25e0bcead7828386179a4d65d5bbdb800eb52fc01b67498d7b5f9864270162158a8572eccf541b07833f001848672098c57708eb479855799567c318b1aa097efa70db0d8a8d36fe0ac22ebcc2870baacac690a79e07ab286acad9f7a877939cf2989cd6200eb86dfa7a41e969a3683ceacc7c97d1cd5487f13c439a9777a67770687657d38267a347a0b6d3aa3cf64e7f31017246e4369da +AD: c96db14dbc2aa0ce3ac63794f75c7e78037dac6763282edb307821a7938de4baa3d2e35a8cfe0c8724c2a8d870d0a462ea157e15aacc69a3c881d9c819225ea8be479872d55e655c897936c95b9ab340820264567495fc5e4e3354f42b84e191b470ca9f4d8fc25d011bf9c9e73e1590e1bb919dd2f288b26935fbfb8c93e54331dc8edad5e1cc4aec103c2f3320d59870c1770319f105ee790b704ed655be423e63ab040f1153f41e7070ae3a0f34d217c4649c180c84814463902d99a9396f8c7c85a3a4c8ae2f01737649fae478a40fc72303a108822775e9c421f945cc0eea992730790a9aa0c0d014518dab371b52d30b5a560f34946a9344cfb8a19b09ee9b123bcb8f642780697508f04983b790dd2d +CT: ffda075dbde7b874995230e1324f17894689baaa7f1354e26100befb546ea23dc74807818e43a3cee00ec1bbb95c82180489ae5f3a1c482dec28f96ecaf5ca4655ff7f33c814197cb1973cf02a0b720a5c44068d8ddff0789fc1e7f20ef408c1a438133fce4f7a3e8c85d95a381b94e949ce47a85895c4be7cbfad468e52a160dee34b8ddeef2ab280eaaed4990ecec790ac16de3c74aac6fe2d5e28ea2b66a921c894a3971cee4a2158054c3567e0d941f867ded5ed1d21d8ab090848fb3eddfb1559bf11815db52b8eed871cfc117980f297da79da31da32de3f162a03d95090d3329da3662df29e6ec9b236e0f7c1d7d957cfd54d5efc99c694b9dece989912388254798513d881e5943ce830729a8e2ddf +TAG: 81c55fe9aa2de0d63efe3f74a3d8096f + +KEY: 31dbefe589b661af00a6fbad426e013f30f448c763f957bbcbaf9c09764f4a95 +NONCE: 147fe99bba0f606c57242314 +IN: 908bd801b70d85085dd480e1207a4a4b7ef179dac495a9befb16afe5adf7cb6f6d734882e6e96f587d38bfc080341dc8d5428a5fe3498b9d5faa497f60646bcb1155d2342f6b26381795daeb261d4ab1415f35c6c8ac9c8e90ea34823122df25c6ddae365cc66d92fc2fe2941f60895e00233b2e5968b01e2811c8c6f7a0a229f1c301a72715bd5c35234c1be81ef7d5cc2779e146314d3783a7aa72d87a8f107654b93cb66e3648c26fc9e4a2f0378fa178c586d096092f6a80e2e03708da72d6e4d7316c2384a522459a4ad369c82d192f6f695b0d90fcc47c6f86b8bbc6f2f4ea303aa64f5ce8b8710da62482147bcc29c8238116549256a7a011fd9c78bbb8c40e278740dc156c2cc99c3591fec2918cdeb5240fb428 +AD: 5a32d7044f003b2ffefffe5896933f4d8d64909fa03e321a1bdf063099b9f89752d72e877291d8da12340c5dd570d7d42984ffab5177824fc5483b4faf488504e6822e371dca9af541c6a97312b9cbf341b4198b0902cd2985ac10a8b5b5fe9691bb29a88344f863c980e4e871a72a8b74f92eef68c176e9d2ef037898ff567298e186af52ec62eb7429a8004ac46b945678b82859396d36d388ec3d67653aec35cf1da2684bbc6c78a5f9e3ce1b355af3b207f64e0fa73501c5d48a14638d0906c87eaa876debcf1a532c1475d80ed3d4b96458d2236eb9f67988863bc6d5c16b96b93d898683d248d7bc601b5035fc365481b89465e37a8f7dd64635e19a0282639cecde72c6b1638e0aa6e56f9c00d031cdadc59ce37e +CT: aeab9db30a579ca54195e54a9e6c787f40100c6d12ceee35643f36ae45f618cc9bb66aa4c0fae0ec2686cb4101a5b23a46877460c7e020b38b0d8d1f533ecfa99df03d346bc854a578276d7d5685ad1fb03655683a64aae4159c9efa6781f053057e0811226c7c533967a94587f4025353b28cc3a2ce5763783b4c31e7818b8ad9195bc03be8f294f9f6ceac578f9d30b22b1f5a68d647d46cf6db4a9c3a8a5c06fa97c9efb4578f501ea96db1f40942e3f24c44a7e4070a6b931c39947d9692930b67767357015de51a39e46fff94b6019e4bc1ad9d216a571ba0dc88859c49d2c487ca657384e49b4d382d86a60c8d5195320909c4e82fc077a3b22bd4eccf0f067e66ec78eed642b2d16f0f304f60f1d9ba69e205c982 +TAG: 17ca09e3084504fc22e914ee28312c8e + +KEY: 0ecc44c9036961fba57c841ace4ca3c547c51d9f126567bf41626765cfcbd53b +NONCE: aa98b6ddff7e4b2041f29d70 +IN: e49a2a5713f507bfa00c140dfbefc0c43e37bcb932e0741db03f0055da61cd837b6e2d8f99115d70750fb23685a17121b52e98a37c87204e0207729fd9219d11a48e57970d790338793cf329f7b239512a44dd4409fe9d157f92123dfc5cba24af106442644dedda87e1d9e95fd395f2f0ad8f7d27f313e6ce1a07d9845dec5ad732e6e4749b3a161527c8ce42331f5de1d700650072fb68e9c7645a0e0e529d0563d2727e3fb38ed341f74ef1ad95a0216a440e1384d0e7ef71cde38cecdc9e2b2d563f19014c40c1f92ea0af3b4f6da9146d433ae85f647153db326a28ef6ea2e0ebac0cc1aff157067c7dba7cc4317d56920ee9deab5764368e7e5b3ce8bebd0fa129f869b15897c09659c53188bf8efb7b6ac7d265c9b85fe96166 +AD: df41db4ef5350d4afcaa88b4a577b3370b96699bbd73e59aeebca6ea856cf22694a9399ae7f97a3bec226d82f5598f8949dfb92530dcfe77770f066f2af988fba5543b8ba7655bc43f8dca032981a34a1beff695c6908169d475c55b2119fe5578623f68a9dd85b653656881b0db4006d3336fdfc784d1805e48ff478fdc196601f044c9d33fca3ddde2db0102f90fff0b370f520e00e3786c2a9b0b4a9a7ea6f9d866f77d870c8ef0f3a8bedef17949a32598512af665679dfbe71e1c3efc3dee8f5d4499e20dc63281191751f67e51f201973a6675896484527d66bed94d6aaceff65fbc4192cec19452b8873f22d72bf2f4981fe656285cb24be5c58e77dafd3e096166b230f18d3f4197fe16f6ec84c060ce0793ae6848311a18b7 +CT: b15b2bc4b9e8ecc5d9c4a6359a805b7590bdb4bfaa9b3fc4d7676d721edc4b3b1ef71b18a3d78f1b31a477cf25e55b278eb3ed774805ae8e5a2a0204f7291d9587663c4d8b1b744154f3b7cef796e0b91590161f3bde82f1d8139cb8d017606ae6d0552ba144788fd8caf435ab09a43a1f4057776af49bad98fc35cefefb159cfebfed76f2e4d18b7be143677ff8b3d6e2b440fe68475b5a1193bcd19ab157d0d2257f33de8e50091ea3388648c3410aa68c830566a0413d92454e4eff433c3edc74e8f7516ec17b2c01cf57a2d7c48db97b706b8d7da0b68051f2d6a87c417f46cf217a48611980890f669d39b478c35d834ed2c79299df2381a1215d6db303cb63e2795fe517649874226e0a6dbfe2c86370b9fbdd8c5de349bfa25f +TAG: 7082c7ef72c82d23e0ba524132acd208 + +KEY: c05dc14b5def43f2e8f86c3008ef44e4dc6513768812e9218b2b216818c4cec6 +NONCE: 5cfe0dca6e599ed9aa89ba97 +IN: 8a06e2997b8e5f8040b22e07978c83c48d0f90bd2b2f8b426b43feea0b614d3b0681745ea4224cabcaa25ca45c3053a6300c47ffa4f72e838db135ae35c27939aad4cf7f75fb61daa3148d869057598e4e8b44c6fb19b0d9281e18676d8bc137489bb77a51a3a8f807a896d558f00040e8729ea9bbdc7db6102c8b99c8a1eacb0735577bc6533cd1d8147013935b6344116090a1bdef1f2e38a877a50c8fc0f394bafede31375c57476ba06d95ae734e6dae771a32e5091dff71d845c5f7385b9b9069ced12fcfea34a510880b088bb0016e94a5932c89baee038cbafbf06b3d09426afd2d5dd5e392636362e9ffa9186b5c753eb84f82f68fb1286ed06c58a5a936cad018ebc4269037b49f2ea0349373adea99f06062e5dbb0bf94f2883f5c0556 +AD: f2a3f7af8ea984bbd85953f14202c6e478f98d0bcaacd414329ec480d0c29fb4c1a052d3228c883928448f0bef12cee5b69829b4a3eb4680084131867cfc3d3af84fcc0d80c2292d3fe02405634f6cfb20b0fb90345da3a557fb30582175c32e432be66ad096f9425ff4060df54d6741fd6567a1e2fc5f6f3ed95cefc806ff64ae91ae82920b5c829ea026f83fd90d760e240da3c9ddaafe4d08507f4af1049056dc6d09657779a3dbd889d851e97d4ac60dc66df2d24979ba8947a7890a304bb301d0d42b67824e0c68fc882e90cb6deee50c2e3d9f0da59ab23c997b05635a0d56c71fc39aa0e6b19c43a7fe12d4e4145453cd7fbd8a3f33bf5451addf05052df7ef044a33513bc5f1a4cfc8b68015664bb5c8e4bf54a85efff109ee96af75d4a5 +CT: 2cf630548d6f2b449057c7861920308958199f77b123a142c6b7c89c4982f4ed0efa2fe899914ddbf4543e70865a5e683b0721d6c8443df2e697acf31e11c8809aba94196409020a7c64d396fe136826455aec973af23a6c7733cb567f5ea550e50e0b796623a97807d042855568e3c568990cfc818c31a1bf415337f43e9baed57fada2fb2ad3c3543f2b7f2777e03f84040c1c854c310ab1cc5dc7f2a5fb213af79ac068b46c7d9475bea126adf079e2100bb57904a931faf248e0f7d5832ca83ea8a283e0136979737132afb1f4ab38d307ac0774814f4d5ecdc4aad79185c05f8a706f579b78f2c1c7004cb38e6cd22c2080735b34c3f6134955ed3bc36b1ad5c8e33209c9f3c658fb07b59b6002b2526cd8d853a5c624b7108573d7df60c827 +TAG: 3dcdabcd1c82002a551cea41921570e5 + +KEY: b33f449deccc2ef0d7616f22b4a00fcd84c51a8383782f66f1696bc6405005ee +NONCE: 6afa8baf923f986b5779ac6a +IN: b0af85a6deae5fcaa94778bce015ce2da7400ab768f3e114cc1b645fb2716789e2aeb96894fda6da5bc24fcf2466124720d6ba99e5475d77e5bcf2c2f8c8e5becf5eb73ad650861bbdeb51ba5ee789c227478934200fc18f36e4fe392c99d4c3fe0b38b40d2e84f831b8ef9bce9ac1362c755943521ecf5b5cf8fbcdf08f2d47ff7cd62838597dd342695a1b037bcede69500bf70bf1edbb40a17b44695bd8ff8bc8664b3211a6bbfdcbd1bffbfb1a2ea0141cfbc6ac841c803b137be5eeb2666c46c09cc1c4fa82be43bfd56e7a2b8ceeecb6efc1933a90213a0e1bc7aca2af35f2d1dad5f0d9002561064a699f1ce76c39d9c2224ae596e88a1517e19c2115370768d50107f3f2a55051838ae5897acf2ac0814ccd864eee2f6b5d7a6728c6ac6e6a57327102 +AD: 2134f74e882a44e457c38b6580cd58ce20e81267baeb4a9d50c41ababc2a91ddf300c39963643d3c0797b628c75a5fc39c058d319e7d6deb836334dbe8e1fe3cc5704b90c712e1fb60a3c8b58d474a73d65fae886394f8b2c029e420b923f2af4d54c9de3c7fa2bccaa1e96664ccf681cacbbf9845069a4bfd6c135c4392d7d6be338eca414e3a45f50510718e2a5a3e5815eafa0c50172cf5f147510645d2269929843bbbab682deb5823d4cdf42bd250bdbd20c43e2919d7a6e48973f43a4cab73454b97cdca96721ebd83b6dbaaec7e12cf0dae678a57c431b81421657037dd47dccbee73a41f56495fd7c25c75744fe8f55cbd1eac4a174d8f7dd6f6ba57b3e53449a9ce7806517e3e07cf6546a0fa62c7b1fa244d42eee64a3182461792edb628e567b23a +CT: 0fe35823610ea698aeb5b571f3ebbaf0ac3586ecb3b24fcc7c56943d4426f7fdf4e4a53fb430751456d41551f8e5502faa0e1ac5f452b27b13c1dc63e9231c6b192f8dd2978300293298acb6293459d3204429e374881085d49ed6ad76f1d85e3f6dd5455a7a5a9d7127386a30f80658395dc8eb158e5ca052a7137feef28aa247e176cceb9c031f73fb8d48139e3bdb30e2e19627f7fc3501a6d6287e2fb89ad184cefa1774585aa663586f289c778462eee3cd88071140274770e4ed98b9b83cd4fa659fcdd2d1fde7e58333c6cf7f83fe285b97ad8f276a375fafa15f88e6167f5f2bfb95af1aefee80b0620a9bc09402ab79036e716f0c8d518ae2fa15094f6ea4c5e8b283f97cc27f2f1d0b6367b4b508c7bad16f1539325751bd785e9e08cd508bdb3b84 +TAG: 1976d7e121704ce463a8d4fe1b93d90f + +# AES GCM test vectors from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf + +KEY: 0000000000000000000000000000000000000000000000000000000000000000 +NONCE: 000000000000000000000000 +IN: "" +CT: "" +AD: "" +TAG: 530f8afbc74536b9a963b4f1c4cb738b + +KEY: 0000000000000000000000000000000000000000000000000000000000000000 +NONCE: 000000000000000000000000 +IN: 00000000000000000000000000000000 +CT: cea7403d4d606b6e074ec5d3baf39d18 +AD: "" +TAG: d0d1c8a799996bf0265b98b5d48ab919 + +KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +NONCE: cafebabefacedbaddecaf888 +IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 +CT: 522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad +AD: "" +TAG: b094dac5d93471bdec1a502270e3cc6c + +KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +NONCE: cafebabefacedbaddecaf888 +IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +CT: 522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662 +AD: feedfacedeadbeeffeedfacedeadbeefabaddad2 +TAG: 76fc6ece0f4e1768cddf8853bb2d551b + +KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +NONCE: cafebabefacedbad +IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +CT: c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f +AD: feedfacedeadbeeffeedfacedeadbeefabaddad2 +TAG: 3a337dbf46a792c45e454913fe2ea8f2 + +KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +NONCE: 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +CT: 5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f +AD: feedfacedeadbeeffeedfacedeadbeefabaddad2 +TAG: a44a8266ee1c8eb0c8b5d4cf5ae9f19a + diff --git a/tests/asn1_string_to_utf8.c b/tests/asn1_string_to_utf8.c new file mode 100644 index 00000000..2ead7b46 --- /dev/null +++ b/tests/asn1_string_to_utf8.c @@ -0,0 +1,128 @@ +/* $OpenBSD: asn1_string_to_utf8.c,v 1.1 2022/05/16 20:53:20 tb Exp $ */ +/* + * Copyright (c) 2022 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include + +struct asn1_string_to_utf8_test_case { + const char *description; + const ASN1_ITEM *item; + const uint8_t der[32]; + size_t der_len; + const uint8_t want[32]; + int want_len; +}; + +static const struct asn1_string_to_utf8_test_case tests[] = { + { + .description = "hello", + .item = &ASN1_PRINTABLESTRING_it, + .der = { + 0x13, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f, + }, + .der_len = 7, + .want = { + 0x68, 0x65, 0x6c, 0x6c, 0x6f, + }, + .want_len = 5, + }, + { + .description = "face with tears of joy", + .item = &ASN1_UTF8STRING_it, + .der = { + 0x0c, 0x04, 0xF0, 0x9F, 0x98, 0x82, + }, + .der_len = 6, + .want = { + 0xF0, 0x9F, 0x98, 0x82, + }, + .want_len = 4, + }, + { + .description = "hi", + .item = &ASN1_IA5STRING_it, + .der = { + 0x16, 0x02, 0x68, 0x69, + }, + .der_len = 4, + .want = { + 0x68, 0x69, + }, + .want_len = 2, + }, +}; + +const size_t N_TESTS = sizeof(tests) / sizeof(tests[0]); + +static int +asn1_string_to_utf8_test(const struct asn1_string_to_utf8_test_case *test) +{ + ASN1_STRING *str = NULL; + const unsigned char *der; + unsigned char *out = NULL; + int ret; + int failed = 1; + + der = test->der; + if ((str = (ASN1_STRING *)ASN1_item_d2i(NULL, &der, test->der_len, + test->item)) == NULL) { + warnx("ASN1_item_d2i failed"); + goto err; + } + + if ((ret = ASN1_STRING_to_UTF8(&out, str)) != test->want_len) { + warnx("ASN1_STRING_to_UTF8 failed: got %d, want %d", ret, + test->want_len); + goto err; + } + + if (memcmp(out, test->want, test->want_len) != 0) { + warnx("memcmp failed"); + goto err; + } + + failed = 0; + err: + ASN1_STRING_free(str); + free(out); + + return failed; +} + +static int +asn1_string_to_utf8_tests(void) +{ + size_t i; + int failed = 0; + + for (i = 0; i < N_TESTS; i++) + failed |= asn1_string_to_utf8_test(&tests[i]); + + return failed; +} + +int +main(void) +{ + int failed = 0; + + failed |= asn1_string_to_utf8_tests(); + + return failed; +} diff --git a/tests/asn1api.c b/tests/asn1api.c new file mode 100644 index 00000000..8d016bde --- /dev/null +++ b/tests/asn1api.c @@ -0,0 +1,415 @@ +/* $OpenBSD: asn1api.c,v 1.3 2022/07/09 14:47:42 tb Exp $ */ +/* + * Copyright (c) 2021 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include +#include +#include + +const long asn1_tag2bits[] = { + [0] = 0, + [1] = 0, + [2] = 0, + [3] = B_ASN1_BIT_STRING, + [4] = B_ASN1_OCTET_STRING, + [5] = 0, + [6] = 0, + [7] = B_ASN1_UNKNOWN, + [8] = B_ASN1_UNKNOWN, + [9] = B_ASN1_UNKNOWN, + [10] = B_ASN1_UNKNOWN, + [11] = B_ASN1_UNKNOWN, + [12] = B_ASN1_UTF8STRING, + [13] = B_ASN1_UNKNOWN, + [14] = B_ASN1_UNKNOWN, + [15] = B_ASN1_UNKNOWN, + [16] = B_ASN1_SEQUENCE, + [17] = 0, + [18] = B_ASN1_NUMERICSTRING, + [19] = B_ASN1_PRINTABLESTRING, + [20] = B_ASN1_T61STRING, + [21] = B_ASN1_VIDEOTEXSTRING, + [22] = B_ASN1_IA5STRING, + [23] = B_ASN1_UTCTIME, + [24] = B_ASN1_GENERALIZEDTIME, + [25] = B_ASN1_GRAPHICSTRING, + [26] = B_ASN1_ISO64STRING, + [27] = B_ASN1_GENERALSTRING, + [28] = B_ASN1_UNIVERSALSTRING, + [29] = B_ASN1_UNKNOWN, + [30] = B_ASN1_BMPSTRING, +}; + +static int +asn1_tag2bit(void) +{ + int failed = 1; + long bit; + int i; + + for (i = -3; i <= V_ASN1_NEG + 30; i++) { + bit = ASN1_tag2bit(i); + if (i >= 0 && i <= 30) { + if (bit != asn1_tag2bits[i]) { + fprintf(stderr, "FAIL: ASN1_tag2bit(%d) = 0x%lx," + " want 0x%lx\n", i, bit, asn1_tag2bits[i]); + goto failed; + } + } else { + if (bit != 0) { + fprintf(stderr, "FAIL: ASN1_tag2bit(%d) = 0x%lx," + " want 0x0\n", i, bit); + goto failed; + } + } + } + + failed = 0; + + failed: + return failed; +} + +static int +asn1_tag2str(void) +{ + int failed = 1; + const char *s; + int i; + + for (i = -3; i <= V_ASN1_NEG + 30; i++) { + if ((s = ASN1_tag2str(i)) == NULL) { + fprintf(stderr, "FAIL: ASN1_tag2str(%d) returned " + "NULL\n", i); + goto failed; + } + if ((i >= 0 && i <= 30) || i == V_ASN1_NEG_INTEGER || + i == V_ASN1_NEG_ENUMERATED) { + if (strcmp(s, "(unknown)") == 0) { + fprintf(stderr, "FAIL: ASN1_tag2str(%d) = '%s'," + " want tag name\n", i, s); + goto failed; + } + } else { + if (strcmp(s, "(unknown)") != 0) { + fprintf(stderr, "FAIL: ASN1_tag2str(%d) = '%s'," + " want '(unknown')\n", i, s); + goto failed; + } + } + } + + failed = 0; + + failed: + return failed; +} + +struct asn1_get_object_test { + const uint8_t asn1[64]; + size_t asn1_len; + size_t asn1_hdr_len; + int want_ret; + long want_length; + int want_tag; + int want_class; + int want_error; +}; + +const struct asn1_get_object_test asn1_get_object_tests[] = { + { + /* Zero tag and zero length (EOC). */ + .asn1 = {0x00, 0x00}, + .asn1_len = 2, + .asn1_hdr_len = 2, + .want_ret = 0x00, + .want_length = 0, + .want_tag = 0, + .want_class = 0, + }, + { + /* Boolean with short form length. */ + .asn1 = {0x01, 0x01}, + .asn1_len = 3, + .asn1_hdr_len = 2, + .want_ret = 0x00, + .want_length = 1, + .want_tag = 1, + .want_class = 0, + }, + { + /* Long form tag. */ + .asn1 = {0x1f, 0x7f, 0x01}, + .asn1_len = 3 + 128, + .asn1_hdr_len = 3, + .want_ret = 0x00, + .want_length = 1, + .want_tag = 127, + .want_class = 0, + }, + { + /* Long form tag with class application. */ + .asn1 = {0x5f, 0x7f, 0x01}, + .asn1_len = 3 + 128, + .asn1_hdr_len = 3, + .want_ret = 0x00, + .want_length = 1, + .want_tag = 127, + .want_class = 1 << 6, + }, + { + /* Long form tag with class context-specific. */ + .asn1 = {0x9f, 0x7f, 0x01}, + .asn1_len = 3 + 128, + .asn1_hdr_len = 3, + .want_ret = 0x00, + .want_length = 1, + .want_tag = 127, + .want_class = 2 << 6, + }, + { + /* Long form tag with class private. */ + .asn1 = {0xdf, 0x7f, 0x01}, + .asn1_len = 3 + 128, + .asn1_hdr_len = 3, + .want_ret = 0x00, + .want_length = 1, + .want_tag = 127, + .want_class = 3 << 6, + }, + { + /* Long form tag (maximum). */ + .asn1 = {0x1f, 0x87, 0xff, 0xff, 0xff, 0x7f, 0x01}, + .asn1_len = 8, + .asn1_hdr_len = 7, + .want_ret = 0x00, + .want_length = 1, + .want_tag = 0x7fffffff, + .want_class = 0, + }, + { + /* Long form tag (maximum + 1). */ + .asn1 = {0x1f, 0x88, 0x80, 0x80, 0x80, 0x00, 0x01}, + .asn1_len = 8, + .asn1_hdr_len = 7, + .want_ret = 0x80, + .want_error = ASN1_R_HEADER_TOO_LONG, + }, + { + /* OctetString with long form length. */ + .asn1 = {0x04, 0x81, 0x80}, + .asn1_len = 3 + 128, + .asn1_hdr_len = 3, + .want_ret = 0x00, + .want_length = 128, + .want_tag = 4, + .want_class = 0, + }, + { + /* OctetString with long form length. */ + .asn1 = {0x04, 0x84, 0x7f, 0xff, 0xff, 0xf9}, + .asn1_len = 0x7fffffff, + .asn1_hdr_len = 6, + .want_ret = 0x00, + .want_length = 0x7ffffff9, + .want_tag = 4, + .want_class = 0, + }, + { + /* Long form tag and long form length. */ + .asn1 = {0x1f, 0x87, 0xff, 0xff, 0xff, 0x7f, 0x84, 0x7f, 0xff, 0xff, 0xf4}, + .asn1_len = 0x7fffffff, + .asn1_hdr_len = 11, + .want_ret = 0x00, + .want_length = 0x7ffffff4, + .want_tag = 0x7fffffff, + .want_class = 0, + }, + { + /* Constructed OctetString with definite length. */ + .asn1 = {0x24, 0x03}, + .asn1_len = 5, + .asn1_hdr_len = 2, + .want_ret = 0x20, + .want_length = 3, + .want_tag = 4, + .want_class = 0, + }, + { + /* Constructed OctetString with indefinite length. */ + .asn1 = {0x24, 0x80}, + .asn1_len = 5, + .asn1_hdr_len = 2, + .want_ret = 0x21, + .want_length = 0, + .want_tag = 4, + .want_class = 0, + }, + { + /* Boolean with indefinite length (invalid). */ + .asn1 = {0x01, 0x80}, + .asn1_len = 3, + .want_ret = 0x80, + .want_error = ASN1_R_HEADER_TOO_LONG, + }, + { + /* OctetString with insufficient data (only tag). */ + .asn1 = {0x04, 0x04}, + .asn1_len = 1, + .want_ret = 0x80, + .want_error = ASN1_R_HEADER_TOO_LONG, + }, + { + /* OctetString with insufficient data (missing content). */ + .asn1 = {0x04, 0x04}, + .asn1_len = 2, + .asn1_hdr_len = 2, + .want_ret = 0x80, + .want_length = 4, + .want_tag = 4, + .want_class = 0, + .want_error = ASN1_R_TOO_LONG, + }, + { + /* OctetString with insufficient data (partial content). */ + .asn1 = {0x04, 0x04}, + .asn1_len = 5, + .asn1_hdr_len = 2, + .want_ret = 0x80, + .want_length = 4, + .want_tag = 4, + .want_class = 0, + .want_error = ASN1_R_TOO_LONG, + }, + { + /* Constructed OctetString with insufficient data (only tag/len). */ + .asn1 = {0x24, 0x04}, + .asn1_len = 2, + .asn1_hdr_len = 2, + .want_ret = 0xa0, + .want_length = 4, + .want_tag = 4, + .want_class = 0, + .want_error = ASN1_R_TOO_LONG, + }, +}; + +#define N_ASN1_GET_OBJECT_TESTS \ + (sizeof(asn1_get_object_tests) / sizeof(*asn1_get_object_tests)) + +static int +asn1_get_object(void) +{ + const struct asn1_get_object_test *agot; + const uint8_t *p; + int ret, tag, tag_class; + long err, length; + size_t i; + int failed = 1; + + for (i = 0; i < N_ASN1_GET_OBJECT_TESTS; i++) { + agot = &asn1_get_object_tests[i]; + + ERR_clear_error(); + + p = agot->asn1; + ret = ASN1_get_object(&p, &length, &tag, &tag_class, agot->asn1_len); + + if (ret != agot->want_ret) { + fprintf(stderr, "FAIL: %zu - got return value %x, want %x\n", + i, ret, agot->want_ret); + goto failed; + } + if (ret & 0x80) { + err = ERR_peek_error(); + if (ERR_GET_REASON(err) != agot->want_error) { + fprintf(stderr, "FAIL: %zu - got error reason %d, " + "want %d\n", i, ERR_GET_REASON(err), + agot->want_error); + goto failed; + } + if (ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG) { + if (p != agot->asn1) { + fprintf(stderr, "FAIL: %zu - got ber_in %p, " + "want %p\n", i, p, agot->asn1); + goto failed; + } + continue; + } + } + if (length != agot->want_length) { + fprintf(stderr, "FAIL: %zu - got length %ld, want %ld\n", + i, length, agot->want_length); + goto failed; + } + if (tag != agot->want_tag) { + fprintf(stderr, "FAIL: %zu - got tag %d, want %d\n", + i, tag, agot->want_tag); + goto failed; + } + if (tag_class != agot->want_class) { + fprintf(stderr, "FAIL: %zu - got class %d, want %d\n", + i, tag_class, agot->want_class); + goto failed; + } + if (p != agot->asn1 + agot->asn1_hdr_len) { + fprintf(stderr, "FAIL: %zu - got ber_in %p, want %p\n", + i, p, agot->asn1 + agot->asn1_len); + goto failed; + } + } + + failed = 0; + + failed: + return failed; +} + +static int +asn1_integer_get_null_test(void) +{ + int failed = 0; + long ret; + + if ((ret = ASN1_INTEGER_get(NULL)) != 0) { + fprintf(stderr, "FAIL: ASN1_INTEGER_get(NULL) %ld != 0\n", ret); + failed |= 1; + } + + if ((ret = ASN1_ENUMERATED_get(NULL)) != 0) { + fprintf(stderr, "FAIL: ASN1_ENUMERATED_get(NULL) %ld != 0\n", + ret); + failed |= 1; + } + + return failed; +} + +int +main(int argc, char **argv) +{ + int failed = 0; + + failed |= asn1_tag2bit(); + failed |= asn1_tag2str(); + failed |= asn1_get_object(); + failed |= asn1_integer_get_null_test(); + + return (failed); +} diff --git a/tests/asn1basic.c b/tests/asn1basic.c new file mode 100644 index 00000000..45f61ed8 --- /dev/null +++ b/tests/asn1basic.c @@ -0,0 +1,763 @@ +/* $OpenBSD: asn1basic.c,v 1.12 2022/09/05 21:06:31 tb Exp $ */ +/* + * Copyright (c) 2017, 2021 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include +#include +#include + +#include "asn1_locl.h" + +static void +hexdump(const unsigned char *buf, size_t len) +{ + size_t i; + + for (i = 1; i <= len; i++) + fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n"); + + fprintf(stderr, "\n"); +} + +static int +asn1_compare_bytes(const char *label, const unsigned char *d1, int len1, + const unsigned char *d2, int len2) +{ + if (len1 != len2) { + fprintf(stderr, "FAIL: %s - byte lengths differ " + "(%d != %d)\n", label, len1, len2); + fprintf(stderr, "Got:\n"); + hexdump(d1, len1); + fprintf(stderr, "Want:\n"); + hexdump(d2, len2); + return 0; + } + if (memcmp(d1, d2, len1) != 0) { + fprintf(stderr, "FAIL: %s - bytes differ\n", label); + fprintf(stderr, "Got:\n"); + hexdump(d1, len1); + fprintf(stderr, "Want:\n"); + hexdump(d2, len2); + return 0; + } + return 1; +} + +const uint8_t asn1_bit_string_primitive[] = { + 0x03, 0x07, + 0x04, 0x0a, 0x3b, 0x5f, 0x29, 0x1c, 0xd0, +}; + +static int +asn1_bit_string_test(void) +{ + uint8_t bs[] = {0x0a, 0x3b, 0x5f, 0x29, 0x1c, 0xd0}; + ASN1_BIT_STRING *abs; + uint8_t *p = NULL, *pp; + const uint8_t *q; + int bit, i, len; + int failed = 1; + + if ((abs = ASN1_BIT_STRING_new()) == NULL) { + fprintf(stderr, "FAIL: ASN1_BIT_STRING_new() == NULL\n"); + goto failed; + } + if (!ASN1_BIT_STRING_set(abs, bs, sizeof(bs))) { + fprintf(stderr, "FAIL: failed to set bit string\n"); + goto failed; + } + + if ((len = i2d_ASN1_BIT_STRING(abs, NULL)) < 0) { + fprintf(stderr, "FAIL: i2d_ASN1_BIT_STRING with NULL\n"); + goto failed; + } + if ((p = malloc(len)) == NULL) + errx(1, "malloc"); + memset(p, 0xbd, len); + pp = p; + if ((i2d_ASN1_BIT_STRING(abs, &pp)) != len) { + fprintf(stderr, "FAIL: i2d_ASN1_BIT_STRING\n"); + goto failed; + } + if (!asn1_compare_bytes("BIT_STRING", p, len, asn1_bit_string_primitive, + sizeof(asn1_bit_string_primitive))) + goto failed; + if (pp != p + len) { + fprintf(stderr, "FAIL: i2d_ASN1_BIT_STRING pp = %p, want %p\n", + pp, p + len); + goto failed; + } + + /* Test primitive decoding. */ + q = p; + if (d2i_ASN1_BIT_STRING(&abs, &q, len) == NULL) { + fprintf(stderr, "FAIL: d2i_ASN1_BIT_STRING primitive\n"); + goto failed; + } + if (!asn1_compare_bytes("BIT_STRING primitive data", abs->data, abs->length, + bs, sizeof(bs))) + goto failed; + if (q != p + len) { + fprintf(stderr, "FAIL: d2i_ASN1_BIT_STRING q = %p, want %p\n", + q, p + len); + goto failed; + } + + /* Test ASN1_BIT_STRING_get_bit(). */ + for (i = 0; i < ((int)sizeof(bs) * 8); i++) { + bit = (bs[i / 8] >> (7 - i % 8)) & 1; + + if (ASN1_BIT_STRING_get_bit(abs, i) != bit) { + fprintf(stderr, "FAIL: ASN1_BIT_STRING_get_bit(_, %d) " + "= %d, want %d\n", i, + ASN1_BIT_STRING_get_bit(abs, i), bit); + goto failed; + } + } + + /* Test ASN1_BIT_STRING_set_bit(). */ + for (i = 0; i < ((int)sizeof(bs) * 8); i++) { + if (!ASN1_BIT_STRING_set_bit(abs, i, 1)) { + fprintf(stderr, "FAIL: ASN1_BIT_STRING_set_bit 1\n"); + goto failed; + } + } + for (i = ((int)sizeof(bs) * 8) - 1; i >= 0; i--) { + bit = (bs[i / 8] >> (7 - i % 8)) & 1; + if (bit == 1) + continue; + if (!ASN1_BIT_STRING_set_bit(abs, i, 0)) { + fprintf(stderr, "FAIL: ASN1_BIT_STRING_set_bit\n"); + goto failed; + } + } + + if ((i2d_ASN1_BIT_STRING(abs, NULL)) != len) { + fprintf(stderr, "FAIL: i2d_ASN1_BIT_STRING\n"); + goto failed; + } + + memset(p, 0xbd, len); + pp = p; + if ((i2d_ASN1_BIT_STRING(abs, &pp)) != len) { + fprintf(stderr, "FAIL: i2d_ASN1_BIT_STRING\n"); + goto failed; + } + + if (!asn1_compare_bytes("BIT_STRING set", p, len, asn1_bit_string_primitive, + sizeof(asn1_bit_string_primitive))) + goto failed; + + failed = 0; + + failed: + ASN1_BIT_STRING_free(abs); + free(p); + + return failed; +} + +const uint8_t asn1_boolean_false[] = { + 0x01, 0x01, 0x00, +}; +const uint8_t asn1_boolean_true[] = { + 0x01, 0x01, 0x01, +}; + +static int +asn1_boolean_test(void) +{ + uint8_t *p = NULL, *pp; + const uint8_t *q; + int len; + int failed = 1; + + if ((len = i2d_ASN1_BOOLEAN(0, NULL)) < 0) { + fprintf(stderr, "FAIL: i2d_ASN1_BOOLEAN false with NULL\n"); + goto failed; + } + if ((p = malloc(len)) == NULL) + errx(1, "calloc"); + memset(p, 0xbd, len); + pp = p; + if ((i2d_ASN1_BOOLEAN(0, &pp)) != len) { + fprintf(stderr, "FAIL: i2d_ASN1_BOOLEAN false\n"); + goto failed; + } + if (pp != p + len) { + fprintf(stderr, "FAIL: i2d_ASN1_BOOLEAN pp = %p, want %p\n", + pp, p + len); + goto failed; + } + + if (!asn1_compare_bytes("BOOLEAN false", p, len, asn1_boolean_false, + sizeof(asn1_boolean_false))) + goto failed; + + q = p; + if (d2i_ASN1_BOOLEAN(NULL, &q, len) != 0) { + fprintf(stderr, "FAIL: BOOLEAN false did not decode to 0\n"); + goto failed; + } + if (q != p + len) { + fprintf(stderr, "FAIL: d2i_ASN1_BOOLEAN q = %p, want %p\n", + q, p + len); + goto failed; + } + + free(p); + p = NULL; + + if ((len = i2d_ASN1_BOOLEAN(1, NULL)) < 0) { + fprintf(stderr, "FAIL: i2d_ASN1_BOOLEAN true with NULL\n"); + goto failed; + } + if ((p = calloc(1, len)) == NULL) + errx(1, "calloc"); + pp = p; + if ((i2d_ASN1_BOOLEAN(1, &pp)) != len) { + fprintf(stderr, "FAIL: i2d_ASN1_BOOLEAN true\n"); + goto failed; + } + if (pp != p + len) { + fprintf(stderr, "FAIL: i2d_ASN1_BOOLEAN pp = %p, want %p\n", + pp, p + len); + goto failed; + } + + if (!asn1_compare_bytes("BOOLEAN true", p, len, asn1_boolean_true, + sizeof(asn1_boolean_true))) + goto failed; + + q = p; + if (d2i_ASN1_BOOLEAN(NULL, &q, len) != 1) { + fprintf(stderr, "FAIL: BOOLEAN true did not decode to 1\n"); + goto failed; + } + if (q != p + len) { + fprintf(stderr, "FAIL: d2i_ASN1_BOOLEAN q = %p, want %p\n", + q, p + len); + goto failed; + } + + failed = 0; + + failed: + free(p); + + return failed; +} + +struct asn1_integer_test { + long value; + uint8_t content[64]; + size_t content_len; + int content_neg; + uint8_t der[64]; + size_t der_len; + int want_error; +}; + +struct asn1_integer_test asn1_integer_tests[] = { + { + .value = 0, + .content = {0x00}, + .content_len = 1, + .der = {0x02, 0x01, 0x00}, + .der_len = 3, + }, + { + .value = 1, + .content = {0x01}, + .content_len = 1, + .der = {0x02, 0x01, 0x01}, + .der_len = 3, + }, + { + .value = -1, + .content = {0x01}, + .content_len = 1, + .content_neg = 1, + .der = {0x02, 0x01, 0xff}, + .der_len = 3, + }, + { + .value = 127, + .content = {0x7f}, + .content_len = 1, + .der = {0x02, 0x01, 0x7f}, + .der_len = 3, + }, + { + .value = -127, + .content = {0x7f}, + .content_len = 1, + .content_neg = 1, + .der = {0x02, 0x01, 0x81}, + .der_len = 3, + }, + { + .value = 128, + .content = {0x80}, + .content_len = 1, + .der = {0x02, 0x02, 0x00, 0x80}, + .der_len = 4, + }, + { + .value = -128, + .content = {0x80}, + .content_len = 1, + .content_neg = 1, + .der = {0x02, 0x01, 0x80}, + .der_len = 3, + }, + { + /* 2^64 */ + .content = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + .content_len = 9, + .der = {0x02, 0x09, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + .der_len = 11, + }, + { + /* -2^64 */ + .content = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + .content_len = 9, + .content_neg = 1, + .der = {0x02, 0x09, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + .der_len = 11, + }, + { + /* Invalid length. */ + .der = {0x02, 0x00}, + .der_len = 2, + .want_error = 1, + }, + { + /* Invalid padding. */ + .der = {0x02, 0x09, 0x00, 0x1f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + .der_len = 11, + .want_error = 1, + }, + { + /* Invalid padding. */ + .der = {0x02, 0x09, 0xff, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + .der_len = 11, + .want_error = 1, + }, + { + /* Invalid encoding (constructed with definite length). */ + .der = {0x22, 0x03, 0x02, 0x01, 0x01}, + .der_len = 5, + .want_error = 1, + }, + { + /* Invalid encoding (constructed with indefinite length). */ + .der = {0x22, 0x80, 0x02, 0x01, 0x01, 0x00, 0x00}, + .der_len = 7, + .want_error = 1, + }, +}; + +#define N_ASN1_INTEGER_TESTS \ + (sizeof(asn1_integer_tests) / sizeof(*asn1_integer_tests)) + +static int +asn1_integer_set_test(struct asn1_integer_test *ait) +{ + ASN1_INTEGER *aint = NULL; + uint8_t *p = NULL, *pp; + int len; + int failed = 1; + + if ((aint = ASN1_INTEGER_new()) == NULL) { + fprintf(stderr, "FAIL: ASN1_INTEGER_new() == NULL\n"); + goto failed; + } + if (!ASN1_INTEGER_set(aint, ait->value)) { + fprintf(stderr, "FAIL: ASN1_INTEGER_(%ld) failed\n", + ait->value); + goto failed; + } + if (ait->value != 0 && + !asn1_compare_bytes("INTEGER set", aint->data, aint->length, + ait->content, ait->content_len)) + goto failed; + if (ait->content_neg && aint->type != V_ASN1_NEG_INTEGER) { + fprintf(stderr, "FAIL: Not V_ASN1_NEG_INTEGER\n"); + goto failed; + } + if (ASN1_INTEGER_get(aint) != ait->value) { + fprintf(stderr, "FAIL: ASN1_INTEGER_get() = %ld, want %ld\n", + ASN1_INTEGER_get(aint), ait->value); + goto failed; + } + if ((len = i2d_ASN1_INTEGER(aint, NULL)) < 0) { + fprintf(stderr, "FAIL: i2d_ASN1_INTEGER() failed\n"); + goto failed; + } + if ((p = malloc(len)) == NULL) + errx(1, "malloc"); + memset(p, 0xbd, len); + pp = p; + if ((len = i2d_ASN1_INTEGER(aint, &pp)) < 0) { + fprintf(stderr, "FAIL: i2d_ASN1_INTEGER() failed\n"); + goto failed; + } + if (!asn1_compare_bytes("INTEGER set", p, len, ait->der, + ait->der_len)) + goto failed; + + failed = 0; + + failed: + ASN1_INTEGER_free(aint); + free(p); + + return failed; +} + +static int +asn1_integer_content_test(struct asn1_integer_test *ait) +{ + ASN1_INTEGER *aint = NULL; + uint8_t *p = NULL, *pp; + int len; + int failed = 1; + + if ((aint = ASN1_INTEGER_new()) == NULL) { + fprintf(stderr, "FAIL: ASN1_INTEGER_new() == NULL\n"); + goto failed; + } + if ((aint->data = malloc(ait->content_len)) == NULL) + errx(1, "malloc"); + memcpy(aint->data, ait->content, ait->content_len); + aint->length = ait->content_len; + if (ait->content_neg) + aint->type = V_ASN1_NEG_INTEGER; + + if ((len = i2d_ASN1_INTEGER(aint, NULL)) < 0) { + fprintf(stderr, "FAIL: i2d_ASN1_INTEGER() failed\n"); + goto failed; + } + if ((p = malloc(len)) == NULL) + errx(1, "malloc"); + memset(p, 0xbd, len); + pp = p; + if ((len = i2d_ASN1_INTEGER(aint, &pp)) < 0) { + fprintf(stderr, "FAIL: i2d_ASN1_INTEGER() failed\n"); + goto failed; + } + if (!asn1_compare_bytes("INTEGER content", p, len, ait->der, + ait->der_len)) + goto failed; + if (pp != p + len) { + fprintf(stderr, "FAIL: i2d_ASN1_INTEGER pp = %p, want %p\n", + pp, p + len); + goto failed; + } + + failed = 0; + + failed: + ASN1_INTEGER_free(aint); + free(p); + + return failed; +} + +static int +asn1_integer_decode_test(struct asn1_integer_test *ait) +{ + ASN1_INTEGER *aint = NULL; + const uint8_t *q; + int failed = 1; + + q = ait->der; + if (d2i_ASN1_INTEGER(&aint, &q, ait->der_len) != NULL) { + if (ait->want_error != 0) { + fprintf(stderr, "FAIL: INTEGER decoded when it should " + "have failed\n"); + goto failed; + } + if (!asn1_compare_bytes("INTEGER content", aint->data, + aint->length, ait->content, ait->content_len)) + goto failed; + if (q != ait->der + ait->der_len) { + fprintf(stderr, "FAIL: d2i_ASN1_INTEGER q = %p, want %p\n", + q, ait->der + ait->der_len); + goto failed; + } + } else if (ait->want_error == 0) { + fprintf(stderr, "FAIL: INTEGER failed to decode\n"); + ERR_print_errors_fp(stderr); + goto failed; + } + + failed = 0; + + failed: + ASN1_INTEGER_free(aint); + + return failed; +} + +static int +asn1_integer_set_val_test(void) +{ + ASN1_INTEGER *aint = NULL; + uint64_t uval; + int64_t val; + int failed = 1; + + if ((aint = ASN1_INTEGER_new()) == NULL) { + fprintf(stderr, "FAIL: ASN1_INTEGER_new() == NULL\n"); + goto failed; + } + + if (!ASN1_INTEGER_set_uint64(aint, 0)) { + fprintf(stderr, "FAIL: ASN_INTEGER_set_uint64() failed with " + "0\n"); + goto failed; + } + if (!ASN1_INTEGER_get_uint64(&uval, aint)) { + fprintf(stderr, "FAIL: ASN_INTEGER_get_uint64() failed with " + "0\n"); + goto failed; + } + if (uval != 0) { + fprintf(stderr, "FAIL: uval != 0\n"); + goto failed; + } + + if (!ASN1_INTEGER_set_uint64(aint, UINT64_MAX)) { + fprintf(stderr, "FAIL: ASN_INTEGER_set_uint64() failed with " + "UINT64_MAX\n"); + goto failed; + } + if (!ASN1_INTEGER_get_uint64(&uval, aint)) { + fprintf(stderr, "FAIL: ASN_INTEGER_get_uint64() failed with " + "UINT64_MAX\n"); + goto failed; + } + if (uval != UINT64_MAX) { + fprintf(stderr, "FAIL: uval != UINT64_MAX\n"); + goto failed; + } + if (ASN1_INTEGER_get_int64(&val, aint)) { + fprintf(stderr, "FAIL: ASN_INTEGER_get_int64() succeeded " + "with UINT64_MAX\n"); + goto failed; + } + + if (!ASN1_INTEGER_set_int64(aint, INT64_MIN)) { + fprintf(stderr, "FAIL: ASN_INTEGER_set_int64() failed with " + "INT64_MIN\n"); + goto failed; + } + if (!ASN1_INTEGER_get_int64(&val, aint)) { + fprintf(stderr, "FAIL: ASN_INTEGER_get_int64() failed with " + "INT64_MIN\n"); + goto failed; + } + if (val != INT64_MIN) { + fprintf(stderr, "FAIL: val != INT64_MIN\n"); + goto failed; + } + if (ASN1_INTEGER_get_uint64(&uval, aint)) { + fprintf(stderr, "FAIL: ASN_INTEGER_get_uint64() succeeded " + "with INT64_MIN\n"); + goto failed; + } + + if (!ASN1_INTEGER_set_int64(aint, INT64_MAX)) { + fprintf(stderr, "FAIL: ASN_INTEGER_set_int64() failed with " + "INT64_MAX\n"); + goto failed; + } + if (!ASN1_INTEGER_get_int64(&val, aint)) { + fprintf(stderr, "FAIL: ASN_INTEGER_get_int64() failed with " + "INT64_MAX\n"); + goto failed; + } + if (val != INT64_MAX) { + fprintf(stderr, "FAIL: ASN_INTEGER_get_int64() failed with " + "INT64_MAX\n"); + goto failed; + } + if (!ASN1_INTEGER_get_uint64(&uval, aint)) { + fprintf(stderr, "FAIL: ASN_INTEGER_get_uint64() failed with " + "INT64_MAX\n"); + goto failed; + } + if (uval != INT64_MAX) { + fprintf(stderr, "FAIL: uval != INT64_MAX\n"); + goto failed; + } + + failed = 0; + + failed: + ASN1_INTEGER_free(aint); + + return failed; +} + +static int +asn1_integer_cmp_test(void) +{ + ASN1_INTEGER *a = NULL, *b = NULL; + int failed = 1; + + if ((a = ASN1_INTEGER_new()) == NULL) + goto failed; + if ((b = ASN1_INTEGER_new()) == NULL) + goto failed; + + if (ASN1_INTEGER_cmp(a, b) != 0) { + fprintf(stderr, "FAIL: INTEGER 0 == 0"); + goto failed; + } + + if (!ASN1_INTEGER_set(b, 1)) { + fprintf(stderr, "FAIL: failed to set INTEGER"); + goto failed; + } + if (ASN1_INTEGER_cmp(a, b) >= 0) { + fprintf(stderr, "FAIL: INTEGER 0 < 1"); + goto failed; + } + if (ASN1_INTEGER_cmp(b, a) <= 0) { + fprintf(stderr, "FAIL: INTEGER 1 > 0"); + goto failed; + } + + if (!ASN1_INTEGER_set(b, -1)) { + fprintf(stderr, "FAIL: failed to set INTEGER"); + goto failed; + } + if (ASN1_INTEGER_cmp(a, b) <= 0) { + fprintf(stderr, "FAIL: INTEGER 0 > -1"); + goto failed; + } + if (ASN1_INTEGER_cmp(b, a) >= 0) { + fprintf(stderr, "FAIL: INTEGER -1 < 0"); + goto failed; + } + + if (!ASN1_INTEGER_set(a, 1)) { + fprintf(stderr, "FAIL: failed to set INTEGER"); + goto failed; + } + if (ASN1_INTEGER_cmp(a, b) <= 0) { + fprintf(stderr, "FAIL: INTEGER 1 > -1"); + goto failed; + } + if (ASN1_INTEGER_cmp(b, a) >= 0) { + fprintf(stderr, "FAIL: INTEGER -1 < 1"); + goto failed; + } + + if (!ASN1_INTEGER_set(b, 1)) { + fprintf(stderr, "FAIL: failed to set INTEGER"); + goto failed; + } + if (ASN1_INTEGER_cmp(a, b) != 0) { + fprintf(stderr, "FAIL: INTEGER 1 == 1"); + goto failed; + } + + failed = 0; + + failed: + ASN1_INTEGER_free(a); + ASN1_INTEGER_free(b); + + return failed; +} + +static int +asn1_integer_null_data_test(void) +{ + const uint8_t der[] = {0x02, 0x01, 0x00}; + ASN1_INTEGER *aint = NULL; + uint8_t *p = NULL, *pp; + int len; + int failed = 0; + + if ((aint = ASN1_INTEGER_new()) == NULL) { + fprintf(stderr, "FAIL: ASN1_INTEGER_new() == NULL\n"); + goto failed; + } + if ((len = i2d_ASN1_INTEGER(aint, NULL)) < 0) { + fprintf(stderr, "FAIL: i2d_ASN1_INTEGER() failed\n"); + goto failed; + } + if ((p = calloc(1, len)) == NULL) + errx(1, "calloc"); + pp = p; + if ((len = i2d_ASN1_INTEGER(aint, &pp)) < 0) { + fprintf(stderr, "FAIL: i2d_ASN1_INTEGER() failed\n"); + goto failed; + } + if (!asn1_compare_bytes("INTEGER NULL data", p, len, der, sizeof(der))) + goto failed; + + failed = 0; + + failed: + ASN1_INTEGER_free(aint); + free(p); + + return failed; +} + +static int +asn1_integer_test(void) +{ + struct asn1_integer_test *ait; + int failed = 0; + size_t i; + + for (i = 0; i < N_ASN1_INTEGER_TESTS; i++) { + ait = &asn1_integer_tests[i]; + if (ait->content_len > 0 && ait->content_len <= 4) + failed |= asn1_integer_set_test(ait); + if (ait->content_len > 0) + failed |= asn1_integer_content_test(ait); + failed |= asn1_integer_decode_test(ait); + } + + failed |= asn1_integer_cmp_test(); + failed |= asn1_integer_null_data_test(); + failed |= asn1_integer_set_val_test(); + + return failed; +} + +int +main(int argc, char **argv) +{ + int failed = 0; + + failed |= asn1_bit_string_test(); + failed |= asn1_boolean_test(); + failed |= asn1_integer_test(); + + return (failed); +} diff --git a/tests/asn1complex.c b/tests/asn1complex.c new file mode 100644 index 00000000..6f34154b --- /dev/null +++ b/tests/asn1complex.c @@ -0,0 +1,324 @@ +/* $OpenBSD: asn1complex.c,v 1.4 2022/09/05 21:06:31 tb Exp $ */ +/* + * Copyright (c) 2017, 2021 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include + +#include +#include +#include + +static void +hexdump(const unsigned char *buf, size_t len) +{ + size_t i; + + for (i = 1; i <= len; i++) + fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n"); + + fprintf(stderr, "\n"); +} + +static int +asn1_compare_bytes(const char *label, const unsigned char *d1, int len1, + const unsigned char *d2, int len2) +{ + if (len1 != len2) { + fprintf(stderr, "FAIL: %s - byte lengths differ " + "(%d != %d)\n", label, len1, len2); + return 0; + } + if (memcmp(d1, d2, len1) != 0) { + fprintf(stderr, "FAIL: %s - bytes differ\n", label); + fprintf(stderr, "Got:\n"); + hexdump(d1, len1); + fprintf(stderr, "Want:\n"); + hexdump(d2, len2); + return 0; + } + return 1; +} + +/* Constructed octet string with length 12. */ +const uint8_t asn1_constructed_basic_ber[] = { + 0x24, 0x0c, + 0x04, 0x01, 0x01, + 0x04, 0x02, 0x01, 0x02, + 0x04, 0x03, 0x01, 0x02, 0x03 +}; +const uint8_t asn1_constructed_basic_content[] = { + 0x01, 0x01, 0x02, 0x01, 0x02, 0x03, +}; + +/* Nested constructed octet string. */ +const uint8_t asn1_constructed_nested_ber[] = { + 0x24, 0x1a, + 0x04, 0x01, 0x01, + 0x24, 0x15, + 0x04, 0x02, 0x02, 0x03, + 0x24, 0x0f, + 0x24, 0x0d, + 0x04, 0x03, 0x04, 0x05, 0x06, + 0x24, 0x06, + 0x24, 0x04, + 0x04, 0x02, 0x07, 0x08, +}; +const uint8_t asn1_constructed_nested_content[] = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, +}; + +/* Deeply nested constructed octet string. */ +const uint8_t asn1_constructed_deep_nested_ber[] = { + 0x24, 0x1b, + 0x04, 0x01, 0x01, + 0x24, 0x16, + 0x04, 0x02, 0x02, 0x03, + 0x24, 0x10, + 0x24, 0x0e, + 0x04, 0x03, 0x04, 0x05, 0x06, + 0x24, 0x07, + 0x24, 0x05, + 0x24, 0x03, + 0x04, 0x01, 0x07, +}; + +/* Constructed octet string with indefinite length. */ +const uint8_t asn1_constructed_indefinite_ber[] = { + 0x24, 0x80, + 0x04, 0x01, 0x01, + 0x04, 0x02, 0x01, 0x02, + 0x04, 0x03, 0x01, 0x02, 0x03, + 0x00, 0x00, +}; +const uint8_t asn1_constructed_indefinite_content[] = { + 0x01, 0x01, 0x02, 0x01, 0x02, 0x03, +}; + +struct asn1_constructed_test { + const char *name; + const uint8_t *asn1; + size_t asn1_len; + const uint8_t *want; + size_t want_len; + int want_error; + int valid; +}; + +const struct asn1_constructed_test asn1_constructed_tests[] = { + { + .name = "basic constructed", + .asn1 = asn1_constructed_basic_ber, + .asn1_len = sizeof(asn1_constructed_basic_ber), + .want = asn1_constructed_basic_content, + .want_len = sizeof(asn1_constructed_basic_content), + .valid = 1, + }, + { + .name = "nested constructed", + .asn1 = asn1_constructed_nested_ber, + .asn1_len = sizeof(asn1_constructed_nested_ber), + .want = asn1_constructed_nested_content, + .want_len = sizeof(asn1_constructed_nested_content), + .valid = 1, + }, + { + .name = "deep nested constructed", + .asn1 = asn1_constructed_deep_nested_ber, + .asn1_len = sizeof(asn1_constructed_deep_nested_ber), + .want_error = ASN1_R_NESTED_ASN1_STRING, + .valid = 0, + }, + { + .name = "indefinite length constructed", + .asn1 = asn1_constructed_indefinite_ber, + .asn1_len = sizeof(asn1_constructed_indefinite_ber), + .want = asn1_constructed_indefinite_content, + .want_len = sizeof(asn1_constructed_indefinite_content), + .valid = 1, + }, +}; + +#define N_CONSTRUCTED_TESTS \ + (sizeof(asn1_constructed_tests) / sizeof(*asn1_constructed_tests)) + +static int +do_asn1_constructed_test(const struct asn1_constructed_test *act) +{ + ASN1_OCTET_STRING *aos = NULL; + const uint8_t *p; + long err; + int failed = 1; + + ERR_clear_error(); + + p = act->asn1; + aos = d2i_ASN1_OCTET_STRING(NULL, &p, act->asn1_len); + if (!act->valid) { + if (aos != NULL) { + fprintf(stderr, "FAIL: invalid ASN.1 decoded\n"); + goto failed; + } + if (act->want_error != 0) { + err = ERR_peek_error(); + if (ERR_GET_REASON(err) != act->want_error) { + fprintf(stderr, "FAIL: got error reason %d," + "want %d", ERR_GET_REASON(err), + act->want_error); + goto failed; + } + } + goto done; + } + if (aos == NULL) { + fprintf(stderr, "FAIL: failed to decode ASN.1 constructed " + "octet string\n"); + ERR_print_errors_fp(stderr); + goto failed; + } + if (!asn1_compare_bytes(act->name, ASN1_STRING_data(aos), + ASN1_STRING_length(aos), act->want, act->want_len)) + goto failed; + + done: + failed = 0; + + failed: + ASN1_OCTET_STRING_free(aos); + + return failed; +} + +static int +do_asn1_constructed_tests(void) +{ + const struct asn1_constructed_test *act; + int failed = 0; + size_t i; + + for (i = 0; i < N_CONSTRUCTED_TESTS; i++) { + act = &asn1_constructed_tests[i]; + failed |= do_asn1_constructed_test(act); + } + + return failed; +} + +/* Sequence with length. */ +const uint8_t asn1_sequence_ber[] = { + 0x30, 0x16, + 0x04, 0x01, 0x01, + 0x04, 0x02, 0x01, 0x02, + 0x04, 0x03, 0x01, 0x02, 0x03, + 0x30, 0x80, 0x04, 0x01, 0x01, 0x00, 0x00, + 0x04, 0x01, 0x01, + + 0x04, 0x01, 0x01, /* Trailing data. */ +}; + +const uint8_t asn1_sequence_content[] = { + 0x30, 0x16, 0x04, 0x01, 0x01, 0x04, 0x02, 0x01, + 0x02, 0x04, 0x03, 0x01, 0x02, 0x03, 0x30, 0x80, + 0x04, 0x01, 0x01, 0x00, 0x00, 0x04, 0x01, 0x01, +}; + +/* Sequence with indefinite length. */ +const uint8_t asn1_sequence_indefinite_ber[] = { + 0x30, 0x80, + 0x04, 0x01, 0x01, + 0x04, 0x02, 0x01, 0x02, + 0x04, 0x03, 0x01, 0x02, 0x03, + 0x30, 0x80, 0x04, 0x01, 0x01, 0x00, 0x00, + 0x04, 0x01, 0x01, + 0x00, 0x00, + + 0x04, 0x01, 0x01, /* Trailing data. */ +}; + +const uint8_t asn1_sequence_indefinite_content[] = { + 0x30, 0x80, 0x04, 0x01, 0x01, 0x04, 0x02, 0x01, + 0x02, 0x04, 0x03, 0x01, 0x02, 0x03, 0x30, 0x80, + 0x04, 0x01, 0x01, 0x00, 0x00, 0x04, 0x01, 0x01, + 0x00, 0x00, +}; + +static int +do_asn1_sequence_string_tests(void) +{ + ASN1_STRING *astr = NULL; + const uint8_t *p; + long len; + int failed = 1; + + ERR_clear_error(); + + /* + * Test decoding of sequence with length and indefinite length into + * a string - in this case the ASN.1 is not decoded and is stored + * directly as the content for the string. + */ + if ((astr = ASN1_STRING_new()) == NULL) { + fprintf(stderr, "FAIL: ASN1_STRING_new() returned NULL\n"); + goto failed; + } + + p = asn1_sequence_ber; + len = sizeof(asn1_sequence_ber); + if (ASN1_item_d2i((ASN1_VALUE **)&astr, &p, len, + &ASN1_SEQUENCE_it) == NULL) { + fprintf(stderr, "FAIL: failed to decode ASN1_SEQUENCE\n"); + ERR_print_errors_fp(stderr); + goto failed; + } + + if (!asn1_compare_bytes("sequence", ASN1_STRING_data(astr), + ASN1_STRING_length(astr), asn1_sequence_content, + sizeof(asn1_sequence_content))) + goto failed; + + p = asn1_sequence_indefinite_ber; + len = sizeof(asn1_sequence_indefinite_ber); + if (ASN1_item_d2i((ASN1_VALUE **)&astr, &p, len, + &ASN1_SEQUENCE_it) == NULL) { + fprintf(stderr, "FAIL: failed to decode ASN1_SEQUENCE\n"); + ERR_print_errors_fp(stderr); + goto failed; + } + + if (!asn1_compare_bytes("sequence indefinite", ASN1_STRING_data(astr), + ASN1_STRING_length(astr), asn1_sequence_indefinite_content, + sizeof(asn1_sequence_indefinite_content))) + goto failed; + + failed = 0; + + failed: + ASN1_STRING_free(astr); + + return failed; +} + +int +main(int argc, char **argv) +{ + int failed = 0; + + failed |= do_asn1_constructed_tests(); + failed |= do_asn1_sequence_string_tests(); + + return (failed); +} diff --git a/tests/asn1evp.c b/tests/asn1evp.c index 7e290d5d..0bf0a5fb 100644 --- a/tests/asn1evp.c +++ b/tests/asn1evp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1evp.c,v 1.4 2021/04/06 16:30:27 tb Exp $ */ +/* $OpenBSD: asn1evp.c,v 1.5 2022/09/05 21:06:31 tb Exp $ */ /* * Copyright (c) 2017 Joel Sing * @@ -84,12 +84,12 @@ main(int argc, char **argv) goto done; } if (at->type != V_ASN1_SEQUENCE) { - fprintf(stderr, "FAIL: not a V_ASN1_SEQUENCE (%i != %i)\n", + fprintf(stderr, "FAIL: not a V_ASN1_SEQUENCE (%d != %d)\n", at->type, V_ASN1_SEQUENCE); goto done; } if (at->value.sequence->type != V_ASN1_OCTET_STRING) { - fprintf(stderr, "FAIL: not a V_ASN1_OCTET_STRING (%i != %i)\n", + fprintf(stderr, "FAIL: not a V_ASN1_OCTET_STRING (%d != %d)\n", at->type, V_ASN1_OCTET_STRING); goto done; } @@ -106,7 +106,7 @@ main(int argc, char **argv) goto done; } if (num != TEST_NUM) { - fprintf(stderr, "FAIL: got num %li, want %li\n", num, TEST_NUM); + fprintf(stderr, "FAIL: got num %ld, want %ld\n", num, TEST_NUM); goto done; } if (compare_data("octet string", data, len, @@ -126,11 +126,11 @@ main(int argc, char **argv) goto done; } if (num != TEST_NUM) { - fprintf(stderr, "FAIL: got num %li, want %li\n", num, TEST_NUM); + fprintf(stderr, "FAIL: got num %ld, want %ld\n", num, TEST_NUM); goto done; } if (len != sizeof(test_octetstring)) { - fprintf(stderr, "FAIL: got length mismatch (%i != %zu)\n", + fprintf(stderr, "FAIL: got length mismatch (%d != %zu)\n", len, sizeof(test_octetstring)); goto done; } diff --git a/tests/asn1object.c b/tests/asn1object.c new file mode 100644 index 00000000..3452a713 --- /dev/null +++ b/tests/asn1object.c @@ -0,0 +1,495 @@ +/* $OpenBSD: asn1object.c,v 1.9 2022/09/05 21:06:31 tb Exp $ */ +/* + * Copyright (c) 2017, 2021, 2022 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include +#include +#include + +#include "asn1_locl.h" + +static void +hexdump(const unsigned char *buf, size_t len) +{ + size_t i; + + for (i = 1; i <= len; i++) + fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n"); + + fprintf(stderr, "\n"); +} + +static int +asn1_compare_bytes(const char *label, const unsigned char *d1, int len1, + const unsigned char *d2, int len2) +{ + if (len1 != len2) { + fprintf(stderr, "FAIL: %s - byte lengths differ " + "(%d != %d)\n", label, len1, len2); + fprintf(stderr, "Got:\n"); + hexdump(d1, len1); + fprintf(stderr, "Want:\n"); + hexdump(d2, len2); + return 0; + } + if (memcmp(d1, d2, len1) != 0) { + fprintf(stderr, "FAIL: %s - bytes differ\n", label); + fprintf(stderr, "Got:\n"); + hexdump(d1, len1); + fprintf(stderr, "Want:\n"); + hexdump(d2, len2); + return 0; + } + return 1; +} + +struct asn1_object_test { + const char *oid; + const char *txt; + const uint8_t content[255]; + size_t content_len; + const uint8_t der[255]; + size_t der_len; + int want_error; +}; + +struct asn1_object_test asn1_object_tests[] = { + { + .oid = "2.5", + .txt = "directory services (X.500)", + .content = { + 0x55, + }, + .content_len = 1, + .der = { + 0x06, 0x01, 0x55, + }, + .der_len = 3, + }, + { + .oid = "2.5.4", + .txt = "X509", + .content = { + 0x55, 0x04, + }, + .content_len = 2, + .der = { + 0x06, 0x02, 0x55, 0x04, + }, + .der_len = 4, + }, + { + .oid = "2.5.4.10", + .txt = "organizationName", + .content = { + 0x55, 0x04, 0x0a, + }, + .content_len = 3, + .der = { + 0x06, 0x03, 0x55, 0x04, 0x0a, + }, + .der_len = 5, + }, + { + .oid = "2 5 4 10", + .txt = "organizationName", + .content = { + 0x55, 0x04, 0x0a, + }, + .content_len = 3, + .der = { + 0x06, 0x03, 0x55, 0x04, 0x0a, + }, + .der_len = 5, + }, + { + .oid = "2.5.0.0", + .txt = "2.5.0.0", + .content = { + 0x55, 0x00, 0x00, + }, + .content_len = 3, + .der = { + 0x06, 0x03, 0x55, 0x00, 0x00, + }, + .der_len = 5, + }, + { + .oid = "0.0.0.0", + .txt = "0.0.0.0", + .content = { + 0x00, 0x00, 0x00, + }, + .content_len = 3, + .der = { + 0x06, 0x03, 0x00, 0x00, 0x00, + }, + .der_len = 5, + }, + { + .oid = "1.3.6.1.4.1.11129.2.4.5", + .txt = "CT Certificate SCTs", + .content = { + 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, + 0x04, 0x05, + }, + .content_len = 10, + .der = { + 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, + 0x79, 0x02, 0x04, 0x05, + }, + .der_len = 12, + }, + { + .oid = "2.00005.0000000000004.10", + .want_error = ASN1_R_INVALID_NUMBER, + }, + { + .oid = "2..5.4.10", + .want_error = ASN1_R_INVALID_NUMBER, + }, + { + .oid = "2.5..4.10", + .want_error = ASN1_R_INVALID_NUMBER, + }, + { + .oid = "2.5.4..10", + .want_error = ASN1_R_INVALID_NUMBER, + }, + { + .oid = "2.5.4.10.", + .want_error = ASN1_R_INVALID_NUMBER, + }, + { + .oid = "3.5.4.10", + .want_error = ASN1_R_FIRST_NUM_TOO_LARGE, + }, + { + .oid = "0.40.4.10", + .want_error = ASN1_R_SECOND_NUMBER_TOO_LARGE, + }, + { + .oid = "1.40.4.10", + .want_error = ASN1_R_SECOND_NUMBER_TOO_LARGE, + }, + { + .oid = "2", + .want_error = ASN1_R_MISSING_SECOND_NUMBER, + }, + { + .oid = "2.5 4.10", + .want_error = ASN1_R_INVALID_SEPARATOR, + }, + { + .oid = "2,5,4,10", + .want_error = ASN1_R_INVALID_SEPARATOR, + }, + { + .oid = "2.5,4.10", + .want_error = ASN1_R_INVALID_DIGIT, + }, + { + .oid = "2a.5.4.10", + .want_error = ASN1_R_INVALID_SEPARATOR, + }, + { + .oid = "2.5a.4.10", + .want_error = ASN1_R_INVALID_DIGIT, + }, +}; + +#define N_ASN1_OBJECT_TESTS \ + (sizeof(asn1_object_tests) / sizeof(*asn1_object_tests)) + +static int +do_asn1_object_test(struct asn1_object_test *aot) +{ + ASN1_OBJECT *aobj = NULL; + uint8_t buf[1024]; + const uint8_t *p; + uint8_t *q; + int err, ret; + int failed = 1; + + ERR_clear_error(); + + ret = a2d_ASN1_OBJECT(NULL, 0, aot->oid, -1); + if (ret < 0 || (size_t)ret != aot->content_len) { + fprintf(stderr, "FAIL: a2d_ASN1_OBJECT('%s') = %d, want %zu\n", + aot->oid, ret, aot->content_len); + goto failed; + } + ret = a2d_ASN1_OBJECT(buf, sizeof(buf), aot->oid, -1); + if (ret < 0 || (size_t)ret != aot->content_len) { + fprintf(stderr, "FAIL: a2d_ASN1_OBJECT('%s') = %d, want %zu\n", + aot->oid, ret, aot->content_len); + goto failed; + } + if (aot->content_len == 0) { + err = ERR_peek_error(); + if (ERR_GET_REASON(err) != aot->want_error) { + fprintf(stderr, "FAIL: a2d_ASN1_OBJECT('%s') - got " + "error reason %d, want %d\n", aot->oid, + ERR_GET_REASON(err), aot->want_error); + goto failed; + } + goto done; + } + + if (!asn1_compare_bytes("ASN1_OBJECT content", buf, ret, aot->content, + aot->content_len)) + goto failed; + + p = aot->content; + if ((aobj = c2i_ASN1_OBJECT(NULL, &p, aot->content_len)) == NULL) { + fprintf(stderr, "FAIL: c2i_ASN1_OBJECT() failed\n"); + goto failed; + } + + q = buf; + ret = i2d_ASN1_OBJECT(aobj, &q); + if (!asn1_compare_bytes("ASN1_OBJECT DER", buf, ret, aot->der, + aot->der_len)) + goto failed; + + ASN1_OBJECT_free(aobj); + aobj = NULL; + + p = aot->der; + if ((aobj = d2i_ASN1_OBJECT(NULL, &p, aot->der_len)) == NULL) { + fprintf(stderr, "FAIL: d2i_ASN1_OBJECT() failed\n"); + goto failed; + } + if (p != aot->der + aot->der_len) { + fprintf(stderr, "FAIL: d2i_ASN1_OBJECT() p = %p, want %p\n", + p, aot->der + aot->der_len); + goto failed; + } + + if (aot->txt != NULL) { + ret = i2t_ASN1_OBJECT(buf, sizeof(buf), aobj); + if (ret <= 0 || (size_t)ret >= sizeof(buf)) { + fprintf(stderr, "FAIL: i2t_ASN1_OBJECT() failed\n"); + goto failed; + } + if (strcmp(aot->txt, buf) != 0) { + fprintf(stderr, "FAIL: i2t_ASN1_OBJECT() = '%s', " + "want '%s'\n", buf, aot->txt); + goto failed; + } + } + + done: + failed = 0; + + failed: + ASN1_OBJECT_free(aobj); + + return failed; +} + +static int +asn1_object_test(void) +{ + int failed = 0; + size_t i; + + for (i = 0; i < N_ASN1_OBJECT_TESTS; i++) + failed |= do_asn1_object_test(&asn1_object_tests[i]); + + return failed; +} + +const uint8_t asn1_object_bad_content1[] = { + 0x55, 0x80, 0x04, 0x0a, +}; +const uint8_t asn1_object_bad_content2[] = { + 0x55, 0x04, 0x8a, +}; + +static int +asn1_object_bad_content_test(void) +{ + ASN1_OBJECT *aobj = NULL; + const uint8_t *p; + size_t len; + int failed = 1; + + p = asn1_object_bad_content1; + len = sizeof(asn1_object_bad_content1); + if ((aobj = c2i_ASN1_OBJECT(NULL, &p, len)) != NULL) { + fprintf(stderr, "FAIL: c2i_ASN1_OBJECT() succeeded with bad " + "content 1\n"); + goto failed; + } + + p = asn1_object_bad_content2; + len = sizeof(asn1_object_bad_content2); + if ((aobj = c2i_ASN1_OBJECT(NULL, &p, len)) != NULL) { + fprintf(stderr, "FAIL: c2i_ASN1_OBJECT() succeeded with bad " + "content 2\n"); + goto failed; + } + + failed = 0; + + failed: + ASN1_OBJECT_free(aobj); + + return failed; +} + +static int +asn1_object_txt_test(void) +{ + const char *obj_txt = "organizationName"; + ASN1_OBJECT *aobj = NULL; + uint8_t small_buf[2]; + const uint8_t *p; + int err, len, ret; + BIO *bio = NULL; + char *data; + long data_len; + int failed = 1; + + ERR_clear_error(); + + ret = a2d_ASN1_OBJECT(small_buf, sizeof(small_buf), "1.2.3.4", -1); + if (ret != 0) { + fprintf(stderr, "FAIL: a2d_ASN1_OBJECT() with small buffer " + "returned %d, want %d\n", ret, 0); + goto failed; + } + err = ERR_peek_error(); + if (ERR_GET_REASON(err) != ASN1_R_BUFFER_TOO_SMALL) { + fprintf(stderr, "FAIL: Got error reason %d, want %d\n", + ERR_GET_REASON(err), ASN1_R_BUFFER_TOO_SMALL); + goto failed; + } + + p = &asn1_object_tests[2].der[0]; + len = asn1_object_tests[2].der_len; + aobj = d2i_ASN1_OBJECT(NULL, &p, len); + if (aobj == NULL) { + fprintf(stderr, "FAIL: d2i_ASN1_OBJECT() failed\n"); + goto failed; + } + ret = i2t_ASN1_OBJECT(small_buf, sizeof(small_buf), aobj); + if (ret < 0 || (unsigned long)ret != strlen(obj_txt)) { + fprintf(stderr, "FAIL: i2t_ASN1_OBJECT() with small buffer " + "returned %d, want %zu\n", ret, strlen(obj_txt)); + goto failed; + } + + if ((bio = BIO_new(BIO_s_mem())) == NULL) { + fprintf(stderr, "FAIL: BIO_new() returned NULL\n"); + goto failed; + } + ret = i2a_ASN1_OBJECT(bio, NULL); + if (ret != 4) { + fprintf(stderr, "FAIL: i2a_ASN1_OBJECT(_, NULL) returned %d, " + "want 4\n", ret); + goto failed; + } + data_len = BIO_get_mem_data(bio, &data); + if (ret != data_len || memcmp("NULL", data, data_len) != 0) { + fprintf(stderr, "FAIL: i2a_ASN1_OBJECT(_, NULL) did not return " + "'NULL'\n"); + goto failed; + } + + if ((ret = BIO_reset(bio)) <= 0) { + fprintf(stderr, "FAIL: BIO_reset failed: ret = %d\n", ret); + goto failed; + } + ret = i2a_ASN1_OBJECT(bio, aobj); + if (ret < 0 || (unsigned long)ret != strlen(obj_txt)) { + fprintf(stderr, "FAIL: i2a_ASN1_OBJECT() returned %d, " + "want %zu\n", ret, strlen(obj_txt)); + goto failed; + } + data_len = BIO_get_mem_data(bio, &data); + if (ret != data_len || memcmp(obj_txt, data, data_len) != 0) { + fprintf(stderr, "FAIL: i2a_ASN1_OBJECT() did not return " + "'%s'\n", obj_txt); + goto failed; + } + + failed = 0; + + failed: + ASN1_OBJECT_free(aobj); + BIO_free(bio); + + return failed; +} + +const uint8_t asn1_large_oid_der[] = { + 0x06, 0x26, + 0x2b, 0x8f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, +}; + +static int +asn1_object_large_oid_test(void) +{ + ASN1_OBJECT *aobj = NULL; + uint8_t buf[1024]; + const uint8_t *p; + uint8_t *q; + int ret; + int failed = 1; + + failed = 0; + + p = asn1_large_oid_der; + aobj = d2i_ASN1_OBJECT(NULL, &p, sizeof(asn1_large_oid_der)); + if (aobj == NULL) { + fprintf(stderr, "FAIL: d2i_ASN1_OBJECT() failed with " + "large oid\n"); + goto failed; + } + + q = buf; + ret = i2d_ASN1_OBJECT(aobj, &q); + if (!asn1_compare_bytes("ASN1_OBJECT DER", buf, ret, asn1_large_oid_der, + sizeof(asn1_large_oid_der))) + goto failed; + + failed: + ASN1_OBJECT_free(aobj); + + return failed; +} + +int +main(int argc, char **argv) +{ + int failed = 0; + + failed |= asn1_object_test(); + failed |= asn1_object_bad_content_test(); + failed |= asn1_object_txt_test(); + failed |= asn1_object_large_oid_test(); + + return (failed); +} diff --git a/tests/asn1string_copy.c b/tests/asn1string_copy.c new file mode 100644 index 00000000..9c71dd08 --- /dev/null +++ b/tests/asn1string_copy.c @@ -0,0 +1,119 @@ +/* $OpenBSD: asn1string_copy.c,v 1.1 2021/11/13 20:50:14 schwarze Exp $ */ +/* + * Copyright (c) 2021 Ingo Schwarze + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include + +int +main(void) +{ + const unsigned char *data = "hello world"; + const unsigned char *str; + ASN1_STRING *src, *dst; + int irc; + + /* Set up the source string. */ + + if ((src = ASN1_IA5STRING_new()) == NULL) + err(1, "FAIL: ASN1_IA5STRING_new() returned NULL"); + if (ASN1_STRING_set(src, data, -1) == 0) + err(1, "FAIL: ASN1_STRING_set(src) failed"); + if ((str = ASN1_STRING_get0_data(src)) == NULL) + errx(1, "FAIL: 1st ASN1_STRING_get0_data(src) returned NULL"); + if (strcmp(str, data)) + errx(1, "FAIL: 1st ASN1_STRING_get0_data(src) " + "returned wrong data: \"%s\" (expected \"%s\")", + str, data); + if ((irc = ASN1_STRING_length(src)) != (int)strlen(data)) + errx(1, "FAIL: 1st ASN1_STRING_length(src) " + "returned a wrong length: %d (expected %zu)", + irc, strlen(data)); + if ((irc = ASN1_STRING_type(src)) != V_ASN1_IA5STRING) + errx(1, "FAIL: 1st ASN1_STRING_type(src) " + "returned a wrong type: %d (expected %d)", + irc, V_ASN1_IA5STRING); + + /* Set up the destination string. */ + + if ((dst = ASN1_STRING_new()) == NULL) + err(1, "FAIL: ASN1_STRING_new() returned NULL"); + if ((str = ASN1_STRING_get0_data(dst)) != NULL) + errx(1, "FAIL: 1st ASN1_STRING_get0_data(dst) " + "returned \"%s\" (expected NULL)", str); + if ((irc = ASN1_STRING_length(dst)) != 0) + errx(1, "FAIL: 1st ASN1_STRING_length(dst) " + "returned a wrong length: %d (expected 0)", irc); + if ((irc = ASN1_STRING_type(dst)) != V_ASN1_OCTET_STRING) + errx(1, "FAIL: 1st ASN1_STRING_type(dst) " + "returned a wrong type: %d (expected %d)", + irc, V_ASN1_OCTET_STRING); + ASN1_STRING_length_set(dst, -1); + if ((str = ASN1_STRING_get0_data(dst)) != NULL) + errx(1, "FAIL: 2nd ASN1_STRING_get0_data(dst) " + "returned \"%s\" (expected NULL)", str); + if ((irc = ASN1_STRING_length(dst)) != -1) + errx(1, "FAIL: 2nd ASN1_STRING_length(dst) " + "returned a wrong length: %d (expected -1)", irc); + if ((irc = ASN1_STRING_type(dst)) != V_ASN1_OCTET_STRING) + errx(1, "FAIL: 2nd ASN1_STRING_type(dst) " + "returned a wrong type: %d (expected %d)", + irc, V_ASN1_OCTET_STRING); + + /* Attempt to copy in the wrong direction. */ + + if (ASN1_STRING_copy(src, dst) != 0) + errx(1, "FAIL: ASN1_STRING_copy unexpectedly succeeded"); + if ((str = ASN1_STRING_get0_data(src)) == NULL) + errx(1, "FAIL: 2nd ASN1_STRING_get0_data(src) returned NULL"); + if (strcmp(str, data)) + errx(1, "FAIL: 2nd ASN1_STRING_get0_data(src) " + "returned wrong data: \"%s\" (expected \"%s\")", + str, data); + if ((irc = ASN1_STRING_length(src)) != (int)strlen(data)) + errx(1, "FAIL: 2nd ASN1_STRING_length(src) " + "returned a wrong length: %d (expected %zu)", + irc, strlen(data)); + if ((irc = ASN1_STRING_type(src)) != V_ASN1_IA5STRING) + errx(1, "FAIL: 2nd ASN1_STRING_type(src) " + "returned a wrong type: %d (expected %d)", + irc, V_ASN1_IA5STRING); + + /* Copy in the right direction. */ + + if (ASN1_STRING_copy(dst, src) != 1) + err(1, "FAIL: ASN1_STRING_copy unexpectedly failed"); + if ((str = ASN1_STRING_get0_data(dst)) == NULL) + errx(1, "FAIL: 3rd ASN1_STRING_get0_data(dst) returned NULL"); + if (strcmp(str, data)) + errx(1, "FAIL: 3rd ASN1_STRING_get0_data(dst) " + "returned wrong data: \"%s\" (expected \"%s\")", + str, data); + if ((irc = ASN1_STRING_length(dst)) != (int)strlen(data)) + errx(1, "FAIL: 3rd ASN1_STRING_length(dst) " + "returned a wrong length: %d (expected %zu)", + irc, strlen(data)); + if ((irc = ASN1_STRING_type(dst)) != V_ASN1_IA5STRING) + errx(1, "FAIL: 3rd ASN1_STRING_type(dst) " + "returned a wrong type: %d (expected %d)", + irc, V_ASN1_IA5STRING); + + ASN1_STRING_free(src); + ASN1_STRING_free(dst); + return 0; +} diff --git a/tests/asn1test.c b/tests/asn1test.c index 18a97138..4cb905a8 100644 --- a/tests/asn1test.c +++ b/tests/asn1test.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1test.c,v 1.8 2021/06/30 18:09:46 jsing Exp $ */ +/* $OpenBSD: asn1test.c,v 1.11 2022/06/07 18:00:51 tb Exp $ */ /* * Copyright (c) 2014, 2016 Joel Sing * @@ -272,18 +272,18 @@ session_cmp(SSL_SESSION *s1, SSL_SESSION *s2) { /* Compare the ASN.1 encoded values from two sessions. */ if (s1->ssl_version != s2->ssl_version) { - fprintf(stderr, "ssl_version differs: %i != %i\n", + fprintf(stderr, "ssl_version differs: %d != %d\n", s1->ssl_version, s2->ssl_version); return (1); } if (s1->cipher_id != s2->cipher_id) { - fprintf(stderr, "cipher_id differs: %li != %li\n", + fprintf(stderr, "cipher_id differs: %ld != %ld\n", s1->cipher_id, s2->cipher_id); return (1); } if (s1->master_key_length != s2->master_key_length) { - fprintf(stderr, "master_key_length differs: %i != %i\n", + fprintf(stderr, "master_key_length differs: %zu != %zu\n", s1->master_key_length, s2->master_key_length); return (1); } @@ -294,7 +294,7 @@ session_cmp(SSL_SESSION *s1, SSL_SESSION *s2) } if (s1->session_id_length != s2->session_id_length) { - fprintf(stderr, "session_id_length differs: %i != %i\n", + fprintf(stderr, "session_id_length differs: %zu != %zu\n", s1->session_id_length, s2->session_id_length); return (1); } @@ -305,7 +305,7 @@ session_cmp(SSL_SESSION *s1, SSL_SESSION *s2) } if (s1->sid_ctx_length != s2->sid_ctx_length) { - fprintf(stderr, "sid_ctx_length differs: %i != %i\n", + fprintf(stderr, "sid_ctx_length differs: %zu != %zu\n", s1->sid_ctx_length, s2->sid_ctx_length); return (1); } @@ -317,28 +317,28 @@ session_cmp(SSL_SESSION *s1, SSL_SESSION *s2) /* d2i_SSL_SESSION uses the current time if decoding a zero value. */ if ((s1->time != s2->time) && s1->time != 0 && s2->time != 0) { - fprintf(stderr, "time differs: %lli != %lli\n", + fprintf(stderr, "time differs: %lld != %lld\n", (long long)s1->time, (long long)s2->time); return (1); } /* d2i_SSL_SESSION uses a timeout of 3 if decoding a zero value. */ if ((s1->timeout != s2->timeout) && s1->timeout != 3 && s2->timeout != 3) { - fprintf(stderr, "timeout differs: %li != %li\n", + fprintf(stderr, "timeout differs: %ld != %ld\n", s1->timeout, s2->timeout); return (1); } /* Ensure that a certificate is or is not present in both. */ - if ((s1->peer != NULL || s2->peer != NULL) && - (s1->peer == NULL || s2->peer == NULL || - X509_cmp(s1->peer, s2->peer) != 0)) { - fprintf(stderr, "peer differs\n"); + if ((s1->peer_cert != NULL || s2->peer_cert != NULL) && + (s1->peer_cert == NULL || s2->peer_cert == NULL || + X509_cmp(s1->peer_cert, s2->peer_cert) != 0)) { + fprintf(stderr, "peer_cert differs\n"); return (1); } if (s1->verify_result != s2->verify_result) { - fprintf(stderr, "verify_result differs: %li != %li\n", + fprintf(stderr, "verify_result differs: %ld != %ld\n", s1->verify_result, s2->verify_result); return (1); } @@ -350,7 +350,7 @@ session_cmp(SSL_SESSION *s1, SSL_SESSION *s2) } if (s1->tlsext_tick_lifetime_hint != s2->tlsext_tick_lifetime_hint) { fprintf(stderr, "tlsext_tick_lifetime_hint differs: " - "%li != %li\n", s1->tlsext_tick_lifetime_hint, + "%u != %u\n", s1->tlsext_tick_lifetime_hint, s2->tlsext_tick_lifetime_hint); return (1); } @@ -377,12 +377,12 @@ do_ssl_asn1_test(int test_no, struct ssl_asn1_test *sat) int i, len, rv = 1; if (sat->peer_cert) - sat->session.peer = peer_cert; + sat->session.peer_cert = peer_cert; len = i2d_SSL_SESSION(&sat->session, NULL); if (len != sat->asn1_len) { - fprintf(stderr, "FAIL: test %i returned ASN1 length %i, " - "want %i\n", test_no, len, sat->asn1_len); + fprintf(stderr, "FAIL: test %d returned ASN1 length %d, " + "want %d\n", test_no, len, sat->asn1_len); goto failed; } @@ -398,19 +398,19 @@ do_ssl_asn1_test(int test_no, struct ssl_asn1_test *sat) /* Check the length again since the code path is different. */ if (len != sat->asn1_len) { - fprintf(stderr, "FAIL: test %i returned ASN1 length %i, " - "want %i\n", test_no, len, sat->asn1_len); + fprintf(stderr, "FAIL: test %d returned ASN1 length %d, " + "want %d\n", test_no, len, sat->asn1_len); goto failed; } /* ap should now point at the end of the buffer. */ if (ap - asn1 != len) { - fprintf(stderr, "FAIL: test %i pointer increment does not " - "match length (%i != %i)\n", test_no, (int)(ap - asn1), len); + fprintf(stderr, "FAIL: test %d pointer increment does not " + "match length (%d != %d)\n", test_no, (int)(ap - asn1), len); goto failed; } if (memcmp(asn1, &sat->asn1, len) != 0) { - fprintf(stderr, "FAIL: test %i - encoding differs:\n", test_no); + fprintf(stderr, "FAIL: test %d - encoding differs:\n", test_no); fprintf(stderr, "encoding:\n"); for (i = 1; i <= len; i++) { fprintf(stderr, " 0x%02hhx,", asn1[i - 1]); @@ -431,12 +431,12 @@ do_ssl_asn1_test(int test_no, struct ssl_asn1_test *sat) pp = sat->asn1; if ((sp = d2i_SSL_SESSION(NULL, &pp, sat->asn1_len)) == NULL) { - fprintf(stderr, "FAIL: test %i - decoding failed\n", test_no); + fprintf(stderr, "FAIL: test %d - decoding failed\n", test_no); goto failed; } if (session_cmp(sp, &sat->session) != 0) { - fprintf(stderr, "FAIL: test %i - decoding differs\n", test_no); + fprintf(stderr, "FAIL: test %d - decoding differs\n", test_no); goto failed; } diff --git a/tests/asn1time.c b/tests/asn1time.c index 6a3921bd..0adac083 100644 --- a/tests/asn1time.c +++ b/tests/asn1time.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1time.c,v 1.8 2015/12/28 14:18:38 bcook Exp $ */ +/* $OpenBSD: asn1time.c,v 1.16 2022/09/05 21:06:31 tb Exp $ */ /* * Copyright (c) 2015 Joel Sing * @@ -66,9 +66,49 @@ struct asn1_time_test asn1_invtime_tests[] = { { .str = "aaaaaaaaaaaaaaZ", }, + /* utc time with omitted seconds, should fail */ + { + .str = "1609082343Z", + }, +}; + +struct asn1_time_test asn1_invgentime_tests[] = { + /* Generalized time with omitted seconds, should fail */ + { + .str = "201612081934Z", + }, + /* Valid UTC time, should fail as a generalized time */ + { + .str = "160908234300Z", + }, +}; + +struct asn1_time_test asn1_goodtime_tests[] = { + { + .str = "99990908234339Z", + .time = 1, + }, + { + .str = "201612081934Z", + .time = 1, + }, + { + .str = "1609082343Z", + .time = 0, + }, }; struct asn1_time_test asn1_gentime_tests[] = { + { + .str = "20161208193400Z", + .data = "20161208193400Z", + .time = 1481225640, + .der = { + 0x18, 0x0f, 0x32, 0x30, 0x31, 0x36, 0x31, 0x32, + 0x30, 0x38, 0x31, 0x39, 0x33, 0x34, 0x30, 0x30, + 0x5a, + }, + }, { .str = "19700101000000Z", .data = "19700101000000Z", @@ -132,6 +172,8 @@ struct asn1_time_test asn1_utctime_tests[] = { #define N_INVTIME_TESTS \ (sizeof(asn1_invtime_tests) / sizeof(*asn1_invtime_tests)) +#define N_INVGENTIME_TESTS \ + (sizeof(asn1_invgentime_tests) / sizeof(*asn1_invgentime_tests)) #define N_GENTIME_TESTS \ (sizeof(asn1_gentime_tests) / sizeof(*asn1_gentime_tests)) #define N_UTCTIME_TESTS \ @@ -153,16 +195,17 @@ asn1_compare_bytes(int test_no, const unsigned char *d1, const unsigned char *d2, int len1, int len2) { if (len1 != len2) { - fprintf(stderr, "FAIL: test %i - byte lengths differ " - "(%i != %i)\n", test_no, len1, len2); + fprintf(stderr, "FAIL: test %d - byte lengths differ " + "(%d != %d)\n", test_no, len1, len2); return (1); } if (memcmp(d1, d2, len1) != 0) { - fprintf(stderr, "FAIL: test %i - bytes differ\n", test_no); + fprintf(stderr, "FAIL: test %d - bytes differ\n", test_no); fprintf(stderr, "Got:\n"); hexdump(d1, len1); fprintf(stderr, "Want:\n"); hexdump(d2, len2); + return (1); } return (0); } @@ -173,12 +216,12 @@ asn1_compare_str(int test_no, struct asn1_string_st *asn1str, const char *str) int length = strlen(str); if (asn1str->length != length) { - fprintf(stderr, "FAIL: test %i - string lengths differ " - "(%i != %i)\n", test_no, asn1str->length, length); + fprintf(stderr, "FAIL: test %d - string lengths differ " + "(%d != %d)\n", test_no, asn1str->length, length); return (1); } if (strncmp(asn1str->data, str, length) != 0) { - fprintf(stderr, "FAIL: test %i - strings differ " + fprintf(stderr, "FAIL: test %d - strings differ " "('%s' != '%s')\n", test_no, asn1str->data, str); return (1); } @@ -187,7 +230,7 @@ asn1_compare_str(int test_no, struct asn1_string_st *asn1str, const char *str) } static int -asn1_invtime_test(int test_no, struct asn1_time_test *att) +asn1_invtime_test(int test_no, struct asn1_time_test *att, int gen) { ASN1_GENERALIZEDTIME *gt = NULL; ASN1_UTCTIME *ut = NULL; @@ -202,17 +245,28 @@ asn1_invtime_test(int test_no, struct asn1_time_test *att) goto done; if (ASN1_GENERALIZEDTIME_set_string(gt, att->str) != 0) { - fprintf(stderr, "FAIL: test %i - successfully set " + fprintf(stderr, "FAIL: test %d - successfully set " "GENERALIZEDTIME string '%s'\n", test_no, att->str); goto done; } + + if (gen) { + failure = 0; + goto done; + } + if (ASN1_UTCTIME_set_string(ut, att->str) != 0) { - fprintf(stderr, "FAIL: test %i - successfully set UTCTIME " + fprintf(stderr, "FAIL: test %d - successfully set UTCTIME " "string '%s'\n", test_no, att->str); goto done; } if (ASN1_TIME_set_string(t, att->str) != 0) { - fprintf(stderr, "FAIL: test %i - successfully set TIME " + fprintf(stderr, "FAIL: test %d - successfully set TIME " + "string '%s'\n", test_no, att->str); + goto done; + } + if (ASN1_TIME_set_string_X509(t, att->str) != 0) { + fprintf(stderr, "FAIL: test %d - successfully set x509 TIME " "string '%s'\n", test_no, att->str); goto done; } @@ -235,9 +289,10 @@ asn1_gentime_test(int test_no, struct asn1_time_test *att) ASN1_GENERALIZEDTIME *gt = NULL; int failure = 1; int len; + struct tm tm; if (ASN1_GENERALIZEDTIME_set_string(NULL, att->str) != 1) { - fprintf(stderr, "FAIL: test %i - failed to set string '%s'\n", + fprintf(stderr, "FAIL: test %d - failed to set string '%s'\n", test_no, att->str); goto done; } @@ -246,15 +301,30 @@ asn1_gentime_test(int test_no, struct asn1_time_test *att) goto done; if (ASN1_GENERALIZEDTIME_set_string(gt, att->str) != 1) { - fprintf(stderr, "FAIL: test %i - failed to set string '%s'\n", + fprintf(stderr, "FAIL: test %d - failed to set string '%s'\n", test_no, att->str); goto done; } if (asn1_compare_str(test_no, gt, att->str) != 0) goto done; + if (ASN1_TIME_to_tm(gt, &tm) == 0) { + fprintf(stderr, "FAIL: test %d - ASN1_time_to_tm failed '%s'\n", + test_no, att->str); + goto done; + } + + if (timegm(&tm) != att->time) { + /* things with crappy time_t should die in fire */ + int64_t a = timegm(&tm); + int64_t b = att->time; + fprintf(stderr, "FAIL: test %d - times don't match, expected %lld got %lld\n", + test_no, (long long)b, (long long)a); + goto done; + } + if ((len = i2d_ASN1_GENERALIZEDTIME(gt, &p)) <= 0) { - fprintf(stderr, "FAIL: test %i - i2d_ASN1_GENERALIZEDTIME " + fprintf(stderr, "FAIL: test %d - i2d_ASN1_GENERALIZEDTIME " "failed\n", test_no); goto done; } @@ -264,7 +334,7 @@ asn1_gentime_test(int test_no, struct asn1_time_test *att) len = strlen(att->der); if (d2i_ASN1_GENERALIZEDTIME(>, &der, len) == NULL) { - fprintf(stderr, "FAIL: test %i - d2i_ASN1_GENERALIZEDTIME " + fprintf(stderr, "FAIL: test %d - d2i_ASN1_GENERALIZEDTIME " "failed\n", test_no); goto done; } @@ -274,7 +344,7 @@ asn1_gentime_test(int test_no, struct asn1_time_test *att) ASN1_GENERALIZEDTIME_free(gt); if ((gt = ASN1_GENERALIZEDTIME_set(NULL, att->time)) == NULL) { - fprintf(stderr, "FAIL: test %i - failed to set time %lli\n", + fprintf(stderr, "FAIL: test %d - failed to set time %lld\n", test_no, (long long)att->time); goto done; } @@ -300,7 +370,7 @@ asn1_utctime_test(int test_no, struct asn1_time_test *att) int len; if (ASN1_UTCTIME_set_string(NULL, att->str) != 1) { - fprintf(stderr, "FAIL: test %i - failed to set string '%s'\n", + fprintf(stderr, "FAIL: test %d - failed to set string '%s'\n", test_no, att->str); goto done; } @@ -309,7 +379,7 @@ asn1_utctime_test(int test_no, struct asn1_time_test *att) goto done; if (ASN1_UTCTIME_set_string(ut, att->str) != 1) { - fprintf(stderr, "FAIL: test %i - failed to set string '%s'\n", + fprintf(stderr, "FAIL: test %d - failed to set string '%s'\n", test_no, att->str); goto done; } @@ -317,7 +387,7 @@ asn1_utctime_test(int test_no, struct asn1_time_test *att) goto done; if ((len = i2d_ASN1_UTCTIME(ut, &p)) <= 0) { - fprintf(stderr, "FAIL: test %i - i2d_ASN1_UTCTIME failed\n", + fprintf(stderr, "FAIL: test %d - i2d_ASN1_UTCTIME failed\n", test_no); goto done; } @@ -327,7 +397,7 @@ asn1_utctime_test(int test_no, struct asn1_time_test *att) len = strlen(att->der); if (d2i_ASN1_UTCTIME(&ut, &der, len) == NULL) { - fprintf(stderr, "FAIL: test %i - d2i_ASN1_UTCTIME failed\n", + fprintf(stderr, "FAIL: test %d - d2i_ASN1_UTCTIME failed\n", test_no); goto done; } @@ -337,7 +407,7 @@ asn1_utctime_test(int test_no, struct asn1_time_test *att) ASN1_UTCTIME_free(ut); if ((ut = ASN1_UTCTIME_set(NULL, att->time)) == NULL) { - fprintf(stderr, "FAIL: test %i - failed to set time %lli\n", + fprintf(stderr, "FAIL: test %d - failed to set time %lld\n", test_no, (long long)att->time); goto done; } @@ -356,11 +426,11 @@ asn1_utctime_test(int test_no, struct asn1_time_test *att) static int asn1_time_test(int test_no, struct asn1_time_test *att, int type) { - ASN1_TIME *t = NULL; + ASN1_TIME *t = NULL, *tx509 = NULL; int failure = 1; if (ASN1_TIME_set_string(NULL, att->str) != 1) { - fprintf(stderr, "FAIL: test %i - failed to set string '%s'\n", + fprintf(stderr, "FAIL: test %d - failed to set string '%s'\n", test_no, att->str); goto done; } @@ -368,23 +438,51 @@ asn1_time_test(int test_no, struct asn1_time_test *att, int type) if ((t = ASN1_TIME_new()) == NULL) goto done; + if ((tx509 = ASN1_TIME_new()) == NULL) + goto done; + if (ASN1_TIME_set_string(t, att->str) != 1) { - fprintf(stderr, "FAIL: test %i - failed to set string '%s'\n", + fprintf(stderr, "FAIL: test %d - failed to set string '%s'\n", test_no, att->str); goto done; } if (t->type != type) { - fprintf(stderr, "FAIL: test %i - got type %i, want %i\n", + fprintf(stderr, "FAIL: test %d - got type %d, want %d\n", test_no, t->type, type); goto done; } + if (ASN1_TIME_normalize(t) != 1) { + fprintf(stderr, "FAIL: test %d - failed to set normalize '%s'\n", + test_no, att->str); + goto done; + } + + if (ASN1_TIME_set_string_X509(tx509, t->data) != 1) { + fprintf(stderr, "FAIL: test %d - failed to set string X509 '%s'\n", + test_no, t->data); + goto done; + } + + if (t->type != tx509->type) { + fprintf(stderr, "FAIL: test %d - type %d, different from %d\n", + test_no, t->type, tx509->type); + goto done; + } + + if (ASN1_TIME_compare(t, tx509) != 0) { + fprintf(stderr, "FAIL: ASN1_TIME values differ!\n"); + goto done; + } + + failure = 0; done: ASN1_TIME_free(t); + ASN1_TIME_free(tx509); return (failure); } @@ -399,7 +497,13 @@ main(int argc, char **argv) fprintf(stderr, "Invalid time tests...\n"); for (i = 0; i < N_INVTIME_TESTS; i++) { att = &asn1_invtime_tests[i]; - failed |= asn1_invtime_test(i, att); + failed |= asn1_invtime_test(i, att, 0); + } + + fprintf(stderr, "Invalid generalized time tests...\n"); + for (i = 0; i < N_INVGENTIME_TESTS; i++) { + att = &asn1_invgentime_tests[i]; + failed |= asn1_invtime_test(i, att, 1); } fprintf(stderr, "GENERALIZEDTIME tests...\n"); diff --git a/tests/asn1x509.c b/tests/asn1x509.c new file mode 100644 index 00000000..bb9e2ecd --- /dev/null +++ b/tests/asn1x509.c @@ -0,0 +1,577 @@ +/* $OpenBSD: asn1x509.c,v 1.3 2022/04/27 17:43:41 jsing Exp $ */ +/* + * Copyright (c) 2017 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +const char *dsa_test_key = \ + "-----BEGIN DSA PRIVATE KEY-----\n" \ + "MIH5AgEAAkEAt+CNNryEe8t2SkjuP0azjOKjSMXsw3GzjLS5c+vFLQKs0zIuPp8F\n" \ + "I/z5t8vcNt/D8EyzQZWxgCfoasHqDOJvRwIVAKrJMyIMt9iJtaS31cyIJmIDVlZX\n" \ + "AkEAs1/Uy+x0+1C1n7V3eJxuBdO/LUalbrZM5PfcwDshf9kcQNLsRu5zTZkU0OX/\n" \ + "8xANz+ue2o6LON2sTAtuEfSM1QJBAIDRt0rQGGrFCRJ4O39Iqlf27yIO6Gq1ppbE\n" \ + "Wvsvz4YSIZsG02vlBlzVIhULftNnkpN59MFtIjx8RsbEQ4YTnSICFDXPf/UIRvdH\n" \ + "20NV++tnUZYUAXM+\n" \ + "-----END DSA PRIVATE KEY-----\n"; + +unsigned char dsa_test_asn1_pubkey[] = { + 0x30, 0x81, 0xf2, 0x30, 0x81, 0xa9, 0x06, 0x07, + 0x2a, 0x86, 0x48, 0xce, 0x38, 0x04, 0x01, 0x30, + 0x81, 0x9d, 0x02, 0x41, 0x00, 0xb7, 0xe0, 0x8d, + 0x36, 0xbc, 0x84, 0x7b, 0xcb, 0x76, 0x4a, 0x48, + 0xee, 0x3f, 0x46, 0xb3, 0x8c, 0xe2, 0xa3, 0x48, + 0xc5, 0xec, 0xc3, 0x71, 0xb3, 0x8c, 0xb4, 0xb9, + 0x73, 0xeb, 0xc5, 0x2d, 0x02, 0xac, 0xd3, 0x32, + 0x2e, 0x3e, 0x9f, 0x05, 0x23, 0xfc, 0xf9, 0xb7, + 0xcb, 0xdc, 0x36, 0xdf, 0xc3, 0xf0, 0x4c, 0xb3, + 0x41, 0x95, 0xb1, 0x80, 0x27, 0xe8, 0x6a, 0xc1, + 0xea, 0x0c, 0xe2, 0x6f, 0x47, 0x02, 0x15, 0x00, + 0xaa, 0xc9, 0x33, 0x22, 0x0c, 0xb7, 0xd8, 0x89, + 0xb5, 0xa4, 0xb7, 0xd5, 0xcc, 0x88, 0x26, 0x62, + 0x03, 0x56, 0x56, 0x57, 0x02, 0x41, 0x00, 0xb3, + 0x5f, 0xd4, 0xcb, 0xec, 0x74, 0xfb, 0x50, 0xb5, + 0x9f, 0xb5, 0x77, 0x78, 0x9c, 0x6e, 0x05, 0xd3, + 0xbf, 0x2d, 0x46, 0xa5, 0x6e, 0xb6, 0x4c, 0xe4, + 0xf7, 0xdc, 0xc0, 0x3b, 0x21, 0x7f, 0xd9, 0x1c, + 0x40, 0xd2, 0xec, 0x46, 0xee, 0x73, 0x4d, 0x99, + 0x14, 0xd0, 0xe5, 0xff, 0xf3, 0x10, 0x0d, 0xcf, + 0xeb, 0x9e, 0xda, 0x8e, 0x8b, 0x38, 0xdd, 0xac, + 0x4c, 0x0b, 0x6e, 0x11, 0xf4, 0x8c, 0xd5, 0x03, + 0x44, 0x00, 0x02, 0x41, 0x00, 0x80, 0xd1, 0xb7, + 0x4a, 0xd0, 0x18, 0x6a, 0xc5, 0x09, 0x12, 0x78, + 0x3b, 0x7f, 0x48, 0xaa, 0x57, 0xf6, 0xef, 0x22, + 0x0e, 0xe8, 0x6a, 0xb5, 0xa6, 0x96, 0xc4, 0x5a, + 0xfb, 0x2f, 0xcf, 0x86, 0x12, 0x21, 0x9b, 0x06, + 0xd3, 0x6b, 0xe5, 0x06, 0x5c, 0xd5, 0x22, 0x15, + 0x0b, 0x7e, 0xd3, 0x67, 0x92, 0x93, 0x79, 0xf4, + 0xc1, 0x6d, 0x22, 0x3c, 0x7c, 0x46, 0xc6, 0xc4, + 0x43, 0x86, 0x13, 0x9d, 0x22, +}; + +const char *ec_test_key = \ + "-----BEGIN EC PRIVATE KEY-----\n" \ + "MHcCAQEEIEDkF84aPdBNu4vbPE+QV3EP9ULp4Enr1N0lz4vzuc2boAoGCCqGSM49\n" \ + "AwEHoUQDQgAEUQGHBjYwbfHvI3QqdDy8ftNU5UvQqh6TH6upIrtz4CVccxnWO2+s\n" \ + "qSMOu1z5KnGIOVf2kLQ2S2iMahyFMezr8g==\n" \ + "-----END EC PRIVATE KEY-----\n"; + +unsigned char ec_test_asn1_pubkey[] = { + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, + 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, + 0x42, 0x00, 0x04, 0x51, 0x01, 0x87, 0x06, 0x36, + 0x30, 0x6d, 0xf1, 0xef, 0x23, 0x74, 0x2a, 0x74, + 0x3c, 0xbc, 0x7e, 0xd3, 0x54, 0xe5, 0x4b, 0xd0, + 0xaa, 0x1e, 0x93, 0x1f, 0xab, 0xa9, 0x22, 0xbb, + 0x73, 0xe0, 0x25, 0x5c, 0x73, 0x19, 0xd6, 0x3b, + 0x6f, 0xac, 0xa9, 0x23, 0x0e, 0xbb, 0x5c, 0xf9, + 0x2a, 0x71, 0x88, 0x39, 0x57, 0xf6, 0x90, 0xb4, + 0x36, 0x4b, 0x68, 0x8c, 0x6a, 0x1c, 0x85, 0x31, + 0xec, 0xeb, 0xf2, +}; + +const char *rsa_test_key = \ + "-----BEGIN PRIVATE KEY-----\n" \ + "MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEA4Fs6ljFFQw/ElDf5\n" \ + "LTghVw972PVpQuKPQvwb1cWbV3+7W5sXOcoM/RvwzO7WeppkeltVCBoKaQd+9e2Z\n" \ + "BHtYhwIDAQABAkEAhWv7dWIrrGvuHa8D0i51NU8R+b5IMOyHAfDnpMN1VByWcBdb\n" \ + "G7ZJsEYlO1Tbx1zFQOVyrDUY2hn0YttPjWys0QIhAP9+FRhHCYye/EY14zSa+lxb\n" \ + "ljOPjWgddMdJBcPOVNUNAiEA4M1QUtIcTnTnfvcxvEBIhbmSR8fRvZYAeT5EoTKM\n" \ + "puMCIQD9898X8JRHWEg9qZabVWiBoO+ddJUD5jOLWsQGKvMbiQIgBOQyxTqRJxvg\n" \ + "FaEnUeNMMKyzBCDS7X8gD4NNVvyUluUCIQC/lnO9xYi6S4BFMwHFEUY0jLr5vgsR\n" \ + "+esRU9dLkMqt+w==\n" \ + "-----END PRIVATE KEY-----\n"; + +unsigned char rsa_test_asn1_pubkey[] = { + 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41, + 0x00, 0xe0, 0x5b, 0x3a, 0x96, 0x31, 0x45, 0x43, + 0x0f, 0xc4, 0x94, 0x37, 0xf9, 0x2d, 0x38, 0x21, + 0x57, 0x0f, 0x7b, 0xd8, 0xf5, 0x69, 0x42, 0xe2, + 0x8f, 0x42, 0xfc, 0x1b, 0xd5, 0xc5, 0x9b, 0x57, + 0x7f, 0xbb, 0x5b, 0x9b, 0x17, 0x39, 0xca, 0x0c, + 0xfd, 0x1b, 0xf0, 0xcc, 0xee, 0xd6, 0x7a, 0x9a, + 0x64, 0x7a, 0x5b, 0x55, 0x08, 0x1a, 0x0a, 0x69, + 0x07, 0x7e, 0xf5, 0xed, 0x99, 0x04, 0x7b, 0x58, + 0x87, 0x02, 0x03, 0x01, 0x00, 0x01, +}; + +static void +hexdump(const unsigned char *buf, size_t len) +{ + size_t i; + + for (i = 1; i <= len; i++) + fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n"); + + fprintf(stderr, "\n"); +} + +static int +compare_data(const char *label, const unsigned char *d1, size_t d1_len, + const unsigned char *d2, size_t d2_len) +{ + if (d1_len != d2_len) { + fprintf(stderr, "FAIL: got %s with length %zu, want %zu\n", + label, d1_len, d2_len); + return -1; + } + if (memcmp(d1, d2, d1_len) != 0) { + fprintf(stderr, "FAIL: %s differs\n", label); + fprintf(stderr, "got:\n"); + hexdump(d1, d1_len); + fprintf(stderr, "want:\n"); + hexdump(d2, d2_len); + return -1; + } + return 0; +} + +static int +dsa_pubkey_test(void) +{ + EVP_PKEY *pkey_a = NULL, *pkey_b = NULL; + unsigned char *out = NULL, *data = NULL; + DSA *dsa_a = NULL, *dsa_b = NULL; + const unsigned char *p; + BIO *bio_mem = NULL; + int failure = 1; + int len; + + ERR_clear_error(); + + if ((bio_mem = BIO_new_mem_buf((void *)dsa_test_key, -1)) == NULL) + errx(1, "failed to create BIO"); + + if ((dsa_a = PEM_read_bio_DSAPrivateKey(bio_mem, NULL, NULL, NULL)) == NULL) { + ERR_print_errors_fp(stderr); + errx(1, "failed to decode DSA key from PEM"); + } + + /* + * Test i2d_PUBKEY/d2i_PUBKEY. + */ + if ((pkey_a = EVP_PKEY_new()) == NULL) + errx(1, "failed to create EVP_PKEY"); + if (!EVP_PKEY_set1_DSA(pkey_a, dsa_a)) + errx(1, "failed to set DSA on EVP_PKEY"); + + if ((len = i2d_PUBKEY(pkey_a, &out)) < 0) { + fprintf(stderr, "FAIL: i2d_PUBKEY failed\n"); + goto done; + } + if (compare_data("DSA PUBKEY", out, len, dsa_test_asn1_pubkey, + sizeof(dsa_test_asn1_pubkey)) == -1) + goto done; + + p = out; + if ((pkey_b = d2i_PUBKEY(NULL, &p, len)) == NULL) { + fprintf(stderr, "FAIL: d2i_PUBKEY failed\n"); + goto done; + } + + if (BN_cmp(DSA_get0_pub_key(EVP_PKEY_get0_DSA(pkey_a)), + DSA_get0_pub_key(EVP_PKEY_get0_DSA(pkey_b))) != 0) { + fprintf(stderr, "FAIL: DSA public keys mismatch\n"); + goto done; + } + + free(out); + out = NULL; + + /* + * Test i2d_DSA_PUBKEY/d2i_DSA_PUBKEY. + */ + + if ((len = i2d_DSA_PUBKEY(dsa_a, &out)) < 0) { + fprintf(stderr, "FAIL: i2d_DSA_PUBKEY failed\n"); + goto done; + } + if (compare_data("DSA_PUBKEY", out, len, dsa_test_asn1_pubkey, + sizeof(dsa_test_asn1_pubkey)) == -1) + goto done; + + p = out; + if ((dsa_b = d2i_DSA_PUBKEY(NULL, &p, len)) == NULL) { + fprintf(stderr, "FAIL: d2i_DSA_PUBKEY failed\n"); + goto done; + } + + if (BN_cmp(DSA_get0_pub_key(dsa_a), DSA_get0_pub_key(dsa_b)) != 0) { + fprintf(stderr, "FAIL: DSA public keys mismatch\n"); + goto done; + } + + p = out; + if ((dsa_a = d2i_DSA_PUBKEY(&dsa_a, &p, len)) == NULL) { + fprintf(stderr, "FAIL: d2i_DSA_PUBKEY failed\n"); + goto done; + } + + if (BN_cmp(DSA_get0_pub_key(dsa_a), DSA_get0_pub_key(dsa_b)) != 0) { + fprintf(stderr, "FAIL: DSA public keys mismatch\n"); + goto done; + } + + /* + * Test i2d_DSA_PUBKEY_bio/d2i_DSA_PUBKEY_bio. + */ + BIO_free_all(bio_mem); + if ((bio_mem = BIO_new(BIO_s_mem())) == NULL) + errx(1, "BIO_new failed for BIO_s_mem"); + + if ((len = i2d_DSA_PUBKEY_bio(bio_mem, dsa_a)) < 0) { + fprintf(stderr, "FAIL: i2d_DSA_PUBKEY_bio failed\n"); + goto done; + } + + len = BIO_get_mem_data(bio_mem, &data); + if (compare_data("DSA_PUBKEY", data, len, dsa_test_asn1_pubkey, + sizeof(dsa_test_asn1_pubkey)) == -1) + goto done; + + DSA_free(dsa_b); + if ((dsa_b = d2i_DSA_PUBKEY_bio(bio_mem, NULL)) == NULL) { + fprintf(stderr, "FAIL: d2i_DSA_PUBKEY_bio failed\n"); + goto done; + } + + if (BN_cmp(DSA_get0_pub_key(dsa_a), DSA_get0_pub_key(dsa_b)) != 0) { + fprintf(stderr, "FAIL: DSA public keys mismatch\n"); + goto done; + } + + failure = 0; + + done: + BIO_free_all(bio_mem); + DSA_free(dsa_a); + DSA_free(dsa_b); + EVP_PKEY_free(pkey_a); + EVP_PKEY_free(pkey_b); + free(out); + + return (failure); +} + +static int +ec_pubkey_test(void) +{ + EVP_PKEY *pkey_a = NULL, *pkey_b = NULL; + unsigned char *out = NULL, *data = NULL; + EC_KEY *ec_a = NULL, *ec_b = NULL; + const unsigned char *p; + BIO *bio_mem = NULL; + int failure = 1; + int len; + + ERR_clear_error(); + + if ((bio_mem = BIO_new_mem_buf((void *)ec_test_key, -1)) == NULL) + errx(1, "failed to create BIO"); + + if ((ec_a = PEM_read_bio_ECPrivateKey(bio_mem, NULL, NULL, NULL)) == NULL) { + ERR_print_errors_fp(stderr); + errx(1, "failed to decode EC key from PEM"); + } + + /* + * Test i2d_PUBKEY/d2i_PUBKEY. + */ + if ((pkey_a = EVP_PKEY_new()) == NULL) + errx(1, "failed to create EVP_PKEY"); + if (!EVP_PKEY_set1_EC_KEY(pkey_a, ec_a)) + errx(1, "failed to set EC_KEY on EVP_PKEY"); + + if ((len = i2d_PUBKEY(pkey_a, &out)) < 0) { + fprintf(stderr, "FAIL: i2d_PUBKEY failed\n"); + goto done; + } + if (compare_data("EC_KEY PUBKEY", out, len, ec_test_asn1_pubkey, + sizeof(ec_test_asn1_pubkey)) == -1) + goto done; + + p = out; + if ((pkey_b = d2i_PUBKEY(NULL, &p, len)) == NULL) { + fprintf(stderr, "FAIL: d2i_PUBKEY failed\n"); + goto done; + } + + if (EC_GROUP_cmp(EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey_a)), + EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey_b)), NULL) != 0) { + fprintf(stderr, "FAIL: EC_KEY groups keys mismatch\n"); + goto done; + } + if (EC_POINT_cmp(EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey_a)), + EC_KEY_get0_public_key(EVP_PKEY_get0_EC_KEY(pkey_a)), + EC_KEY_get0_public_key(EVP_PKEY_get0_EC_KEY(pkey_b)), NULL) != 0) { + fprintf(stderr, "FAIL: EC_KEY public keys mismatch\n"); + goto done; + } + + free(out); + out = NULL; + + /* + * Test i2d_EC_PUBKEY/d2i_EC_PUBKEY. + */ + + if ((len = i2d_EC_PUBKEY(ec_a, &out)) < 0) { + fprintf(stderr, "FAIL: i2d_EC_PUBKEY failed\n"); + goto done; + } + if (compare_data("EC_PUBKEY", out, len, ec_test_asn1_pubkey, + sizeof(ec_test_asn1_pubkey)) == -1) + goto done; + + p = out; + if ((ec_b = d2i_EC_PUBKEY(NULL, &p, len)) == NULL) { + fprintf(stderr, "FAIL: d2i_EC_PUBKEY failed\n"); + goto done; + } + + if (EC_GROUP_cmp(EC_KEY_get0_group(ec_a), EC_KEY_get0_group(ec_b), + NULL) != 0) { + fprintf(stderr, "FAIL: EC_KEY groups keys mismatch\n"); + goto done; + } + if (EC_POINT_cmp(EC_KEY_get0_group(ec_a), EC_KEY_get0_public_key(ec_a), + EC_KEY_get0_public_key(ec_b), NULL) != 0) { + fprintf(stderr, "FAIL: EC_KEY public keys mismatch\n"); + goto done; + } + + p = out; + if ((ec_a = d2i_EC_PUBKEY(&ec_a, &p, len)) == NULL) { + fprintf(stderr, "FAIL: d2i_EC_PUBKEY failed\n"); + goto done; + } + + if (EC_GROUP_cmp(EC_KEY_get0_group(ec_a), EC_KEY_get0_group(ec_b), + NULL) != 0) { + fprintf(stderr, "FAIL: EC_KEY groups keys mismatch\n"); + goto done; + } + if (EC_POINT_cmp(EC_KEY_get0_group(ec_a), EC_KEY_get0_public_key(ec_a), + EC_KEY_get0_public_key(ec_b), NULL) != 0) { + fprintf(stderr, "FAIL: EC_KEY public keys mismatch\n"); + goto done; + } + + /* + * Test i2d_EC_PUBKEY_bio/d2i_EC_PUBKEY_bio. + */ + BIO_free_all(bio_mem); + if ((bio_mem = BIO_new(BIO_s_mem())) == NULL) + errx(1, "BIO_new failed for BIO_s_mem"); + + if ((len = i2d_EC_PUBKEY_bio(bio_mem, ec_a)) < 0) { + fprintf(stderr, "FAIL: i2d_EC_PUBKEY_bio failed\n"); + goto done; + } + + len = BIO_get_mem_data(bio_mem, &data); + if (compare_data("EC_PUBKEY", data, len, ec_test_asn1_pubkey, + sizeof(ec_test_asn1_pubkey)) == -1) + goto done; + + EC_KEY_free(ec_b); + if ((ec_b = d2i_EC_PUBKEY_bio(bio_mem, NULL)) == NULL) { + fprintf(stderr, "FAIL: d2i_EC_PUBKEY_bio failed\n"); + goto done; + } + + if (EC_GROUP_cmp(EC_KEY_get0_group(ec_a), EC_KEY_get0_group(ec_b), + NULL) != 0) { + fprintf(stderr, "FAIL: EC_KEY groups keys mismatch\n"); + goto done; + } + if (EC_POINT_cmp(EC_KEY_get0_group(ec_a), EC_KEY_get0_public_key(ec_a), + EC_KEY_get0_public_key(ec_b), NULL) != 0) { + fprintf(stderr, "FAIL: EC_KEY public keys mismatch\n"); + goto done; + } + + failure = 0; + + done: + BIO_free_all(bio_mem); + EC_KEY_free(ec_a); + EC_KEY_free(ec_b); + EVP_PKEY_free(pkey_a); + EVP_PKEY_free(pkey_b); + free(out); + + return (failure); +} + +static int +rsa_pubkey_test(void) +{ + EVP_PKEY *pkey_a = NULL, *pkey_b = NULL; + RSA *rsa_a = NULL, *rsa_b = NULL; + unsigned char *out = NULL, *data = NULL; + const unsigned char *p; + BIO *bio_mem = NULL; + int failure = 1; + int len; + + ERR_clear_error(); + + if ((bio_mem = BIO_new_mem_buf((void *)rsa_test_key, -1)) == NULL) + errx(1, "failed to create BIO"); + + if ((rsa_a = PEM_read_bio_RSAPrivateKey(bio_mem, NULL, NULL, NULL)) == NULL) { + ERR_print_errors_fp(stderr); + errx(1, "failed to decode RSA key from PEM"); + } + + /* + * Test i2d_PUBKEY/d2i_PUBKEY. + */ + if ((pkey_a = EVP_PKEY_new()) == NULL) + errx(1, "failed to create EVP_PKEY"); + if (!EVP_PKEY_set1_RSA(pkey_a, rsa_a)) + errx(1, "failed to set RSA on EVP_PKEY"); + + if ((len = i2d_PUBKEY(pkey_a, &out)) < 0) { + fprintf(stderr, "FAIL: i2d_PUBKEY failed\n"); + goto done; + } + if (compare_data("RSA PUBKEY", out, len, rsa_test_asn1_pubkey, + sizeof(rsa_test_asn1_pubkey)) == -1) + goto done; + + p = out; + if ((pkey_b = d2i_PUBKEY(NULL, &p, len)) == NULL) { + fprintf(stderr, "FAIL: d2i_PUBKEY failed\n"); + goto done; + } + + if (BN_cmp(RSA_get0_n(EVP_PKEY_get0_RSA(pkey_a)), + RSA_get0_n(EVP_PKEY_get0_RSA(pkey_b))) != 0 || + BN_cmp(RSA_get0_e(EVP_PKEY_get0_RSA(pkey_a)), + RSA_get0_e(EVP_PKEY_get0_RSA(pkey_b))) != 0) { + fprintf(stderr, "FAIL: RSA public keys mismatch\n"); + goto done; + } + + free(out); + out = NULL; + + /* + * Test i2d_RSA_PUBKEY/d2i_RSA_PUBKEY. + */ + + if ((len = i2d_RSA_PUBKEY(rsa_a, &out)) < 0) { + fprintf(stderr, "FAIL: i2d_RSA_PUBKEY failed\n"); + goto done; + } + if (compare_data("RSA_PUBKEY", out, len, rsa_test_asn1_pubkey, + sizeof(rsa_test_asn1_pubkey)) == -1) + goto done; + + p = out; + if ((rsa_b = d2i_RSA_PUBKEY(NULL, &p, len)) == NULL) { + fprintf(stderr, "FAIL: d2i_RSA_PUBKEY failed\n"); + goto done; + } + + if (BN_cmp(RSA_get0_n(rsa_a), RSA_get0_n(rsa_b)) != 0 || + BN_cmp(RSA_get0_e(rsa_a), RSA_get0_e(rsa_b)) != 0) { + fprintf(stderr, "FAIL: RSA public keys mismatch\n"); + goto done; + } + + p = out; + if ((rsa_a = d2i_RSA_PUBKEY(&rsa_a, &p, len)) == NULL) { + fprintf(stderr, "FAIL: d2i_RSA_PUBKEY failed\n"); + goto done; + } + + if (BN_cmp(RSA_get0_n(rsa_a), RSA_get0_n(rsa_b)) != 0 || + BN_cmp(RSA_get0_e(rsa_a), RSA_get0_e(rsa_b)) != 0) { + fprintf(stderr, "FAIL: RSA public keys mismatch\n"); + goto done; + } + + /* + * Test i2d_RSA_PUBKEY_bio/d2i_RSA_PUBKEY_bio. + */ + BIO_free_all(bio_mem); + if ((bio_mem = BIO_new(BIO_s_mem())) == NULL) + errx(1, "BIO_new failed for BIO_s_mem"); + + if ((len = i2d_RSA_PUBKEY_bio(bio_mem, rsa_a)) < 0) { + fprintf(stderr, "FAIL: i2d_RSA_PUBKEY_bio failed\n"); + goto done; + } + + len = BIO_get_mem_data(bio_mem, &data); + if (compare_data("RSA_PUBKEY", data, len, rsa_test_asn1_pubkey, + sizeof(rsa_test_asn1_pubkey)) == -1) + goto done; + + RSA_free(rsa_b); + if ((rsa_b = d2i_RSA_PUBKEY_bio(bio_mem, NULL)) == NULL) { + fprintf(stderr, "FAIL: d2i_RSA_PUBKEY_bio failed\n"); + goto done; + } + + if (BN_cmp(RSA_get0_n(rsa_a), RSA_get0_n(rsa_b)) != 0 || + BN_cmp(RSA_get0_e(rsa_a), RSA_get0_e(rsa_b)) != 0) { + fprintf(stderr, "FAIL: RSA public keys mismatch\n"); + goto done; + } + + failure = 0; + + done: + BIO_free_all(bio_mem); + RSA_free(rsa_a); + RSA_free(rsa_b); + EVP_PKEY_free(pkey_a); + EVP_PKEY_free(pkey_b); + free(out); + + return (failure); +} + +int +main(int argc, char **argv) +{ + int failed = 0; + + ERR_load_crypto_strings(); + + failed |= dsa_pubkey_test(); + failed |= ec_pubkey_test(); + failed |= rsa_pubkey_test(); + + return (failed); +} diff --git a/tests/base64test.c b/tests/base64test.c index a05bc107..9ab2a407 100644 --- a/tests/base64test.c +++ b/tests/base64test.c @@ -1,4 +1,4 @@ -/* $OpenBSD: base64test.c,v 1.9 2021/03/21 14:06:29 tb Exp $ */ +/* $OpenBSD: base64test.c,v 1.10 2022/09/05 21:06:31 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -304,13 +304,13 @@ base64_encoding_test(int test_no, struct base64_test *bt, int test_nl) len = BIO_write(bio_mem, bt->in, bt->in_len); if (len != bt->in_len) { - fprintf(stderr, "FAIL: test %i - only wrote %zi out of %zi " + fprintf(stderr, "FAIL: test %d - only wrote %zd out of %zd " "characters\n", test_no, len, bt->in_len); failure = 1; goto done; } if (BIO_flush(bio_mem) < 0) { - fprintf(stderr, "FAIL: test %i - flush failed\n", test_no); + fprintf(stderr, "FAIL: test %d - flush failed\n", test_no); failure = 1; goto done; } @@ -333,14 +333,14 @@ base64_encoding_test(int test_no, struct base64_test *bt, int test_nl) goto done; if (len != b64len) { - fprintf(stderr, "FAIL: test %i - encoding resulted in %zi " - "characters instead of %zi\n", test_no, len, b64len); + fprintf(stderr, "FAIL: test %d - encoding resulted in %zd " + "characters instead of %zd\n", test_no, len, b64len); failure = 1; goto done; } if (memcmp(buf, out, b64len) != 0) { - fprintf(stderr, "FAIL: test %i - encoding differs:\n", test_no); + fprintf(stderr, "FAIL: test %d - encoding differs:\n", test_no); fprintf(stderr, " encoding: "); for (i = 0; i < len; i++) fprintf(stderr, "%c", out[i]); @@ -400,8 +400,8 @@ base64_decoding_test(int test_no, struct base64_test *bt, int test_nl) */ len = BIO_read(bio_mem, buf, BUF_SIZE); if (len != bt->valid_len && (bt->in_len != 0 || len != -1)) { - fprintf(stderr, "FAIL: test %i - decoding resulted in %zi " - "characters instead of %zi\n", test_no, len, bt->valid_len); + fprintf(stderr, "FAIL: test %d - decoding resulted in %zd " + "characters instead of %zd\n", test_no, len, bt->valid_len); fprintf(stderr, " input: "); for (i = 0; i < inlen; i++) fprintf(stderr, "%c", input[i]); @@ -419,7 +419,7 @@ base64_decoding_test(int test_no, struct base64_test *bt, int test_nl) goto done; if (memcmp(bt->in, buf, bt->in_len) != 0) { - fprintf(stderr, "FAIL: test %i - decoding differs:\n", test_no); + fprintf(stderr, "FAIL: test %d - decoding differs:\n", test_no); fprintf(stderr, " decoding: "); for (i = 0; i < len; i++) fprintf(stderr, "0x%x ", buf[i]); diff --git a/tests/biotest.c b/tests/biotest.c index 867305a9..53191346 100644 --- a/tests/biotest.c +++ b/tests/biotest.c @@ -1,6 +1,6 @@ -/* $OpenBSD: biotest.c,v 1.6 2017/04/30 17:46:27 beck Exp $ */ +/* $OpenBSD: biotest.c,v 1.9 2022/09/05 21:06:31 tb Exp $ */ /* - * Copyright (c) 2014 Joel Sing + * Copyright (c) 2014, 2022 Joel Sing * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,6 +17,7 @@ #include +#include #include #include #include @@ -24,6 +25,7 @@ #include #include +#include #include struct bio_get_host_ip_test { @@ -95,14 +97,14 @@ do_bio_get_host_ip_tests(void) ret = BIO_get_host_ip(bgit->input, ip.c); if (ret != bgit->ret) { - fprintf(stderr, "FAIL: test %zi (\"%s\") %s, want %s\n", + fprintf(stderr, "FAIL: test %zd (\"%s\") %s, want %s\n", i, bgit->input, ret ? "success" : "failure", bgit->ret ? "success" : "failure"); failed = 1; continue; } if (ret && ntohl(ip.i) != bgit->ip) { - fprintf(stderr, "FAIL: test %zi (\"%s\") returned ip " + fprintf(stderr, "FAIL: test %zd (\"%s\") returned ip " "%x != %x\n", i, bgit->input, ntohl(ip.i), bgit->ip); failed = 1; @@ -127,14 +129,14 @@ do_bio_get_port_tests(void) ret = BIO_get_port(bgpt->input, &port); if (ret != bgpt->ret) { - fprintf(stderr, "FAIL: test %zi (\"%s\") %s, want %s\n", + fprintf(stderr, "FAIL: test %zd (\"%s\") %s, want %s\n", i, bgpt->input, ret ? "success" : "failure", bgpt->ret ? "success" : "failure"); failed = 1; continue; } if (ret && port != bgpt->port) { - fprintf(stderr, "FAIL: test %zi (\"%s\") returned port " + fprintf(stderr, "FAIL: test %zd (\"%s\") returned port " "%u != %u\n", i, bgpt->input, port, bgpt->port); failed = 1; } @@ -143,6 +145,326 @@ do_bio_get_port_tests(void) return failed; } +static int +bio_mem_test(void) +{ + uint8_t *data = NULL; + size_t data_len; + uint8_t *rodata; + long rodata_len; + BUF_MEM *pbuf; + BUF_MEM *buf = NULL; + BIO *bio = NULL; + int ret; + int failed = 1; + + data_len = 4096; + if ((data = malloc(data_len)) == NULL) + err(1, "malloc"); + + memset(data, 0xdb, data_len); + data[0] = 0x01; + data[data_len - 1] = 0xff; + + if ((bio = BIO_new(BIO_s_mem())) == NULL) { + fprintf(stderr, "FAIL: BIO_new() returned NULL\n"); + goto failure; + } + if ((ret = BIO_write(bio, data, data_len)) != (int)data_len) { + fprintf(stderr, "FAIL: BIO_write() = %d, want %zu\n", ret, + data_len); + goto failure; + } + if ((rodata_len = BIO_get_mem_data(bio, &rodata)) != (long)data_len) { + fprintf(stderr, "FAIL: BIO_get_mem_data() = %ld, want %zu\n", + rodata_len, data_len); + goto failure; + } + if (rodata[0] != 0x01) { + fprintf(stderr, "FAIL: got 0x%x, want 0x%x\n", rodata[0], 0x01); + goto failure; + } + if (rodata[rodata_len - 1] != 0xff) { + fprintf(stderr, "FAIL: got 0x%x, want 0x%x\n", + rodata[rodata_len - 1], 0xff); + goto failure; + } + + if (!BIO_get_mem_ptr(bio, &pbuf)) { + fprintf(stderr, "FAIL: BIO_get_mem_ptr() failed\n"); + goto failure; + } + if (pbuf->length != data_len) { + fprintf(stderr, "FAIL: Got buffer with length %zu, want %zu\n", + pbuf->length, data_len); + goto failure; + } + if (memcmp(pbuf->data, data, data_len) != 0) { + fprintf(stderr, "FAIL: Got buffer with differing data\n"); + goto failure; + } + pbuf = NULL; + + if ((buf = BUF_MEM_new()) == NULL) { + fprintf(stderr, "FAIL: BUF_MEM_new() returned NULL\n"); + goto failure; + } + if (!BIO_set_mem_buf(bio, buf, BIO_NOCLOSE)) { + fprintf(stderr, "FAIL: BUF_set_mem_buf() failed\n"); + goto failure; + } + if ((ret = BIO_puts(bio, "Hello\n")) != 6) { + fprintf(stderr, "FAIL: BUF_puts() = %d, want %d\n", ret, 6); + goto failure; + } + if ((ret = BIO_puts(bio, "World\n")) != 6) { + fprintf(stderr, "FAIL: BUF_puts() = %d, want %d\n", ret, 6); + goto failure; + } + if (buf->length != 12) { + fprintf(stderr, "FAIL: buffer has length %zu, want %d\n", + buf->length, 12); + goto failure; + } + buf->length = 11; + if ((ret = BIO_gets(bio, data, data_len)) != 6) { + fprintf(stderr, "FAIL: BUF_gets() = %d, want %d\n", ret, 6); + goto failure; + } + if (strcmp(data, "Hello\n") != 0) { + fprintf(stderr, "FAIL: BUF_gets() returned '%s', want '%s'\n", + data, "Hello\\n"); + goto failure; + } + if ((ret = BIO_gets(bio, data, data_len)) != 5) { + fprintf(stderr, "FAIL: BUF_gets() = %d, want %d\n", ret, 5); + goto failure; + } + if (strcmp(data, "World") != 0) { + fprintf(stderr, "FAIL: BUF_gets() returned '%s', want '%s'\n", + data, "World"); + goto failure; + } + + if (!BIO_eof(bio)) { + fprintf(stderr, "FAIL: BIO is not EOF\n"); + goto failure; + } + if ((ret = BIO_read(bio, data, data_len)) != -1) { + fprintf(stderr, "FAIL: BIO_read() = %d, want -1\n", ret); + goto failure; + } + if (!BIO_set_mem_eof_return(bio, -2)) { + fprintf(stderr, "FAIL: BIO_set_mem_eof_return() failed\n"); + goto failure; + } + if ((ret = BIO_read(bio, data, data_len)) != -2) { + fprintf(stderr, "FAIL: BIO_read() = %d, want -2\n", ret); + goto failure; + } + + failed = 0; + + failure: + free(data); + BUF_MEM_free(buf); + BIO_free(bio); + + return failed; +} + +static int +bio_mem_small_io_test(void) +{ + uint8_t buf[2]; + int i, j, ret; + BIO *bio; + int failed = 1; + + memset(buf, 0xdb, sizeof(buf)); + + if ((bio = BIO_new(BIO_s_mem())) == NULL) { + fprintf(stderr, "FAIL: BIO_new() returned NULL\n"); + goto failure; + } + + for (i = 0; i < 100; i++) { + if (!BIO_reset(bio)) { + fprintf(stderr, "FAIL: BIO_reset() failed\n"); + goto failure; + } + for (j = 0; j < 25000; j++) { + ret = BIO_write(bio, buf, sizeof(buf)); + if (ret != sizeof(buf)) { + fprintf(stderr, "FAIL: BIO_write() = %d, " + "want %zu\n", ret, sizeof(buf)); + goto failure; + } + } + for (j = 0; j < 25000; j++) { + ret = BIO_read(bio, buf, sizeof(buf)); + if (ret != sizeof(buf)) { + fprintf(stderr, "FAIL: BIO_read() = %d, " + "want %zu\n", ret, sizeof(buf)); + goto failure; + } + ret = BIO_write(bio, buf, sizeof(buf)); + if (ret != sizeof(buf)) { + fprintf(stderr, "FAIL: BIO_write() = %d, " + "want %zu\n", ret, sizeof(buf)); + goto failure; + } + } + for (j = 0; j < 25000; j++) { + ret = BIO_read(bio, buf, sizeof(buf)); + if (ret != sizeof(buf)) { + fprintf(stderr, "FAIL: BIO_read() = %d, " + "want %zu\n", ret, sizeof(buf)); + goto failure; + } + } + if (!BIO_eof(bio)) { + fprintf(stderr, "FAIL: BIO not EOF\n"); + goto failure; + } + } + + if (buf[0] != 0xdb || buf[1] != 0xdb) { + fprintf(stderr, "FAIL: buf = {0x%x, 0x%x}, want {0xdb, 0xdb}\n", + buf[0], buf[1]); + goto failure; + } + + failed = 0; + + failure: + BIO_free(bio); + + return failed; +} + +static int +bio_mem_readonly_test(void) +{ + uint8_t *data = NULL; + size_t data_len; + uint8_t buf[2048]; + BIO *bio = NULL; + int ret; + int failed = 1; + + data_len = 4096; + if ((data = malloc(data_len)) == NULL) + err(1, "malloc"); + + memset(data, 0xdb, data_len); + data[0] = 0x01; + data[data_len - 1] = 0xff; + + if ((bio = BIO_new_mem_buf(data, data_len)) == NULL) { + fprintf(stderr, "FAIL: BIO_new_mem_buf failed\n"); + goto failure; + } + if ((ret = BIO_read(bio, buf, 1)) != 1) { + fprintf(stderr, "FAIL: BIO_read() = %d, want %zu\n", ret, + sizeof(buf)); + goto failure; + } + if (buf[0] != 0x01) { + fprintf(stderr, "FAIL: got 0x%x, want 0x%x\n", buf[0], 0x01); + goto failure; + } + if ((ret = BIO_read(bio, buf, sizeof(buf))) != sizeof(buf)) { + fprintf(stderr, "FAIL: BIO_read() = %d, want %zu\n", ret, + sizeof(buf)); + goto failure; + } + if (buf[0] != 0xdb) { + fprintf(stderr, "FAIL: got 0x%x, want 0x%x\n", buf[0], 0xdb); + goto failure; + } + if ((ret = BIO_write(bio, buf, 1)) != -1) { + fprintf(stderr, "FAIL: BIO_write() = %d, want -1\n", ret); + goto failure; + } + if (BIO_eof(bio)) { + fprintf(stderr, "FAIL: BIO is EOF\n"); + goto failure; + } + if (BIO_ctrl_pending(bio) != 2047) { + fprintf(stderr, "FAIL: BIO_ctrl_pending() = %zu, want 2047\n", + BIO_ctrl_pending(bio)); + goto failure; + } + if ((ret = BIO_read(bio, buf, sizeof(buf))) != 2047) { + fprintf(stderr, "FAIL: BIO_read() = %d, want 2047\n", ret); + goto failure; + } + if (buf[2045] != 0xdb) { + fprintf(stderr, "FAIL: got 0x%x, want 0x%x\n", buf[2045], 0xdb); + goto failure; + } + if (buf[2046] != 0xff) { + fprintf(stderr, "FAIL: got 0x%x, want 0x%x\n", buf[2046], 0xff); + goto failure; + } + if (!BIO_eof(bio)) { + fprintf(stderr, "FAIL: BIO is not EOF\n"); + goto failure; + } + if (BIO_ctrl_pending(bio) != 0) { + fprintf(stderr, "FAIL: BIO_ctrl_pending() = %zu, want 0\n", + BIO_ctrl_pending(bio)); + goto failure; + } + + if (!BIO_reset(bio)) { + fprintf(stderr, "FAIL: failed to reset bio\n"); + goto failure; + } + if (BIO_eof(bio)) { + fprintf(stderr, "FAIL: BIO is EOF\n"); + goto failure; + } + if (BIO_ctrl_pending(bio) != 4096) { + fprintf(stderr, "FAIL: BIO_ctrl_pending() = %zu, want 4096\n", + BIO_ctrl_pending(bio)); + goto failure; + } + if ((ret = BIO_read(bio, buf, 2)) != 2) { + fprintf(stderr, "FAIL: BIO_read() = %d, want 2\n", ret); + goto failure; + } + if (buf[0] != 0x01) { + fprintf(stderr, "FAIL: got 0x%x, want 0x%x\n", buf[0], 0x01); + goto failure; + } + if (buf[1] != 0xdb) { + fprintf(stderr, "FAIL: got 0x%x, want 0x%x\n", buf[1], 0xdb); + goto failure; + } + + failed = 0; + + failure: + BIO_free(bio); + free(data); + + return failed; +} + +static int +do_bio_mem_tests(void) +{ + int failed = 0; + + failed |= bio_mem_test(); + failed |= bio_mem_small_io_test(); + failed |= bio_mem_readonly_test(); + + return failed; +} + int main(int argc, char **argv) { @@ -150,6 +472,7 @@ main(int argc, char **argv) ret |= do_bio_get_host_ip_tests(); ret |= do_bio_get_port_tests(); + ret |= do_bio_mem_tests(); return (ret); } diff --git a/tests/bn_isqrt.c b/tests/bn_isqrt.c new file mode 100644 index 00000000..311b7889 --- /dev/null +++ b/tests/bn_isqrt.c @@ -0,0 +1,333 @@ +/* $OpenBSD: bn_isqrt.c,v 1.6 2022/08/12 16:13:40 tb Exp $ */ +/* + * Copyright (c) 2022 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include + +#include + +#include "bn_lcl.h" + +#define N_TESTS 400 + +/* Sample squares between 2^128 and 2^4096. */ +#define LOWER_BITS 128 +#define UPPER_BITS 4096 + +extern const uint8_t is_square_mod_11[]; +extern const uint8_t is_square_mod_63[]; +extern const uint8_t is_square_mod_64[]; +extern const uint8_t is_square_mod_65[]; + +static void +hexdump(const unsigned char *buf, size_t len) +{ + size_t i; + + for (i = 1; i <= len; i++) + fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n"); + + if (len % 8) + fprintf(stderr, "\n"); +} + +static const uint8_t * +get_table(int modulus) +{ + switch (modulus) { + case 11: + return is_square_mod_11; + case 63: + return is_square_mod_63; + case 64: + return is_square_mod_64; + case 65: + return is_square_mod_65; + default: + return NULL; + } +} + +static int +check_tables(int print) +{ + int fill[] = {11, 63, 64, 65}; + const uint8_t *table; + uint8_t q[65]; + size_t i; + int j; + int failed = 0; + + for (i = 0; i < sizeof(fill) / sizeof(fill[0]); i++) { + memset(q, 0, sizeof(q)); + + for (j = 0; j < fill[i]; j++) + q[(j * j) % fill[i]] = 1; + + if ((table = get_table(fill[i])) == NULL) { + fprintf(stderr, "failed to get table %d\n", fill[i]); + failed |= 1; + continue; + } + + if (memcmp(table, q, fill[i]) != 0) { + fprintf(stderr, "table %d does not match:\n", fill[i]); + fprintf(stderr, "want:\n"); + hexdump(table, fill[i]); + fprintf(stderr, "got:\n"); + hexdump(q, fill[i]); + failed |= 1; + continue; + } + + if (!print) + continue; + + printf("const uint8_t is_square_mod_%d[] = {\n\t", fill[i]); + for (j = 0; j < fill[i]; j++) { + const char *end = " "; + + if (j % 16 == 15) + end = "\n\t"; + if (j + 1 == fill[i]) + end = ""; + + printf("%d,%s", q[j], end); + } + printf("\n};\nCTASSERT(sizeof(is_square_mod_%d) == %d);\n\n", + fill[i], fill[i]); + } + + return failed; +} + +static int +validate_tables(void) +{ + int fill[] = {11, 63, 64, 65}; + const uint8_t *table; + size_t i; + int j, k; + int failed = 0; + + for (i = 0; i < sizeof(fill) / sizeof(fill[0]); i++) { + if ((table = get_table(fill[i])) == NULL) { + fprintf(stderr, "failed to get table %d\n", fill[i]); + failed |= 1; + continue; + } + + for (j = 0; j < fill[i]; j++) { + for (k = 0; k < fill[i]; k++) { + if (j == (k * k) % fill[i]) + break; + } + + if (table[j] == 0 && k < fill[i]) { + fprintf(stderr, "%d == %d^2 (mod %d)", j, k, + fill[i]); + failed |= 1; + } + if (table[j] == 1 && k == fill[i]) { + fprintf(stderr, "%d not a square (mod %d)", j, + fill[i]); + failed |= 1; + } + + } + + } + + return failed; +} + +/* + * Choose a random number n of bit length between LOWER_BITS and UPPER_BITS and + * check that n == isqrt(n^2). Random numbers n^2 <= testcase < (n + 1)^2 are + * checked to have isqrt(testcase) == n. + */ +static int +isqrt_test(void) +{ + BN_CTX *ctx; + BIGNUM *n, *n_sqr, *lower, *upper, *testcase, *isqrt; + int cmp, i, is_perfect_square; + int failed = 0; + + if ((ctx = BN_CTX_new()) == NULL) + errx(1, "BN_CTX_new"); + + BN_CTX_start(ctx); + + if ((lower = BN_CTX_get(ctx)) == NULL) + errx(1, "lower = BN_CTX_get(ctx)"); + if ((upper = BN_CTX_get(ctx)) == NULL) + errx(1, "upper = BN_CTX_get(ctx)"); + if ((n = BN_CTX_get(ctx)) == NULL) + errx(1, "n = BN_CTX_get(ctx)"); + if ((n_sqr = BN_CTX_get(ctx)) == NULL) + errx(1, "n = BN_CTX_get(ctx)"); + if ((isqrt = BN_CTX_get(ctx)) == NULL) + errx(1, "result = BN_CTX_get(ctx)"); + if ((testcase = BN_CTX_get(ctx)) == NULL) + errx(1, "testcase = BN_CTX_get(ctx)"); + + /* lower = 2^LOWER_BITS, upper = 2^UPPER_BITS. */ + if (!BN_set_bit(lower, LOWER_BITS)) + errx(1, "BN_set_bit(lower, %d)", LOWER_BITS); + if (!BN_set_bit(upper, UPPER_BITS)) + errx(1, "BN_set_bit(upper, %d)", UPPER_BITS); + + if (!bn_rand_interval(n, lower, upper)) + errx(1, "bn_rand_interval n"); + + /* n_sqr = n^2 */ + if (!BN_sqr(n_sqr, n, ctx)) + errx(1, "BN_sqr"); + + if (!bn_isqrt(isqrt, &is_perfect_square, n_sqr, ctx)) + errx(1, "bn_isqrt n_sqr"); + + if ((cmp = BN_cmp(n, isqrt)) != 0 || !is_perfect_square) { + fprintf(stderr, "n = "); + BN_print_fp(stderr, n); + fprintf(stderr, "\nn^2 is_perfect_square: %d, cmp: %d\n", + is_perfect_square, cmp); + failed = 1; + } + + /* upper = 2 * n + 1 */ + if (!BN_lshift1(upper, n)) + errx(1, "BN_lshift1(upper, n)"); + if (!BN_add_word(upper, 1)) + errx(1, "BN_sub_word(upper, 1)"); + + /* upper = (n + 1)^2 = n^2 + upper */ + if (!BN_add(upper, n_sqr, upper)) + errx(1, "BN_add"); + + /* + * Check that isqrt((n + 1)^2) - 1 == n. + */ + + if (!bn_isqrt(isqrt, &is_perfect_square, upper, ctx)) + errx(1, "bn_isqrt(upper)"); + + if (!BN_sub_word(isqrt, 1)) + errx(1, "BN_add_word(isqrt, 1)"); + + if ((cmp = BN_cmp(n, isqrt)) != 0 || !is_perfect_square) { + fprintf(stderr, "n = "); + BN_print_fp(stderr, n); + fprintf(stderr, "\n(n + 1)^2 is_perfect_square: %d, cmp: %d\n", + is_perfect_square, cmp); + failed = 1; + } + + /* + * Test N_TESTS random numbers n^2 <= testcase < (n + 1)^2 and check + * that their isqrt is n. + */ + + for (i = 0; i < N_TESTS; i++) { + if (!bn_rand_interval(testcase, n_sqr, upper)) + errx(1, "bn_rand_interval testcase"); + + if (!bn_isqrt(isqrt, &is_perfect_square, testcase, ctx)) + errx(1, "bn_isqrt testcase"); + + if ((cmp = BN_cmp(n, isqrt)) != 0 || is_perfect_square) { + fprintf(stderr, "n = "); + BN_print_fp(stderr, n); + fprintf(stderr, "\ntestcase = "); + BN_print_fp(stderr, testcase); + fprintf(stderr, + "\ntestcase is_perfect_square: %d, cmp: %d\n", + is_perfect_square, cmp); + failed = 1; + } + } + + /* + * Finally check that isqrt(n^2 - 1) + 1 == n. + */ + + if (!BN_sub(testcase, n_sqr, BN_value_one())) + errx(1, "BN_sub(testcase, n_sqr, 1)"); + + if (!bn_isqrt(isqrt, &is_perfect_square, testcase, ctx)) + errx(1, "bn_isqrt(n_sqr - 1)"); + + if (!BN_add_word(isqrt, 1)) + errx(1, "BN_add_word(isqrt, 1)"); + + if ((cmp = BN_cmp(n, isqrt)) != 0 || is_perfect_square) { + fprintf(stderr, "n = "); + BN_print_fp(stderr, n); + fprintf(stderr, "\nn_sqr - 1 is_perfect_square: %d, cmp: %d\n", + is_perfect_square, cmp); + failed = 1; + } + + BN_CTX_end(ctx); + BN_CTX_free(ctx); + + return failed; +} + +static void +usage(void) +{ + fprintf(stderr, "usage: bn_isqrt [-C]\n"); + exit(1); +} + +int +main(int argc, char *argv[]) +{ + size_t i; + int ch; + int failed = 0, print = 0; + +#ifndef _MSC_VER + while ((ch = getopt(argc, argv, "C")) != -1) { + switch (ch) { + case 'C': + print = 1; + break; + default: + usage(); + break; + } + } +#endif + + if (print) + return check_tables(1); + + for (i = 0; i < N_TESTS; i++) + failed |= isqrt_test(); + + failed |= check_tables(0); + failed |= validate_tables(); + + if (!failed) + printf("SUCCESS\n"); + + return failed; +} diff --git a/tests/bn_mod_exp2_mont.c b/tests/bn_mod_exp2_mont.c new file mode 100644 index 00000000..60bb010b --- /dev/null +++ b/tests/bn_mod_exp2_mont.c @@ -0,0 +1,45 @@ +/* $OpenBSD: bn_mod_exp2_mont.c,v 1.1 2022/03/10 04:39:49 tb Exp $ */ +/* + * Copyright (c) 2022 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include + +/* + * Small test for a crash reported by Guido Vranken, fixed in bn_exp2.c r1.13. + * https://github.com/openssl/openssl/issues/17648 + */ + +int +main(void) +{ + BIGNUM *m; + + if ((m = BN_new()) == NULL) + errx(1, "BN_new"); + + BN_zero_ex(m); + + if (BN_mod_exp2_mont(NULL, NULL, NULL, NULL, NULL, m, NULL, NULL)) + errx(1, "BN_mod_exp2_mont succeeded"); + + BN_free(m); + + printf("SUCCESS\n"); + + return 0; +} diff --git a/tests/bn_mod_sqrt.c b/tests/bn_mod_sqrt.c new file mode 100644 index 00000000..2017492e --- /dev/null +++ b/tests/bn_mod_sqrt.c @@ -0,0 +1,132 @@ +/* $OpenBSD: bn_mod_sqrt.c,v 1.1 2022/03/15 16:28:42 tb Exp $ */ +/* + * Copyright (c) 2022 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +/* Test that sqrt * sqrt = A (mod p) where p is a prime */ +struct mod_sqrt_test { + const char *sqrt; + const char *a; + const char *p; + int bn_mod_sqrt_fails; +} mod_sqrt_test_data[] = { + { + .sqrt = "1", + .a = "1", + .p = "2", + .bn_mod_sqrt_fails = 0, + }, + { + .sqrt = "-1", + .a = "20a7ee", + .p = "460201", /* 460201 == 4D5 * E7D */ + .bn_mod_sqrt_fails = 1, + }, + { + .sqrt = "-1", + .a = "65bebdb00a96fc814ec44b81f98b59fba3c30203928fa521" + "4c51e0a97091645280c947b005847f239758482b9bfc45b0" + "66fde340d1fe32fc9c1bf02e1b2d0ed", + .p = "9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e2" + "46b41c32f71e951f", + .bn_mod_sqrt_fails = 1, + }, +}; + +const size_t N_TESTS = sizeof(mod_sqrt_test_data) / sizeof(*mod_sqrt_test_data); + +int mod_sqrt_test(struct mod_sqrt_test *test); + +int +mod_sqrt_test(struct mod_sqrt_test *test) +{ + BN_CTX *ctx = NULL; + BIGNUM *a = NULL, *p = NULL, *want = NULL, *got = NULL, *diff = NULL; + int failed = 1; + + if ((ctx = BN_CTX_new()) == NULL) { + fprintf(stderr, "BN_CTX_new failed\n"); + goto out; + } + + if (!BN_hex2bn(&a, test->a)) { + fprintf(stderr, "BN_hex2bn(a) failed\n"); + goto out; + } + if (!BN_hex2bn(&p, test->p)) { + fprintf(stderr, "BN_hex2bn(p) failed\n"); + goto out; + } + if (!BN_hex2bn(&want, test->sqrt)) { + fprintf(stderr, "BN_hex2bn(want) failed\n"); + goto out; + } + + if (((got = BN_mod_sqrt(NULL, a, p, ctx)) == NULL) != + test->bn_mod_sqrt_fails) { + fprintf(stderr, "BN_mod_sqrt %s unexpectedly\n", + test->bn_mod_sqrt_fails ? "succeeded" : "failed"); + goto out; + } + + if (test->bn_mod_sqrt_fails) { + failed = 0; + goto out; + } + + if ((diff = BN_new()) == NULL) { + fprintf(stderr, "diff = BN_new() failed\n"); + goto out; + } + + if (!BN_mod_sub(diff, want, got, p, ctx)) { + fprintf(stderr, "BN_mod_sub failed\n"); + goto out; + } + + if (!BN_is_zero(diff)) { + fprintf(stderr, "want != got\n"); + goto out; + } + + failed = 0; + + out: + BN_CTX_free(ctx); + BN_free(a); + BN_free(p); + BN_free(want); + BN_free(got); + BN_free(diff); + + return failed; +} + +int +main(void) +{ + size_t i; + int failed = 0; + + for (i = 0; i < N_TESTS; i++) + failed |= mod_sqrt_test(&mod_sqrt_test_data[i]); + + if (!failed) + printf("SUCCESS\n"); + + return failed; +} diff --git a/tests/bn_primes.c b/tests/bn_primes.c new file mode 100644 index 00000000..f9d358f7 --- /dev/null +++ b/tests/bn_primes.c @@ -0,0 +1,90 @@ +/* $OpenBSD: bn_primes.c,v 1.1 2022/06/18 19:53:19 tb Exp $ */ +/* + * Copyright (c) 2022 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include "bn_prime.h" + +static int +test_bn_is_prime_fasttest(int do_trial_division) +{ + BIGNUM *n = NULL; + char *descr = NULL; + prime_t i, j, max; + int is_prime, ret; + int failed = 1; + + if (asprintf(&descr, "with%s trial divisions", + do_trial_division ? "" : "out") == -1) { + descr = NULL; + fprintf(stderr, "asprintf failed\n"); + goto err; + } + + if ((n = BN_new()) == NULL) { + fprintf(stderr, "BN_new failed\n"); + goto err; + } + + max = primes[NUMPRIMES - 1] + 1; + + failed = 0; + for (i = 1, j = 0; i < max && j < NUMPRIMES; i++) { + if (!BN_set_word(n, i)) { + fprintf(stderr, "BN_set_word(%d) failed", i); + failed = 1; + goto err; + } + + is_prime = i == primes[j]; + if (is_prime) + j++; + + ret = BN_is_prime_fasttest_ex(n, BN_prime_checks, NULL, + do_trial_division, NULL); + if (ret != is_prime) { + fprintf(stderr, + "BN_is_prime_fasttest_ex(%d) %s: want %d, got %d\n", + i, descr, is_prime, ret); + failed = 1; + } + } + + if (i < max || j < NUMPRIMES) { + fprintf(stderr, "%s: %d < %d or %d < %d\n", descr, i, max, j, + NUMPRIMES); + failed = 1; + } + + err: + BN_free(n); + free(descr); + return failed; +} + +int +main(void) +{ + int failed = 0; + + failed |= test_bn_is_prime_fasttest(0); + failed |= test_bn_is_prime_fasttest(1); + + printf("%s\n", failed ? "FAILED" : "SUCCESS"); + + return failed; +} diff --git a/tests/bn_rand_interval.c b/tests/bn_rand_interval.c index 5d2f5478..409d6574 100644 --- a/tests/bn_rand_interval.c +++ b/tests/bn_rand_interval.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_rand_interval.c,v 1.4 2021/04/06 16:40:34 tb Exp $ */ +/* $OpenBSD: bn_rand_interval.c,v 1.5 2022/06/19 17:10:02 tb Exp $ */ /* * Copyright (c) 2018 Theo Buehler * @@ -105,7 +105,7 @@ main(int argc, char *argv[]) } if (success == 1) - printf("success\n"); + printf("SUCCESS\n"); else printf("FAIL"); diff --git a/tests/bntest.c b/tests/bntest.c index 138b7673..b9581a0c 100644 --- a/tests/bntest.c +++ b/tests/bntest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bntest.c,v 1.21 2019/09/05 00:59:36 bluhm Exp $ */ +/* $OpenBSD: bntest.c,v 1.25 2022/09/05 21:06:31 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -359,7 +359,7 @@ main(int argc, char *argv[]) BIO_free(out); exit(0); -err: + err: BIO_puts(out, "1\n"); /* make sure the Perl script fed by bc notices * the failure, see test_bn in test/Makefile.ssl*/ @@ -372,164 +372,177 @@ main(int argc, char *argv[]) int test_add(BIO *bp) { - BIGNUM a, b, c; + BIGNUM *a = NULL, *b = NULL, *c = NULL; int i; int rc = 1; - BN_init(&a); - BN_init(&b); - BN_init(&c); + if ((a = BN_new()) == NULL) + goto err; + if ((b = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; - CHECK_GOTO(BN_bntest_rand(&a, 512, 0, 0)); + CHECK_GOTO(BN_bntest_rand(a, 512, 0, 0)); for (i = 0; i < num0; i++) { - CHECK_GOTO(BN_bntest_rand(&b, 450 + i, 0, 0)); - a.neg = rand_neg(); - b.neg = rand_neg(); - CHECK_GOTO(BN_add(&c, &a, &b)); + CHECK_GOTO(BN_bntest_rand(b, 450 + i, 0, 0)); + BN_set_negative(a, rand_neg()); + BN_set_negative(b, rand_neg()); + CHECK_GOTO(BN_add(c, a, b)); if (bp != NULL) { if (!results) { - CHECK_GOTO(BN_print(bp, &a)); + CHECK_GOTO(BN_print(bp, a)); BIO_puts(bp, " + "); - CHECK_GOTO(BN_print(bp, &b)); + CHECK_GOTO(BN_print(bp, b)); BIO_puts(bp, " - "); } - CHECK_GOTO(BN_print(bp, &c)); + CHECK_GOTO(BN_print(bp, c)); BIO_puts(bp, "\n"); } - a.neg = !a.neg; - b.neg = !b.neg; - CHECK_GOTO(BN_add(&c, &c, &b)); - CHECK_GOTO(BN_add(&c, &c, &a)); - if (!BN_is_zero(&c)) { + BN_set_negative(a, !BN_is_negative(a)); + BN_set_negative(b, !BN_is_negative(b)); + CHECK_GOTO(BN_add(c, c, b)); + CHECK_GOTO(BN_add(c, c, a)); + if (!BN_is_zero(c)) { fprintf(stderr, "Add test failed!\n"); rc = 0; break; } } -err: - BN_free(&a); - BN_free(&b); - BN_free(&c); - return (rc); + + err: + BN_free(a); + BN_free(b); + BN_free(c); + + return rc; } int test_sub(BIO *bp) { - BIGNUM a, b, c; + BIGNUM *a = NULL, *b = NULL, *c = NULL; int i; int rc = 1; - BN_init(&a); - BN_init(&b); - BN_init(&c); + if ((a = BN_new()) == NULL) + goto err; + if ((b = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; for (i = 0; i < num0 + num1; i++) { if (i < num1) { - CHECK_GOTO(BN_bntest_rand(&a, 512, 0, 0)); - CHECK_GOTO(BN_copy(&b, &a)); - if (BN_set_bit(&a, i) == 0) { + CHECK_GOTO(BN_bntest_rand(a, 512, 0, 0)); + CHECK_GOTO(BN_copy(b, a)); + if (BN_set_bit(a, i) == 0) { rc = 0; break; } - CHECK_GOTO(BN_add_word(&b, i)); + CHECK_GOTO(BN_add_word(b, i)); } else { - CHECK_GOTO(BN_bntest_rand(&b, 400 + i - num1, 0, 0)); - a.neg = rand_neg(); - b.neg = rand_neg(); + CHECK_GOTO(BN_bntest_rand(b, 400 + i - num1, 0, 0)); + BN_set_negative(a, rand_neg()); + BN_set_negative(b, rand_neg()); } - CHECK_GOTO(BN_sub(&c, &a, &b)); + CHECK_GOTO(BN_sub(c, a, b)); if (bp != NULL) { if (!results) { - CHECK_GOTO(BN_print(bp, &a)); + CHECK_GOTO(BN_print(bp, a)); BIO_puts(bp, " - "); - CHECK_GOTO(BN_print(bp, &b)); + CHECK_GOTO(BN_print(bp, b)); BIO_puts(bp, " - "); } - CHECK_GOTO(BN_print(bp, &c)); + CHECK_GOTO(BN_print(bp, c)); BIO_puts(bp, "\n"); } - CHECK_GOTO(BN_add(&c, &c, &b)); - CHECK_GOTO(BN_sub(&c, &c, &a)); - if (!BN_is_zero(&c)) { + CHECK_GOTO(BN_add(c, c, b)); + CHECK_GOTO(BN_sub(c, c, a)); + if (!BN_is_zero(c)) { fprintf(stderr, "Subtract test failed!\n"); rc = 0; break; } } -err: - BN_free(&a); - BN_free(&b); - BN_free(&c); + err: + BN_free(a); + BN_free(b); + BN_free(c); return (rc); } int test_div(BIO *bp, BN_CTX *ctx) { - BIGNUM a, b, c, d, e; + BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL; int i; int rc = 1; - BN_init(&a); - BN_init(&b); - BN_init(&c); - BN_init(&d); - BN_init(&e); + if ((a = BN_new()) == NULL) + goto err; + if ((b = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; + if ((e = BN_new()) == NULL) + goto err; - CHECK_GOTO(BN_one(&a)); - CHECK_GOTO(BN_zero(&b)); + CHECK_GOTO(BN_one(a)); + CHECK_GOTO(BN_zero(b)); - if (BN_div(&d, &c, &a, &b, ctx)) { + if (BN_div(d, c, a, b, ctx)) { fprintf(stderr, "Division by zero succeeded!\n"); return (0); } for (i = 0; i < num0 + num1; i++) { if (i < num1) { - CHECK_GOTO(BN_bntest_rand(&a, 400, 0, 0)); - CHECK_GOTO(BN_copy(&b, &a)); - CHECK_GOTO(BN_lshift(&a, &a, i)); - CHECK_GOTO(BN_add_word(&a, i)); + CHECK_GOTO(BN_bntest_rand(a, 400, 0, 0)); + CHECK_GOTO(BN_copy(b, a)); + CHECK_GOTO(BN_lshift(a, a, i)); + CHECK_GOTO(BN_add_word(a, i)); } else - CHECK_GOTO(BN_bntest_rand(&b, 50 + 3 * (i - num1), 0, 0)); - a.neg = rand_neg(); - b.neg = rand_neg(); - CHECK_GOTO(BN_div(&d, &c, &a, &b, ctx)); + CHECK_GOTO(BN_bntest_rand(b, 50 + 3 * (i - num1), 0, 0)); + BN_set_negative(a, rand_neg()); + BN_set_negative(b, rand_neg()); + CHECK_GOTO(BN_div(d, c, a, b, ctx)); if (bp != NULL) { if (!results) { - CHECK_GOTO(BN_print(bp, &a)); + CHECK_GOTO(BN_print(bp, a)); BIO_puts(bp, " / "); - CHECK_GOTO(BN_print(bp, &b)); + CHECK_GOTO(BN_print(bp, b)); BIO_puts(bp, " - "); } - CHECK_GOTO(BN_print(bp, &d)); + CHECK_GOTO(BN_print(bp, d)); BIO_puts(bp, "\n"); if (!results) { - CHECK_GOTO(BN_print(bp, &a)); + CHECK_GOTO(BN_print(bp, a)); BIO_puts(bp, " % "); - CHECK_GOTO(BN_print(bp, &b)); + CHECK_GOTO(BN_print(bp, b)); BIO_puts(bp, " - "); } - CHECK_GOTO(BN_print(bp, &c)); + CHECK_GOTO(BN_print(bp, c)); BIO_puts(bp, "\n"); } - CHECK_GOTO(BN_mul(&e, &d, &b, ctx)); - CHECK_GOTO(BN_add(&d, &e, &c)); - CHECK_GOTO(BN_sub(&d, &d, &a)); - if (!BN_is_zero(&d)) { + CHECK_GOTO(BN_mul(e, d, b, ctx)); + CHECK_GOTO(BN_add(d, e, c)); + CHECK_GOTO(BN_sub(d, d, a)); + if (!BN_is_zero(d)) { fprintf(stderr, "Division test failed!\n"); rc = 0; break; } } -err: - BN_free(&a); - BN_free(&b); - BN_free(&c); - BN_free(&d); - BN_free(&e); + err: + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); return (rc); } @@ -553,31 +566,33 @@ print_word(BIO *bp, BN_ULONG w) int test_div_word(BIO *bp) { - BIGNUM a, b; + BIGNUM *a = NULL, *b = NULL; BN_ULONG r, rmod, s = 0; int i; int rc = 1; - BN_init(&a); - BN_init(&b); + if ((a = BN_new()) == NULL) + goto err; + if ((b = BN_new()) == NULL) + goto err; for (i = 0; i < num0; i++) { do { - if (!BN_bntest_rand(&a, 512, -1, 0) || - !BN_bntest_rand(&b, BN_BITS2, -1, 0)) { + if (!BN_bntest_rand(a, 512, -1, 0) || + !BN_bntest_rand(b, BN_BITS2, -1, 0)) { rc = 0; break; } - s = b.d[0]; + s = BN_get_word(b); } while (!s); - if (!BN_copy(&b, &a)) { + if (!BN_copy(b, a)) { rc = 0; break; } - rmod = BN_mod_word(&b, s); - r = BN_div_word(&b, s); + rmod = BN_mod_word(b, s); + r = BN_div_word(b, s); if (r == (BN_ULONG)-1 || rmod == (BN_ULONG)-1) { rc = 0; @@ -592,16 +607,16 @@ test_div_word(BIO *bp) if (bp != NULL) { if (!results) { - CHECK_GOTO(BN_print(bp, &a)); + CHECK_GOTO(BN_print(bp, a)); BIO_puts(bp, " / "); print_word(bp, s); BIO_puts(bp, " - "); } - CHECK_GOTO(BN_print(bp, &b)); + CHECK_GOTO(BN_print(bp, b)); BIO_puts(bp, "\n"); if (!results) { - CHECK_GOTO(BN_print(bp, &a)); + CHECK_GOTO(BN_print(bp, a)); BIO_puts(bp, " % "); print_word(bp, s); BIO_puts(bp, " - "); @@ -609,95 +624,103 @@ test_div_word(BIO *bp) print_word(bp, r); BIO_puts(bp, "\n"); } - CHECK_GOTO(BN_mul_word(&b, s)); - CHECK_GOTO(BN_add_word(&b, r)); - CHECK_GOTO(BN_sub(&b, &a, &b)); - if (!BN_is_zero(&b)) { + CHECK_GOTO(BN_mul_word(b, s)); + CHECK_GOTO(BN_add_word(b, r)); + CHECK_GOTO(BN_sub(b, a, b)); + if (!BN_is_zero(b)) { fprintf(stderr, "Division (word) test failed!\n"); rc = 0; break; } } -err: - BN_free(&a); - BN_free(&b); - return (rc); + err: + BN_free(a); + BN_free(b); + + return rc; } int test_div_recp(BIO *bp, BN_CTX *ctx) { - BIGNUM a, b, c, d, e; - BN_RECP_CTX recp; + BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL; + BN_RECP_CTX *recp = NULL; int i; int rc = 1; - BN_RECP_CTX_init(&recp); - BN_init(&a); - BN_init(&b); - BN_init(&c); - BN_init(&d); - BN_init(&e); + if ((a = BN_new()) == NULL) + goto err; + if ((b = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; + if ((e = BN_new()) == NULL) + goto err; + + if ((recp = BN_RECP_CTX_new()) == NULL) + goto err; for (i = 0; i < num0 + num1; i++) { if (i < num1) { - CHECK_GOTO(BN_bntest_rand(&a, 400, 0, 0)); - CHECK_GOTO(BN_copy(&b, &a)); - CHECK_GOTO(BN_lshift(&a, &a, i)); - CHECK_GOTO(BN_add_word(&a, i)); + CHECK_GOTO(BN_bntest_rand(a, 400, 0, 0)); + CHECK_GOTO(BN_copy(b, a)); + CHECK_GOTO(BN_lshift(a, a, i)); + CHECK_GOTO(BN_add_word(a, i)); } else - CHECK_GOTO(BN_bntest_rand(&b, 50 + 3 * (i - num1), 0, 0)); - a.neg = rand_neg(); - b.neg = rand_neg(); - CHECK_GOTO(BN_RECP_CTX_set(&recp, &b, ctx)); - CHECK_GOTO(BN_div_recp(&d, &c, &a, &recp, ctx)); + CHECK_GOTO(BN_bntest_rand(b, 50 + 3 * (i - num1), 0, 0)); + BN_set_negative(a, rand_neg()); + BN_set_negative(b, rand_neg()); + CHECK_GOTO(BN_RECP_CTX_set(recp, b, ctx)); + CHECK_GOTO(BN_div_recp(d, c, a, recp, ctx)); if (bp != NULL) { if (!results) { - CHECK_GOTO(BN_print(bp, &a)); + CHECK_GOTO(BN_print(bp, a)); BIO_puts(bp, " / "); - CHECK_GOTO(BN_print(bp, &b)); + CHECK_GOTO(BN_print(bp, b)); BIO_puts(bp, " - "); } - CHECK_GOTO(BN_print(bp, &d)); + CHECK_GOTO(BN_print(bp, d)); BIO_puts(bp, "\n"); if (!results) { - CHECK_GOTO(BN_print(bp, &a)); + CHECK_GOTO(BN_print(bp, a)); BIO_puts(bp, " % "); - CHECK_GOTO(BN_print(bp, &b)); + CHECK_GOTO(BN_print(bp, b)); BIO_puts(bp, " - "); } - CHECK_GOTO(BN_print(bp, &c)); + CHECK_GOTO(BN_print(bp, c)); BIO_puts(bp, "\n"); } - CHECK_GOTO(BN_mul(&e, &d, &b, ctx)); - CHECK_GOTO(BN_add(&d, &e, &c)); - CHECK_GOTO(BN_sub(&d, &d, &a)); - if (!BN_is_zero(&d)) { + CHECK_GOTO(BN_mul(e, d, b, ctx)); + CHECK_GOTO(BN_add(d, e, c)); + CHECK_GOTO(BN_sub(d, d, a)); + if (!BN_is_zero(d)) { fprintf(stderr, "Reciprocal division test failed!\n"); fprintf(stderr, "a="); - CHECK_GOTO(BN_print_fp(stderr, &a)); + CHECK_GOTO(BN_print_fp(stderr, a)); fprintf(stderr, "\nb="); - CHECK_GOTO(BN_print_fp(stderr, &b)); + CHECK_GOTO(BN_print_fp(stderr, b)); fprintf(stderr, "\n"); rc = 0; break; } } -err: - BN_free(&a); - BN_free(&b); - BN_free(&c); - BN_free(&d); - BN_free(&e); - BN_RECP_CTX_free(&recp); + err: + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); + BN_RECP_CTX_free(recp); return (rc); } int test_mul(BIO *bp) { - BIGNUM a, b, c, d, e; + BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL; int i; int rc = 1; BN_CTX *ctx; @@ -706,45 +729,50 @@ test_mul(BIO *bp) if (ctx == NULL) exit(1); - BN_init(&a); - BN_init(&b); - BN_init(&c); - BN_init(&d); - BN_init(&e); + if ((a = BN_new()) == NULL) + goto err; + if ((b = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; + if ((e = BN_new()) == NULL) + goto err; for (i = 0; i < num0 + num1; i++) { if (i <= num1) { - CHECK_GOTO(BN_bntest_rand(&a, 100, 0, 0)); - CHECK_GOTO(BN_bntest_rand(&b, 100, 0, 0)); + CHECK_GOTO(BN_bntest_rand(a, 100, 0, 0)); + CHECK_GOTO(BN_bntest_rand(b, 100, 0, 0)); } else - CHECK_GOTO(BN_bntest_rand(&b, i - num1, 0, 0)); - a.neg = rand_neg(); - b.neg = rand_neg(); - CHECK_GOTO(BN_mul(&c, &a, &b, ctx)); + CHECK_GOTO(BN_bntest_rand(b, i - num1, 0, 0)); + BN_set_negative(a, rand_neg()); + BN_set_negative(b, rand_neg()); + CHECK_GOTO(BN_mul(c, a, b, ctx)); if (bp != NULL) { if (!results) { - CHECK_GOTO(BN_print(bp, &a)); + CHECK_GOTO(BN_print(bp, a)); BIO_puts(bp, " * "); - CHECK_GOTO(BN_print(bp, &b)); + CHECK_GOTO(BN_print(bp, b)); BIO_puts(bp, " - "); } - CHECK_GOTO(BN_print(bp, &c)); + CHECK_GOTO(BN_print(bp, c)); BIO_puts(bp, "\n"); } - CHECK_GOTO(BN_div(&d, &e, &c, &a, ctx)); - CHECK_GOTO(BN_sub(&d, &d, &b)); - if (!BN_is_zero(&d) || !BN_is_zero(&e)) { + CHECK_GOTO(BN_div(d, e, c, a, ctx)); + CHECK_GOTO(BN_sub(d, d, b)); + if (!BN_is_zero(d) || !BN_is_zero(e)) { fprintf(stderr, "Multiplication test failed!\n"); rc = 0; break; } } -err: - BN_free(&a); - BN_free(&b); - BN_free(&c); - BN_free(&d); - BN_free(&e); + err: + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); BN_CTX_free(ctx); return (rc); } @@ -752,17 +780,21 @@ test_mul(BIO *bp) int test_sqr(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *c, *d, *e; + BIGNUM *a = NULL, *c = NULL, *d = NULL, *e = NULL; int i, rc = 0; - a = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); + if ((a = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; + if ((e = BN_new()) == NULL) + goto err; for (i = 0; i < num0; i++) { CHECK_GOTO(BN_bntest_rand(a, 40 + i * 10, 0, 0)); - a->neg = rand_neg(); + BN_set_negative(a, rand_neg()); CHECK_GOTO(BN_sqr(c, a, ctx)); if (bp != NULL) { if (!results) { @@ -831,7 +863,7 @@ test_sqr(BIO *bp, BN_CTX *ctx) goto err; } rc = 1; -err: + err: BN_free(a); BN_free(c); BN_free(d); @@ -842,8 +874,8 @@ test_sqr(BIO *bp, BN_CTX *ctx) int test_mont(BIO *bp, BN_CTX *ctx) { - BIGNUM a, b, c, d, A, B; - BIGNUM n; + BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *A = NULL, *B = NULL; + BIGNUM *n = NULL; int i; int rc = 1; BN_MONT_CTX *mont; @@ -852,94 +884,107 @@ test_mont(BIO *bp, BN_CTX *ctx) if (mont == NULL) return 0; - BN_init(&a); - BN_init(&b); - BN_init(&c); - BN_init(&d); - BN_init(&A); - BN_init(&B); - BN_init(&n); + if ((a = BN_new()) == NULL) + goto err; + if ((b = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; + if ((A = BN_new()) == NULL) + goto err; + if ((B = BN_new()) == NULL) + goto err; + if ((n = BN_new()) == NULL) + goto err; - CHECK_GOTO(BN_zero(&n)); - if (BN_MONT_CTX_set(mont, &n, ctx)) { + CHECK_GOTO(BN_zero(n)); + if (BN_MONT_CTX_set(mont, n, ctx)) { fprintf(stderr, "BN_MONT_CTX_set succeeded for zero modulus!\n"); return (0); } - CHECK_GOTO(BN_set_word(&n, 16)); - if (BN_MONT_CTX_set(mont, &n, ctx)) { + CHECK_GOTO(BN_set_word(n, 16)); + if (BN_MONT_CTX_set(mont, n, ctx)) { fprintf(stderr, "BN_MONT_CTX_set succeeded for even modulus!\n"); return (0); } - CHECK_GOTO(BN_bntest_rand(&a, 100, 0, 0)); - CHECK_GOTO(BN_bntest_rand(&b, 100, 0, 0)); + CHECK_GOTO(BN_bntest_rand(a, 100, 0, 0)); + CHECK_GOTO(BN_bntest_rand(b, 100, 0, 0)); for (i = 0; i < num2; i++) { int bits = (200 * (i + 1)) / num2; if (bits == 0) continue; - CHECK_GOTO(BN_bntest_rand(&n, bits, 0, 1)); - CHECK_GOTO(BN_MONT_CTX_set(mont, &n, ctx)); + CHECK_GOTO(BN_bntest_rand(n, bits, 0, 1)); + CHECK_GOTO(BN_MONT_CTX_set(mont, n, ctx)); - CHECK_GOTO(BN_nnmod(&a, &a, &n, ctx)); - CHECK_GOTO(BN_nnmod(&b, &b, &n, ctx)); + CHECK_GOTO(BN_nnmod(a, a, n, ctx)); + CHECK_GOTO(BN_nnmod(b, b, n, ctx)); - CHECK_GOTO(BN_to_montgomery(&A, &a, mont, ctx)); - CHECK_GOTO(BN_to_montgomery(&B, &b, mont, ctx)); + CHECK_GOTO(BN_to_montgomery(A, a, mont, ctx)); + CHECK_GOTO(BN_to_montgomery(B, b, mont, ctx)); - CHECK_GOTO(BN_mod_mul_montgomery(&c, &A, &B, mont, ctx)); - CHECK_GOTO(BN_from_montgomery(&A, &c, mont, ctx)); + CHECK_GOTO(BN_mod_mul_montgomery(c, A, B, mont, ctx)); + CHECK_GOTO(BN_from_montgomery(A, c, mont, ctx)); if (bp != NULL) { if (!results) { - CHECK_GOTO(BN_print(bp, &a)); + CHECK_GOTO(BN_print(bp, a)); BIO_puts(bp, " * "); - CHECK_GOTO(BN_print(bp, &b)); + CHECK_GOTO(BN_print(bp, b)); BIO_puts(bp, " % "); - CHECK_GOTO(BN_print(bp, &(mont->N))); + /* n == &mont->N */ + CHECK_GOTO(BN_print(bp, n)); BIO_puts(bp, " - "); } - CHECK_GOTO(BN_print(bp, &A)); + CHECK_GOTO(BN_print(bp, A)); BIO_puts(bp, "\n"); } - CHECK_GOTO(BN_mod_mul(&d, &a, &b, &n, ctx)); - CHECK_GOTO(BN_sub(&d, &d, &A)); - if (!BN_is_zero(&d)) { + CHECK_GOTO(BN_mod_mul(d, a, b, n, ctx)); + CHECK_GOTO(BN_sub(d, d, A)); + if (!BN_is_zero(d)) { fprintf(stderr, "Montgomery multiplication test failed!\n"); rc = 0; break; } } -err: + err: BN_MONT_CTX_free(mont); - BN_free(&a); - BN_free(&b); - BN_free(&c); - BN_free(&d); - BN_free(&A); - BN_free(&B); - BN_free(&n); + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(A); + BN_free(B); + BN_free(n); return (rc); } int test_mod(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *b, *c, *d, *e; + BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL; int i; int rc = 1; - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); + if ((a = BN_new()) == NULL) + goto err; + if ((b = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; + if ((e = BN_new()) == NULL) + goto err; CHECK_GOTO(BN_bntest_rand(a, 1024, 0, 0)); for (i = 0; i < num0; i++) { CHECK_GOTO(BN_bntest_rand(b, 450 + i * 10, 0, 0)); - a->neg = rand_neg(); - b->neg = rand_neg(); + BN_set_negative(a, rand_neg()); + BN_set_negative(b, rand_neg()); CHECK_GOTO(BN_mod(c, a, b, ctx)); if (bp != NULL) { if (!results) { @@ -959,7 +1004,7 @@ test_mod(BIO *bp, BN_CTX *ctx) break; } } -err: + err: BN_free(a); BN_free(b); BN_free(c); @@ -971,15 +1016,20 @@ test_mod(BIO *bp, BN_CTX *ctx) int test_mod_mul(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *b, *c, *d, *e; + BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL; int i, j; int rc = 1; - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); + if ((a = BN_new()) == NULL) + goto err; + if ((b = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; + if ((e = BN_new()) == NULL) + goto err; CHECK_GOTO(BN_one(a)); CHECK_GOTO(BN_one(b)); @@ -994,8 +1044,8 @@ test_mod_mul(BIO *bp, BN_CTX *ctx) for (i = 0; i < num0; i++) { CHECK_GOTO(BN_bntest_rand(a, 475 + i * 10, 0, 0)); CHECK_GOTO(BN_bntest_rand(b, 425 + i * 11, 0, 0)); - a->neg = rand_neg(); - b->neg = rand_neg(); + BN_set_negative(a, rand_neg()); + BN_set_negative(b, rand_neg()); if (!BN_mod_mul(e, a, b, c, ctx)) { unsigned long l; @@ -1011,7 +1061,8 @@ test_mod_mul(BIO *bp, BN_CTX *ctx) CHECK_GOTO(BN_print(bp, b)); BIO_puts(bp, " % "); CHECK_GOTO(BN_print(bp, c)); - if ((a->neg ^ b->neg) && !BN_is_zero(e)) { + if ((BN_is_negative(a) ^ BN_is_negative(b)) && + !BN_is_zero(e)) { /* If (a*b) % c is negative, c must be added * in order to obtain the normalized remainder * (new with OpenSSL 0.9.7, previous versions of @@ -1036,7 +1087,7 @@ test_mod_mul(BIO *bp, BN_CTX *ctx) } } } -err: + err: BN_free(a); BN_free(b); BN_free(c); @@ -1048,15 +1099,20 @@ test_mod_mul(BIO *bp, BN_CTX *ctx) int test_mod_exp(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *b, *c, *d, *e; + BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL; int i; int rc = 1; - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); + if ((a = BN_new()) == NULL) + goto err; + if ((b = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; + if ((e = BN_new()) == NULL) + goto err; CHECK_GOTO(BN_one(a)); CHECK_GOTO(BN_one(b)); @@ -1172,7 +1228,7 @@ test_mod_exp(BIO *bp, BN_CTX *ctx) break; } } -err: + err: BN_free(a); BN_free(b); BN_free(c); @@ -1184,15 +1240,20 @@ test_mod_exp(BIO *bp, BN_CTX *ctx) int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *b, *c, *d, *e; + BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL; int i; int rc = 1; - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); + if ((a = BN_new()) == NULL) + goto err; + if ((b = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; + if ((e = BN_new()) == NULL) + goto err; CHECK_GOTO(BN_one(a)); CHECK_GOTO(BN_one(b)); @@ -1243,7 +1304,7 @@ test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx) break; } } -err: + err: BN_free(a); BN_free(b); BN_free(c); @@ -1259,18 +1320,28 @@ test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx) int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *p, *m, *d, *e, *b, *n, *c; - int len, rc = 1; - BN_MONT_CTX *mont; + BIGNUM *a = NULL, *p = NULL, *m = NULL, *d = NULL, *e = NULL; + BIGNUM *b = NULL, *n = NULL, *c = NULL; + BN_MONT_CTX *mont = NULL; + int len; + int rc = 1; - a = BN_new(); - p = BN_new(); - m = BN_new(); - d = BN_new(); - e = BN_new(); - b = BN_new(); - n = BN_new(); - c = BN_new(); + if ((a = BN_new()) == NULL) + goto err; + if ((p = BN_new()) == NULL) + goto err; + if ((m = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; + if ((e = BN_new()) == NULL) + goto err; + if ((b = BN_new()) == NULL) + goto err; + if ((n = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; CHECK_GOTO(mont = BN_MONT_CTX_new()); @@ -1414,7 +1485,7 @@ test_mod_exp_mont5(BIO *bp, BN_CTX *ctx) rc = 0; goto err; } -err: + err: BN_free(a); BN_free(p); BN_free(m); @@ -1430,15 +1501,20 @@ test_mod_exp_mont5(BIO *bp, BN_CTX *ctx) int test_exp(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *b, *d, *e, *one; + BIGNUM *a = NULL, *b = NULL, *d = NULL, *e = NULL, *one = NULL; int i; int rc = 1; - a = BN_new(); - b = BN_new(); - d = BN_new(); - e = BN_new(); - one = BN_new(); + if ((a = BN_new()) == NULL) + goto err; + if ((b = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; + if ((e = BN_new()) == NULL) + goto err; + if ((one = BN_new()) == NULL) + goto err; CHECK_GOTO(BN_one(one)); for (i = 0; i < num2; i++) { @@ -1470,7 +1546,7 @@ test_exp(BIO *bp, BN_CTX *ctx) break; } } -err: + err: BN_free(a); BN_free(b); BN_free(d); @@ -1483,66 +1559,76 @@ test_exp(BIO *bp, BN_CTX *ctx) int test_gf2m_add(BIO *bp) { - BIGNUM a, b, c; + BIGNUM *a = NULL, *b = NULL, *c = NULL; int i, rc = 0; - BN_init(&a); - BN_init(&b); - BN_init(&c); + if ((a = BN_new()) == NULL) + goto err; + if ((b = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; for (i = 0; i < num0; i++) { - CHECK_GOTO(BN_rand(&a, 512, 0, 0)); - CHECK_GOTO(BN_copy(&b, BN_value_one())); - a.neg = rand_neg(); - b.neg = rand_neg(); - CHECK_GOTO(BN_GF2m_add(&c, &a, &b)); + CHECK_GOTO(BN_rand(a, 512, 0, 0)); + CHECK_GOTO(BN_copy(b, BN_value_one())); + BN_set_negative(a, rand_neg()); + BN_set_negative(b, rand_neg()); + CHECK_GOTO(BN_GF2m_add(c, a, b)); #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */ if (bp != NULL) { if (!results) { - CHECK_GOTO(BN_print(bp, &a)); + CHECK_GOTO(BN_print(bp, a)); BIO_puts(bp, " ^ "); - CHECK_GOTO(BN_print(bp, &b)); + CHECK_GOTO(BN_print(bp, b)); BIO_puts(bp, " = "); } - CHECK_GOTO(BN_print(bp, &c)); + CHECK_GOTO(BN_print(bp, c)); BIO_puts(bp, "\n"); } #endif /* Test that two added values have the correct parity. */ - if ((BN_is_odd(&a) && BN_is_odd(&c)) - || (!BN_is_odd(&a) && !BN_is_odd(&c))) { + if ((BN_is_odd(a) && BN_is_odd(c)) + || (!BN_is_odd(a) && !BN_is_odd(c))) { fprintf(stderr, "GF(2^m) addition test (a) failed!\n"); goto err; } - CHECK_GOTO(BN_GF2m_add(&c, &c, &c)); + CHECK_GOTO(BN_GF2m_add(c, c, c)); /* Test that c + c = 0. */ - if (!BN_is_zero(&c)) { + if (!BN_is_zero(c)) { fprintf(stderr, "GF(2^m) addition test (b) failed!\n"); goto err; } } rc = 1; -err: - BN_free(&a); - BN_free(&b); - BN_free(&c); + err: + BN_free(a); + BN_free(b); + BN_free(c); return rc; } int test_gf2m_mod(BIO *bp) { - BIGNUM *a, *b[2], *c, *d, *e; - int i, j, rc = 0; + BIGNUM *a = NULL, *b[2] = { 0 }, *c = NULL, *d = NULL, *e = NULL; + int i, j; int p0[] = { 163, 7, 6, 3, 0, -1 }; int p1[] = { 193, 15, 0, -1 }; + int rc = 0; - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); + if ((a = BN_new()) == NULL) + goto err; + if ((b[0] = BN_new()) == NULL) + goto err; + if ((b[1] = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; + if ((e = BN_new()) == NULL) + goto err; CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0])); CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1])); @@ -1573,7 +1659,7 @@ test_gf2m_mod(BIO *bp) } } rc = 1; -err: + err: BN_free(a); BN_free(b[0]); BN_free(b[1]); @@ -1586,20 +1672,31 @@ test_gf2m_mod(BIO *bp) int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *b[2], *c, *d, *e, *f, *g, *h; - int i, j, rc = 0; + BIGNUM *a = NULL, *b[2] = { 0 }, *c = NULL, *d = NULL, *e = NULL, *f = NULL; + BIGNUM *g = NULL, *h = NULL; + int i, j; int p0[] = { 163, 7, 6, 3, 0, -1 }; int p1[] = { 193, 15, 0, -1 }; + int rc = 0; - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - f = BN_new(); - g = BN_new(); - h = BN_new(); + if ((a = BN_new()) == NULL) + goto err; + if ((b[0] = BN_new()) == NULL) + goto err; + if ((b[1] = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; + if ((e = BN_new()) == NULL) + goto err; + if ((f = BN_new()) == NULL) + goto err; + if ((g = BN_new()) == NULL) + goto err; + if ((h = BN_new()) == NULL) + goto err; CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0])); CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1])); @@ -1637,7 +1734,7 @@ test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx) } } rc = 1; -err: + err: BN_free(a); BN_free(b[0]); BN_free(b[1]); @@ -1653,16 +1750,21 @@ test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx) int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *b[2], *c, *d; + BIGNUM *a = NULL, *b[2] = { 0 }, *c = NULL, *d = NULL; int i, j, rc = 0; int p0[] = { 163, 7, 6, 3, 0, -1 }; int p1[] = { 193, 15, 0, -1 }; - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); + if ((a = BN_new()) == NULL) + goto err; + if ((b[0] = BN_new()) == NULL) + goto err; + if ((b[1] = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0])); CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1])); @@ -1696,7 +1798,7 @@ test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx) } } rc = 1; -err: + err: BN_free(a); BN_free(b[0]); BN_free(b[1]); @@ -1708,16 +1810,21 @@ test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx) int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *b[2], *c, *d; + BIGNUM *a = NULL, *b[2] = { 0 }, *c = NULL, *d = NULL; int i, j, rc = 0; int p0[] = { 163, 7, 6, 3, 0, -1 }; int p1[] = { 193, 15, 0, -1 }; - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); + if ((a = BN_new()) == NULL) + goto err; + if ((b[0] = BN_new()) == NULL) + goto err; + if ((b[1] = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0])); CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1])); @@ -1747,7 +1854,7 @@ test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx) } } rc = 1; -err: + err: BN_free(a); BN_free(b[0]); BN_free(b[1]); @@ -1759,18 +1866,25 @@ test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx) int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *b[2], *c, *d, *e, *f; + BIGNUM *a = NULL, *b[2] = { 0 }, *c = NULL, *d = NULL, *e = NULL, *f = NULL; int i, j, rc = 0; int p0[] = { 163, 7, 6, 3, 0, -1 }; int p1[] = { 193, 15, 0, -1 }; - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - f = BN_new(); + if ((a = BN_new()) == NULL) + goto err; + if ((b[0] = BN_new()) == NULL) + goto err; + if ((b[1] = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; + if ((e = BN_new()) == NULL) + goto err; + if ((f = BN_new()) == NULL) + goto err; CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0])); CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1])); @@ -1804,7 +1918,7 @@ test_gf2m_mod_div(BIO *bp, BN_CTX *ctx) } } rc = 1; -err: + err: BN_free(a); BN_free(b[0]); BN_free(b[1]); @@ -1818,18 +1932,25 @@ test_gf2m_mod_div(BIO *bp, BN_CTX *ctx) int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *b[2], *c, *d, *e, *f; + BIGNUM *a = NULL, *b[2] = { 0 }, *c = NULL, *d = NULL, *e = NULL, *f = NULL; int i, j, rc = 0; int p0[] = { 163, 7, 6, 3, 0, -1 }; int p1[] = { 193, 15, 0, -1 }; - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - f = BN_new(); + if ((a = BN_new()) == NULL) + goto err; + if ((b[0] = BN_new()) == NULL) + goto err; + if ((b[1] = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; + if ((e = BN_new()) == NULL) + goto err; + if ((f = BN_new()) == NULL) + goto err; CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0])); CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1])); @@ -1871,7 +1992,7 @@ test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx) } } rc = 1; -err: + err: BN_free(a); BN_free(b[0]); BN_free(b[1]); @@ -1885,18 +2006,25 @@ test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx) int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *b[2], *c, *d, *e, *f; + BIGNUM *a = NULL, *b[2] = { 0 }, *c = NULL, *d = NULL, *e = NULL, *f = NULL; int i, j, rc = 0; int p0[] = { 163, 7, 6, 3, 0, -1 }; int p1[] = { 193, 15, 0, -1 }; - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - f = BN_new(); + if ((a = BN_new()) == NULL) + goto err; + if ((b[0] = BN_new()) == NULL) + goto err; + if ((b[1] = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; + if ((e = BN_new()) == NULL) + goto err; + if ((f = BN_new()) == NULL) + goto err; CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0])); CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1])); @@ -1926,7 +2054,7 @@ test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx) } } rc = 1; -err: + err: BN_free(a); BN_free(b[0]); BN_free(b[1]); @@ -1940,17 +2068,23 @@ test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx) int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *b[2], *c, *d, *e; + BIGNUM *a = NULL, *b[2] = { 0 }, *c = NULL, *d = NULL, *e = NULL; int i, j, s = 0, t, rc = 0; int p0[] = { 163, 7, 6, 3, 0, -1 }; int p1[] = { 193, 15, 0, -1 }; - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); + if ((a = BN_new()) == NULL) + goto err; + if ((b[0] = BN_new()) == NULL) + goto err; + if ((b[1] = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; + if ((e = BN_new()) == NULL) + goto err; CHECK_GOTO(BN_GF2m_arr2poly(p0, b[0])); CHECK_GOTO(BN_GF2m_arr2poly(p1, b[1])); @@ -1999,12 +2133,12 @@ test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx) } } if (s == 0) { - fprintf(stderr, "All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0); + fprintf(stderr, "All %d tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0); fprintf(stderr, "this is very unlikely and probably indicates an error.\n"); goto err; } rc = 1; -err: + err: BN_free(a); BN_free(b[0]); BN_free(b[1]); @@ -2034,20 +2168,25 @@ genprime_cb(int p, int n, BN_GENCB *arg) int test_kron(BIO *bp, BN_CTX *ctx) { - BN_GENCB cb; - BIGNUM *a, *b, *r, *t; + BIGNUM *a = NULL, *b = NULL, *r = NULL, *t = NULL; + BN_GENCB *cb = NULL; int i; int legendre, kronecker; int rc = 0; - a = BN_new(); - b = BN_new(); - r = BN_new(); - t = BN_new(); - if (a == NULL || b == NULL || r == NULL || t == NULL) + if ((a = BN_new()) == NULL) + goto err; + if ((b = BN_new()) == NULL) + goto err; + if ((r = BN_new()) == NULL) + goto err; + if ((t = BN_new()) == NULL) + goto err; + + if ((cb = BN_GENCB_new()) == NULL) goto err; - BN_GENCB_set(&cb, genprime_cb, NULL); + BN_GENCB_set(cb, genprime_cb, NULL); /* * We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). In @@ -2059,30 +2198,30 @@ test_kron(BIO *bp, BN_CTX *ctx) * is prime but whether BN_kronecker works.) */ - if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb)) + if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, cb)) goto err; - b->neg = rand_neg(); + BN_set_negative(b, rand_neg()); putc('\n', stderr); for (i = 0; i < num0; i++) { if (!BN_bntest_rand(a, 512, 0, 0)) goto err; - a->neg = rand_neg(); + BN_set_negative(a, rand_neg()); /* t := (|b|-1)/2 (note that b is odd) */ if (!BN_copy(t, b)) goto err; - t->neg = 0; + BN_set_negative(t, 0); if (!BN_sub_word(t, 1)) goto err; if (!BN_rshift1(t, t)) goto err; /* r := a^t mod b */ - b->neg = 0; + BN_set_negative(b, 0); if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err; - b->neg = 1; + BN_set_negative(b, 1); if (BN_is_word(r, 1)) legendre = 1; @@ -2102,7 +2241,7 @@ test_kron(BIO *bp, BN_CTX *ctx) if (kronecker < -1) goto err; /* we actually need BN_kronecker(a, |b|) */ - if (a->neg && b->neg) + if (BN_is_negative(a) && BN_is_negative(b)) kronecker = -kronecker; if (legendre != kronecker) { @@ -2119,7 +2258,9 @@ test_kron(BIO *bp, BN_CTX *ctx) putc('\n', stderr); rc = 1; -err: + + err: + BN_GENCB_free(cb); BN_free(a); BN_free(b); BN_free(r); @@ -2130,18 +2271,22 @@ test_kron(BIO *bp, BN_CTX *ctx) int test_sqrt(BIO *bp, BN_CTX *ctx) { - BN_GENCB cb; - BIGNUM *a, *p, *r; + BIGNUM *a = NULL, *p = NULL, *r = NULL; + BN_GENCB *cb = NULL; int i, j; int rc = 0; - a = BN_new(); - p = BN_new(); - r = BN_new(); - if (a == NULL || p == NULL || r == NULL) + if ((a = BN_new()) == NULL) + goto err; + if ((p = BN_new()) == NULL) + goto err; + if ((r = BN_new()) == NULL) goto err; - BN_GENCB_set(&cb, genprime_cb, NULL); + if ((cb = BN_GENCB_new()) == NULL) + goto err; + + BN_GENCB_set(cb, genprime_cb, NULL); for (i = 0; i < 16; i++) { if (i < 8) { @@ -2155,11 +2300,11 @@ test_sqrt(BIO *bp, BN_CTX *ctx) if (!BN_set_word(r, 2 * i + 1)) goto err; - if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) + if (!BN_generate_prime_ex(p, 256, 0, a, r, cb)) goto err; putc('\n', stderr); } - p->neg = rand_neg(); + BN_set_negative(p, rand_neg()); for (j = 0; j < num2; j++) { /* @@ -2209,7 +2354,9 @@ test_sqrt(BIO *bp, BN_CTX *ctx) putc('\n', stderr); } rc = 1; -err: + + err: + BN_GENCB_free(cb); BN_free(a); BN_free(p); BN_free(r); @@ -2219,21 +2366,25 @@ test_sqrt(BIO *bp, BN_CTX *ctx) int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_) { - BIGNUM *a = NULL, *b, *c, *d; + BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL; int i; int rc = 1; - b = BN_new(); - c = BN_new(); - d = BN_new(); + if ((b = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; CHECK_GOTO(BN_one(c)); if (a_) a = a_; else { - a = BN_new(); + if ((a = BN_new()) == NULL) + goto err; CHECK_GOTO(BN_bntest_rand(a, 200, 0, 0)); - a->neg = rand_neg(); + BN_set_negative(a, rand_neg()); } for (i = 0; i < num0; i++) { CHECK_GOTO(BN_lshift(b, a, i + 1)); @@ -2265,7 +2416,7 @@ test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_) break; } } -err: + err: BN_free(a); BN_free(b); BN_free(c); @@ -2276,16 +2427,19 @@ test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_) int test_lshift1(BIO *bp) { - BIGNUM *a, *b, *c; + BIGNUM *a = NULL, *b = NULL, *c = NULL; int i; int rc = 1; - a = BN_new(); - b = BN_new(); - c = BN_new(); + if ((a = BN_new()) == NULL) + goto err; + if ((b = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; CHECK_GOTO(BN_bntest_rand(a, 200, 0, 0)); - a->neg = rand_neg(); + BN_set_negative(a, rand_neg()); for (i = 0; i < num0; i++) { CHECK_GOTO(BN_lshift1(b, a)); if (bp != NULL) { @@ -2307,7 +2461,7 @@ test_lshift1(BIO *bp) CHECK_GOTO(BN_copy(a, b)); } -err: + err: BN_free(a); BN_free(b); BN_free(c); @@ -2317,19 +2471,24 @@ test_lshift1(BIO *bp) int test_rshift(BIO *bp, BN_CTX *ctx) { - BIGNUM *a, *b, *c, *d, *e; + BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL; int i; int rc = 1; - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); + if ((a = BN_new()) == NULL) + goto err; + if ((b = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; + if ((d = BN_new()) == NULL) + goto err; + if ((e = BN_new()) == NULL) + goto err; CHECK_GOTO(BN_one(c)); CHECK_GOTO(BN_bntest_rand(a, 200, 0, 0)); - a->neg = rand_neg(); + BN_set_negative(a, rand_neg()); for (i = 0; i < num0; i++) { CHECK_GOTO(BN_rshift(b, a, i + 1)); CHECK_GOTO(BN_add(c, c, c)); @@ -2351,7 +2510,7 @@ test_rshift(BIO *bp, BN_CTX *ctx) break; } } -err: + err: BN_free(a); BN_free(b); BN_free(c); @@ -2363,16 +2522,19 @@ test_rshift(BIO *bp, BN_CTX *ctx) int test_rshift1(BIO *bp) { - BIGNUM *a, *b, *c; + BIGNUM *a = NULL, *b = NULL, *c = NULL; int i; int rc = 1; - a = BN_new(); - b = BN_new(); - c = BN_new(); + if ((a = BN_new()) == NULL) + goto err; + if ((b = BN_new()) == NULL) + goto err; + if ((c = BN_new()) == NULL) + goto err; CHECK_GOTO(BN_bntest_rand(a, 200, 0, 0)); - a->neg = rand_neg(); + BN_set_negative(a, rand_neg()); for (i = 0; i < num0; i++) { CHECK_GOTO(BN_rshift1(b, a)); if (bp != NULL) { @@ -2393,7 +2555,7 @@ test_rshift1(BIO *bp) } CHECK_GOTO(BN_copy(a, b)); } -err: + err: BN_free(a); BN_free(b); BN_free(c); @@ -2413,7 +2575,7 @@ int test_mod_exp_sizes(BIO *bp, BN_CTX *ctx) { BN_MONT_CTX *mont_ctx = NULL; - BIGNUM *p, *x, *y, *r, *r2; + BIGNUM *p = NULL, *x = NULL, *y = NULL, *r = NULL, *r2 = NULL; int size; int rc = 0; @@ -2455,7 +2617,7 @@ test_mod_exp_sizes(BIO *bp, BN_CTX *ctx) rc = 1; -err: + err: BN_MONT_CTX_free(mont_ctx); BN_CTX_end(ctx); return rc; diff --git a/tests/buffertest.c b/tests/buffertest.c index e627865e..3dfad7c4 100644 --- a/tests/buffertest.c +++ b/tests/buffertest.c @@ -1,5 +1,6 @@ +/* $OpenBSD: buffertest.c,v 1.6 2022/07/22 19:34:55 jsing Exp $ */ /* - * Copyright (c) 2019 Joel Sing + * Copyright (c) 2019, 2022 Joel Sing * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,9 +16,11 @@ */ #include +#include +#include #include -#include "tls13_internal.h" +#include "tls_internal.h" uint8_t testdata[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, @@ -37,13 +40,13 @@ read_cb(void *buf, size_t buflen, void *cb_arg) ssize_t n; if (rs->offset > rs->len) - return TLS13_IO_EOF; + return TLS_IO_EOF; if ((size_t)(n = buflen) > (rs->len - rs->offset)) n = rs->len - rs->offset; if (n == 0) - return TLS13_IO_WANT_POLLIN; + return TLS_IO_WANT_POLLIN; memcpy(buf, &rs->buf[rs->offset], n); rs->offset += n; @@ -57,11 +60,11 @@ struct extend_test { ssize_t want_ret; }; -struct extend_test extend_tests[] = { +const struct extend_test extend_tests[] = { { .extend_len = 4, .read_len = 0, - .want_ret = TLS13_IO_WANT_POLLIN, + .want_ret = TLS_IO_WANT_POLLIN, }, { .extend_len = 4, @@ -71,12 +74,12 @@ struct extend_test extend_tests[] = { { .extend_len = 12, .read_len = 8, - .want_ret = TLS13_IO_WANT_POLLIN, + .want_ret = TLS_IO_WANT_POLLIN, }, { .extend_len = 12, .read_len = 10, - .want_ret = TLS13_IO_WANT_POLLIN, + .want_ret = TLS_IO_WANT_POLLIN, }, { .extend_len = 12, @@ -91,66 +94,271 @@ struct extend_test extend_tests[] = { { .extend_len = 20, .read_len = 1, - .want_ret = TLS13_IO_EOF, + .want_ret = TLS_IO_EOF, }, }; #define N_EXTEND_TESTS (sizeof(extend_tests) / sizeof(extend_tests[0])) -int -main(int argc, char **argv) +static int +tls_buffer_extend_test(void) { - struct tls13_buffer *buf; - struct extend_test *et; + const struct extend_test *et; + struct tls_buffer *buf; struct read_state rs; - uint8_t *data; + uint8_t *data = NULL; size_t i, data_len; ssize_t ret; CBS cbs; + int failed = 1; rs.buf = testdata; rs.offset = 0; - if ((buf = tls13_buffer_new(0)) == NULL) - errx(1, "tls13_buffer_new"); + if ((buf = tls_buffer_new(0)) == NULL) + errx(1, "tls_buffer_new"); for (i = 0; i < N_EXTEND_TESTS; i++) { et = &extend_tests[i]; rs.len = et->read_len; - ret = tls13_buffer_extend(buf, et->extend_len, read_cb, &rs); + ret = tls_buffer_extend(buf, et->extend_len, read_cb, &rs); if (ret != extend_tests[i].want_ret) { - fprintf(stderr, "FAIL: Test %zi - extend returned %zi, " - "want %zi\n", i, ret, et->want_ret); - return 1; + fprintf(stderr, "FAIL: Test %zd - extend returned %zd, " + "want %zd\n", i, ret, et->want_ret); + goto failed; } - tls13_buffer_cbs(buf, &cbs); + if (!tls_buffer_data(buf, &cbs)) { + fprintf(stderr, "FAIL: Test %zd - failed to get data\n", + i); + goto failed; + } if (!CBS_mem_equal(&cbs, testdata, CBS_len(&cbs))) { - fprintf(stderr, "FAIL: Test %zi - extend buffer " + fprintf(stderr, "FAIL: Test %zd - extend buffer " "mismatch", i); - return 1; + goto failed; } } - if (!tls13_buffer_finish(buf, &data, &data_len)) { + if (!tls_buffer_finish(buf, &data, &data_len)) { fprintf(stderr, "FAIL: failed to finish\n"); - return 1; + goto failed; } - tls13_buffer_free(buf); + tls_buffer_free(buf); + buf = NULL; if (data_len != sizeof(testdata)) { fprintf(stderr, "FAIL: got data length %zu, want %zu\n", data_len, sizeof(testdata)); - return 1; + goto failed; } if (memcmp(data, testdata, data_len) != 0) { fprintf(stderr, "FAIL: data mismatch\n"); - return 1; + goto failed; } + + failed = 0; + + failed: + tls_buffer_free(buf); free(data); - return 0; + return failed; +} + +struct read_write_test { + uint8_t pattern; + size_t read; + size_t write; + size_t append; + ssize_t want; +}; + +const struct read_write_test read_write_tests[] = { + { + .read = 2048, + .want = TLS_IO_WANT_POLLIN, + }, + { + .pattern = 0xdb, + .write = 2048, + .want = 2048, + }, + { + .pattern = 0xbd, + .append = 2048, + .want = 1, + }, + { + .pattern = 0xdb, + .read = 2048, + .want = 2048, + }, + { + .pattern = 0xfe, + .append = 1024, + .want = 1, + }, + { + .pattern = 0xbd, + .read = 1000, + .want = 1000, + }, + { + .pattern = 0xbd, + .read = 1048, + .want = 1048, + }, + { + .pattern = 0xdb, + .write = 2048, + .want = 2048, + }, + { + .pattern = 0xbd, + .append = 1024, + .want = 1, + }, + { + .pattern = 0xee, + .append = 4096, + .want = 1, + }, + { + .pattern = 0xfe, + .append = 1, + .want = 0, + }, + { + .pattern = 0xfe, + .write = 1, + .want = TLS_IO_FAILURE, + }, + { + .pattern = 0xfe, + .read = 1024, + .want = 1024, + }, + { + .pattern = 0xdb, + .read = 2048, + .want = 2048, + }, + { + .pattern = 0xbd, + .read = 1024, + .want = 1024, + }, + { + .pattern = 0xee, + .read = 1024, + .want = 1024, + }, + { + .pattern = 0xee, + .read = 4096, + .want = 3072, + }, + { + .read = 2048, + .want = TLS_IO_WANT_POLLIN, + }, +}; + +#define N_READ_WRITE_TESTS (sizeof(read_write_tests) / sizeof(read_write_tests[0])) + +static int +tls_buffer_read_write_test(void) +{ + const struct read_write_test *rwt; + struct tls_buffer *buf = NULL; + uint8_t *rbuf = NULL, *wbuf = NULL; + ssize_t n; + size_t i; + int ret; + int failed = 1; + + if ((buf = tls_buffer_new(0)) == NULL) + errx(1, "tls_buffer_new"); + + tls_buffer_set_capacity_limit(buf, 8192); + + for (i = 0; i < N_READ_WRITE_TESTS; i++) { + rwt = &read_write_tests[i]; + + if (rwt->append > 0) { + free(wbuf); + if ((wbuf = malloc(rwt->append)) == NULL) + errx(1, "malloc"); + memset(wbuf, rwt->pattern, rwt->append); + if ((ret = tls_buffer_append(buf, wbuf, rwt->append)) != + rwt->want) { + fprintf(stderr, "FAIL: test %zu - " + "tls_buffer_append() = %d, want %zu\n", + i, ret, rwt->want); + goto failed; + } + } + + if (rwt->write > 0) { + free(wbuf); + if ((wbuf = malloc(rwt->write)) == NULL) + errx(1, "malloc"); + memset(wbuf, rwt->pattern, rwt->write); + if ((n = tls_buffer_write(buf, wbuf, rwt->write)) != + rwt->want) { + fprintf(stderr, "FAIL: test %zu - " + "tls_buffer_write() = %zi, want %zu\n", + i, n, rwt->want); + goto failed; + } + } + + if (rwt->read > 0) { + free(rbuf); + if ((rbuf = calloc(1, rwt->read)) == NULL) + errx(1, "malloc"); + if ((n = tls_buffer_read(buf, rbuf, rwt->read)) != + rwt->want) { + fprintf(stderr, "FAIL: test %zu - " + "tls_buffer_read() = %zi, want %zu\n", + i, n, rwt->want); + goto failed; + } + if (rwt->want > 0) { + free(wbuf); + if ((wbuf = malloc(rwt->want)) == NULL) + errx(1, "malloc"); + memset(wbuf, rwt->pattern, rwt->want); + if (memcmp(rbuf, wbuf, rwt->want) != 0) { + fprintf(stderr, "FAIL: test %zu - " + "read byte mismatch\n", i); + goto failed; + } + } + } + } + + failed = 0; + + failed: + tls_buffer_free(buf); + free(rbuf); + free(wbuf); + + return failed; +} + +int +main(int argc, char **argv) +{ + int failed = 0; + + failed |= tls_buffer_extend_test(); + failed |= tls_buffer_read_write_test(); + + return failed; } diff --git a/tests/bytestringtest.c b/tests/bytestringtest.c index 040667ed..a0fcde0b 100644 --- a/tests/bytestringtest.c +++ b/tests/bytestringtest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bytestringtest.c,v 1.14 2021/04/04 19:55:46 tb Exp $ */ +/* $OpenBSD: bytestringtest.c,v 1.16 2022/01/06 14:31:03 jsing Exp $ */ /* * Copyright (c) 2014, Google Inc. * @@ -63,10 +63,14 @@ test_skip(void) static int test_get_u(void) { - static const uint8_t kData[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10}; + static const uint8_t kData[] = { + 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, + 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, + }; uint8_t u8; uint16_t u16; uint32_t u32; + uint64_t u64; CBS data; CBS_init(&data, kData, sizeof(kData)); @@ -79,7 +83,14 @@ test_get_u(void) CHECK(u32 == 0x40506); CHECK(CBS_get_u32(&data, &u32)); CHECK(u32 == 0x708090a); + CHECK(CBS_get_u64(&data, &u64)); + CHECK(u64 == 0x0b0c0d0e0f101112U); + CHECK(CBS_get_last_u8(&data, &u8)); + CHECK(u8 == 20); + CHECK(CBS_get_last_u8(&data, &u8)); + CHECK(u8 == 19); CHECK(!CBS_get_u8(&data, &u8)); + CHECK(!CBS_get_last_u8(&data, &u8)); return 1; } @@ -131,6 +142,42 @@ test_get_prefixed_bad(void) return 1; } +static int +test_peek_u(void) +{ + static const uint8_t kData[] = { + 1, 2, 3, 4, 5, 6, 7, 8, 9, + }; + uint8_t u8; + uint16_t u16; + uint32_t u32; + CBS data; + + CBS_init(&data, kData, sizeof(kData)); + + CHECK(CBS_peek_u8(&data, &u8)); + CHECK(u8 == 1); + CHECK(CBS_peek_u16(&data, &u16)); + CHECK(u16 == 0x102); + CHECK(CBS_peek_u24(&data, &u32)); + CHECK(u32 == 0x10203); + CHECK(CBS_peek_u32(&data, &u32)); + CHECK(u32 == 0x1020304); + CHECK(CBS_get_u32(&data, &u32)); + CHECK(u32 == 0x1020304); + CHECK(CBS_peek_last_u8(&data, &u8)); + CHECK(u8 == 9); + CHECK(CBS_peek_u32(&data, &u32)); + CHECK(u32 == 0x5060708); + CHECK(CBS_get_u32(&data, &u32)); + CHECK(u32 == 0x5060708); + CHECK(CBS_get_u8(&data, &u8)); + CHECK(u8 == 9); + CHECK(!CBS_get_u8(&data, &u8)); + + return 1; +} + static int test_get_asn1(void) { @@ -268,7 +315,10 @@ test_get_optional_asn1_bool(void) static int test_cbb_basic(void) { - static const uint8_t kExpected[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12}; + static const uint8_t kExpected[] = { + 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, + 13, 14, 15, 16, 17, 18, 19, 20, + }; uint8_t *buf = NULL; size_t buf_len; int ret = 0; @@ -284,6 +334,7 @@ test_cbb_basic(void) CHECK_GOTO(CBB_add_u24(&cbb, 0x40506)); CHECK_GOTO(CBB_add_u32(&cbb, 0x708090a)); CHECK_GOTO(CBB_add_bytes(&cbb, (const uint8_t*) "\x0b\x0c", 2)); + CHECK_GOTO(CBB_add_u64(&cbb, 0xd0e0f1011121314)); CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len)); ret = (buf_len == sizeof(kExpected) @@ -894,6 +945,7 @@ main(void) failed |= !test_get_u(); failed |= !test_get_prefixed(); failed |= !test_get_prefixed_bad(); + failed |= !test_peek_u(); failed |= !test_get_asn1(); failed |= !test_cbb_basic(); failed |= !test_cbb_add_space(); diff --git a/tests/ca-int-ecdsa.crl b/tests/ca-int-ecdsa.crl new file mode 100644 index 00000000..b904de3e --- /dev/null +++ b/tests/ca-int-ecdsa.crl @@ -0,0 +1,8 @@ +-----BEGIN X509 CRL----- +MIHuMIGUMAoGCCqGSM49BAMCMC4xLDAqBgNVBAMMI0xpYnJlU1NMIFRlc3QgSW50 +ZXJtZWRpYXRlIENBIEVDRFNBFw0yMTEyMjcxNDQwNDBaFw0yMjAxMjYxNDQwNDBa +MDgwGgIJAOVssaaTYoH5Fw0yMTEyMjcxNDQwNDBaMBoCCQDlbLGmk2KB+xcNMjEx +MjI3MTQ0MDQwWjAKBggqhkjOPQQDAgNJADBGAiEA9FWkenCgh+6Rz0/nuS7DaiUR +J5imCs0Wx6TiG3YUL3oCIQDfTT+54eKAEFXeYN2oToZtHbTHh5YUici5GA/PDmOG +Ig== +-----END X509 CRL----- diff --git a/tests/ca-int-ecdsa.pem b/tests/ca-int-ecdsa.pem new file mode 100644 index 00000000..fa1db863 --- /dev/null +++ b/tests/ca-int-ecdsa.pem @@ -0,0 +1,13 @@ +subject= CN = LibreSSL Test Intermediate CA ECDSA +issuer= CN = LibreSSL Test Root CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBrDCCAVOgAwIBAgIJAOVssaaTYoH3MAkGByqGSM49BAEwJjEkMCIGA1UEAwwb +TGlicmVTU0wgVGVzdCBSb290IENBIEVDRFNBMB4XDTIxMTIyNzE0NDA0MFoXDTMx +MTIyNTE0NDA0MFowLjEsMCoGA1UEAwwjTGlicmVTU0wgVGVzdCBJbnRlcm1lZGlh +dGUgQ0EgRUNEU0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATWRQbJh4aHPzHq +LOAmosW/o83bTpm3Sj1VxM44StmG7c1nnFM/+gS8rp2bVSgjWZQzRtZqGVGJgzbk +7/M1m3x3o2MwYTAdBgNVHQ4EFgQUF1Y9b/xKVxI5QsoCcoGrUA3kwggwHwYDVR0j +BBgwFoAUtvkat4UdcUEipt6L/PBgEFYH6AwwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwCQYHKoZIzj0EAQNIADBFAiBE4NiOdv/XRN3WWMnkE5QccvC6 +VThoIQRyBf4I97cRPQIhAK18dvwrLuOOfbhWMdkpNCddMkWZHxS7traw/8+s7OUU +-----END CERTIFICATE----- diff --git a/tests/ca-int-rsa.crl b/tests/ca-int-rsa.crl new file mode 100644 index 00000000..481886ae --- /dev/null +++ b/tests/ca-int-rsa.crl @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBrDCBlTANBgkqhkiG9w0BAQsFADAsMSowKAYDVQQDDCFMaWJyZVNTTCBUZXN0 +IEludGVybWVkaWF0ZSBDQSBSU0EXDTIxMTIyNzE0NDAzOFoXDTIyMDEyNjE0NDAz +OFowODAaAgkA5WyxppNigfQXDTIxMTIyNzE0NDAzN1owGgIJAOVssaaTYoH2Fw0y +MTEyMjcxNDQwMzhaMA0GCSqGSIb3DQEBCwUAA4IBAQCGMtlhTlaOK7fK2OHXgoAf +lDr1FQfqfNo5ZNE2+VqOvjYfgwdOgfxIsIuUoNp9/NhzO3e4KNe6P/33axwIsy7o +RofbGYFSlHIYPEf1LyvH8z5mT2L2LAQAi+p+QMFizH6KNc74Oftygyi1bcJlN3CJ +dP9LyvACdJSna7dEh7Snu2hy8tEDAO/RxUrryOZca0+5I4aaD8QCdFwdicDQ8U1s +gTJ5w1gxkEWKv/J/AjCjRAVoAjE2/sUC1PPOJnZy7b0sS2Fv7zV7UAWSzO0KEYv+ +vav3UekGIgw0A5PDdWmUqCxE7aK71iy4EmlzMyVNULVcF1qX6qBQT5OpXr0Eo6WR +-----END X509 CRL----- diff --git a/tests/ca-int-rsa.pem b/tests/ca-int-rsa.pem new file mode 100644 index 00000000..b457ad6f --- /dev/null +++ b/tests/ca-int-rsa.pem @@ -0,0 +1,22 @@ +subject= CN = LibreSSL Test Intermediate CA RSA +issuer= CN = LibreSSL Test Root CA RSA +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIJAOVssaaTYoHyMA0GCSqGSIb3DQEBCwUAMCQxIjAgBgNV +BAMMGUxpYnJlU1NMIFRlc3QgUm9vdCBDQSBSU0EwHhcNMjExMjI3MTQ0MDM3WhcN +MzExMjI1MTQ0MDM3WjAsMSowKAYDVQQDDCFMaWJyZVNTTCBUZXN0IEludGVybWVk +aWF0ZSBDQSBSU0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD151AI +I+W9MrEP3dO0PEjg6L9E1R6+CG6u0LT3Jobc/rG2RXqKLasEaXoBWYiJoTImVxFT +wtrY+IDDTaEV4/4RGII1fY8Js7v5NpwoEh15jCoJ6/qDjKd4y1s1M48PlWYNNRmv +OBKRIu3Fz7scUa1RSBCp1bZeHbq/V5SzG419nDq2xpyuUrwmfBhDZTH+kUwBNGn8 +XVRFCRJQVP3qEAH02Zai2emSVj13KrhEWMtNyA8fa34GIuV23Q40RKW3jUgGBF+D +5jPNN8EZCj34nvvbjCCBs7cxZvD4F/MzGbatKpNmNOKXKibeg/xCq8B/F1uzHcl3 +IzJuViNtQ3RjQ/1pAgMBAAGjYzBhMB0GA1UdDgQWBBQ2oaFa//6a3ZNBNV0NlN3n +A9jiZjAfBgNVHSMEGDAWgBQ+S/x79Kw0KqURKAHyiOhdj/8V0TAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAcok2oSct +BOkm75qA8+4eUilGxTaqFPCqY8fk8MKNRKNNzaqirPaLJW62mZaxRHOn1Bw9uzL3 +jgz2PaTwA7n5GpKs3r5JLk8BdtRyeqMLmqJVJKKuu4GtJLCA8jhQm+XNA1Z324hg +kVeBHLPpLKvQxb+0lmbRBORq/OtMirq2yK8OlF2USrfQx0jmhSvvLpWyA0hhAXRS +gg1ds9aL57dELvk6gR7Unob+J0O2Xq3FRwz2O1k9fF86a0qrWUkxcnAjobC2BczC +7Fe5B194LgrX2U4IIrzwgJ19kmtrb1Qol2okECxomTYsbQY36sBs+LOKxSuiagu6 +ZgJtfcNeVMglYQ== +-----END CERTIFICATE----- diff --git a/tests/ca-root-ecdsa.pem b/tests/ca-root-ecdsa.pem new file mode 100644 index 00000000..c7862da5 --- /dev/null +++ b/tests/ca-root-ecdsa.pem @@ -0,0 +1,13 @@ +subject= CN = LibreSSL Test Root CA ECDSA +issuer= CN = LibreSSL Test Root CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBpjCCAUygAwIBAgIJALqTupYRbYuwMAoGCCqGSM49BAMCMCYxJDAiBgNVBAMM +G0xpYnJlU1NMIFRlc3QgUm9vdCBDQSBFQ0RTQTAeFw0yMTEyMjcxNDQwNDBaFw0z +MTEyMjUxNDQwNDBaMCYxJDAiBgNVBAMMG0xpYnJlU1NMIFRlc3QgUm9vdCBDQSBF +Q0RTQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIxQjA3Gp+4irgwEumPY1/EG +lVy6/olnAc+4elWkj0SqqdjfWanQqO8wHFY0qICKq8lHKhcyw2v9oyOsNVXZj8Kj +YzBhMB0GA1UdDgQWBBS2+Rq3hR1xQSKm3ov88GAQVgfoDDAfBgNVHSMEGDAWgBS2 ++Rq3hR1xQSKm3ov88GAQVgfoDDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE +AwIBBjAKBggqhkjOPQQDAgNIADBFAiAqAN8RFQOAIXeJcxCHUCN1n3sUBuYF/XkS +VnTsAEU/kwIhANNk/xjGq9O2YeLEFT1InoltVlwM5P8oa7krPnPbFnwY +-----END CERTIFICATE----- diff --git a/tests/ca-root-rsa.pem b/tests/ca-root-rsa.pem new file mode 100644 index 00000000..daf3407a --- /dev/null +++ b/tests/ca-root-rsa.pem @@ -0,0 +1,22 @@ +subject= CN = LibreSSL Test Root CA RSA +issuer= CN = LibreSSL Test Root CA RSA +-----BEGIN CERTIFICATE----- +MIIDLjCCAhagAwIBAgIJAIuM+uV8F+LtMA0GCSqGSIb3DQEBCwUAMCQxIjAgBgNV +BAMMGUxpYnJlU1NMIFRlc3QgUm9vdCBDQSBSU0EwHhcNMjExMjI3MTQ0MDM3WhcN +MzExMjI1MTQ0MDM3WjAkMSIwIAYDVQQDDBlMaWJyZVNTTCBUZXN0IFJvb3QgQ0Eg +UlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvrj8h5JmJ+7V33R +wloqhM0nLvmidkmk1sqJaOi0GNXoMLnaut90+2TnRiFDbsblzAjTijQC6PEfaJTB +AEFBgNSQKdhVruYTL5HHhw/XHTjxqftizvJj1FsZh2n6gkTG/QOgbaDMCx+yFF88 +wro7Br32TZF+BuDuyzVcSPJUajYT+C9bWSq9jX8Fhvl5M3IOG7olg3gAMmU+E8SY +TaKhoJ7KGLHDEQP9NJknJusV8T72lY/TzacVDDOxEUxpuYtJ1Kayytflhs1065Ua +PkiIReoFnhK/tRAgyxz3bc6HDDmTz4FpyGPcAsSRtEbn1n1417hzH4Neq5eioVmx +hX1HTwIDAQABo2MwYTAdBgNVHQ4EFgQUPkv8e/SsNCqlESgB8ojoXY//FdEwHwYD +VR0jBBgwFoAUPkv8e/SsNCqlESgB8ojoXY//FdEwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAEYi6O+l7SS14myiZydm +eP0hS8+ABWz/xqzu81W5Uxo7XD3sNfz5hkhA3S2FrBg5xpDScAzsM9Og6VRuQA7/ +StWLc2gLvLI6cZNdOCOH/O4K6IYRGR0kXG7WA4MpBiDrPXZKXI3WcUNyTHM36Un4 +ZATRkO+xMLKFpnxHCkY5U9kp8xX5boNxtQsGkWfuG+fm7GVBaQapnvN+WRY4QXKQ +jF10CFUcIUNGG81XTEhQwpcP0b0ruZK6JBah4VG7lUHbJ6/WoYiGYXCToK09ohIX +PuWiVTiT9LH90U58No3NfinQPbE55mJju+YNNqLU4Wk3ub5rYpp0WFmo6T9kXL/z +fO8= +-----END CERTIFICATE----- diff --git a/tests/chacha20_poly1305_tests.txt b/tests/chacha20_poly1305_tests.txt new file mode 100644 index 00000000..7656247d --- /dev/null +++ b/tests/chacha20_poly1305_tests.txt @@ -0,0 +1,576 @@ +# Test vector from RFC 8439 Section 2.8.1. + +KEY: 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f +NONCE: 070000004041424344454647 +IN: "Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it." +AD: 50515253c0c1c2c3c4c5c6c7 +CT: d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116 +TAG: 1ae10b594f09e26a7e902ecbd0600691 + +# Test padding AD with 15 zeros in the tag calculation. +KEY: 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f +NONCE: 070000004041424344454647 +IN: "123456789abcdef0" +AD: "1" +CT: ae49da6934cb77822c83ed9852e46c9e +TAG: dac9c841c168379dcf8f2bb8e22d6da2 + +# Test padding IN with 15 zeros in the tag calculation. +KEY: 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f +NONCE: 070000004041424344454647 +IN: "1" +AD: "123456789abcdef0" +CT: ae +TAG: 3ed2f824f901a8994052f852127c196a + +# Test padding AD with 1 zero in the tag calculation. +KEY: 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f +NONCE: 070000004041424344454647 +IN: "123456789abcdef0" +AD: "123456789abcdef" +CT: ae49da6934cb77822c83ed9852e46c9e +TAG: 2e9c9b1689adb5ec444002eb920efb66 + +# Test padding IN with 1 zero in the tag calculation. +KEY: 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f +NONCE: 070000004041424344454647 +IN: "123456789abcdef" +AD: "123456789abcdef0" +CT: ae49da6934cb77822c83ed9852e46c +TAG: 05b2937f8bbc64fed21f0fb74cd7147c + +# Test maximal nonce value. +KEY: 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f +NONCE: ffffffffffffffffffffffff +IN: "123456789abcdef0" +AD: "123456789abcdef0" +CT: e275aeb341e1fc9a70c4fd4496fc7cdb +TAG: 41acd0560ea6843d3e5d4e5babf6e946 + +KEY: 9a97f65b9b4c721b960a672145fca8d4e32e67f9111ea979ce9c4826806aeee6 +NONCE: 000000003de9c0da2bd7f91e +IN: "" +AD: "" +CT: "" +TAG: 5a6e21f4ba6dbee57380e79e79c30def + +KEY: bcb2639bf989c6251b29bf38d39a9bdce7c55f4b2ac12a39c8a37b5d0a5cc2b5 +NONCE: 000000001e8b4c510f5ca083 +IN: 8c8419bc27 +AD: 34ab88c265 +CT: 1a7c2f33f5 +TAG: 2a63876a887f4f080c9df418813fc1fd + +KEY: 4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd1100a1007 +NONCE: 00000000cd7cf67be39c794a +IN: 86d09974840bded2a5ca +AD: 87e229d4500845a079c0 +CT: e3e446f7ede9a19b62a4 +TAG: 356d9eda66d08016b853d87c08b5c1b3 + +KEY: 422a5355b56dcf2b436aa8152858106a88d9ba23cdfe087b5e74e817a52388b3 +NONCE: 000000001d12d6d91848f2ea +IN: 537a645387f22d6f6dbbea568d3feb +AD: bef267c99aec8af56bc238612bfea6 +CT: 281a366705c5a24b94e56146681e44 +TAG: 59143dab187449060a3ec2a1681613cc + +KEY: ec7b864a078c3d05d970b6ea3ba6d33d6bb73dfa64c622a4727a96ede876f685 +NONCE: 000000002bca0e59e39508d3 +IN: b76733895c871edd728a45ed1a21f15a9597d49d +AD: cc1243ea54272db602fb0853c8e7027c56338b6c +CT: 1fb9b2958fce47a5cada9d895fbb0c00d3569858 +TAG: 219b4252deb16a43b292165aabc5d5ce + +KEY: 2c4c0fdb611df2d4d5e7898c6af0022795364adb8749155e2c68776a090e7d5c +NONCE: 0000000013ce7382734c4a71 +IN: 0dc6ff21a346e1337dd0db81d8f7d9f6fd1864418b98aadcdb +AD: 0115edcb176ab8bfa947d1f7c3a86a845d310bf6706c59a8f9 +CT: dad65e4244a1a17ce59d88b00af4f7434bd7830ffdd4c5558f +TAG: 7ae32f186cf9ec59b41b764b34307d4f + +KEY: c66e89fbab01208f6a60847f4f34b38d27b554c119cf8d9e0b118aa7266ab865 +NONCE: 000000005d9856060c54ab06 +IN: f9e3e9b5ed07b2080db8c1ffc37e4a6cb3cd544608921e18610d00b17c6e +AD: 85c112a1efe0a20ef3a550526a7afbc98f6367ebbede4e703099abd78f51 +CT: b5cc754f6dd19ef2d66f90e6bc9a322ddf216ef248cbe76b5ab6dd53bc36 +TAG: d3f7b9c295f374651a84138648a5919a + +KEY: a8b9766f404dea8cf7d7dfaf5822f53df9ccd092e332a57f007b301b507d5e14 +NONCE: 00000000c7f2f7a233104a2d +IN: 4d6faeaee39179a7c892faae3719656cc614c7e6ecd8fcb570a3b82c4dace969090338 +AD: c6d83b6a56408a356e68d0494d4eff150530b09551d008373d6dee2b8d6b5619d67fdb +CT: a15443f083316eef627a371f4c9ac654d0dd75255d8a303125e9f51af4233ff4ceb7fe +TAG: 63c2b4e0973096299488b0a66ffa54c1 + +KEY: 5e8d0e5f1467f7a750c55144d0c670f7d91075f386795b230c9bf1c04ba250bc +NONCE: 0000000088049f44ba61b88f +IN: 51a1eebcc348e0582196a0bce16ed1f8ac2e91c3e8a690e04a9f4b5cf63313d7ad08d1efbff85c89 +AD: 5d09bf0be90026f9fc51f73418d6d864b6d197ea030b3de072bd2c2f5cab5860a342abbd29dba9dc +CT: 35aa4bd4537aa611fd7578fc227df50ebcb00c692a1cf6f02e50ed9270bd93af3bc68f4c75b96638 +TAG: 4461139c4055333106cf7f7556fd4171 + +KEY: 21a9f07ec891d488805e9b92bb1b2286f3f0410c323b07fee1dc6f7379e22e48 +NONCE: 00000000066215be6567377a +IN: c1b0affaf2b8d7ef51cca9aacf7969f92f928c2e3cc7db2e15f47ee1f65023910d09f209d007b7436ee898133d +AD: dfdfdf4d3a68b47ad0d48828dc17b2585da9c81c3a8d71d826b5fa8020fee002397e91fc9658e9d61d728b93eb +CT: 8ff4ceb600e7d45696d02467f8e30df0d33864a040a41ffb9e4c2da09b92e88b6f6b850e9f7258d827b9aaf346 +TAG: b2ad07b86aca1b3ab34033c12d6a08cc + +KEY: 54c93db9aa0e00d10b45041c7a7e41ee9f90ab78ae4c1bba18d673c3b370abde +NONCE: 000000003f2d44e7b352360f +IN: 1241e7d6fbe5eef5d8af9c2fb8b516e0f1dd49aa4ebe5491205194fe5aea3704efaf30d392f44cc99e0925b84460d4873344 +AD: f1d1b08dd6fe96c46578c1d1ad38881840b10cb5eae41e5f05fe5287223fa72242aea48cb374a80be937b541f9381efa66bb +CT: 027b86865b80b4c4da823a7d3dbcf5845bf57d58ee334eb357e82369cc628979e2947830d9d4817efd3d0bc4779f0b388943 +TAG: 6de01091d749f189c4e25aa315b31495 + +KEY: 808e0e73e9bcd274d4c6f65df2fe957822a602f039d4752616ba29a28926ef4a +NONCE: 000000001b9cd73d2fc3cb8e +IN: 3436c7b5be2394af7e88320c82326a6db37887ff9de41961c7d654dd22dd1f7d40444d48f5c663b86ff41f3e15b5c8ca1337f97635858f +AD: d57cfbe5f2538044282e53b2f0bb4e86ea2233041fb36adb8338ded092148f8c2e894ef8766a7ec2dd02c6ac5dbab0c3703c5e9119e37c +CT: 9b950b3caf7d25eaf5fca6fa3fe12ed077d80dcd5579851233c766bb8bb613ec91d925a939bb52fb88d5eda803cfe2a8cda2e055b962fd +TAG: 0887ec7d5e1a4e532746ec247a30825a + +KEY: 4adfe1a26c5636536cd7cb72aa5bded0b1aa64487ad0e4078f311e8782768e97 +NONCE: 00000000d69e54badec11560 +IN: 19b3f9411ce875fcb684cbdc07938c4c1347e164f9640d37b22f975b4b9a373c4302ae0e7dfdeba1e0d00ced446e338f4c5bc01b4becef5115825276 +AD: bda1b0f6c2f4eb8121dcbd2eebd91a03ae1d6e0523b9b6f34b6f16ceca0d086654fb0552bfd5c8e1887730e1449ea02d7f647ae835bc2dab4bbc65b9 +CT: ea765a829d961e08bacaed801237ef4067df38ad3737b7c6de4db587a102a86fc4abbaabea0ee97c95ca7f571c7bab6f38cbae60cd6e6a4ce3c7a320 +TAG: a27f18846f5a4f7fcc724656c91cf4f3 + +KEY: eb3db86c14b7cc2e494345d0dfb4841bbd3aa1e2bc640cca0c6c405520685639 +NONCE: 0000000088b54b28d6da8c81 +IN: f75c0a357271430b1ecff07a307b6c29325c6e66935046704a19845e629f87a9e3b8aa6c1df55dd426a487d533bb333e46f0d3418464ac1bef059231f8e87e6284 +AD: 34b08bb0df821c573dcb56f5b8b4a9920465067f3b5bf3e3254ea1da1a7fc9847fd38bdfe6b30927945263a91fa288c7cf1bee0fddb0fadf5948c5d83eb4623575 +CT: 146ec84f5dc1c9fe9de3307a9182dbaa75965bf85f5e64563e68d039a5b659aa8863b89228edb93ff3d8c3323ab0d03300476aa4aca206d4626a6b269b2078912d +TAG: 854cbb42bade86a09597482c8604681a + +KEY: dd5b49b5953e04d926d664da3b65ebcffbbf06abbe93a3819dfc1abbecbaab13 +NONCE: 00000000c5c8009459b9e31a +IN: f21f6706a4dc33a361362c214defd56d353bcb29811e5819ab3c5c2c13950c7aa0000b9d1fe69bb46454514dcce88a4a5eda097c281b81e51d6a4dba47c80326ba6cea8e2bab +AD: fe6f4cbb00794adea59e9de8b03c7fdf482e46f6c47a35f96997669c735ed5e729a49416b42468777e6a8d7aa173c18b8177418ded600124a98cbb65489f9c24a04f1e7127ce +CT: 911ead61b2aa81d00c5eff53aeea3ab713709ed571765890d558fb59d3993b45f598a39e5eff4be844c4d4bd1ef9622e60412b21140007d54dcf31b2c0e3e98cf33a00fd27f0 +TAG: 2865d2a26f413cc92416340f9491e1be + +KEY: 3b319e40148a67dc0bb19271d9272b327bc5eee087173d3d134ad56c8c7dc020 +NONCE: 00000000ce5cf6fef84d0010 +IN: 27b5627b17a2de31ad00fc2ecb347da0a399bb75cc6eadd4d6ee02de8fbd6a2168d4763ba9368ba982e97a2db8126df0343cdad06d2bc7d7e12eec731d130f8b8745c1954bfd1d717b4ea2 +AD: a026b6638f2939ec9cc28d935fb7113157f3b5b7e26c12f8f25b36412b0cd560b7f11b62788a76bd171342e2ae858bcecb8266ff8482bbaed593afe818b9829e05e8e2b281ae7799580142 +CT: 368fb69892447b75778f1c5236e1e9d5d89255c3d68d565a5bba4f524d6ad27de13087f301e2ef4c08f5e2c6128b1d3e26de845c4ac4869e4c8bd8858ad0d26dec3b5d61a9e3666a3911ba +TAG: 1414f1b91966340417c38226ccca9d3d + +KEY: 43bf97407a82d0f684bb85342380d66b85fcc81c3e22f1c0d972cd5bfdf407f4 +NONCE: 000000008b6ba494c540fba4 +IN: 4b4c7e292a357f56fdf567c32fc0f33608110d7ce5c69112987d7b5a0bd46d8627a721b0aed070b54ea9726084188c518cba829f3920365afc9382c6a5eb0dd332b84612366735be2479b63c9efc7ff5 +AD: 1e0acf4070e8d6758b60d81b6d289a4ecdc30e3de4f9090c13691d5b93d5bbcef984f90956de53c5cf44be6c70440661fa58e65dec2734ff51d6d03f57bddda1f47807247e3194e2f7ddd5f3cafd250f +CT: d0076c88ad4bc12d77eb8ae8d9b5bf3a2c5888a8d4c15297b38ece5d64f673191dc81547240a0cbe066c9c563f5c3424809971b5a07dcc70b107305561ce85aecb0b0ea0e8b4ff4d1e4f84836955a945 +TAG: c5ca34599c6a8b357c6723ee12b24da8 + +KEY: 12fc0bc94104ed8150bde1e56856ce3c57cd1cf633954d22552140e1f4e7c65d +NONCE: 00000000d3875d1b6c808353 +IN: 24592082d6e73eb65c409b26ceae032e57f6877514947fc45eb007b8a6034494dde5563ac586ea081dc12fa6cda32266be858e4748be40bb20f71320711bf84c3f0e2783a63ad6e25a63b44c373a99af845cdf452c +AD: b8be08463e84a909d071f5ff87213391b7da889dc56fd2f1e3cf86a0a03e2c8eaa2f539bf73f90f5298c26f27ef4a673a12784833acb4d0861562142c974ee37b09ae7708a19f14d1ad8c402bd1ecf5ea280fab280 +CT: 9d9ae6328711fb897a88462d20b8aa1b278134cdf7b23e1f1c809fa408b68a7bfc2be61a790008edaa98823381f45ae65f71042689d88acfa5f63332f0fba737c4772c972eba266640056452903d6522cefd3f264e +TAG: e84211b6cfd43543f8b1b4db07a494d1 + +KEY: 7b6300f7dc21c9fddeaa71f439d53b553a7bf3e69ff515b5cb6495d652a0f99c +NONCE: 0000000040b32e3fdc646453 +IN: 572f60d98c8becc8ba80dd6b8d2d0f7b7bbfd7e4abc235f374abd44d9035c7650a79d1dd545fa2f6fb0b5eba271779913e5c5eb450528e4128909a96d11a652bf3f7ae9d0d17adbf612ec9ca32e73ef6e87d7f4e21fe3412ce14 +AD: 9ff377545a35cf1bfb77c734ad900c703aee6c3174fdb3736664863036a3a9d09163c2992f093e2408911b8751f001e493decc41e4eeeed04f698b6daed48452a7e1a74ec3b4f3dcf2151ca249fa568aa084c8428a41f20be5fd +CT: 229da76844426639e2fd3ef253a195e0a93f08452ba37219b6773f103134f3f87b1345f9b4bf8cfc11277c311780a2b6e19a363b6ac2efe6c4cc54a39b144e29c94b9ebbde6fd094c30f59d1b770ebf9fcad2a5c695dc003bf51 +TAG: 55e025a1eb87bc84d4be00c775c92ad2 + +KEY: 4aeb62f024e187606ee7cc9f5865c391c43df1963f459c87ba00e44bb163a866 +NONCE: 000000009559bd08718b75af +IN: c5d586ceece6f41812c969bcf1e727fe6ff8d1ae8c8c52367c612caa7cdf50e0662f5dffc5ea7d3cc39400dfe3dc1897905f6490fd7747b5f5f9842739c67d07ce7c339a5b3997a7fb4cd0d8e4817ff8916b251c11ef919167f858e41504b9 +AD: 51f5b503b73a5de8b96534c2a3f2d859ece0bd063ea6dfa486a7eec99f6c020983f7148cccb86202cf9685cc1cc266930f04e536ad8bc26094252baa4606d883bd2aeed6b430152202e9b6cc797ff24fc365315ed67391374c1357c9a845f2 +CT: 252ea42b6e5740306816974a4fe67b66e793ebe0914778ef485d55288eb6c9c45fa34ac853dc7a39252520514c3cb34c72b973b14b32bc257687d398f36f64cc2a668faffa7305ab240171343b5f9f49b6c2197e4fbe187b10540d7cdcfa37 +TAG: ab1d8a5a1f3eda9b5609c0028737477f + +KEY: 9a19e72f005cae1ae78b8e350d7aabe59fc8845999e8c52fad545b942c225eaf +NONCE: 00000000d9dae2ea8d2ffc31 +IN: 2110378d856ded07eb2be8e8f43308e0c75bc8a3fcc7b1773b0725b7de49f6a166c4528e64120bdf7c9776615d3ce6feeb03de964a7b919206a77392f80437faceb6745845cafc166e1c13b68e70ca2a1d00c71737b8fcbbbd50902565c32159e05fcd23 +AD: 1cd73b72c4e103afbefd7c777e0480f3f5e68c60b85bd2e71ef5caebb175d7fc6535d39f38f92c24f2eb0fe97d878ed3d5967c0bb4394a5d41f7d34cda6e1523d3848f049cde554a7d31e1afeab5d3e6150f85858335cbd28c8a7f87d528058df50eea06 +CT: 5f009fbce4ec8e4ca9d8d42258b1a3e4e920b2fbad33d5e9f07557d9595e841025193b521ba440110dd83958e8ee30219d952b418e98a6c624894aa248aedc0678f2d263e7bfaf54ca379fef6c5d2f7ac422ea4b4369408b82d6225a7a2cf9a9f46fd4ef +TAG: 1c6bdff7d8b9554dc7bf40e50b37d352 + +KEY: ba1d0b3329ecc009f1da0fab4c854b00ad944870fdca561838e38bad364da507 +NONCE: 000000008a81c92b37221f2f +IN: 6289944ffa3ccea4bf25cd601b271f64e6deb0eba77d65efb4d69ca93e01996e4727168b6f74f3ccf17bd44715f23ceb8fc030c0e035e77f53263db025021fd2d04b87a1b54b12229c5e860481452a80a125cb0693a2ba1b47e28ee7cbaf9e683c178232c7f6d34f97 +AD: e57883961b8d041d9b9eeaddcfd61fa9f59213f66571fadffffdd1498b9b014f1ef2e7e56c3044d7f9fa7a1403a1169e86430a2a782137093f5456e142aad03a5f7a66d38009dd01b7fc02c9cf61642dedaf7cc8d46066c281ee17780674c3a36eae66c58d2d765075 +CT: 9c44d9135db0dbf81c862c1f69bec55a279794cdd29a58e61909aa29ec4c120c9c5a508d856b9e56138095714a4bb58402a1ad06774cf4ecdf2273839c0007cb88b5444b25c76f6d2424281101d043fc6369ebb3b2ff63cdb0f11a6ea1b8a7dafc80cdaef2813fa661 +TAG: 689a141bc11159d306dad7a4ecf6ad9d + +KEY: 0cf8c73a6cffc1b8b2f5d320da1d859d314374e4a9468db7fd42c8d270b7613a +NONCE: 000000003c4c6f0281841aff +IN: 4434728d234603c916e2faa06b25d83bad3348990ecde2344368d1a7af1309bd04251bb2e0b72044948f8dea33cce2618283b6af742073a9586b26c1089335fe735141e099785a1235810a3a67ff309e2f0ce68220ba0077ad1a5dc1a4aef898a3b9ff8f5ad7fe60149bd0bd6d83 +AD: a38d09a4f1c9241623c639b7688d8d35345ea5824080c9d74e4352919db63c74d318f19e1cbb9b14eebd7c74b0ad0119247651911f3551583e749ea50ff648858dcaaa789b7419d9e93a5bf6c8167188dbac2f36804380db325201982b8b06597efeb7684546b272642941591e92 +CT: bdfbfea261b1f4c134445321db9e6e40476e2dd2f4e4dbe86e31d6a116d25830762e065b07b11a3799aab93a94b4f98c31c0faeb77ec52c02048e9579257e67f5a6bae9bc65210c25b37fc16ee93bda88fd5f30a533e470b6188c6ce5739fa3e90f77120b490fc1027964f277f40 +TAG: 780cc54bb6f1c9b78545c1562cd9d550 + +KEY: 69f4e5788d486a75adf9207df1bd262dd2fe3dd3a0236420390d16e2a3040466 +NONCE: 000000006255bf5c71bb27d1 +IN: c15048ca2941ef9600e767a5045aa98ac615225b805a9fbda3ac6301cd5a66aef611400fa3bc04838ead9924d382bef8251a47f1e487d2f3ca4bccd3476a6ca7f13e94fd639a259ef23cc2f8b8d248a471d30ac9219631c3e6985100dc45e0b59b8fc62046309165ddb6f092da3a4f067c8a44 +AD: 0c83039504c8464b49d63b7f944802f0d39c85e9f3745e250f10119fa2c960490f75ae4dced8503b156d072a69f20400e9494ab2fa58446c255d82ff0be4b7e43046580bc1cf34060c6f076c72ea455c3687381a3b908e152b10c95c7b94155b0b4b303b7764a8a27d1db0a885f1040d5dbcc3 +CT: f0bb2b73d94f2a7cef70fe77e054f206998eacf2b86c05c4fa3f40f2b8cebf034fe17bcbee4dea821f51c18c0aa85b160f8508bd1dc455cc7f49668b1fb25557cdae147bf2399e07fcacaca18eccded741e026ef25365a6b0f44a6b3dd975ee6bb580f5fccd040b73c18b0fbf8f63199ba10fe +TAG: 2ecccea4607d14dbb2d2475792aeb468 + +KEY: ad7b9409147a896648a2a2fe2128f79022a70d96dc482730cd85c70db492b638 +NONCE: 00000000a28a6dedf3f2b01a +IN: 791d293ff0a3b8510b4d494b30f50b38a01638bf130e58c7601904f12cb8900871e8cf3d50abd4d34fda122c76dfee5b7f82cd6e8590647535c915ae08714e427da52f80aef09f40040036034ca52718ea68313c534e7a045cd51745ec52f2e1b59463db07de7ca401c6f6453841d247f370341b2dbc1212 +AD: 9a6defddb9b8d5c24a26dd8096f5b8c3af7a89e1f7d886f560fabbe64f14db838d6eb9d6879f4f0b769fe1f9eebf67fcd47b6f9ceb4840b2dba7587e98dc5cae186ef2a0f8601060e8058d9dda812d91387c583da701d2ba3347f285c5d44385a2b0bf07150cbc95e7fcfa8ae07132849a023c98817c03d2 +CT: c2f109d6d94f77a7289c8a2ab33bc6a98d976554721b0c726cbf4121069473e62ba36e7090e02414f3edc25c5d83ac80b49ad528cda1e3ad815b5a8c8ae9ad0753de725319df236983abd3f69ab4465d9b806c075b1896d40bdba72d73ba84c4a530896eb94ffccf5fb67eb59119e66a1861872218f928cf +TAG: 17ec6cf2b172f01e3c456ad047196805 + +KEY: 48470da98228c9b53f58747673504f74ca1737d7d4bb6dbf7c0cba6ca42f80b9 +NONCE: 0000000056fb4923a97e9320 +IN: bc6626d651e2b237f22ee51608ddcffeba5f31c26df72f443f701f2b085d6f34f806e29673584cb21522179edb62a82427d946acabce065b88b2878e9eb87ed1004e55ef58f51ec46375ac542c5782725ff013136cb506fcf99496e13fcd224b8a74a971cc8ddb8b393ccc6ac910bd1906ea9f2ed8a5d066dc639c20cd +AD: df8ab634d3dca14e2e091b15ecc78f91e229a1a13cba5edd6526d182525ec575aa45bc70fb6193ffcd59bad3c347159099c4f139c323c30a230753d070018786b2e59b758dd4a97d1a88e8f672092bef780b451fd66ba7431cbb5660ea7816cdf26e19a6ebb9aadc3088e6923f29f53f877a6758068f79a6f2a182b4bf +CT: a62e313ecf258cc9087cbb94fcc12643eb722d255c3f98c39f130e10058a375f0809662442c7b18044feb1602d89be40facae8e89ca967015f0b7f8c2e4e4a3855dbb46a066e49abf9cef67e6036400c8ff46b241fc99ba1974ba3ba6ea20dc52ec6753f6fc7697adbccd02b0bbea1df8352629b03b43cc3d632576787 +TAG: d29a8968067aeb457ffc114c3a9efb95 + +KEY: b62fb85c1decd0faf242ce662140ad1b82975e99a3fa01666cac2385ab91da54 +NONCE: 000000002f4a5ca096a4faf8 +IN: 03b14f13c0065e4a4421de62ab1d842bffb80f3da30bf47d115c09857f5bdd5756fd7c9ac3d9af1c9fb94f2640f7f4386cfba74db468e5288dbe4dd78bfe4f69e41480ca6138e8beacc6eaa3374157c713cfa900c07dd836eaecc8827fa3e70e052ae09e8473e2ae1a10b1bb669ef60a8dd957f6553daa8114918e17371f2ac327bd +AD: cfe3b7ab7550b0e8e2e8235fa0dcef95647ce6814abd3dc3f5a3bd7d6d282504660c34ad8341e4d11402c7d46c83a494d7ddb105e1002979023e0e3dc2978c9ae53e10eb8567e7a02b60e51e945c7040d832ca900d132b4205a35034fed939a1b7965183c25654931a9b744401c4649c945710b0d9733b87451348b32ba81de30ea7 +CT: 8965db3d3ae4fb483208f147276e7d81b71a86e7202ffc9b1eaade009bc016838dc09ca4bcf30887b2f4243fbd652cd90ebed1ceef8151ff17ea70518d03b0f2a24960aa7de9b30fa65c2e2d57360061aae6d9376e984e9fcd5e5dd0911a4bc8deca832ffb76f252bd7da523076593ba6b174f7d9fb0377e066ecbb6638036241e86 +TAG: 28a5284696ed82714eaa94c9ebe6e815 + +KEY: de9c657258774d4ebc09d109a0fc79d66493ae578797cac4eb8830a6a4b547e0 +NONCE: 00000000b5e35fe3398efa34 +IN: 4d68fb683aa4f4c7a16ba1114fc0b1b8d8898610fa2763e435ded8771b3651078bef73d4dfd14e76a34cd5eb9ef4db4ead4da9e83f4ce50fe059977b2d17d687c29335a04d87389d211f8215449749969f7652dc1935a0f9a94538dc81dc9a39af63446a6517609076987920547d0098a9c6766cf5e704883ea32feaea1889b1554b5eb0ce5ecc +AD: 436ea5a5fee8293b93e4e8488116c94d3269c19f1d5050def23d280515457b931bbed64a542b317cc5023d648330a4b7adca14dd6f3783207b94f86ccaa0a0ac39b7db00ac87a99e3cd8a764ed9c75da8454479636ab2b29e770b166a5b75cacc425c919bf1ce9ac34afe6b4425c3d9fd2e48bc81e7d15516d60e592bfcc2ebefb660f0995f2b5 +CT: 97a97b8f0f5420845ae8d57567f9bba693d30e6db916fad0b971f553ad7d993f806f27ab8b458d8046062ced4778c004b4f958a4436141637c6039963308dea2f54008b7feab79650295ed41bf9e65e1a2d75ab1c7b2a70ebb9e9f38d07a9a672d3e95ea78afe9ac02f2566b48b0251aef6eeeca8bd15bd8d43b559426aa9d15d960ee35cb3edf +TAG: 4ef49e8a0c2ef85826d7f03e81c577f2 + +KEY: 6885bd333c336c7672db8ebdf24c1a1b605c5a4ae279f0f698162f47e6c73401 +NONCE: 00000000f0c4a213a6168aab +IN: fa905a2bfa5b5bad767239fb070a7bc0b303d1503ecd2b429418cc8feba843e5444ed89022fdb379c3b155a0f9ceab2979000a0f60292a631771f2fde4ef065aa746426609082969530a9c70ad145308c30ba389ea122fd766081511a031ce3a0bd9f9f583c7000b333b79ac004fbde6ec3eb2d905977ff95dcff77858e3c424fe8932a6a12139e6ec8d5e98 +AD: 8ded368f919efb522bb6a9ad009e02ffbc6a16536e34d95cdb34f1153d7cb7b0f3c2b13dd05cedae27cfe68ec3aca8047e0930a29c9d0770c1b83c234dcb0385deae7ae85da73a5f8de3dfb28612a001f4e552c4f67ae0e2ec53853289b7017a58591fd6f70b0e954876bb2f7ec33001e298856a64bb16181017ba924648c09fc63c62eff262c80d614679bd +CT: 0cb3d6c31e0f4029eca5524f951244df042fc637c4162511fea512a52d3f7581af097eb642e79e48666cb1086edbd38c4777c535a20945fabc23e7c9277e2b960aac46865f1026eb6da82759108b9baece5da930ccfc1052b1656b0eadaa120ed0c45ad04b24ae8cdb22ceab76c5f180b46a392ab45b1b99c612546e6b947f4d5c06ad5abee92ff96345ad43 +TAG: fad7d5a5193dfb121c68529ba8c0c35d + +KEY: fbc978abb1240a6937ccc16735b8d6ed5411cdbc1897214165a174e16f4e699b +NONCE: 000000007968379a8ce88117 +IN: 1a8196cd4a1389ec916ef8b7da5078a2afa8e9f1081223fa72f6524ac0a1a8019e44a09563a953615587429295052cc904b89f778ef446ed341430d7d8f747cf2db4308478524639f44457253ae5a4451c7efca8ae0b6c5c051aaa781e9c505489b381a6dcba87b157edc7f820a8fbaf2a52e484dc121f33d9d8b9ac59d4901d6ed8996ed4f62d9d4d82274c449cd74efa +AD: 3913cd01299b8a4e507f067d887d7e9a6ded16dd9f9bb3115c5779aa14239fd33ee9f25756d45262dc3011069356425b5c81a4729594e17c9747119f81463e85625d5603d05e00f568b0c800bb181eb717be8d7a93166a504ce1bc817e15530c5bd2b3df1d4222245ea78a38bc10f66c5cf68d661503131f11af885c8a910b6dce70bc3a7448dfae00595beb707fe054d3 +CT: d152bcb4c24c3711b0fad28548dc4db605bbc89237cdbea7dbf956b8855d1161a0781f27bd56d798141e2ace339955efb98fe05d9b44cd011e645106bf47726183958cb6df34ce5766695f60bc70b6fe0fabb9afa009a8ef043dbf75f861881368fa07726625448fe608d578cdc48277f2dc53eaaf1bdc075269a42f9302a57cad387a82c6969608acacda20e1cac4596c +TAG: 96ae06cd7c72456e5568a42317046158 + +KEY: 77d1a857fbadfe01aba7974eea2dfb3dc7bf41de73686aece403993e5016c714 +NONCE: 00000000fdd913a321c40eb0 +IN: db8915bfe651e2ecb3ce0b27d99a6bfa7a7c507cfcb2987293018636c365a459c6a138b4428be538413db15bda69e697cbb92b154b7f4d2cbb07965225aa6865d7dcd1ba2c17c484b00b1986fed63e889f25a4966dc3ed4273f1577768f665362d7d3e824484f0dded7f82b8be8797ad951719719365e45abbf76324bc7d657799d4d4f4bb1dba67d96ab1c88519a5bee704f7214814 +AD: 3cb2c06c20cb0832bbacebfc205d77393ca1816346ea2681de4d3ab1fadb774ad273e4713290454496f5281ebc65e04cfe84ed37cd0aedc4bbe3decbd8d79d04a4e434876650e0d64309e336bfb10e924066a64acb92260b2dbd96735d03af03909aa6a80a6e89fda81037257aec21fe9be7e91a64e88e0a58fa38ecba4c4c4cffb61958f3c486cbb0b1d0b0014a2d1d3df248eec1ca +CT: acb825e6023b44b03b2efc265603e887954e8612b2ee134bdcb61501cfb9492952bf67be597c3a005b09af74d9e421a576d2c65e98104780feab838d8cb1bd135452ea39dc8907a4c1a6a9161805e4fa3e16989e6a418a7eea2582bf895da967028eab7c95d846a6de4b9980785814cf00484baa2f6de609912fff689bce6e854261ffe866bd8e63274605c7c5ad677bd7897ade543e +TAG: bcf523a9bcf772e157941753c6d7401e + +KEY: b7e9b90dc02b5cd6df5df7283ef293ed4dc07513d9e67331b606f4d42dec7d29 +NONCE: 00000000a6c191f6d1818f8e +IN: 2ada0e3c7ca6db1f780ce8c79472af4e8e951ddc828e0d6e8a67df520638ff5f14a2f95a5e5931749ae2c4e9946ae4d5eb5de42fb5b77d2236e2e2bd817df51be40b1b8a6c21015a7c79fe06dba4a08b34013dfa02747b5f03930268404c455dc54a74d9c6e35485e10026da573cb41cd50b64cfafe4cfcdf3c9684ef877e45d84e22bd5e15fa6c8fd5be921366ff0dc6fe2df45f7252972c9b303 +AD: 0f4269ed5ef0bfff7be39946a4e86e8bf79f84b70cd0b14fecb7be3c071316ce86de3d99d6871e0ba5667d9d7bba7dcaba10cb2a36668b6c3e2fb6c102938b75008bb9c213ebf9b85b5e91a802df0d31d7f11d764b2289f6225212694ab6b7c0e3ff36e84245d9f4f43fc5f98e654dea7ba9bd918658879c5bb4a1642af0d83113e3cf935d3c0d5208318f66f654eb17d8c28a602543e77ad3e815 +CT: 22586fe7338e99cdaad9f85bd724ba4cfe6249b8a71399f9a3707b5c4323b8d96679568dfc8d230aefb453df596e13eb3e8a439249bd64bc93a58f95089a62b94f6562b821c83d91f56c55147381e9de4beb4ae81bd6fe7caef7e7e9a2078f2fba8f3e70d4910da9accc92b8e81a61b0fefbece4bd89443e66e8ddda8e47a66a62f17fd0e7d0a4852ce1a4d43d72a0b5e8914bbec698f060f2b092 +TAG: bd05336ed6426de412aac37661953052 + +KEY: 6b2cb2678d1102f2fbbd028794a79f14585c223d405e1ae904c0361e9b241e99 +NONCE: 000000007b3ae31f8f938251 +IN: b3cb745930e05f3ab8c926c0a343a6eb14809fd21b8390a6fcc58adb5579e5432021765b2d249a0ecf6ba678634c4f53f71495865f031ee97aa159f9ead3a3fcb823ee5238bdf12706a9c6137d236e2e7110ce650c321e41daf0afd62bab2a8fe55d7018de49a14efe6d83a15b2f256d595e998d25309f23633360f5745c50c4e5af8ccc9a8a2cb47064105a023e919c7795d2dc331d3f2afb8c42e5c0bcc26d +AD: 1c32fd3df22b3e440e2a3c7a7624990194cb16a5f74af36f87fd6ca7d410ce9064316a2d091945deef7d9b35ceec8396069307caced2b80afd7d53ec479c35cedf2dfd4c95c3dd8400f71ad34028c6e4f8681d93d0774064ba38f3fb9b0c1dfa1f5f0c7d20676a5911d999fb6a1d41367a8e99d852bf3d3b7b3f4c233249ed1ca135389a674ff48232ded3f6800a97b6d409c40e6cd70d09bf9d2ad25d9b9485 +CT: ef70c7de98ab1d4ad817024a970be463443640eb0cd7ff234bdd00e653074a77a1d5749e698bd526dc709f82df06f4c0e64046b3dc5f3c7044aef53aebb807d32239d0652dd990362c44ec25bf5aeae641e27bf716e0c4a1c9fbd37bbf602bb0d0c35b0638be20dd5d5891d446137e842f92c0ee075c68225e4dbacb63cc6fb32442b4bcda5e62cb500a4df2741a4059034d2ccb71b0b8b0112bf1c4ca6eec74 +TAG: d48657033095db3f873c33445fec8d35 + +KEY: 4dbc80a402c9fceaa755e1105dc49ef6489016776883e06fcf3aed93bf7f6af7 +NONCE: 000000002358ae0ce3fb8e9f +IN: 197c06403eb896d2fa6465e4d64426d24cc7476aa1ae4127cd2bd8a48ce2c99c16b1cbf3064856e84073b6cf12e7406698ef3dd1240c026cbd1ab04ee603e1e6e735c9b7551fd0d355202b4f64b482dd4a7c7d82c4fe2eb494d0d5e17788982d704c1356c41a94655530deda23118cba281d0f717e149fbeb2c59b22d0c0574c1a2e640afad1a6ceb92e1bf1dde71752a1c991e9a5517fe98688a16b073dbf6884cfde61ac +AD: cf6ce7b899fb700a90d2a5466d54d31358ecf0562e02b330a27ba0138006b342b7ed6349d73c4c5c6d29bde75a25089b11dac5b27adea7e7640ca1a7ceb050e3aae84a47e11640a6e485bd54ae9fdb547edc7313d24a0328429fcffd8b18f39880edd616447344ebeec9eadb2dcb1fa7e67179e7f913c194ebd8f5a58aea73b0c5d1133561245b6d9c5cfd8bb0c25b38ffb37db5e2de5cdded6b57355e9d215cb095b8731f +CT: aa87f9a83048b6919c8f2b050315db4e2adae4a9c2ca0109b81961b520e63299dcb028cec0b9d3249a945ee67dd029b40f361245c740f004f8cf0d2214fcfa65e6124a3e74b78aa94345c46fdc158d34823ed249ee550431eaae9218367321cdd6e6a477650469bb3cc137a8f48d9cf27934b16703608b383d2145659922fb83bb2e7ee2ef938a90f2ff846a4a949129b1fb74dde55c5ae013c2f285de84f7dac7d1662f23 +TAG: 298f84c8312029a7b1f38c5ea6021f57 + +KEY: 9e4a62016dae4b3223fed1d01d0787e31d30694f79e8142224fe4c4735248a83 +NONCE: 00000000263a2fc06a2872e7 +IN: 5a46946601f93a0cee5993c69575e599cc24f51aafa2d7c28d816a5b9b4decda2e59c111075fb60a903d701ad2680bb14aeda14af2ae9c07a759d8388b30446f28b85f0a05cd150050bd2e715ff550ebbd24da3ebb1eac15aba23d448659de34be962ab3ab31cb1758db76c468b5bb8ce44b06c4e4db9bd2f0615b1e727f053f6b4ffb6358d248f022bcad6ca973044bed23d3920906a89a9a9c5d8024ec67d7f061f64529a955ce16b3 +AD: 4cd65f68f9f88c0516231f2a425c8f8a287de47d409d5ecde3ad151e906b3839fb01bb91a456f20ea9d394d4b06604ab1f9009ef29019af7968d965d1643161ab33a5354cda2fdc9f1d21ec9cb71c325c65964a14f9b26eb16560beb9792075a1597394000fd5f331bd8b7d20d88e5f89cf8d0b33e4e78e4904bb59c9c8d5d31ac86b893e4a0667af1be85fdb77f7ec3e2594a68048d20c2fb9422f5879078772ee26a1c560cbcbb2113 +CT: e944bb2ab06d138ad633c16ce82706ecf0ef5d119be1f3460c9ce101d9c4e04ef1677707fca40d1f8ca181e07273707b06624d6d7063c3b7b0bb0151b757b3e5237fb8004c161233d8bc7e5f28ea1c18da1874b3d54c5ad6ff0835eed35c8853704585cf83996e5e7cec68180af414e04f08134d3b0384ebdf0393c9310b55d8698fe10cb362defc0995e9a13b48b42cff61ffd9fe4c3c8c6dab355713b88f6e98a02e7231a0c6644ec4 +TAG: 6234e81e089b779d0d509d14e566b5d7 + +KEY: 18ca3ea3e8baeed1b341189297d33cef7f4e0a2fab40ec3b6bb67385d0969cfe +NONCE: 00000000b6aef34c75818e7c +IN: ef6d1bb4094782f602fcf41561cba4970679661c63befe35ff2ca7ad1a280bf6b1e7f153fa848edfeffe25153f540b71253e8baba9aeb719a02752cda60ea5938aab339eead5aabf81b19b0fc5c1ed556be6ad8970ea43c303d3046205b12c419dea71c4245cfedd0a31b0f4150b5a9fe80052790188529ab32f5e61d8ccde5973ed30bdf290cbfbd5f073c0c6a020eac0332fced17a9a08cef6f9217bd6bef68c1505d6eed40953e15508d87f08fc +AD: f40f03beaa023db6311bad9b4d5d0d66a58d978e0bcbbf78acebde1f4eb9a284095628955a0b15afc454152f962ec3ea2b9a3b089b99658e68ede4dee5acd56672025eb7323bcbc6ba5d91c94310f18c918e3914bbbf869e1b8721476f9def31b9d32c471a54132481aa89f6c735ab193369496d8dbeb49b130d85fbff3f9cb7dccea4c1da7a2846eef5e6929d9009a9149e39c6c8ec150c9ab49a09c18c4749a0a9fcba77057cdea6efd4d142256c +CT: c531633c0c98230dcf059c1081d1d69c96bab71c3143ae60f9fc2b9cd18762314496ab6e90bf6796252cb9f667a1f08da47fc2b0eecda813228cae00d4c0d71f5e01b6ce762fa636efffe55d0e89fdc89ba42521cc019ab9d408fcd79c14914e8bbf0ea44d8a1d35743ad628327e432fdcfeb0b6679ddca8c92b998473732abd55dba54eefff83c78488eee5f92b145a74b6866531476fc46279d4fde24d049c1ce2b42358ff3ab2ba3a8866e547af +TAG: e3b4192f6e50528c4f4f70267f094c56 + +KEY: 95fdd2d3d4296069055b6b79e5d1387628254a7be647baafdf99dd8af354d817 +NONCE: 00000000cd7ed9e70f608613 +IN: 0248284acffa4b2c46636bdf8cc70028dd151a6d8e7a5a5bc2d39acc1020e736885031b252bfe9f96490921f41d1e174bf1ac03707bc2ae5088a1208a7c664583835e8bb93c787b96dea9fc4b884930c57799e7b7a6649c61340376d042b9f5faee8956c70a63cf1cff4fc2c7cb8535c10214e73cec6b79669d824f23ff8c8a2ca1c05974dd6189cfee484d0906df487b6bd85671ce2b23825052e44b84803e2839a96391abc25945cb867b527cdd9b373fbfb83 +AD: 24a45a3a0076a5bcfd5afe1c54f7b77496117d29f4c0909f1e6940b81dde3abacb71ec71f0f4db8a7e540bd4c2c60faee21dd3ce72963855be1b0ce54fb20ad82dbc45be20cd6c171e2bebb79e65e7d01567ad0eeb869883e4e814c93688607a12b3b732c1703b09566c308d29ce676a5c762a85700639b70d82aaef408cf98821a372c6a0614a73ba9918a7951ea8b2bb77cd9896d26988086d8586d72edc92af2042ff5e5f1429a22f61065e03cfcd7edc2a93 +CT: 40c6318d9e383e107cdd3e1c8951562193c3ef64ee442432a63e2edefc78f32ab07772aeac172cb67ecf4d21f8b448423527bbeb9d8ddd0b46bdb27f74096ceb24e41963b4cdca176676a75bdbe3abc270b349ac0c6cbd9c3a5cd5bce20202fc5cc0c1bdd4fd25e121e0a24bd7bbeb9b19b1912467bf5338ee2ce88aa383c082b42cc399c9654ca325f35523e81438beb3f8926be79c378822d7c8f785614408a5f7cac49e4543188725643e6c1a70b46d0ec400 +TAG: 874875c9a0ba3060a0680291c3dc85a2 + +KEY: 6ae1102f84ed4dc114bb9d63f4dc78d7dbb1ab63f1659dd95f47940a7b7a811f +NONCE: 00000000c965d578ba91d227 +IN: b82a8a9209618f1f5be9c2c32aba3dc45b4947007b14c851cd694456b303ad59a465662803006705673d6c3e29f1d3510dfc0405463c03414e0e07e359f1f1816c68b2434a19d3eee0464873e23c43f3ab60a3f606a0e5be81e3ab4aa27fb7707a57b949f00d6cd3a11ae4827d4889dd455a0b6d39e99012fd40db23fb50e79e11f8a6451669beb2fbd913effd49ad1b43926311f6e13a6e7a09cf4bebb1c0bf63ce59cd5a08e4b8d8dbf9d002e8a3d9e80c7995bb0b485280 +AD: dfd4ac3e80b2904623ff79ea8ee87862268939decf5306c07a175b6b9da0eb13ac209b4d164755929e03240a0fe26599f136fb2afdffd12bb20354aa1d20e5799839abb68ae46d50c8974e13e361d87ef550fe6d82e8b5b172cf5cd08482efdef793ede3530d24667faf3a1e96348867c2942641f4c036981b83f50236b8e8a10b83ebf6909aad0076302f1083f72de4cf4a1a3183fe6ec6bfe2e73e2af8e1e8c9d85079083fd179ccc2ee9ff002f213dbd7333053a46c5e43 +CT: a9aeb8f0a2b3ca141ac71a808dcc0c9798ac117c5d2bd09b3cfe622693a9f8ca62e841b58bddb2042f888e3099b53638b88dfc930b7a6ee4272d77e4b1d7e442bab6afbde96ab0b432f0092d9ca50eef42f63c60c09e7b8de019b32ebe4030c37b8183cc1e3b913b0ce4ee4d744398fa03f9af1c070bed8cdafd65b3a84140cb4deadc70184de757332ce3780af84353f540755227e886a8d7ad980f3dd6fd68263d82e93f883381dec888bc9f4f48349aa2b4c342cb9f48c6 +TAG: f6dcad5412b95994f5e4d6829c2eba98 + +KEY: 405bb7b94715b875df068655f00513cb1ae23ffaac977ce273e57d3f83b43663 +NONCE: 000000005c6da1259451119a +IN: f9f143c0c52c94b4ba7b0608b144156a49e7b5d27c97315743d171911e3645ab7957c80924e3c6b9c22ab7a1cac4b7e9c0de84e49fd5e4a2d1ab51d764fc5670318688ec942f7ab34c331dce8f90fea6972e07f0dadec29d8eb3b7b6521ddd678a6527a962f4d8af78c077e27f7a0b2ef7eabd19e92b7f8c1e8fb166d4763ce9c40c888cf49aa9cdfc3e997c8fe1cce3fe802441bbd698de269ff316f31c196e62d12c6bb5cd93fb3c79ca6369f8c1ac9102daf818975ea7f513bb38576a +AD: 6fe6446505677bf08b385e2f6d83ef70e1547712208d9cebc010cba8c16ea4ece058d73c72273eed650afdc9f954f35aa1bdf90f1118b1173368acbc8d38d93ebf85bd30d6dc6d1b90913790c3efa55f34d31531f70c958759b2ba6f956c6fcdd289b58cb4c26e9515bf550f0fd71ab8527f062c9505cbb16e8e037d34de1756bef02a133dbf4a9c00ac03befc3fb7f137af04e12595ce9560f98b612480fcdba3b8be01db56ebec40f9deae532c3b0370b5c23a2a6b02a4de69efa8900c +CT: 1a4b073881922c6366680cc9c2a127b26f264148651b29abb0c388cf6c9b1865dba5a991e1f8309efbdb91bce44b278772c58fd41273526c33fec84beb53d1689b9da8483f71be6db73a73417069bb4cd3f195236e8d0a00d124eed3a6b6f89415b19a27fbe35774f6a1a6ee4bd4350b252b975f0db2d2eea82f4836350850d6290901e726e8af13644e2d98bc1d569c20800521e6affe976bd407049a2e6d9dd23f88d52e651391ecd2fc45b864310824aaadfa203762a77c1d64562dae +TAG: 90fcc2544880250f1c3abe8a3761ba08 + +KEY: 8c602bd94c630cd00c7a9c508067a5a9f133d12f06d9f6fe2a7b68dce4786d8a +NONCE: 00000000760de0f7b7cb67e2 +IN: c3ff559cf1d6ba6c0cc793ca09a0ba573a28359386a6ec93e1bacd8e630209e0b477a20aedec3c9cbf513ee6a1e3887112218d6155b9875f7e6c4bbba2c31972e905d19f529f4f0f9502996199f94f8728ba8d6424bb15f87fcacd88bb42c63fcc513759712bd0172b1e87c9da122f1993ffb7efd3a5c34b240dd3db89dddea36dbeb2836d9f8648f8e7cd428c0f948097af753b35f9876059e7702027bb00dc69071206e785f48fcbf81b39cc0343974ac70784a2e60c0df93b40379bea4ad8cac625 +AD: 9e14907c3a8e96c2636db1f3d78eb1f673d6ef043cbbb349467f1fe29bf60f23d5d5d1c3b133a8ad72065d822347541c13d1574baf737eb3cc3382fb479e6d5193b9c8e7d2444c66971ef099dc7f37f6cd97b9f7959d46e2cf25e8a5b3111b4d9e2ef906d905f0ee2d17587f7082d7c8e9a51509bde03d3d64338e1838d71700f1b4fcb100b5e0402969da462f26f974b4f9e766121f8fd54be99fc10beb9a606e13fbb1f960062815d19e67f80093360324013095719273c65542b0e31b1a2a3d928f +CT: 2794e6e133f6892f23837fff60cf7c28ee9942f8982ef8089db117903d0143293fdf12ea1cc014bcd8806fb83c19570eed7af522db0de489bbc87133a13434518bcfb9cda4d9f6d832a69209657a447abf8afd816ae15f313c7ea95ec4bc694efc2386cdd8d915dc475e8fadf3421fbb0319a3c0b3b6dfa80ca3bb22c7aab07fe14a3fea5f0aee17ab1302338eeac010a04e505e20096a95f3347dc2b4510f62d6a4c1fae6b36939503a6ac22780a62d72f2fc3849d4ef21267fffdef23196d88fbb9b +TAG: 7fa630c9bcb455e89f13d7a99d5e8dbe + +KEY: bd68ff5eb296c71cfe6bc903c14907f7726bcb1331f0c75f7801cd1b7948f3a1 +NONCE: 0000000065a748004b352ba6 +IN: 52bf78c00f6e5dca2fc60e2e9a52e827df97808e9cf727773860cafc89f4b64178a19b30b46ed813fe00c8f09b25a6a1b6e350d5b005122934a59bfbd5e6e0c635c84a5226c3f2f7dcf951560f18ac220453d583015fdb2e446c69c6e6fdecf2e595e04fab1b0c506e3c6bd5e4414a35f15021e97f447aa334f54a8f1ef942dec6273511b5668b696fca97188ff15ed84b2f46145cce031c1a7f00bd88bb83d90797edc46161b3fda7a2299173496d73b812139556e8b4eb318078b9eb2ae5046e83b79dd3d45950 +AD: 5557b08a5010cbc9f46bb140c2505f68684eb24889324bff44b27234fd7a95a99cfb4ff90a8f9982085b725f78ac42eca6ce7f3314e457dc41f404008681a9d29ba765660de2e05bb679d65b81f5e797d8417b94eb9aabbd0576b5c57f86eae25f6050a7918e4c8021a85b47f7a83b4c8446898441c5cc4e0229776ef3e809cb085d71f3c75ec03378730cb066150f07e60f96aec983c0e7e72bf6bf87ae42228dfda195f97855fcdf4e6d1c4479d978abcfa276d16ed60ecbfbfc664041335ce65a40a2ca3424df +CT: a5c8cf42287d4760fca755e2111817b981c47e85b0047de270ec301ca5f7b3679f4749210892b6ea6568f3a6a4344734a0efc0120ffedecf212d55cbcbb67815ac964875af45f735b70092a8f8435f52fc01b981ae971d486026fb69a9c3927acfe1f2eab0340ae95f8dbee41b2548e400805ece191db5fd1f0804053f1dbfaf7f8d6fded3874cb92d99a2729d3faaa60522060cf0b8101b463b3eb35b380fcddb6406c027d73fe701a5090c8dd531c203ce979e26b9ced3431e2b726a7244a20d9377bd62951bf5 +TAG: 82c6194de4d27aac4c54b023b9831634 + +KEY: 934fd043c32d16a88fad01c3506469b077cb79d258b5664fa55ad8521afdcaa2 +NONCE: 00000000c7091f6afbbeb360 +IN: 2bdd1fc4f011ef97ea52ec643819941c7e0fb39023c2f3c7683804a0ddee14a5d1784a5246966d533b3538edc7d8742d27061c3cab88df0318ab242102de3a54d03632eeb871b72c7e8f8065b49f4a91e95e15f3f46b29fd76b8fcea0d23570c5530e3bbb8a6aafa9ae32c1b3eac653c5ed5fdb2da5a986075808f6385870c85b1913e26042a9d8e78f5bc2ea6de5a64f8aeafa22adcffc7f6932d543c29bb3a04614783f948680e433a71573568d2ce984d249fb4fc06a9f358c76aa3e64a357f4eae924c1356bd5baccf7e0f +AD: f737dd85638eb324dd3891219c5eef7c2dd053cfd055d447a411eba304a4b27dce981d112c4540590933c153d603022c91ebd2b4a58069d27e6ca17a462ef822ca41bffa80b43a68b1b564644cb3c5a7f0fddf7a13a30ff24437fddd8ef93c6f6f205d054f81890d982bd4d4ece0b1563677e843fe48c1f54e9a57ed4da66061482712e710a401073be5080d5b8b96525bffa67de5af31d50385fbbf1a87c21bf0e0a1fdff69ec32c7b7103e0b8ee6c844245e0fc84b9f89fcce62966cea68e2871d3b82e8df424c76309fc88d +CT: dd13fbf22c8d18354d774bcd18f7eb814e9b528e9e424abc4e3f2463195e8018576565d16ab48845d11c9277f2865ebb4dc412fd5b27078f8325eadf971e6944c66542e34d9dda971e2aba70dbd3e94a1e638d521477a027776b52acf90520ca229ebc760b73128879475d1cbe1f70fc598b549cd92d8a9ac6833e500c138c56474db84cb3d70b7aa4f293a4c2b4d818b0ff9fd85918dc590a12a8c0e375c4d98b7fc87596547eb960676aad5559834588f00f251a9d53f95c47af4df3c4299175d5211779c148cfc988a5e9d9 +TAG: aeb0a4eb29886f0a7a12ec0516bd4af5 + +KEY: f9f6eb9ad736a8f66e7459fef5ec2890188dc26baf34a95f6f0384e79f5c6559 +NONCE: 000000007858dfc084fe4b0f +IN: a644ca6e7cc076e87eb2929fd257693fce0f6fb64fd632f7f07c648ebd03696c8e262e6a810d7b7c4e5eef8c65b5323c99dbba50a70b4a9e5c2a9e7315973cd67f35d8052ce9a85a206416dd3031929f4f929b13d0a5fb10cb73c65f6c0ace019da146b51c5274a099f44e3669d26add6f2ff081e886f3cf952fe0dbbe6b0534c23e307574bd35fbd657f5fcbd5dc19fb382a1dc0a2dc8285a0350f71554e4c601497749e35567dd4a273cddc9a48ce53a5f1d297fd8baf8d1b9feb35d9151114345abada4d90db947bb9a743c175f5653d1 +AD: 2048d1c2ddfb5ec385b201832c7a993f229ba72ec16d6ebf723ef0c5032b9966209a9e8a63151b40412e96b82f86728ea6588c7e8e11ac71cc8eabab8c4b54de866658d9c5011def61fb3dbe4e630158a45ea41a2ed55ebd1efb1abeda7637de6fa5fd2f151c6d2f385bf6cd002ca8b4a2896e0d65944ee913e3c784669dd201b1985ef3577f7f123a5f9bcffa176c8f557c4f729133cac518642f27d9b22ca9b97faaafe5b669a10b79ace4a7d5727df146c77ce681357d69f9c2d65b4401bd73cd113387e3b3a05d897adad7a24c485e7b +CT: 4146faffd7313f5d9f625370d20413cc62ab65f4acfa3c7ee1125b937dd7a39f638fc46c8ed004fb525698de5d8620ec153435571817c3de257b0d0e648ebb92940c86a98262d54e764f28cbdd4f7d9bea970291f2110414f62064d7229c6332236c507b3dac742e651d85a2a22fb243c0cc7cc2d016e5bea38f33f9a9ce048944a5fe8b078d71d23168e12dfe5a0f0b829771edc7073fb96032b7be471337a37aca0cf7c0cdd543eed686cd34934717fd79a3f18492eef72f9f450b880aa7e2e1b65e3b04c22e72301338b43aa32ceec2e6 +TAG: 61c6d4d6918b04fc1b72a7a0e9a3b799 + +KEY: 29b19636cdd32507fd98ec4ee26caab1a917646fb8f05b0dc01728a9f4a127f0 +NONCE: 0000000006699d245916686d +IN: 5fdf913aceab1d6dbaf7d9a29352fa8a3eb22718043a79cffa2fe8c35c820aec7c07644b8785dcf7a433b4189abb257fb12b06fae0662641011a069873c3e3c5ccc78e7358184a62c2005c44b8a92254958eb5ff460d73cd80284d6daba22c3faba046c5426fe8b7cacec64b235a8f8d3e2641e5bc378830594bcfb27c177aea745951ee5780a63705727ef42c4ad3abf556d88e3830f3db6b09e93edd09485cbf907f79de61f8dc5cb5fb7665ffa0ef53cb48702f6a81d8ad421cef20c1dbdf402b8fafed56a5361b2f93f914a2380fdd0557faf1f4de +AD: 39116c49cc13adb065b92cb7635f73d5f6bf6b5ccbf72a3f65a5df6bd4a661105015358d9e69f42e98aed795e8161282bc113058b7ef3b9e23fcd8eeab34a392e03f4d6329c112cb968385ec52a7afc98bb8695785af6b27b700973cc952630b7247ce226b4fbb99b8a486370bf6345d4516c52c64e33f407c4f2d1ba90545c88732d98bbd97972ac5e94c694624a9b3782b0099824651cb7567914d25b3e13181a791dbcd40e76e836b3350d310a52151bf835d3c357c9871482c2928e8404c6e533406d4d6fa8f63366f2c4ed828141f1ff00f01a536 +CT: 01e237220b619054a1f3670928fe67d40484b5af40fbd04d032500aac5acaa3b4584dd99a58c390627636a50de5d744f76a56a33205f9e3b00e16162eb47ff3333e1e208ca200f1a5338a86e17bd92dd2d16af8bb022a7dc05b923d019e05247f1a0d0b4bfcfce58dd6d83830705707676d55739abee89fcd5cb94b8fde006a5da02df64b00a467f45970b5ca440f22319b9735a55d454b9fba0588fef0c59d3d83823eba6e0601a96e10233826c5adeea6b2a51d386a07a9e047ad405b23d4c3d89f30c31e3199f0c8f927bfac43ceea1f969de0a8c0f +TAG: b9fec6da464c7b85b2a4726694562fe9 + +KEY: bae06b9b5456707551c7b0e207aae02a19b4848ad8ca4ce40705bf8c856a6e52 +NONCE: 000000009c27065c3ef2d522 +IN: 50cdd88137ff428a88e87b5845be4924f6387537bb5c0b654c80107ab5698db75b2e131848e7aec156d31aed0766d31c379fece4095d38264c6d5945974d25f729c3b0ba11ea853e9cebdb6f03bb670fce08adff74d0a8f02d633fb34e0fb7337a8e66e1c12084d914fb6173b8105684db822752c6751a372bb16690284d661b8b8bc6a6dfbddf45ebc2219596f9f2f878c118df69030de38b4d99dde43b9b9e20a3dab691645dd518342f49b06a0fe0a397adf261e99f07af5b0b3798b1022ba0939c42a54d3b93641cffa3c2e174bce9ab7ad7e7c7924308d1a77a +AD: 5d5590db1bd316eb7a0e30e4c7a6dfdbef9d3287fdb8d824389599c3c2ee262b2192eb5b9708e66e22dbc7eca83fa1a995da3ce64c86fe5aa08b826d476dc439497e2d12e2702c63c8d27aa7f09fedee816dc8bffe1351d53271a34d4292b613b7efcedb7e3cf3e6ad389eef12471e9e20e38e7ae22a323abbadfe8f2e84271bffb1819feb4f77b82843cb8757cfae293631bc6d39669107e7015c85d7343ffa6fc1bbe6f5ab4de30cd752a281e03061ea89de2a3f5e90e20da22fd6e8525c100738667f42212b2cf45fcb23bbb54b21c117484b22c6e514685314df +CT: 66b7f69ac49fab4e5975aeb6fa9287d8eac02ac312c4de78f77f59da16cbcf87274e66801c4b862c33ea79cdc76528862bb2956c06db8b8acfac4794ebf39e35ac03cc73a4351a4ff762f681a48d6f25cad36e2814c9b5c40b9ae92509e58429106847789454d376836936bebc7a80e6c66e7aa52936d6b361378a41f849ad4e48f9ee2d3e92217a908fa8eb35736ac8ada7d32ae05391f2d807be3512543c36138a5fe660dd4cd4cd184bb43b6ba6bc0bae634e2fa9669304cd510ed5103f630068ff76d3375738de60a381842b421477e25a490cdd6894b2704125 +TAG: 94118ccc68de1921d480aab43d1ef0d1 + +KEY: 2cb374cb048c168f2e43597f028d9e73cade1b458284ffc260d4fc6b9011c414 +NONCE: 000000009fb909169bc9f4e9 +IN: 39eb929482784b463546f5d84f80510f2019923d465b99d194246d68c7ae343f91971d8f7059cebb86aa5dd099289aa648248b8c5ca04e66ac5e9bf06776e3883495397618a0227f035666806e636836b47d3d2d255a49db79866cf00d9ddabda259c4f968a1e01e651c7811cebbee2ee71803ea1d9d23487eb221f2d9555756800aba5e6abbefd6fb72b3151cc99ced599cd86df2a9b1ce94f89f347eeb124d9e7f0d9cc48d3dedd819e6d3dbac57ecee199547b266116a2035c9acc4c8ca3271ac74952372897c4a5f2cb84e2d81817fec9d6774f6d8a5b2021684132db4fca3 +AD: 0c7bd4f3a30ee944ccf9489181e6911684dcffad4593a9b65a67dfc80718c69b35897d01281016b7731e12c15cad8482e79458e08a755622e3f3f22a23ef6c8487a36ad1771ba06c641f06f85de0db3776cc6df06ad8fe3b4d60d58508de943083f17cbb9dc0d390ac94d8429e8c6fcfe063f424fbde0f62f6a7f91a626d195dc498a6e69bd93109c4e9ba13e7330aba456d710a4b0cc279d4045660406e26d61dff70d4a33c4f1052869f9248024e7a0f85f1effb32f6f7ccb1f860f3ef04e8f7b29096e6bcf9d4b3e0ce703e9bf228fdf515c2ff9cbabd16987be0f9babd3d8a +CT: 91ddadb86b7ebef798ddaa59da51d71316fcf6c9678143178227d778750dc9827fc6cc21e605c505023e6db25849df7fb6fc1ca4d223aa215f8c85b724643c83bf8218815a9f9e2952384e0ca6a80a3760b39daf91a3c6154c4728c2371fd181fa3764753d0b0c23808a82cd8f0497246e3a0f17f8906a07c725d2891ce968a9d432c2b102d85c05510b28e715bb60d0403a77490e7f18be81218bc4f39287b9bb09f50227dd2f55e4fb70c4438da8ba3c8ffbced87d90155913faa9979fc57e6cbeddfaba3d3ab4163c0eebc7d94279c27d3ed56338893dba542eaefba30f8c3b +TAG: 8980e8e4fe796428b733f4f8e1954a45 + +KEY: f0f16b6f12b3840bbd1c4a6a0811eef237f1521b45de9986daec9f28fca6485c +NONCE: 000000007ac93e754e290323 +IN: 0530556424d823f90a7f1c524c4baa706aad2807e289e9479301e3e7a71f2a5e14e6232ea785f339c669af2e6d25f1d5a261096a548d23864945c3a589b67b09b0304a784d61b42b2419139485242e0d51fcbe9e8fed996d214de8717e6a71f8987ccad65eb92e66707034a5ae38e6486e26eb4374c565aad5df949dab209f7f7bcd8eb6fc52761a26cfe5d01fd349e59f4042e6dbe6b232f9301b971dee121d8aa1e62d40f043a42f3aa859d867eb809b1ced5ae1ec62cacf94a69fafd0631a8b5dfd66d855900fb295eec90ae5fcbf77beae267a79d24081bb322d8c4e0630fed252541b36 +AD: 13bfcc17b810099cda31ca53a1323db9b07633ceb2088a42263a4cbd6a4d47978776005c9a20203319c3a3ae434e9a26fb541047dc9df38dc36c095267272e203d0b24d119a70a7e96041b6d82b7c4d5570e1e4a1cf2f6e44ae63fe005a1f5b900778c482f7bd89e2e02305e35b8f61b7bb2c78a13aebfce0145d1c5aa0bf1d10d23616d5a3a446de550302f56f81dc56fe4f3700f14242688d9b92d8a427979b403c8de8c493a2cde510eaf6b285e6675b173aa0314a386b635c7577d5aff0d868a0cb3f73c8d2005f8c7c9dab5a060ef80102c9d4a4af988838afe87aff04c0689e8c3c7f9 +CT: 2c14c3931e98e84507c4c165c2ed47ad4a178f0e216cd7ac2453bbbf9f85dd06bd8ef54a9ff1fd3dd8e0cafb635d8f2de861a0db5b14d03f17aaea8c89b3010797c71c13a0e666899d7ff6e53c4f08be8ddb3e37688b5afa088079b6c7519b833e16560073e699530302028a3496e05edddec01a23a4c7983956250e8d9e616f7b940856955cde81c1efabf6b7b92f153d03f4cd17e7f7d2907670cfc84d45c1d7936775a3fce47968504278ffaecacea0871b227f250e2979516f6fa310fec0d8df1af7872e5a534e82870aa05f43ef0a455846b93ce938064fa33e92de262e4156dae56775 +TAG: 16c972829819b8fb030b2c5f40dab717 + +KEY: 3792943c0396f1840496917ce8ad89608385007e796febeea3805f3f4cbeccf7 +NONCE: 0000000023b2f9068b2c4c85 +IN: be6b67eb943ee7b5c785cd882f653e73a8f75b4a41a2a7c56ae5a10f729caf39948fe48ad0e51240e2e7aa43193c7ec6ce7f4909fc94c9f99e38e6a0ad7e98eb29c5c2e61c99e9cbe890f154185cec213a74725d23c1a4e4d0cb9b1a36b78c87e5eee20d2aa29aae80d4759eb0c51c5dc3a95bdbbf7e14eb434419a6c88a954ac03d0c98739f4211b8732acd71c297f578b8cb64ccac45f7235ddc7f2a3f5f997525c1ed39dc550126cdf9cedaf55425489085e91b170be6205a5a395f2dd4084a3e8dbc4fd8b13252f7effae067b571cb94a1e54aba45b1b9841308db0cc75b03cfce4ddafe89ce20f2d1 +AD: 7eb6d7b7bbaaa3c202a4f0f1de2263767169eb4a64853240d48c0f8d5d31b08d5baf42977614a57aad99426cde76d242cb37d2956d8c77dc4fd62a3abf30e8ac6cd58c8ef35e67497022960138c57787818892460f3bfc16e37ff388b1edc6ce2bc53c22717edc7a03d4c78b0dbbe9121c7fd8a3e3993b87a4fe389bff13bdae3b349de0b6db561602c53f746022aeb4483c723b67825042f4af20b7dd1e6031cf54215266295c524ac8e1370424c5c5e607fb3e23e97c8eebe64656775edf616422a8b974e1acf13ab45c9a367a7dd9b2d62f48bbc05819b65eccb813ca813f57b22ee4c280dbb5a9d8d5 +CT: 0b316ab2bcf5359900fa4082d5d253b49ad94b70e3fab544f98bd111cbcef6766cf953deec08cae1f489fe12f7acc0032db8a6b0c0eee0c206ea5fb973feaebf90f690e840094db5e13fdd7157ba127368c995b426529435a1bcdd1f14ce9125b8a0e4c96b6ec09e3c36a180adf81941c002d19c19d53c2009be803b987504606b7d43bdee5e0b32ff23c466b6cccfcd0d4e88fd1332e73712b5ab725c1a383e584f34f80daff29d285ae5e43cf1d0cc7a828e75c25daced3a581a93d7a50f313b33f38dddfaa23cd5b9914797db820ee2400d52bf5fa982277fe9b5881ac42981633b3957b0e935051828 +TAG: c549aa944d6d97e52e0793ed572682c0 + +KEY: fe4be6054773f634356ac328591fbc6f833b0d1beeb38dd5b6feb7481b4489d4 +NONCE: 000000000b3f16f898a5a7d5 +IN: 76ced1ade6d1ef4069afddb32e7432d4ff2fd06685121f7b16464e7a72d365744f547d2ccf53486310e38b42d8bacaf711e54c5458d2d68c4dbcc8de31ab6732f4430e88a64565f5b287640775aaa2af1cc461d3e415bb275c6246b1b58517aa72667eae291a2982eda175d1b22c5a58e6fec2b3743d55712f201ca24ba5c0ae8c25724871b2ec2fb914a8da5a52670ab9b43a83b8568ce74db5c634061cb80530c8070c38b8f48c33ba136cb9f2158ee7eda8b65f2192fc94d1291f182f101795b7190c74b319d2d3e02a97c824d9c9471a83797e4936310b207e3a1e0bcf75f7c3e3ee48a747641cdc4377f2d55082 +AD: 834cd775cbefe4b33a3ca53a00c06a3c4a666983e4115a029f15729460daa45d1505e95172d3695625a186b28b8be173a925af04665f209267b3c5123e8be13da447ee1ae856bb0925f35aaa76e04a7bca8460f76c2024de2149f38a8cfba81694b854885d72568105571b6b213a0bc188a44cc7fe13153cbf261401b238cf12a95e23cb56f240114f16e2f1e3a514615aab4449c0c49e4d900b0e17d1a8dabb53d43dca32fa052d576b73dd9b40856b515d6d7efc2a5c17e0ebcb17bd59dc86f22ce909301a2652f134e82ef0e4519487ed12d51536024f2ae8f75d937c42d003076e5dea8de0c684cda1f34253d8fc +CT: f8defb6fe95dfec499b909996a1f75a198a90e4d6c6464d00a357a555311c42fe92dbbc4b79c935e4f0b1a95e44fdbc1380bebabca28db4dd0d2870daaafc38ef27908c3509e945714801cc51f1a07b2430c74fa64f2a7c2f7fd1551d258c9c3be020873fc1bf19f33ab6c660911dcf2317195d0efee82d20ec26d22611f9cf86c51a64e28b3a1f344500018e0855c88dae3c07acaeaa10b60388484dce93e16e6e1a6e69e899806648a92568c8780e9f4baacd98cbb353ac2f908e775d92303cfab843f15be0e0c322a958802fb1a60fcc7631f151f4c2b8cb965d2d296acef250275a2fecc0cea803ce7c058b12dd2 +TAG: baf9a51180f172e5c0cc2c946ce55055 + +KEY: a288b11ce5382ec724ce4ab2d7efa8e777e91ebd04367935e15f9dac483e9596 +NONCE: 00000000874144dbf648b325 +IN: 4c9195280a79a509919af4947e9e07231695fd7c5088539f23936ce88770ce07d9ad3ae4a463b3a57d0634d3a77ceaadf347a334682b04be8e58b8e86fb94a1f93255132b8cdb0df86f5bea354eea4e8315fea83e3fdf6e58aa9f26e93caa08e5e2551a94bd916a51fed29ec16f66800cda6a0aa24ec308bf5fb885afba272685de27c1edcdd3668048ef07b06e90d464a8aa28664903cac45e154e8e1e39c257e1ff506b9d95cef4f300bb73b899e7828602c3c1d290b8cf55ee5fd72ecce9e6efc9293aebf674a70e2a7673e75629c12950622dff71d3ec0992e57776c788c6927d30b4e24b749191c3ce8017f0ada6276e43720 +AD: 04abe8588c8c8c39a182092e5e7840442bd1c1149da102c4ee412bd8b82baa5087ef7291b5cd077c177c42770b0023e0e462b06e7553f191bcb0315a34918dcdbffe2b99c3e011b4220cc1775debcc0db55fa60df9b52234f3d3fa9606508badc26f30b47cdb4f1c0f4708d417b6853e66c2f1f67f6200daf760ceb64ffc43db27f057ad3ee973e31d7e5d5deb050315c1c687980c0c148ee1a492d47acfcd6132334176c11258c89b19ba02e6acc55d852f87b6a2169ed34a6147caa60906ac8c0813c0f05522af7b7f0faddb4bc297405e28ecf5a0f6aac6258422d29cfe250d61402840f3c27d0ce39b3e2d5f1e520541d2965e +CT: 0afce770a12f15d67ac104ba0640aab95922390607473cbda71321156a5559906be933fb0980da56f27e89796eaa1054f5aacf1668d9f273cc69071b9e8e22af6a205a6a88f7ad918e22f616bddbb07c78913c7e056e769e6fcf91c7600c2740212e3a176e4110cac9e361a59a773457064d2dc652dd115d04f1c3756c0e1d39f6737a16b4508663e310934c49c58058b3c7b9af7bb2334c8a163608c42499658986927cda365e2aead3ac29de16e47e954383ea566f8fb245a4e5a934c767bb3bf7e0eb8a477fd0e1f61bcb238462a0d19c5cea9293ca58ade76829413216a7882cd2846323046694f78cd8b0347792ebb75abdc1 +TAG: eb9b2ee43e9a3ae1e33561800169d868 + +KEY: 65b63ed53750c88c508c44881ae59e6fff69c66288f3c14cfec503391262cafc +NONCE: 000000007f5e560a1de434ba +IN: 845ef27b6615fb699d37971db6b597930a7ef1e6f90054791eb04ddfe7252b5f88fd60eba5af469bc09661c0987a496fa540621afeec51bebda786826800943d977039dee76235248112ff8b743f25ed5f3cb0d3307f5e118d84fdbb9c3f5531bc177fb84549c994ea4496c65e5249da987dd755d46dc1788f582410266a10f291c1474f732183a2a39afe603771bb9c423fe3e8906f2be44a0c9a7c3f0ceb09d1d0f92d942383a875c0567c7869f045e56dd1a4d6e90c58d44fe0c5760bb4fd01de55439db52b56831e5a26a47de14249453a4f8e7da3cb3282c6622916197ebfaad85dd65c61e7d2d3ba626276366746f396394c1bf75f51ce +AD: 51a3588398808e1d6a98505c6e5601ae2a2766f1f28f8f69d1ccbcad18038c157b41525be58ae4527a073748b7a04809e52a5df0c7988417607738e63d7ead47db795a346b04e740186e73ccad79f725b58ee22dc6e30d1f0a218eda1791e2229b253d4ab2b963a43e12318c8b0785c20fca3abcf220c08745d9f9602f0ece544a05736d76b12d249699c9e3e99f3f13cf4e5dc13a04125c949a5b30d034b23cb364c8781964bc6c30e5e5ca9673d517ef5f35965d8a8cf1be017e343df97b6bee37b30638b154286d1f36d2f9a0eaa23cc484eac5a05b15d9efc537d989dbc8b3106c0dc1a56e97e6aec2eff54a82cf7ae9df2af46b4c860f83 +CT: 027b14197b4012256b133b78ddc94e72fb4d724fefa4ae329f5a5fa3fa784fe6d7e1e805e3f7a75557de64de506d38237b467fa577efb59e7cfe2356bed6655c5aa4e238dcfeb75c16549a0917268768a96acb5e20546a1fb7e3a7cff887f49f2cd7a135f72a98a779150f3207bf733e88861fd79eadbf77fa3bfe97bfe8b6a991cb3bcc2cde8287f7e89384846561934b0f3e05e0646e0e1907770df67a7594161a4d0763faa6fa844080932159999d528ee0558710058ce16f97d13ac9fd9bf5044191188bbfb598d0fafbdf790b61ce0781ecc04218a30ded45efd498cc9ba03562ed2b4a993ee98876b3ab7a9bc07829f1c4ca6ead98c06b +TAG: e0bf9b6837428843f5a233ee5ddb8a1e + +KEY: 4986fd62d6cb86b2eaf219174bec681bebcdef86c8be291f27d3e5dc69e2feba +NONCE: 00000000d08d486620ed2e84 +IN: 3a22ad5de387db4fdd5d62a1b728c23a8dddc50b1e89f54f6198b90499f9da3122ebeb38ebf5fdfe30309734f79aff01e3de1e196b35bffa33bae451f31f74b8aec03763f9e0861a34fe5db0b40c76e57c7fc582bfa19c94ee25b5e168270f379bf9f8a0a18bed05de256f8f0dd7c23ba2ff1c7f721409462f04cc611ad9bd4c3c9acf30742acfb9518a6375cbb15d65a1bc6993ea434894f93d4f6e05996ebc1bd56579296309a2c6b8fde95072168b5fd31927c4c0abaa056bcd16221d5f220be47591f43255013a262dce439817f534830ba82155347e5fe3101f8011b89365a6568214ed0661914e8cb3431d6c8f2347dfc1209a3eca4aaf0a111f47fe +AD: 7dd3f656a03c001b45ca0680bc3ac9d68c6e96b591d3c69eb8c65e489009d845cb331c98b82e627e06d5bf01e74c573df268c2386f12628c019951d42f55991ff20d72a7b2c45f41d0be7af428c92f324aaab8df70d900301cdf09a3d93eb711c919d34a86fff9cb078322ee2e0ad48dbdf3b7884f0f2dc5c36262c59bcfd75ac6200f59c6fcd0ce10ff5005fef5df8f0432377dfbfc1db8f559e27e1aeef3380ea3864867d36a25a18654779a751586cad3b8a46b90864ee697b08605673b8d2123433c020a21c4db243dde2420c12fd4d54a2704a0c8c376454a1b5e80fd6db89aabd56d9b421f29649e474824dfa56cb5c673c504d10be52b53751709fe +CT: c40180afd53001663ff4834110f56e6b0f178cd3c0e7f7de5d0089ee41d8403ffb98e84922706544a344d7e2625b12cf66b9c966f9f57d7b94e3e4b34e6f0aaed1763ce012782e2f5e1682e6c343fc7961fedddd0919d0b910e9923c17e36406979b256b85aec24ee352f03b48c1302eab419c83dccc5372cc059e9de596224fa70098eb32fc9579e97917b923914fa2efc30ab29b457bf14e45583b3771486bdc0876f3ea6e1a646746c4f8c5cb2641a1557c8473e6ea67d4811a67485ae9a678ff3a2408ca845c3b51957e189eef47dfc1d46bde4b9d754d7df13f828ddadb06e4ebddb5f0dafbdb28de4c5e6078926f20cdf9e97ecd58e309e640f74f06 +TAG: 2e8eb9ff4467c0f61c2abf6ca10893ef + +KEY: 7d28a60810e43d3dfa32e97c07957ec069fc80cc6a50061830aa29b3aa777dfc +NONCE: 0000000047738ac8f10f2c3a +IN: b50278ae0f0fa2f918bb9a5ed3a0797c328e452974d33cbf26a1e213aa20c03d0d89490869754abf84dbbe231d7bccdced77d53fd4527356d8e02b681fc89a535ae87308bf7fbc26197a5ea85bdb3aa033b8da5cd197ea6d72f96f63b03f4ecc7adedf399a5043776cdb32c08f30b77f34df85f8adb8e02649a04b020b03e17d445ca63e4ed73ae432c481392e031eba2f9d2f7f981d1e50917822bd6ff71c239d33444ada3523a59dfbce5457eadec1ab926c9e6c5299c7521e3f204b96901a712504fcc782e8cea80ba12a7f7e71cec3d0871899b6ca059061da037715f7d13fed01c9cade1e687b4fbb1f4ac4b040db3b43800f112fb900e4f772d61b921cbce4da6f +AD: 324292813b7df15bc070cc5d8a4bf74ead036430be63abc43304cf653959a24a91c7de5a671c50fa8a87e21bb82b069999aadfb6895d8bda4c3083d17b8ca55b9ab1511ed8c4b39d8c28c11a22ef90c08a983e3fe2d988df9e02b16a20b24f39ddb28429625f511db08298c4dc321f6c268fc836a6191df6232f51c463a397a8d8b33374abe94e62c0f5c322387e1fc4a1c1980a04a1a3c2c31b32f183a11c3268c6dca521149dc16af120a78be6627210e8ddbc44472bc24d66ce3681c7579b3d9a425212a704a4f5105cb80f0d18ee860953d10b59c114826779bbc368d7a0eece9f223e47cd8e5fd453607d101d9d9c2bd9a658d6520b87d7b4263f6d845a524a36e4 +CT: 2c217e969c04740a1acfa30117eb5b32dc573df3354f4cc3bf8f696ff905f1e640f3b2c250473b376622e0c9bda13b94640521be1ef0fc660b4c10dbe2bfc093030753e04f6aaecf813b43b61f960455974b8bb8a9b461d1e8fd3802315e863c00448f24dd38deb90e135493274eb14ccbde15c50dcad734ed815a806be6622492a84cd062e3ba567b909a205a1d0d2bedd40169697d261c7b6c2e0b1f069853fd470e8f364a142c386c439a6dbe192ded5a3d0fbf73799f588c59e58c60249d980ddcf0d9693631cd9b3f972509c3a77123d38d9e267ecad06e1208e3f1c0a69fbca7c3bb1a48fda19493d0f8f48398820057b94120f3ef97d87e9e8a1b301a2534c68f +TAG: ce507bdb0c71f8e89f5078495f7995b8 + +KEY: a76e9b916f5a67b78a5949651c8c3a9741a1bc3c41cdf85fd2c8f3e9a0616098 +NONCE: 000000000808da8292dc14e0 +IN: 9c149eeb09345c3c22462b03e49eb4dba6bc98b269b1086d752bcd8eea53b8977b238a04a994baf915591686baab90b79a3bf7d9adb2c6c2e31acd3e72f0813fb745aa5fb2e3da408f78001c9c09bd26a1a2646011b6120aaa2bbacc4a16c39fb5257b9b2ea2ad8bf70bcc9855cf11841116c2767310cf3cd49d1aa44cd505f079761e064d5bc7cea4a7173b086882a77d3fc179efc86fc4db8a373491d2ed81eabc63c950e832db17d09f474d4ec46bde47830caf26fabaa0372b81fccc449c0e19ccd630caf693a7b43bb1c408a54e03f50c44280a05ad89fb6e8f01d8ac278edf556e5d86ceb4b614fb2ef133819c6e1ff6abb86c54a135256204b5cd400b93624d3932e7c2b046 +AD: 6aeb7031e4a2e23eea93f05fdc562aa2bf43b8998bea7344377aaddc60fbdb7bcb1491d379ed0cb613ee757cfb66490db61bb431d2fad34b38ddd55bc5b22aa6c4773b9992f34b878c5663f6e8cdb5f80a17f4d312bf342492e48d1ce4c6d754076a634fece61500acf8168d47381af4faf980c6cac2bfd5da8c09b6edb0f543bf0fe02643e38d73fa37d8ae87fb66193f22e57faf4393c007d48c8631a685d520578f8f89db684fb371ea02f3a58b1e2168f0216321139472e0d03b6d90ba8aab65402e1c1ac4f9172a60e27e3d997b9b05e2f672120d6c87bcafa6d4c9b4cf8ba8a82932d92840368fc53dc5b48526103dcab5f1531038aabe89171327ac559b98a3cf4ea70bf051 +CT: 9c3faab9261a63cea9477b3269007283995b06ba77ef83d9e693f7e4ee9855550eef94855be39a7a435b6a3584b202973777c7b2482376ba47b49311947a64983b60236756ee4455d4cfada8c36af8eb06b06ba2f6b79ffb1185c89f2b2a831cfaa3855fc1841d8910908be5078352011168a67d36372d851a3217cabf593ea462dcd325cf9a4f67e85418fd5c924e9b92ab026cbee4e7ab1067066cb5949dfc699a68fe539e1abb13cec33904e5207e6963d24f5a0b770613b8b00014e791bfff88f9c25ca126127a2f8d1d1e9794efd28dce98b53e228073faae8d5047530d502184fc341321c3f55fcbf41187fc31262c325b97f519959b6a29b36c71f76f60196bb1457b77c8bb +TAG: 73b00b1705602479aab944dcc1b282a2 + +KEY: 98cd2477a7a072c69f375b88d09ed9d7b9c3df3f87e36ce621726f76e3b41a1d +NONCE: 0000000077d185aaf715aa48 +IN: 42b31eefdacab0f03ef6060156000c8195adb0976cabbe1a42bfcc09f85659c60b98638401f2d2e2facfb9a97a62926bb0cecaf3af0180a01bfb6e576babf7fc43331937a92abd30cddfa3e450f895e9dd914dea3fafd759c136d685310ebce28ac0613ccdbf30115946c9634b67510b77d0e37f07714b2ddac9d7095b8d4bd887c132c4a9127eb01c8dedb4c39c87b98a741316656f9a8d5a5b0c0ac84789aa2347a5f99ca5ad55cd1bcf98f703eb4b00badb8a8555f38b3b368db8ba7ceea94e8b219f51edce75d84166b5602156ed5962a93a51db73c59d87e906179d7a74a2a2a69d8ad99f323225c87e475d3f771b4a203a2e2b03b458401044649fa6536dfab24d7037807dcbf6518e6578 +AD: f5bb1496052a4361dddf72a288e36953a3d815d6876c013f1d6ba839e127f721b052b1f7d8ca20c7dc0386a7d459ebd7eb9fc8cb08941e6ca9ddb980f3115f65bc1928a414d441ae71dcb879d5bfe0cde0562bc37f8fde0d5291ad405c92fcbb860c43b55ac0fe663b54b3d0616aca13a5c82b7b5d34125a05c2acb5530141030e6f2aa0c8322b2c8fa307e7518918e550e9f48921c6168f094d8758e16b9f815fd0458095c4143f0922adb1840d0e685636825a9c90ee90ee537f4b8dceecbc4287c82dc9a00d7e51671e37ea284ee3ca501b1b2596459d3f592f70186f41125739e342c9f6be9241973b1414dfe5fb8cba1af82e679278cfcf95420df0c5364af4d7e72ad57d5c871fcbc35462 +CT: 7a3bf3e3ad5ae3ab71fb1f7121c3d8fb511099484b50af7ca128ee0337ed4b828dc4cde0b88dc1e8089101fa82c9beb3eb48fdcf0f5b16da441f5a3fce9a590022af95a94aed6a3e71e505f60f303c78c356f274ea85a55354078530664ecda32c80e77dc20974b3b38f4825b8fbee8c3970769a2f42c5181608a8d7d76ef4d093961b665ee42b9708fcafe2c82d3a307173e2a25ad2528c3bf83352b9265e45b70722d7cf8c9b80826d21335234ee3db69d0d37871c83222365900c96c17a7e9f5742d0bfe383be24d0d44590d4b0f29f7abe0c65daaffb968b3f2657b1eb300534eacb52ec7a6b6f9f57a50a91b1799f491361cf613c934b7f520dc4eeeb40ffc45e10be0a95e76f366d4eac14 +TAG: 69302888812eea030d621b640e7bcf7c + +KEY: 2f0f4631ab1c1bcf8f3ad0559c818d50e0af7d8cd63faa357f2069f30881d9cb +NONCE: 000000007d0ced2fdb1c9173 +IN: 6516ba1d29357144eebfa486d21decf223da3aa76ec29bbfcbe7f1eeaf4a847710e5080177f7e5a7c8b4752c219b1cc70aef4db861ba67d0fa6222d9f4a1dc756a0ba44e62906f9374a960c16198866d867854d88f528a60e212eb91645787e75685b2e215c0a41990abc344a77236ec0186ba63a664592938cc5a8ac1d3eb99c95ce00e19fbe249263083d85b052d48bfdffc01585dc57bb2a2c6c4a819604c1ec0548c6f0f78dc05e4418b36277dc07233c7532f9c289d6aed0cc6bc7df4fd0a536c497b982e2dad2c30d2db1c6545a845c5dfa83a4ac49ef06fc9c919079d3e299e31b5c3be370814ae5022ae469d3ee55246a41bd0dc4e64351cc38c3c09af0a1aee3b388a6892deff0df3f93cd92d722b +AD: 1ccfa1ececc8de1e200d0ecc19dcf67b7c96bea3a282c2bccba61035db5c14776387b8b8f58e5757deb0129d4e5e315f64df354a5985d2e47ebbbeafe0c914f7cf1d63dd0311ace19e69a8b6ff0ab25cc8df0408d22132205e89e5eb679268d82b2913e64e3f885bbf4a6d379b760b94590e3140dd7275ab4713cb56d0b716e2718f11316640cb394802862d39e77a46d0c065af3caf7dec14e887039d8aa8c3d3a8ac1ee06026f49d00b2f59d971b54735e95a51f199389a93a4fc24ebaba1f7a2eef7412f61febf79084fbf481afc6fb6b204084e5ef5df71f30506459dea074f11fc055cd2a8c0fc922c4811a849984352a56a15659b7d07a4cc90b88623638ea00c4c8bc13884df2237b359f2877aa41d6 +CT: e580093789ba17ffb46672dc326f09278aca08598d3e5458eaa53e6ed45d5c71a396e35b5ea3fe7b7c0496a734d24f1c75420694be2ff095d5172fd3407794e4b99fd7c374fbe8d1564a048614d3f355bfb5866de1a53e1a51f9f5e8312253cfd82f36efaa1898c850ca0d975ad1e8b0d9597a5a9e6516fe2a3c92efb7495557a8afc3da15b0d3e2ba58f612519836946cf2d15b898320d16a026c8c00a1be2e35f0ebe68f28d91c6c45d24c3f3c157cb132fa659b7794df883d90741fa2d2afcc4f27858e13ecd41b154a35d24947ae7361170060c107d8ecacb393ea67104b60457278a392fdf1794bab97d3b02b71a4eb015eaa38a4b4c944c2bc7cd5e329da4a1ab2937a6af81a6caa5fce752331fdefd4 +TAG: 19bbacfac768bb0ce71e39c5d4d3e9a0 + +KEY: a48b9b6df475e566aba7671fbd76772cb0eff0b12499967978ce3e25fac92feb +NONCE: 000000002ccbf0d6c40cb302 +IN: 09da1cacd001dce4f7573a065a4406fe0da04ab367a2d87780a2762e168957a88d3fa78f0a4b6978d449026e5a801d32884b6e14fdaaaf864214f928ebc03dead081fee96683ebb032362d5088c4c2a3b1e242f055f2604919f4dd551db777a258cf9da6d95a2bde249247812b9efc7985cf08707620808524d6dd3079b0b63bf0f71ea5de834ccb8b7c6a97125fd6ca49148e866d3134bbf1d8a6b714e9a80fe549c8bfefe342f41be2ba2300e0028f78cefab65274632dfdbe70bf7d655ec4036df561f2d4fc4d56a482bbe2f9f2ae279b3aa216b39afee75e53602de319484db89a51e844f38c361634e474f8f1f01c340f3f3594860d671346449c6d08ee38de22d246309bc7e4a252a29c86aa6d94b5b4fa58904c70 +AD: 1c2503d5aa1aad193f0da12874074ea0432bb76a61cd43a3017061514da0759846a0f3ae3a49fdb0b6d29f713de665beacb6568f2694112ca380d13f3c1698316866a7a7f87f1d7503a92176ab84fc08977b46ba664508a858e7525753c45511b3d2f407d5e993c6ede77f13d12975707e5195704970a89f71fc30828049f92f944f3aa93d6a5297e678e08952919beb7eac5919df1919cab3c3da6aa696a1eeab6371f310f7e81143e7d240b0213ae554524b52000306160dd4877bf13ba0f13bbe867da7c7d707f31335eef4cd942938ac890a0829ec66bd30ae01a2188a6e5ea0f17cd7dc875e17f03c0ab5dd18e36db8a1fc1f72859ee046b62368f168b3bea2234e0432c07b7d8e1b9277f21e692c513b9e816e6860 +CT: 7d35cfe4be56bd6e0e09dedcd01735b915bc1891a4d1f6a541abc4bcd0ebe89dcb8e365e5813742e8ec65777b6159422fada747da99394252baf8a046fc1b60ad79755f545f4448627b7acaf403000894f5641e78d3f946dfca29ec617f0660dcd6e8d8827e67e1022a245c595d86e60fbd176bf721b171bbe5ecaf4ae671b9f3dd3920146e6ad431bd8fc431820e19454b6ca209723d80fdbee187fca9c937c979206ae97be55f6ba7366a5608770a11d537396485eb0a66586385f4d4cf3905d1fc90831c3e136d5d513fa22be285193142994a3ed477145bacdcbdd791e8b3b88b0d4f1d18b27382550a818c4fd8884bf36f677c6c3ff5677406e510911e696af75e5b3f859bef699bdd16e6215fdb98d874025eada50 +TAG: 0fa4cb2bab84336409aa4349ab99a8bd + +KEY: 923d4b086b9e43b986f7b65e4cea6113a3d8aabefa89323c5e4d5b6f158bb7e0 +NONCE: 00000000a0f73297b87f5deb +IN: 21435e8d5c8edf0684f58c2cba4070c10b4801adf46b6c4d322eb3990a38a9ad338ad704b9df6597f3e68d66cd5b56290c8466db2231e56d6bcb9c44e1bd081f42ca2a894dad369df2bd0d2c63d6c881732d6ea22bb22b5bc9a62eaffa1b094d0845f6b966d2cb095e7b3b8bcbc15e707449d35c8df4aea30c3b7243e977fffd59c80f1c5c9af4bb5a54b9c786fbbe8d21b2b906a87a786caed841a34a3e0cc0ac3209d83c58afba19edd63622dd261532d2cfb0b49d527d8eaa0887a087f5129d897f665264b229f860363d71a88b7d49c8dc6360182b357b0662391bb41337f46010ac32b9fada2d60a2efcb99365d3b27b7ac396900d1c821d0df8b86cc9cc1f2673259a33efea610bf8e1d00d7e9db2afea21da8f58c55f799999d +AD: c853a8b39c0dc597d562f123cd221e4104b65423a062a4f4ba890ba344feb84290f61817e23330c365f58c3583ce08360d3c1171982ead5496d525ac878f23a57480a6ee39d4e65afd6268245bb982a2545fa1195427cdbbcd404cdad5198f55cce2a5a028fae435f71b15921d066e8d43766c32b2f2c3f57c0674e129607dcd3703eca529414adaee79d81fed432153cceb6f3fc53404810d8ec878f7d94be5d379d0e0e1aa9bc404b4b5d396038a9d76a5ce53c9f3759b8e50fb331858ca58cee81bfc3ee58baef5d19c402a3dc8b36370ec1ace5a4aa2527fb94b4f933a4ab8ccaaf6a5af5a779eae5667c2a24ab027e781c8d4f30c377aa5885a2fdaf6507d18cd824a847c35368b4ea984d2c3c3824a5b8ba3042e1852504a21a3 +CT: f2e21052eebbb86a4f5e803360855d8632aa727dca6f5e79dd74d7aff106e442001928d113005b030f8446f8eff2ee951db663978abe43090dd5ad2c51ba97a0ecf988c607d95e486d02524f690fa3c28d5c48c1f75c1f555e7b43fe7e46f2ca2b9fdb408ec4ba18b6cdde2af673183cb7b1a3c23ae77eddd4cac75e1ea14743fc571f8d31ce2e96787524cd48aadaa474181c096a032184574ddc25a6e0ac8441c212bc36298708e33c963ae931e6c6241d1affeef7b6ef759495df44b6ab647447693cf703569e69aa72f1def9a342b8978c1edea9703a421ca75b92cac4de14b88c693200022b8a2ed22b1c4678b99f4d695e080dd1196d7168e14f0d0f8ff880d742e97b9f6d00af1f7118e10b77c5ef3ea6c52f84a20fd6ea46dc +TAG: 9bd8b7743c056bb2334833afd6143e18 + +KEY: df73adab2768559ea983cce85453fe81d79be3b3c57f202b31b94d6635cf2e4b +NONCE: 00000000e7a87e6bf6b5a354 +IN: 0032a37abf661faa18c587fd2aa88885c061deeba81105dd221969bed5d59c7204b09b1a8c4c8de3b9f748c7fc70626ebeaca060233a57b102221b1bf0f3d9fdaaad3d2b1439c24d08f9c67f49f3c47128f92ee530abf4c4f4573bc60ae4b38109f55bca3ca9e1ba9f9fd6e34ba0d174892977a53356e1f5c88c614fe3ff3b3dd0818e7a2285412e3b37444bbe8a80942efcfd03958809a6966cda9430b2f0c9e552f4bced6e19eb3e85fc5758bd7b588297ccbed37ed94c3adc8c08ea8b058462aac9d57a939ec711bc4ecfec944d2b653b7cfc7b02a65d7057c9fdadd51b9da8cc4a3c68dae9da8b9c5319c1a2baa3d6c891c5ac4a39461484b5a01abc64df447ada24c04a4363e605eaccf339a9aa515e724206206da6d22bbd2f52e64cd7c895 +AD: f833e5ab4f8bc89167f80f576b1d6b22cdd0e30721f5f735799746cf645b6eff531d4c7b03584f3dfcb73cbd35ac42736216dc7f0de098a4f42c61ceb4b227ee288e47d697a0a76afc762f084e8fdbf9351c28340c324771c109a469341ab10ca10483ed2af5e878d7d3dc2bced2f72da3d1a25852b103ee9878e8158eb4309c1ce528f3a178ace153b6d3ae0af0d577cb3cb1540489e80427f792217ad8a09b84f027fca7ceb651b4264e98e94b4cb8a37b133390897233e8ba9103628d05b9609e8552c4a4b11e3f2fa8d56af36957390e88cba44656be3edace798cf8cdf7771bac338a256bc3cba6df97728f222f423ca7c6d149c9372d66163a98f79a234b00d4b75fb2ec860dcc2d1998105e4b9c01d68f079f3e0aa21cc534047fc7b858f8 +CT: b842eadfdf431c135bd6581d3eccae54e2267d8890036aa33dfe2d2d9715c44625441210a3a0d666d708d30588fe851ec36e10d8fa3584ed77b095149494b7c54379d62c8935e1d2b9a8f47e4759ad0b3437fdf2cc2fb6c5ea25ad10e0bdc9dc5b0517fc237eb783cc461c46665e2b1d1a5b8008dbf409ea2a63fea0276de23a32c99d92a498807a0f95e208fc6262321a78aafaf0cc3f833fff37bd4efa66f6023a25cdc6702cee3912799563d908a5183c9956a06aa71085d855dc7c809ed6e2889592b361ab3ab39060f8e419152187a794a19c2a1128882201900ea2cd597860674bf78d9720643df8701676718fd201baed4935a88e50558daf86edd08a9ab227ac7afae55c974b68de8dacad4a4d79b13ed6dfe74017a4cb9148e033436fb6 +TAG: ee1ec36804e1d5cdbddb52608c711fd8 + +KEY: 55a4be2448b464c2ea52a2f2664ed6aba865c14ea1fea77f4689331fd105c8d4 +NONCE: 00000000db37c0a405b4626d +IN: d266e66272e5d3462081b004cb42429c8b9741e9f678153754d726f6f9aa513464763c5e793b482fe512fece97585f1426120d4cefb3d0a8cc0a8db4bde93fc72c78f44d4fecca14650c660d3e285b327e7cdd813063e7e867b8a2d059a41bab70432b7f857199894da90dca3fe5272bae1ec694a1a07b60b05df275784d4975637e4673109f3ba846dfd1a048b202ed8e89973be608b91ee4743b1e759900f1443038951fe6189e806638985f3c16338c3c60695df58e621154d79bb973859c4558e9dca90470f77c73f004443ad5db0717abbe43266f90e57397b83ac34d1fef2e897e2483d5bcdcb627abd64b0d1aef525835f25e76d6e9158232cdde6dce970b59f58de8a98e653be32fb58edabbcefa5065d73afdf1c9c4fbf50c1022bd22bfcb98e4b422 +AD: fd6a3fdd879f8880843eac20ae01c1b9dc3487d270a806572088ef2ddc1f1e0de495e71d4813bf5c501ad31e5d791c4b5b3a0a71b63fdddcc8de4b056064ef467989ecccc5d0160d403bf3a025d4892b3b1de3e062bc3581d4410f273338311eb4637529e4a680a6e4a5e26e308630a5b6d49ead6d543f8f2bf9050aa94ce091318721e1d8b96e279f34b9759b65037bec4bf6ccda6929705aeeeebe49e327e4d7a916620c9faf3765120658af34c53fbb97ec07657b3f088fcbdc401aa7949ddeda34d885018c2c23f4f0bb8218bf0d4fc90643658b4d8834f4a8c08e590c2a790995baa9e77627c342d283e454f84fcc05be15e9627a2d9be340c9d72f222bbdfc47905f56616cd9f936d49e4732f319f020513340fb8b22828db251b102b6b137c9533936d6 +CT: bd11ed07b7b4b30eeaf25d6a41a549cca0a5aee71f990ac566a37265d7af2ce3c03703427ee0b2755c2bdfc29f9d826aec6ee4ad28af48079ac23db16580b97424f3a4e35cc23625d39f95699d9ff5143e9a2bc26fcfee4f125f5aa2d968ccfc2faaf9db3c28850f6757f735cbc50c94c498bcde4f23bffafa8dd5f70d1a011e35eb26e905d4e68848fedebeb197be595c085ba33f11ba8398258445051751888e9bba111f800f31b37c447074ca6dce6d54b4dfad6cee5138643d4f6ac045e8047248924e88ea4294c7878bc22c9b41924ce301f22693c33733107bf1ba85e34806c5e4366ea66fc52a5f89dd9bf213239158b3d4d2600dde696c61d76c398b9bf10de9118e812e891c8f3355c0ecc6405f79bc32a58905e37888a1d8395fbedc3ac54eca569f +TAG: 296a397d280d026fc3627f4718971be9 + +# Tag truncation tests. + +KEY: c66e89fbab01208f6a60847f4f34b38d27b554c119cf8d9e0b118aa7266ab865 +NONCE: 000000005d9856060c54ab06 +IN: f9e3e9b5ed07b2080db8c1ffc37e4a6cb3cd544608921e18610d00b17c6e +AD: 85c112a1efe0a20ef3a550526a7afbc98f6367ebbede4e703099abd78f51 +CT: b5cc754f6dd19ef2d66f90e6bc9a322ddf216ef248cbe76b5ab6dd53bc36 +TAG: d3 + +KEY: c66e89fbab01208f6a60847f4f34b38d27b554c119cf8d9e0b118aa7266ab865 +NONCE: 000000005d9856060c54ab06 +IN: f9e3e9b5ed07b2080db8c1ffc37e4a6cb3cd544608921e18610d00b17c6e +AD: 85c112a1efe0a20ef3a550526a7afbc98f6367ebbede4e703099abd78f51 +CT: b5cc754f6dd19ef2d66f90e6bc9a322ddf216ef248cbe76b5ab6dd53bc36 +TAG: d3f7 + +KEY: c66e89fbab01208f6a60847f4f34b38d27b554c119cf8d9e0b118aa7266ab865 +NONCE: 000000005d9856060c54ab06 +IN: f9e3e9b5ed07b2080db8c1ffc37e4a6cb3cd544608921e18610d00b17c6e +AD: 85c112a1efe0a20ef3a550526a7afbc98f6367ebbede4e703099abd78f51 +CT: b5cc754f6dd19ef2d66f90e6bc9a322ddf216ef248cbe76b5ab6dd53bc36 +TAG: d3f7b9 + +KEY: c66e89fbab01208f6a60847f4f34b38d27b554c119cf8d9e0b118aa7266ab865 +NONCE: 000000005d9856060c54ab06 +IN: f9e3e9b5ed07b2080db8c1ffc37e4a6cb3cd544608921e18610d00b17c6e +AD: 85c112a1efe0a20ef3a550526a7afbc98f6367ebbede4e703099abd78f51 +CT: b5cc754f6dd19ef2d66f90e6bc9a322ddf216ef248cbe76b5ab6dd53bc36 +TAG: d3f7b9c2 + +KEY: c66e89fbab01208f6a60847f4f34b38d27b554c119cf8d9e0b118aa7266ab865 +NONCE: 000000005d9856060c54ab06 +IN: f9e3e9b5ed07b2080db8c1ffc37e4a6cb3cd544608921e18610d00b17c6e +AD: 85c112a1efe0a20ef3a550526a7afbc98f6367ebbede4e703099abd78f51 +CT: b5cc754f6dd19ef2d66f90e6bc9a322ddf216ef248cbe76b5ab6dd53bc36 +TAG: d3f7b9c295 + +KEY: c66e89fbab01208f6a60847f4f34b38d27b554c119cf8d9e0b118aa7266ab865 +NONCE: 000000005d9856060c54ab06 +IN: f9e3e9b5ed07b2080db8c1ffc37e4a6cb3cd544608921e18610d00b17c6e +AD: 85c112a1efe0a20ef3a550526a7afbc98f6367ebbede4e703099abd78f51 +CT: b5cc754f6dd19ef2d66f90e6bc9a322ddf216ef248cbe76b5ab6dd53bc36 +TAG: d3f7b9c295f3 + +KEY: c66e89fbab01208f6a60847f4f34b38d27b554c119cf8d9e0b118aa7266ab865 +NONCE: 000000005d9856060c54ab06 +IN: f9e3e9b5ed07b2080db8c1ffc37e4a6cb3cd544608921e18610d00b17c6e +AD: 85c112a1efe0a20ef3a550526a7afbc98f6367ebbede4e703099abd78f51 +CT: b5cc754f6dd19ef2d66f90e6bc9a322ddf216ef248cbe76b5ab6dd53bc36 +TAG: d3f7b9c295f374 + +KEY: c66e89fbab01208f6a60847f4f34b38d27b554c119cf8d9e0b118aa7266ab865 +NONCE: 000000005d9856060c54ab06 +IN: f9e3e9b5ed07b2080db8c1ffc37e4a6cb3cd544608921e18610d00b17c6e +AD: 85c112a1efe0a20ef3a550526a7afbc98f6367ebbede4e703099abd78f51 +CT: b5cc754f6dd19ef2d66f90e6bc9a322ddf216ef248cbe76b5ab6dd53bc36 +TAG: d3f7b9c295f37465 + +KEY: c66e89fbab01208f6a60847f4f34b38d27b554c119cf8d9e0b118aa7266ab865 +NONCE: 000000005d9856060c54ab06 +IN: f9e3e9b5ed07b2080db8c1ffc37e4a6cb3cd544608921e18610d00b17c6e +AD: 85c112a1efe0a20ef3a550526a7afbc98f6367ebbede4e703099abd78f51 +CT: b5cc754f6dd19ef2d66f90e6bc9a322ddf216ef248cbe76b5ab6dd53bc36 +TAG: d3f7b9c295f374651a + +KEY: c66e89fbab01208f6a60847f4f34b38d27b554c119cf8d9e0b118aa7266ab865 +NONCE: 000000005d9856060c54ab06 +IN: f9e3e9b5ed07b2080db8c1ffc37e4a6cb3cd544608921e18610d00b17c6e +AD: 85c112a1efe0a20ef3a550526a7afbc98f6367ebbede4e703099abd78f51 +CT: b5cc754f6dd19ef2d66f90e6bc9a322ddf216ef248cbe76b5ab6dd53bc36 +TAG: d3f7b9c295f374651a84 + +KEY: c66e89fbab01208f6a60847f4f34b38d27b554c119cf8d9e0b118aa7266ab865 +NONCE: 000000005d9856060c54ab06 +IN: f9e3e9b5ed07b2080db8c1ffc37e4a6cb3cd544608921e18610d00b17c6e +AD: 85c112a1efe0a20ef3a550526a7afbc98f6367ebbede4e703099abd78f51 +CT: b5cc754f6dd19ef2d66f90e6bc9a322ddf216ef248cbe76b5ab6dd53bc36 +TAG: d3f7b9c295f374651a8413 + +KEY: c66e89fbab01208f6a60847f4f34b38d27b554c119cf8d9e0b118aa7266ab865 +NONCE: 000000005d9856060c54ab06 +IN: f9e3e9b5ed07b2080db8c1ffc37e4a6cb3cd544608921e18610d00b17c6e +AD: 85c112a1efe0a20ef3a550526a7afbc98f6367ebbede4e703099abd78f51 +CT: b5cc754f6dd19ef2d66f90e6bc9a322ddf216ef248cbe76b5ab6dd53bc36 +TAG: d3f7b9c295f374651a841386 + +KEY: c66e89fbab01208f6a60847f4f34b38d27b554c119cf8d9e0b118aa7266ab865 +NONCE: 000000005d9856060c54ab06 +IN: f9e3e9b5ed07b2080db8c1ffc37e4a6cb3cd544608921e18610d00b17c6e +AD: 85c112a1efe0a20ef3a550526a7afbc98f6367ebbede4e703099abd78f51 +CT: b5cc754f6dd19ef2d66f90e6bc9a322ddf216ef248cbe76b5ab6dd53bc36 +TAG: d3f7b9c295f374651a84138648 + +KEY: c66e89fbab01208f6a60847f4f34b38d27b554c119cf8d9e0b118aa7266ab865 +NONCE: 000000005d9856060c54ab06 +IN: f9e3e9b5ed07b2080db8c1ffc37e4a6cb3cd544608921e18610d00b17c6e +AD: 85c112a1efe0a20ef3a550526a7afbc98f6367ebbede4e703099abd78f51 +CT: b5cc754f6dd19ef2d66f90e6bc9a322ddf216ef248cbe76b5ab6dd53bc36 +TAG: d3f7b9c295f374651a84138648a5 + +KEY: c66e89fbab01208f6a60847f4f34b38d27b554c119cf8d9e0b118aa7266ab865 +NONCE: 000000005d9856060c54ab06 +IN: f9e3e9b5ed07b2080db8c1ffc37e4a6cb3cd544608921e18610d00b17c6e +AD: 85c112a1efe0a20ef3a550526a7afbc98f6367ebbede4e703099abd78f51 +CT: b5cc754f6dd19ef2d66f90e6bc9a322ddf216ef248cbe76b5ab6dd53bc36 +TAG: d3f7b9c295f374651a84138648a591 + diff --git a/tests/cipher_list.c b/tests/cipher_list.c index 9a5d9781..0623dd69 100644 --- a/tests/cipher_list.c +++ b/tests/cipher_list.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher_list.c,v 1.10 2021/01/09 12:39:22 tb Exp $ */ +/* $OpenBSD: cipher_list.c,v 1.11 2022/07/07 13:11:45 tb Exp $ */ /* * Copyright (c) 2015 Doug Hogan * Copyright (c) 2015 Joel Sing @@ -180,6 +180,7 @@ main(void) /* Use TLSv1.2 client to get all ciphers. */ CHECK_GOTO((ctx = SSL_CTX_new(TLSv1_2_client_method())) != NULL); CHECK_GOTO((s = SSL_new(ctx)) != NULL); + SSL_set_security_level(s, 2); if (!ssl_bytes_to_list_alloc(s, &ciphers)) goto err; @@ -190,6 +191,10 @@ main(void) if (!ssl_bytes_to_list_invalid(s, &ciphers)) goto err; + SSL_set_security_level(s, 3); + if (ssl_list_to_bytes_scsv(s, &ciphers)) + goto err; + rv = 0; err: diff --git a/tests/client.pem b/tests/client.pem new file mode 100644 index 00000000..ce4bf49c --- /dev/null +++ b/tests/client.pem @@ -0,0 +1,51 @@ +subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Client Cert +issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA +-----BEGIN CERTIFICATE----- +MIIDpTCCAo2gAwIBAgIJAPYm3GvOr5eTMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT +VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTE0MDUyNDE0NDUxMVoXDTI0MDQwMTE0NDUxMVowZDELMAkG +A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU +RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgQ2xpZW50IENlcnQw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ranbHRLcLVqN+0BzcZpY ++yOLqxzDWT1LD9eW1stC4NzXX9/DCtSIVyN7YIHdGLrIPr64IDdXXaMRzgZ2rOKs +lmHCAiFpO/ja99gGCJRxH0xwQatqAULfJVHeUhs7OEGOZc2nWifjqKvGfNTilP7D +nwi69ipQFq9oS19FmhwVHk2wg7KZGHI1qDyG04UrfCZMRitvS9+UVhPpIPjuiBi2 +x3/FZIpL5gXJvvFK6xHY63oq2asyzBATntBgnP4qJFWWcvRx24wF1PnZabxuVoL2 +bPnQ/KvONDrw3IdqkKhYNTul7jEcu3OlcZIMw+7DiaKJLAzKb/bBF5gm/pwW6As9 +AgMBAAGjTjBMMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCwGCWCGSAGG ++EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0B +AQUFAAOCAQEAJzA4KTjkjXGSC4He63yX9Br0DneGBzjAwc1H6f72uqnCs8m7jgkE +PQJFdTzQUKh97QPUuayZ2gl8XHagg+iWGy60Kw37gQ0+lumCN2sllvifhHU9R03H +bWtS4kue+yQjMbrzf3zWygMDgwvFOUAIgBpH9qGc+CdNu97INTYd0Mvz51vLlxRn +sC5aBYCWaZFnw3lWYxf9eVFRy9U+DkYFqX0LpmbDtcKP7AZGE6ZwSzaim+Cnoz1u +Cgn+QmpFXgJKMFIZ82iSZISn+JkCCGxctZX1lMvai4Wi8Y0HxW9FTFZ6KBNwwE4B +zjbN/ehBkgLlW/DWfi44DvwUHmuU6QP3cw== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f +wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr +agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy +mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr +MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x +HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L +p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT +KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB +1uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx +L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl +LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO +Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn +/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai +1oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX +1ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3 +NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ +zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC +mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7 +5SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK +u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+ +HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV +tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn +SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh +kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww +1Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw= +-----END RSA PRIVATE KEY----- diff --git a/tests/client1-ecdsa-chain.pem b/tests/client1-ecdsa-chain.pem new file mode 100644 index 00000000..7a6883db --- /dev/null +++ b/tests/client1-ecdsa-chain.pem @@ -0,0 +1,27 @@ +subject= CN = LibreSSL Test Client 1 ECDSA +issuer= CN = LibreSSL Test Intermediate CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBrTCCAVKgAwIBAgIJAOVssaaTYoH6MAoGCCqGSM49BAMCMC4xLDAqBgNVBAMM +I0xpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIEVDRFNBMB4XDTIxMTIyNzE0 +NDA0MFoXDTMxMTIyNTE0NDA0MFowJzElMCMGA1UEAwwcTGlicmVTU0wgVGVzdCBD +bGllbnQgMSBFQ0RTQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMnRxZ9SVIjF +eygaoub4qyo/tQlHXpQ2U66mhwKhchXD02w3viqOW0qklPSRhwV4nFKsdkVTogCg +Y8AJokxKDU6jYDBeMB0GA1UdDgQWBBTikUU9S7ASdWw7fhaYVdDqUAyH+DAfBgNV +HSMEGDAWgBQXVj1v/EpXEjlCygJygatQDeTCCDAMBgNVHRMBAf8EAjAAMA4GA1Ud +DwEB/wQEAwIHgDAKBggqhkjOPQQDAgNJADBGAiEA+Aal+cjgT+pknsmAPbivSHY+ +9clFV0Ree1c+nPbBz8cCIQCZDS2G/X8QthK7hZwV2mYhwvd6M/8kwet4u39qJYx8 +eA== +-----END CERTIFICATE----- +subject= CN = LibreSSL Test Intermediate CA ECDSA +issuer= CN = LibreSSL Test Root CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBrDCCAVOgAwIBAgIJAOVssaaTYoH3MAkGByqGSM49BAEwJjEkMCIGA1UEAwwb +TGlicmVTU0wgVGVzdCBSb290IENBIEVDRFNBMB4XDTIxMTIyNzE0NDA0MFoXDTMx +MTIyNTE0NDA0MFowLjEsMCoGA1UEAwwjTGlicmVTU0wgVGVzdCBJbnRlcm1lZGlh +dGUgQ0EgRUNEU0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATWRQbJh4aHPzHq +LOAmosW/o83bTpm3Sj1VxM44StmG7c1nnFM/+gS8rp2bVSgjWZQzRtZqGVGJgzbk +7/M1m3x3o2MwYTAdBgNVHQ4EFgQUF1Y9b/xKVxI5QsoCcoGrUA3kwggwHwYDVR0j +BBgwFoAUtvkat4UdcUEipt6L/PBgEFYH6AwwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwCQYHKoZIzj0EAQNIADBFAiBE4NiOdv/XRN3WWMnkE5QccvC6 +VThoIQRyBf4I97cRPQIhAK18dvwrLuOOfbhWMdkpNCddMkWZHxS7traw/8+s7OUU +-----END CERTIFICATE----- diff --git a/tests/client1-ecdsa.pem b/tests/client1-ecdsa.pem new file mode 100644 index 00000000..7d1b2cfc --- /dev/null +++ b/tests/client1-ecdsa.pem @@ -0,0 +1,19 @@ +subject= CN = LibreSSL Test Client 1 ECDSA +issuer= CN = LibreSSL Test Intermediate CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBrTCCAVKgAwIBAgIJAOVssaaTYoH6MAoGCCqGSM49BAMCMC4xLDAqBgNVBAMM +I0xpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIEVDRFNBMB4XDTIxMTIyNzE0 +NDA0MFoXDTMxMTIyNTE0NDA0MFowJzElMCMGA1UEAwwcTGlicmVTU0wgVGVzdCBD +bGllbnQgMSBFQ0RTQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMnRxZ9SVIjF +eygaoub4qyo/tQlHXpQ2U66mhwKhchXD02w3viqOW0qklPSRhwV4nFKsdkVTogCg +Y8AJokxKDU6jYDBeMB0GA1UdDgQWBBTikUU9S7ASdWw7fhaYVdDqUAyH+DAfBgNV +HSMEGDAWgBQXVj1v/EpXEjlCygJygatQDeTCCDAMBgNVHRMBAf8EAjAAMA4GA1Ud +DwEB/wQEAwIHgDAKBggqhkjOPQQDAgNJADBGAiEA+Aal+cjgT+pknsmAPbivSHY+ +9clFV0Ree1c+nPbBz8cCIQCZDS2G/X8QthK7hZwV2mYhwvd6M/8kwet4u39qJYx8 +eA== +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQghOgzNmZV/rLf5+I5 +pnOXJ3N6W8QE5biANh/RVNNmNImhRANCAATJ0cWfUlSIxXsoGqLm+KsqP7UJR16U +NlOupocCoXIVw9NsN74qjltKpJT0kYcFeJxSrHZFU6IAoGPACaJMSg1O +-----END PRIVATE KEY----- diff --git a/tests/client1-rsa-chain.pem b/tests/client1-rsa-chain.pem new file mode 100644 index 00000000..e5267eb3 --- /dev/null +++ b/tests/client1-rsa-chain.pem @@ -0,0 +1,44 @@ +subject= CN = LibreSSL Test Client 1 RSA +issuer= CN = LibreSSL Test Intermediate CA RSA +-----BEGIN CERTIFICATE----- +MIIDNDCCAhygAwIBAgIJAOVssaaTYoH1MA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNV +BAMMIUxpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0yMTEyMjcx +NDQwMzhaFw0zMTEyMjUxNDQwMzhaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3Qg +Q2xpZW50IDEgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyct5 +l3L4GIzbFPszUioY0/+W9IGnQqOlBtFJQSzJtM96/UcJ/9MEkz08UUaf07CTYWy/ +Qbwl3DizPV9yymiae64oe9RBc2Hh/Z88473Q6UZvPrdoexoVb159tTdvF8IDfIER +HEB2VAtssFvszERa04ndpDqS8tHfBcLGUCu2kZQ0FSCKbNSDLLwoQmyNgnWo8PDY +XshJGdABaTmnhpkrhJq2zeYiUResoWo8z08iVn7vLgjRNTi9mtXr5eC4L0DfEuZB +exaC8frQXH2rXKvojFrFwJ67QLwCOiUKbGlUQBeKS6iahgDL/dRprHqbNZFI7in4 +QiokqixjfzYSmALFqwIDAQABo2AwXjAdBgNVHQ4EFgQUNRNEZs+zkqBu6va5XyGv +UfzSKZQwHwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/ +BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBACmIu0ppKw1T +hzGAoyjxK0y1ffbIDvObcwAMtXSHprMNhkdk7jyQBiXpx4ngEg1LhalUUDkp9Yt1 +qUVjyM4cphJL7ni3N/SyoUtuYWY4s8mqIhloT5adaUJ24kHJ2eFzNBLDuno5wen4 +dXKevTZPNqkkNohbVHrrFewsqS8CYw+rfiNerOJYZzSMbueWK5Pck0od05STZlAE +/B2zesXgd3ZmRKM8jrlZS6gan1FaJOzwErccP7jWnrOeW9uLysRg0ww26/H8Q9xS +dm0L8IXjzmE/yodk/nrt9G72mJnUITt4uHW/1ibMi4+iUR0Ff4oeqrBHQAbRawMK +XKRzXhtI9sI= +-----END CERTIFICATE----- +subject= CN = LibreSSL Test Intermediate CA RSA +issuer= CN = LibreSSL Test Root CA RSA +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIJAOVssaaTYoHyMA0GCSqGSIb3DQEBCwUAMCQxIjAgBgNV +BAMMGUxpYnJlU1NMIFRlc3QgUm9vdCBDQSBSU0EwHhcNMjExMjI3MTQ0MDM3WhcN +MzExMjI1MTQ0MDM3WjAsMSowKAYDVQQDDCFMaWJyZVNTTCBUZXN0IEludGVybWVk +aWF0ZSBDQSBSU0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD151AI +I+W9MrEP3dO0PEjg6L9E1R6+CG6u0LT3Jobc/rG2RXqKLasEaXoBWYiJoTImVxFT +wtrY+IDDTaEV4/4RGII1fY8Js7v5NpwoEh15jCoJ6/qDjKd4y1s1M48PlWYNNRmv +OBKRIu3Fz7scUa1RSBCp1bZeHbq/V5SzG419nDq2xpyuUrwmfBhDZTH+kUwBNGn8 +XVRFCRJQVP3qEAH02Zai2emSVj13KrhEWMtNyA8fa34GIuV23Q40RKW3jUgGBF+D +5jPNN8EZCj34nvvbjCCBs7cxZvD4F/MzGbatKpNmNOKXKibeg/xCq8B/F1uzHcl3 +IzJuViNtQ3RjQ/1pAgMBAAGjYzBhMB0GA1UdDgQWBBQ2oaFa//6a3ZNBNV0NlN3n +A9jiZjAfBgNVHSMEGDAWgBQ+S/x79Kw0KqURKAHyiOhdj/8V0TAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAcok2oSct +BOkm75qA8+4eUilGxTaqFPCqY8fk8MKNRKNNzaqirPaLJW62mZaxRHOn1Bw9uzL3 +jgz2PaTwA7n5GpKs3r5JLk8BdtRyeqMLmqJVJKKuu4GtJLCA8jhQm+XNA1Z324hg +kVeBHLPpLKvQxb+0lmbRBORq/OtMirq2yK8OlF2USrfQx0jmhSvvLpWyA0hhAXRS +gg1ds9aL57dELvk6gR7Unob+J0O2Xq3FRwz2O1k9fF86a0qrWUkxcnAjobC2BczC +7Fe5B194LgrX2U4IIrzwgJ19kmtrb1Qol2okECxomTYsbQY36sBs+LOKxSuiagu6 +ZgJtfcNeVMglYQ== +-----END CERTIFICATE----- diff --git a/tests/client1-rsa.pem b/tests/client1-rsa.pem new file mode 100644 index 00000000..7e0c47cc --- /dev/null +++ b/tests/client1-rsa.pem @@ -0,0 +1,50 @@ +subject= CN = LibreSSL Test Client 1 RSA +issuer= CN = LibreSSL Test Intermediate CA RSA +-----BEGIN CERTIFICATE----- +MIIDNDCCAhygAwIBAgIJAOVssaaTYoH1MA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNV +BAMMIUxpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0yMTEyMjcx +NDQwMzhaFw0zMTEyMjUxNDQwMzhaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3Qg +Q2xpZW50IDEgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyct5 +l3L4GIzbFPszUioY0/+W9IGnQqOlBtFJQSzJtM96/UcJ/9MEkz08UUaf07CTYWy/ +Qbwl3DizPV9yymiae64oe9RBc2Hh/Z88473Q6UZvPrdoexoVb159tTdvF8IDfIER +HEB2VAtssFvszERa04ndpDqS8tHfBcLGUCu2kZQ0FSCKbNSDLLwoQmyNgnWo8PDY +XshJGdABaTmnhpkrhJq2zeYiUResoWo8z08iVn7vLgjRNTi9mtXr5eC4L0DfEuZB +exaC8frQXH2rXKvojFrFwJ67QLwCOiUKbGlUQBeKS6iahgDL/dRprHqbNZFI7in4 +QiokqixjfzYSmALFqwIDAQABo2AwXjAdBgNVHQ4EFgQUNRNEZs+zkqBu6va5XyGv +UfzSKZQwHwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/ +BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBACmIu0ppKw1T +hzGAoyjxK0y1ffbIDvObcwAMtXSHprMNhkdk7jyQBiXpx4ngEg1LhalUUDkp9Yt1 +qUVjyM4cphJL7ni3N/SyoUtuYWY4s8mqIhloT5adaUJ24kHJ2eFzNBLDuno5wen4 +dXKevTZPNqkkNohbVHrrFewsqS8CYw+rfiNerOJYZzSMbueWK5Pck0od05STZlAE +/B2zesXgd3ZmRKM8jrlZS6gan1FaJOzwErccP7jWnrOeW9uLysRg0ww26/H8Q9xS +dm0L8IXjzmE/yodk/nrt9G72mJnUITt4uHW/1ibMi4+iUR0Ff4oeqrBHQAbRawMK +XKRzXhtI9sI= +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJy3mXcvgYjNsU ++zNSKhjT/5b0gadCo6UG0UlBLMm0z3r9Rwn/0wSTPTxRRp/TsJNhbL9BvCXcOLM9 +X3LKaJp7rih71EFzYeH9nzzjvdDpRm8+t2h7GhVvXn21N28XwgN8gREcQHZUC2yw +W+zMRFrTid2kOpLy0d8FwsZQK7aRlDQVIIps1IMsvChCbI2Cdajw8NheyEkZ0AFp +OaeGmSuEmrbN5iJRF6yhajzPTyJWfu8uCNE1OL2a1evl4LgvQN8S5kF7FoLx+tBc +fatcq+iMWsXAnrtAvAI6JQpsaVRAF4pLqJqGAMv91Gmseps1kUjuKfhCKiSqLGN/ +NhKYAsWrAgMBAAECggEAahMtnXDv/We9mi/Z8Gz0lCwcm/azh5IiI41MJph2hzcx +fYYkOXghRYzA8jBfv5VoQ6Q4fUN722Fqxu4vlzqZSj5oRX9z0EU52GomRcj30kgW +Hi+nGl7BucM/7Uxwd1qjHoVyCxnPmapPvfz0YwPjgqNMARJRQJcV1x9lw6rW03rW +qvoQKwnQ5vZRYldFnvYXRM0VUu8GdruaidWJ2Ra6FUFbEH+I77oIIoyWgXniq9jq +h0VJNRVCLwV4rFzmMkOAz1yxvJ+4UG9/wHYsZVhJDkyos1FVf0klKipKTS7Z87Em +aFlZ01JrM//kS/qdgohllCU8Xt1uVtvsYmJY9T6IEQKBgQD1IJzdopCI+BL7PfWf +qSpyUOgp+8J50CnIJ42ZdBWDhPZSbBqWmqbgBlnXEyPwkKVOhHde6td9DtxRVOiE +Zfy0gpUp4xWUxFdMKyW0+JmsmXiUJKIck6LxqfYDZUTzD2wp1/AhLGJ2M/J5e4IP +umr6IQ4BbDfKGp2NiHEQElCmdwKBgQDSvtOy71EhewJQ9slazR+10skSBbc5Ks9W +cy1fZKcnNB/dPenak5i8Gr04nPhhNvgAwmtDGb9hH1mwjHCUz/TaoPsbTKvtTN2N +MxFzQEsE9F803ULOvFOppe5YEy/M2OaDLHVil1bMwbrg3pGKD4TUfy5cE2NfCDi3 +JwlKk6uDbQKBgQCLAQ9zb7hes66v4pbjD18OrGq7RBUoVq8a3bMijf2VM1UrsDnz +pYd0CqXvnN8IkD3tpJi8rpe8Ry0QwgGI8vy2sEY+FpQqZJzMiLs9QKyEgBMsjwmP +Avmn6SWlD0xmORyxLc7yQOUk+phJ44wBt0jqxsvWarPIXAd0NydGYdxySQKBgAWo +B4iS8cuDQLGpngfo34QCz1DDhIJtSrlYSAx6aB4eQQiwI7mxInVSBmghlm0Ni6SB +k11usHtL2x1o95CW8Ex566N08FxjJsMmbr54KEtOv8tscOGZnmk8QeRtR2gpHi7B +H7lwtGy0em6UqrVY60jEzRq9jno7f0IzMwWkZwMVAoGAL9mQ8xVIaDNyhK477NvD +ZF2AWrHHLXDeTfwdI+HTCUdeDC208kgTx4Z/AX1cN7KQtWZfKIW0bWtCDnKsIwbK +zheDR2AjuDEbT9HWLtYgQvx5/fEc/yxJqtQk+n4CTrDY+rNeow51kziBKWFnu8Je +m38SJSK7uNLz5ZWNgj3XIUE= +-----END PRIVATE KEY----- diff --git a/tests/client2-ecdsa-chain.pem b/tests/client2-ecdsa-chain.pem new file mode 100644 index 00000000..0cba867b --- /dev/null +++ b/tests/client2-ecdsa-chain.pem @@ -0,0 +1,26 @@ +subject= CN = LibreSSL Test Client 2 ECDSA +issuer= CN = LibreSSL Test Intermediate CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBpjCCAUygAwIBAgIDEAACMAoGCCqGSM49BAMCMC4xLDAqBgNVBAMMI0xpYnJl +U1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIEVDRFNBMB4XDTEwMDEwMTAwMDAwMFoX +DTIwMDEwMTAwMDAwMFowJzElMCMGA1UEAwwcTGlicmVTU0wgVGVzdCBDbGllbnQg +MiBFQ0RTQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABL7oVxdDfyspO7ozwbv+ +2QKCXR8Z1+JWKj6lLmAkN6GY/gXPYcCAtXOWRoVt5yg4YrH0eOJalah7yGjAeHLq +EHijYDBeMB0GA1UdDgQWBBRO8eCtJ/+3xfn+3qY31gP3Ch5JvDAfBgNVHSMEGDAW +gBQXVj1v/EpXEjlCygJygatQDeTCCDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE +AwIHgDAKBggqhkjOPQQDAgNIADBFAiEA10kcAL7I/Y0KVNryJGrfVa1er0uiUXxS +2GmnKWFCQKECID9PY+LK4+DNvxyn4ld47AGJZjdolx6mwLFHK8RvtLo9 +-----END CERTIFICATE----- +subject= CN = LibreSSL Test Intermediate CA ECDSA +issuer= CN = LibreSSL Test Root CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBrDCCAVOgAwIBAgIJAOVssaaTYoH3MAkGByqGSM49BAEwJjEkMCIGA1UEAwwb +TGlicmVTU0wgVGVzdCBSb290IENBIEVDRFNBMB4XDTIxMTIyNzE0NDA0MFoXDTMx +MTIyNTE0NDA0MFowLjEsMCoGA1UEAwwjTGlicmVTU0wgVGVzdCBJbnRlcm1lZGlh +dGUgQ0EgRUNEU0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATWRQbJh4aHPzHq +LOAmosW/o83bTpm3Sj1VxM44StmG7c1nnFM/+gS8rp2bVSgjWZQzRtZqGVGJgzbk +7/M1m3x3o2MwYTAdBgNVHQ4EFgQUF1Y9b/xKVxI5QsoCcoGrUA3kwggwHwYDVR0j +BBgwFoAUtvkat4UdcUEipt6L/PBgEFYH6AwwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwCQYHKoZIzj0EAQNIADBFAiBE4NiOdv/XRN3WWMnkE5QccvC6 +VThoIQRyBf4I97cRPQIhAK18dvwrLuOOfbhWMdkpNCddMkWZHxS7traw/8+s7OUU +-----END CERTIFICATE----- diff --git a/tests/client2-ecdsa.pem b/tests/client2-ecdsa.pem new file mode 100644 index 00000000..f0576e6e --- /dev/null +++ b/tests/client2-ecdsa.pem @@ -0,0 +1,18 @@ +subject= CN = LibreSSL Test Client 2 ECDSA +issuer= CN = LibreSSL Test Intermediate CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBpjCCAUygAwIBAgIDEAACMAoGCCqGSM49BAMCMC4xLDAqBgNVBAMMI0xpYnJl +U1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIEVDRFNBMB4XDTEwMDEwMTAwMDAwMFoX +DTIwMDEwMTAwMDAwMFowJzElMCMGA1UEAwwcTGlicmVTU0wgVGVzdCBDbGllbnQg +MiBFQ0RTQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABL7oVxdDfyspO7ozwbv+ +2QKCXR8Z1+JWKj6lLmAkN6GY/gXPYcCAtXOWRoVt5yg4YrH0eOJalah7yGjAeHLq +EHijYDBeMB0GA1UdDgQWBBRO8eCtJ/+3xfn+3qY31gP3Ch5JvDAfBgNVHSMEGDAW +gBQXVj1v/EpXEjlCygJygatQDeTCCDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE +AwIHgDAKBggqhkjOPQQDAgNIADBFAiEA10kcAL7I/Y0KVNryJGrfVa1er0uiUXxS +2GmnKWFCQKECID9PY+LK4+DNvxyn4ld47AGJZjdolx6mwLFHK8RvtLo9 +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGJcFF0AYtzYr190f +tXnGfakMTr5zk0UO1nAfVSLMW2OhRANCAAS+6FcXQ38rKTu6M8G7/tkCgl0fGdfi +Vio+pS5gJDehmP4Fz2HAgLVzlkaFbecoOGKx9HjiWpWoe8howHhy6hB4 +-----END PRIVATE KEY----- diff --git a/tests/client2-rsa-chain.pem b/tests/client2-rsa-chain.pem new file mode 100644 index 00000000..bc09c2e0 --- /dev/null +++ b/tests/client2-rsa-chain.pem @@ -0,0 +1,44 @@ +subject= CN = LibreSSL Test Client 2 RSA +issuer= CN = LibreSSL Test Intermediate CA RSA +-----BEGIN CERTIFICATE----- +MIIDLjCCAhagAwIBAgIDEAACMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNVBAMMIUxp +YnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0xMDAxMDEwMDAwMDBa +Fw0yMDAxMDEwMDAwMDBaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3QgQ2xpZW50 +IDIgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6TPjTtVn4l/2 +3g+XVWUMpxZWu1G3GJ1TY14loqG2lLcyFwHfbxPgjdeUYUXgKw2v3LKdK1xlwohi +7adKmf8ZsqgWYd+SWtvzyoEEEvWQVj5bbs2+EI9CTP4L96lqsiBYZoHxCI+TG3pY +6JOZQT2wmJEL0zeK9cmUXoaV6fQOcEtSmp6m8XWLEEyUZvVHG3OX+7FtcV0snDfz +XrnvpRpu4zolbCC6jysufU46VoJNrrKdPlDu4PbF8PKrJl7jOSULaYHqugIeniMV +V9enkg9t0Bb8bW5sW8/c4vwS52dlRNLHXkwGE7u9+XEVOGDJ+a01eRjVOxQwqptn +qrWTF++D0QIDAQABo2AwXjAdBgNVHQ4EFgQUmUxF57QtRFh9JBPTMx5rUvRjj+4w +HwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/BAIwADAO +BgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAMAvLchG7tWtNXPK3+Ie +u+htMMPhgJCsHhEC0ssZezD3BfYHaJh7ayQwI1KWKrQOwu9z+oOGWQjoVmhBzoi2 +hmvH9vT4GFVnM5agf68USNLxQvlQiShfnqPZiy3EduwY0q+uNvvNYlHeLTp/Au7F +SesJqWoaMr3130n8QqiO8myNjUj3GVrmBBpFogU5qxQAHkcy2AbpkATjRtfG4Jn2 +DWXR9Yd56KuvmkpdVkw+DScOXbIgXmHyutJ7qDbm6lwXLD3U5ulvbSxXW/MhJpb9 +72UjtpQbhMzcyQwCvNrKnST+QqKMisAdkOOhCdEYTj8flpCbMA5bqwBRX+t+AMeD +4lY= +-----END CERTIFICATE----- +subject= CN = LibreSSL Test Intermediate CA RSA +issuer= CN = LibreSSL Test Root CA RSA +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIJAOVssaaTYoHyMA0GCSqGSIb3DQEBCwUAMCQxIjAgBgNV +BAMMGUxpYnJlU1NMIFRlc3QgUm9vdCBDQSBSU0EwHhcNMjExMjI3MTQ0MDM3WhcN +MzExMjI1MTQ0MDM3WjAsMSowKAYDVQQDDCFMaWJyZVNTTCBUZXN0IEludGVybWVk +aWF0ZSBDQSBSU0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD151AI +I+W9MrEP3dO0PEjg6L9E1R6+CG6u0LT3Jobc/rG2RXqKLasEaXoBWYiJoTImVxFT +wtrY+IDDTaEV4/4RGII1fY8Js7v5NpwoEh15jCoJ6/qDjKd4y1s1M48PlWYNNRmv +OBKRIu3Fz7scUa1RSBCp1bZeHbq/V5SzG419nDq2xpyuUrwmfBhDZTH+kUwBNGn8 +XVRFCRJQVP3qEAH02Zai2emSVj13KrhEWMtNyA8fa34GIuV23Q40RKW3jUgGBF+D +5jPNN8EZCj34nvvbjCCBs7cxZvD4F/MzGbatKpNmNOKXKibeg/xCq8B/F1uzHcl3 +IzJuViNtQ3RjQ/1pAgMBAAGjYzBhMB0GA1UdDgQWBBQ2oaFa//6a3ZNBNV0NlN3n +A9jiZjAfBgNVHSMEGDAWgBQ+S/x79Kw0KqURKAHyiOhdj/8V0TAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAcok2oSct +BOkm75qA8+4eUilGxTaqFPCqY8fk8MKNRKNNzaqirPaLJW62mZaxRHOn1Bw9uzL3 +jgz2PaTwA7n5GpKs3r5JLk8BdtRyeqMLmqJVJKKuu4GtJLCA8jhQm+XNA1Z324hg +kVeBHLPpLKvQxb+0lmbRBORq/OtMirq2yK8OlF2USrfQx0jmhSvvLpWyA0hhAXRS +gg1ds9aL57dELvk6gR7Unob+J0O2Xq3FRwz2O1k9fF86a0qrWUkxcnAjobC2BczC +7Fe5B194LgrX2U4IIrzwgJ19kmtrb1Qol2okECxomTYsbQY36sBs+LOKxSuiagu6 +ZgJtfcNeVMglYQ== +-----END CERTIFICATE----- diff --git a/tests/client2-rsa.pem b/tests/client2-rsa.pem new file mode 100644 index 00000000..b4431ce6 --- /dev/null +++ b/tests/client2-rsa.pem @@ -0,0 +1,50 @@ +subject= CN = LibreSSL Test Client 2 RSA +issuer= CN = LibreSSL Test Intermediate CA RSA +-----BEGIN CERTIFICATE----- +MIIDLjCCAhagAwIBAgIDEAACMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNVBAMMIUxp +YnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0xMDAxMDEwMDAwMDBa +Fw0yMDAxMDEwMDAwMDBaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3QgQ2xpZW50 +IDIgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6TPjTtVn4l/2 +3g+XVWUMpxZWu1G3GJ1TY14loqG2lLcyFwHfbxPgjdeUYUXgKw2v3LKdK1xlwohi +7adKmf8ZsqgWYd+SWtvzyoEEEvWQVj5bbs2+EI9CTP4L96lqsiBYZoHxCI+TG3pY +6JOZQT2wmJEL0zeK9cmUXoaV6fQOcEtSmp6m8XWLEEyUZvVHG3OX+7FtcV0snDfz +XrnvpRpu4zolbCC6jysufU46VoJNrrKdPlDu4PbF8PKrJl7jOSULaYHqugIeniMV +V9enkg9t0Bb8bW5sW8/c4vwS52dlRNLHXkwGE7u9+XEVOGDJ+a01eRjVOxQwqptn +qrWTF++D0QIDAQABo2AwXjAdBgNVHQ4EFgQUmUxF57QtRFh9JBPTMx5rUvRjj+4w +HwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/BAIwADAO +BgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAMAvLchG7tWtNXPK3+Ie +u+htMMPhgJCsHhEC0ssZezD3BfYHaJh7ayQwI1KWKrQOwu9z+oOGWQjoVmhBzoi2 +hmvH9vT4GFVnM5agf68USNLxQvlQiShfnqPZiy3EduwY0q+uNvvNYlHeLTp/Au7F +SesJqWoaMr3130n8QqiO8myNjUj3GVrmBBpFogU5qxQAHkcy2AbpkATjRtfG4Jn2 +DWXR9Yd56KuvmkpdVkw+DScOXbIgXmHyutJ7qDbm6lwXLD3U5ulvbSxXW/MhJpb9 +72UjtpQbhMzcyQwCvNrKnST+QqKMisAdkOOhCdEYTj8flpCbMA5bqwBRX+t+AMeD +4lY= +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDpM+NO1WfiX/be +D5dVZQynFla7UbcYnVNjXiWiobaUtzIXAd9vE+CN15RhReArDa/csp0rXGXCiGLt +p0qZ/xmyqBZh35Ja2/PKgQQS9ZBWPltuzb4Qj0JM/gv3qWqyIFhmgfEIj5Mbeljo +k5lBPbCYkQvTN4r1yZRehpXp9A5wS1KanqbxdYsQTJRm9Ucbc5f7sW1xXSycN/Ne +ue+lGm7jOiVsILqPKy59TjpWgk2usp0+UO7g9sXw8qsmXuM5JQtpgeq6Ah6eIxVX +16eSD23QFvxtbmxbz9zi/BLnZ2VE0sdeTAYTu735cRU4YMn5rTV5GNU7FDCqm2eq +tZMX74PRAgMBAAECggEAGghk06QXGLpFwLxU1H+XTf+8ZuTUX7cQXANiiCktTKS2 +vsLCwo+hfbQXKFS4lZXNkAGQcgq6gWDgSk9mkJJduAfzl7FxkRsEuBJ29fbbygTk +CBaHpSmY6SdjBp6u/nuF4suWsLH2ZhbeXfg8H4BXenCWtVl59b4vBe5YRemswvQv +DJzV9gVKDf7HnvcjUMBXNKNWk0cLlodKX6bRhpPbq/WNPAubA3z4Z0JZqnW9uuWa +wTd7QPeKxVbQmz5Y5hifKMI4ML5i1+Fo6Xvcdt1TwfeHYy+iPNtB8fEu1VdH25DN +iN5iiMOr7go8MOc4LxCZGsXqIDd6WYOg/DmCEsSiEQKBgQD78UT9ezhI7TLVmUdC +eQd8+oi1qXykHXpMvobCJUrEulF6/iZSICcVVdH/DcvGRPv7A+90QZWGcY2Bzhtz +8C2XFLqLvSyHegSA4P57PbHjBOqowFAWntLTn/gSOb+nYKSM5XzOQq7RQctYX3EO +jZb4GKhPOUwzy2Ugd9zNhqD8gwKBgQDs9VtAYvM2i3ylRLH/UdAu/E+oA05ydxT1 +dt4tK6R54KSZk+E/LM/k8D3p70tyiRbfky6DtGrGZSpyecCPdkNF0FJTRER1eDsb +Au2uH6zP0nn2FUnQnL5fcIkVlclukf8pMox5fbFcoZjIWti9TURIdMTkaQVX9LKf +Gme84UX2GwKBgQCqsJZuKbpDZjinkDZAKeFR4icW9KIWSkZekkKYbE2QpS6o5mEu +CMyR3tfsNfuV84zITq0/lWNpd6tIg0wEK3enwQp1vA/cJWXBry2ab30CcoVNGSXp +fWcWq22VY3yeOJKjRqNc1r671RigYeEl2/WpVoNJUWd4O9fivHJi6FBPYwKBgQDI +3B5y0K27gbex3C5J8A7ZlTTshYj8zGZuwEkK3yC30y2TpV/dDl5XgTHqV9aLixth +f0CBkfCkpeK6UOxib2wNBM6UGJ0zOixX9D6HSABT1eVeLKN6ezOAcUMykdrCqG0z +fc7HuT0b+TsqMp/gr1t/U8QGneNSsHCtH1PqLscAGwKBgFdecOiUhKezd6mReDYc +cBKBN/2EBPNCSKlzuskSGoU/mC0H+2Mj1XX4fx5Wjvjp3hqKEVgs/L8Eth1KYfgF +CaQzGAkavihH03L73to1Wj/K4XineBAKZLtXkdzWdB+kM8zkYJqmagh6h6BlXFun +TJvYJYIK9U3kvhZtsD6w1slZ +-----END PRIVATE KEY----- diff --git a/tests/client3-ecdsa-chain.pem b/tests/client3-ecdsa-chain.pem new file mode 100644 index 00000000..a389943e --- /dev/null +++ b/tests/client3-ecdsa-chain.pem @@ -0,0 +1,26 @@ +subject= CN = LibreSSL Test Client 3 ECDSA +issuer= CN = LibreSSL Test Intermediate CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBqjCCAVGgAwIBAgIJAOVssaaTYoH7MAkGByqGSM49BAEwLjEsMCoGA1UEAwwj +TGlicmVTU0wgVGVzdCBJbnRlcm1lZGlhdGUgQ0EgRUNEU0EwHhcNMjExMjI3MTQ0 +MDQwWhcNMzExMjI1MTQ0MDQwWjAnMSUwIwYDVQQDDBxMaWJyZVNTTCBUZXN0IENs +aWVudCAzIEVDRFNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqlNqEjPuPpw3 +HaWxXbWql6f9g2HPei7RGZRfEAeNrnWT+Y4okVoqcxjeLNBA6dNl3uALWbSmDu6a +kmBSU1aY9KNgMF4wHQYDVR0OBBYEFKxGR7LhwxXUGYyxjqBrxi5RKHamMB8GA1Ud +IwQYMBaAFBdWPW/8SlcSOULKAnKBq1AN5MIIMAwGA1UdEwEB/wQCMAAwDgYDVR0P +AQH/BAQDAgeAMAkGByqGSM49BAEDSAAwRQIhAMFzwaCpvWiXD+zEZ/mUBdbMQq2W +JLELD9Mv11NiBhi6AiAN/QNQjluNEUTkxCH6p9bQiOYCQ3DOnPTxrSly/RQOSQ== +-----END CERTIFICATE----- +subject= CN = LibreSSL Test Intermediate CA ECDSA +issuer= CN = LibreSSL Test Root CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBrDCCAVOgAwIBAgIJAOVssaaTYoH3MAkGByqGSM49BAEwJjEkMCIGA1UEAwwb +TGlicmVTU0wgVGVzdCBSb290IENBIEVDRFNBMB4XDTIxMTIyNzE0NDA0MFoXDTMx +MTIyNTE0NDA0MFowLjEsMCoGA1UEAwwjTGlicmVTU0wgVGVzdCBJbnRlcm1lZGlh +dGUgQ0EgRUNEU0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATWRQbJh4aHPzHq +LOAmosW/o83bTpm3Sj1VxM44StmG7c1nnFM/+gS8rp2bVSgjWZQzRtZqGVGJgzbk +7/M1m3x3o2MwYTAdBgNVHQ4EFgQUF1Y9b/xKVxI5QsoCcoGrUA3kwggwHwYDVR0j +BBgwFoAUtvkat4UdcUEipt6L/PBgEFYH6AwwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwCQYHKoZIzj0EAQNIADBFAiBE4NiOdv/XRN3WWMnkE5QccvC6 +VThoIQRyBf4I97cRPQIhAK18dvwrLuOOfbhWMdkpNCddMkWZHxS7traw/8+s7OUU +-----END CERTIFICATE----- diff --git a/tests/client3-ecdsa.pem b/tests/client3-ecdsa.pem new file mode 100644 index 00000000..f42528bf --- /dev/null +++ b/tests/client3-ecdsa.pem @@ -0,0 +1,18 @@ +subject= CN = LibreSSL Test Client 3 ECDSA +issuer= CN = LibreSSL Test Intermediate CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBqjCCAVGgAwIBAgIJAOVssaaTYoH7MAkGByqGSM49BAEwLjEsMCoGA1UEAwwj +TGlicmVTU0wgVGVzdCBJbnRlcm1lZGlhdGUgQ0EgRUNEU0EwHhcNMjExMjI3MTQ0 +MDQwWhcNMzExMjI1MTQ0MDQwWjAnMSUwIwYDVQQDDBxMaWJyZVNTTCBUZXN0IENs +aWVudCAzIEVDRFNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqlNqEjPuPpw3 +HaWxXbWql6f9g2HPei7RGZRfEAeNrnWT+Y4okVoqcxjeLNBA6dNl3uALWbSmDu6a +kmBSU1aY9KNgMF4wHQYDVR0OBBYEFKxGR7LhwxXUGYyxjqBrxi5RKHamMB8GA1Ud +IwQYMBaAFBdWPW/8SlcSOULKAnKBq1AN5MIIMAwGA1UdEwEB/wQCMAAwDgYDVR0P +AQH/BAQDAgeAMAkGByqGSM49BAEDSAAwRQIhAMFzwaCpvWiXD+zEZ/mUBdbMQq2W +JLELD9Mv11NiBhi6AiAN/QNQjluNEUTkxCH6p9bQiOYCQ3DOnPTxrSly/RQOSQ== +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgfaMOzQZ+d1yL3ToI +VPcHtdkIVhqatu/rDcJLuJcNnQehRANCAASqU2oSM+4+nDcdpbFdtaqXp/2DYc96 +LtEZlF8QB42udZP5jiiRWipzGN4s0EDp02Xe4AtZtKYO7pqSYFJTVpj0 +-----END PRIVATE KEY----- diff --git a/tests/client3-rsa-chain.pem b/tests/client3-rsa-chain.pem new file mode 100644 index 00000000..251344f9 --- /dev/null +++ b/tests/client3-rsa-chain.pem @@ -0,0 +1,44 @@ +subject= CN = LibreSSL Test Client 3 RSA +issuer= CN = LibreSSL Test Intermediate CA RSA +-----BEGIN CERTIFICATE----- +MIIDNDCCAhygAwIBAgIJAOVssaaTYoH2MA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNV +BAMMIUxpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0yMTEyMjcx +NDQwMzhaFw0zMTEyMjUxNDQwMzhaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3Qg +Q2xpZW50IDMgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1vW +q3L63zPi8RJaJ07LsR05gCBYJ7FrnprqKbo7swLra3HE5WQFTxxOPkzBBnCUEaa2 +tqPtov34mrOmnYTQDBxpljx5u6AzjgMfwJZfh7CtGf893nbbP7T2f3pXAFBR0A32 +xmEvso5afyLNRvmxCsrdr2u73bETmBqFQFgGrhtBpTeGqsixgOegZzKHVF67ZjJi +e+faM24GAtkOiPB7PfVgZFyTfe8HQsqqcMRVtjd7JxuN33k8cFIWqv5i8oqVLBME +mLFM2WFIYNTsMtQ38eA7xieuuK6OPTp+cJKQY6jA3wUJOTRt9UE7pEjxOTumckfM +u/ZE1+AODHkH97FptwIDAQABo2AwXjAdBgNVHQ4EFgQUz44RRa+P1oRBVI6lla3o +VsVQq7swHwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/ +BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAFgL5955qwHN +vFGnAKoHhoszX3qf2h8zc5HvFfnbvZbBbsuRFW1/QGfQPGWDq8YUlb6wu8NjLjSM +qTSYd1CvWXO1s91kr3LM5k7+9x+whOgbzWjGiprloS9pXcZ+ljTunW4o7jE7pPjZ +opk7W2WmD7/dEDg10x0yDZnKbzea5PMpp6kLqNjtENW4SETtcnwBdi/MZ09ApuUC +E+XWK/uKmxbIJ7Rt/Vi5H3BE74w7souq7fMwGGk7NL8Fmha78VQApKvZV/Rsfrio +D0vVU8djTlEJyXCeqFYU2eKWhc0bfiONIFJ6Wtg/1cR6Jn12+6X36J+wW1G3ibMu +ey+V9oVpM2U= +-----END CERTIFICATE----- +subject= CN = LibreSSL Test Intermediate CA RSA +issuer= CN = LibreSSL Test Root CA RSA +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIJAOVssaaTYoHyMA0GCSqGSIb3DQEBCwUAMCQxIjAgBgNV +BAMMGUxpYnJlU1NMIFRlc3QgUm9vdCBDQSBSU0EwHhcNMjExMjI3MTQ0MDM3WhcN +MzExMjI1MTQ0MDM3WjAsMSowKAYDVQQDDCFMaWJyZVNTTCBUZXN0IEludGVybWVk +aWF0ZSBDQSBSU0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD151AI +I+W9MrEP3dO0PEjg6L9E1R6+CG6u0LT3Jobc/rG2RXqKLasEaXoBWYiJoTImVxFT +wtrY+IDDTaEV4/4RGII1fY8Js7v5NpwoEh15jCoJ6/qDjKd4y1s1M48PlWYNNRmv +OBKRIu3Fz7scUa1RSBCp1bZeHbq/V5SzG419nDq2xpyuUrwmfBhDZTH+kUwBNGn8 +XVRFCRJQVP3qEAH02Zai2emSVj13KrhEWMtNyA8fa34GIuV23Q40RKW3jUgGBF+D +5jPNN8EZCj34nvvbjCCBs7cxZvD4F/MzGbatKpNmNOKXKibeg/xCq8B/F1uzHcl3 +IzJuViNtQ3RjQ/1pAgMBAAGjYzBhMB0GA1UdDgQWBBQ2oaFa//6a3ZNBNV0NlN3n +A9jiZjAfBgNVHSMEGDAWgBQ+S/x79Kw0KqURKAHyiOhdj/8V0TAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAcok2oSct +BOkm75qA8+4eUilGxTaqFPCqY8fk8MKNRKNNzaqirPaLJW62mZaxRHOn1Bw9uzL3 +jgz2PaTwA7n5GpKs3r5JLk8BdtRyeqMLmqJVJKKuu4GtJLCA8jhQm+XNA1Z324hg +kVeBHLPpLKvQxb+0lmbRBORq/OtMirq2yK8OlF2USrfQx0jmhSvvLpWyA0hhAXRS +gg1ds9aL57dELvk6gR7Unob+J0O2Xq3FRwz2O1k9fF86a0qrWUkxcnAjobC2BczC +7Fe5B194LgrX2U4IIrzwgJ19kmtrb1Qol2okECxomTYsbQY36sBs+LOKxSuiagu6 +ZgJtfcNeVMglYQ== +-----END CERTIFICATE----- diff --git a/tests/client3-rsa.pem b/tests/client3-rsa.pem new file mode 100644 index 00000000..b825391c --- /dev/null +++ b/tests/client3-rsa.pem @@ -0,0 +1,50 @@ +subject= CN = LibreSSL Test Client 3 RSA +issuer= CN = LibreSSL Test Intermediate CA RSA +-----BEGIN CERTIFICATE----- +MIIDNDCCAhygAwIBAgIJAOVssaaTYoH2MA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNV +BAMMIUxpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0yMTEyMjcx +NDQwMzhaFw0zMTEyMjUxNDQwMzhaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3Qg +Q2xpZW50IDMgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1vW +q3L63zPi8RJaJ07LsR05gCBYJ7FrnprqKbo7swLra3HE5WQFTxxOPkzBBnCUEaa2 +tqPtov34mrOmnYTQDBxpljx5u6AzjgMfwJZfh7CtGf893nbbP7T2f3pXAFBR0A32 +xmEvso5afyLNRvmxCsrdr2u73bETmBqFQFgGrhtBpTeGqsixgOegZzKHVF67ZjJi +e+faM24GAtkOiPB7PfVgZFyTfe8HQsqqcMRVtjd7JxuN33k8cFIWqv5i8oqVLBME +mLFM2WFIYNTsMtQ38eA7xieuuK6OPTp+cJKQY6jA3wUJOTRt9UE7pEjxOTumckfM +u/ZE1+AODHkH97FptwIDAQABo2AwXjAdBgNVHQ4EFgQUz44RRa+P1oRBVI6lla3o +VsVQq7swHwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/ +BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAFgL5955qwHN +vFGnAKoHhoszX3qf2h8zc5HvFfnbvZbBbsuRFW1/QGfQPGWDq8YUlb6wu8NjLjSM +qTSYd1CvWXO1s91kr3LM5k7+9x+whOgbzWjGiprloS9pXcZ+ljTunW4o7jE7pPjZ +opk7W2WmD7/dEDg10x0yDZnKbzea5PMpp6kLqNjtENW4SETtcnwBdi/MZ09ApuUC +E+XWK/uKmxbIJ7Rt/Vi5H3BE74w7souq7fMwGGk7NL8Fmha78VQApKvZV/Rsfrio +D0vVU8djTlEJyXCeqFYU2eKWhc0bfiONIFJ6Wtg/1cR6Jn12+6X36J+wW1G3ibMu +ey+V9oVpM2U= +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCnW9arcvrfM+Lx +ElonTsuxHTmAIFgnsWuemuopujuzAutrccTlZAVPHE4+TMEGcJQRpra2o+2i/fia +s6adhNAMHGmWPHm7oDOOAx/All+HsK0Z/z3edts/tPZ/elcAUFHQDfbGYS+yjlp/ +Is1G+bEKyt2va7vdsROYGoVAWAauG0GlN4aqyLGA56BnModUXrtmMmJ759ozbgYC +2Q6I8Hs99WBkXJN97wdCyqpwxFW2N3snG43feTxwUhaq/mLyipUsEwSYsUzZYUhg +1Owy1Dfx4DvGJ664ro49On5wkpBjqMDfBQk5NG31QTukSPE5O6ZyR8y79kTX4A4M +eQf3sWm3AgMBAAECggEBAJV3HddtDsR8sHegbkegxaXeddYKDPEWMQkrTWoK2vpa +5ynEJ5a+p0cp/m8BWXqI3JSPEas36CmjLH3taCZR0QSf82SrigSZZLG19IupQJQM +o+wN2pFuEQ1qbqMW/dBX61kmv3gYn+KV5BibWj3DDeyXlTjvvI6XcOps9QisFPs0 +BqPC7U4B3DaILeK+cLS9ONjXv4WgGi1LB8dpSR3HgT+qKs/bceCWGCcjfi3PQVJw +8Ahv8wce71rwIWxhnh6hcHq8iiGUj2CAtOA9E4qtxgQ5VkhR049pPQ0CkcrFBRT8 +wTDF5ffzSAbU9QRp/cL7k/eeEAiNQg0aL2GUHhmO/KECgYEA1PxATAFTzX6K4nM/ +yRU769vegTiblYjzUB5JL7baMUgSGgXrZ4UomtQQiYZSDhho8bDSEKM7cNzddMTo +BFyKTvV4Won6LtF2R/JiFbUfDxhGS1+uoLXGciAFdB+NABLrmTQ0jp0N3y53UBmr +jwMDz9BqXq+6QoM3lLUsL4V2j08CgYEAySiax4D3pkr3T6iTuEaLqW9vTV58vWUY +sDstNA2YONYTPHUtFMpVfPgMmrraWHl3yNC2LB9W3SjJ+05oRYObUBI1oAg68u9z +T2+jcxM3fN8HFwyFMm5gd3tygawdwGsvCjLPMJaHdtwlbg8lYfHyEl1hJRA+cnKg +Y5hrfWtpJRkCgYEApWeBR4WAX4Z2tYZrcu5aqsEF+7TKn0bMLtxWWgfXS459AFi4 +iJyQ/CzU6vi1oNy0I37+pI0gDHZ6RcTlqv1zK/7WiPm+ob1p7lX+dn1CsaZYcRDN +vWFtzBOyKIyYJAaNkV1Js7eknj6nyj0lTts4ipuBACfYru7Yq1RIDF/Jw2ECgYA9 +qTWwu+at0cL3ZwxI6076VA9BHxqLj8a+lpUnpJcprO1eleiIu/DyirKKZ4ZwomNG +aju9UKn2xv8LCqDJ1iqwo7ROZtdzClVFX0oyBwz2OQNaXFsj91OYrH2QJCtGhVR5 +AtQh57KEi7zpfLkPyfNTD86sZstNl7d0cA9a9abYWQKBgQCPESj1LojjkEvGKtiD +9w+ZMaDf+mYK+RYQnjEthUMpAPI+mhm9cAl8mMJu3FaNgviOX9oB1/1XGl1Pj5od +KWej9CF1ltoW/PcjsSTeeRFye5jvXn9BLr3w6iUl9pwyo4sVyLHgMzZpiQvGoRNy +u80tjy6bVP3dGa5VHm36pENC4Q== +-----END PRIVATE KEY----- diff --git a/tests/clienttest.c b/tests/clienttest.c index 22654e7e..b0486d95 100644 --- a/tests/clienttest.c +++ b/tests/clienttest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clienttest.c,v 1.35 2021/08/30 17:34:01 tb Exp $ */ +/* $OpenBSD: clienttest.c,v 1.39 2022/07/19 20:16:50 tb Exp $ */ /* * Copyright (c) 2015 Joel Sing * @@ -36,7 +36,7 @@ #define TLS13_RANDOM_OFFSET (TLS13_HM_OFFSET + 2) #define TLS13_SESSION_OFFSET (TLS13_HM_OFFSET + 34) #define TLS13_CIPHER_OFFSET (TLS13_HM_OFFSET + 69) -#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 194) +#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 192) #define TLS13_ONLY_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 98) #define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000) @@ -131,26 +131,26 @@ static const uint8_t cipher_list_tls10[] = { 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, - 0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, - 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, + 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, + 0x00, 0x0a, 0x00, 0xff, }; static const uint8_t client_hello_tls10[] = { - 0x16, 0x03, 0x01, 0x00, 0x73, 0x01, 0x00, 0x00, - 0x6f, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x16, 0x03, 0x01, 0x00, 0x71, 0x01, 0x00, 0x00, + 0x6d, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x2e, 0xc0, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x2c, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, - 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, - 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x18, - 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, - 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, - 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, + 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, + 0x00, 0xff, 0x01, 0x00, 0x00, 0x18, 0x00, 0x0b, + 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, + 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, + 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, }; static const uint8_t cipher_list_tls11[] = { @@ -158,26 +158,26 @@ static const uint8_t cipher_list_tls11[] = { 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, - 0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, - 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, + 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, + 0x00, 0x0a, 0x00, 0xff, }; static const uint8_t client_hello_tls11[] = { - 0x16, 0x03, 0x01, 0x00, 0x73, 0x01, 0x00, 0x00, - 0x6f, 0x03, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x16, 0x03, 0x01, 0x00, 0x71, 0x01, 0x00, 0x00, + 0x6d, 0x03, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x2e, 0xc0, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x2c, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, - 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, - 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x18, - 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, - 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, - 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, + 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, + 0x00, 0xff, 0x01, 0x00, 0x00, 0x18, 0x00, 0x0b, + 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, + 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, + 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, }; static const uint8_t cipher_list_tls12_aes[] = { @@ -191,8 +191,8 @@ static const uint8_t cipher_list_tls12_aes[] = { 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, - 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, - 0x00, 0x0a, 0x00, 0xff, + 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, + 0x00, 0xff, }; static const uint8_t cipher_list_tls12_chacha[] = { @@ -206,17 +206,17 @@ static const uint8_t cipher_list_tls12_chacha[] = { 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, - 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, - 0x00, 0x0a, 0x00, 0xff, + 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, + 0x00, 0xff, }; static const uint8_t client_hello_tls12[] = { - 0x16, 0x03, 0x01, 0x00, 0xbd, 0x01, 0x00, 0x00, - 0xb9, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x16, 0x03, 0x01, 0x00, 0xbb, 0x01, 0x00, 0x00, + 0xb7, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x5c, 0xc0, 0x30, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x5a, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85, @@ -226,16 +226,15 @@ static const uint8_t client_hello_tls12[] = { 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, - 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04, - 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, - 0x00, 0xff, 0x01, 0x00, 0x00, 0x34, 0x00, 0x0b, - 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, - 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, - 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, - 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, - 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, - 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, - 0x02, 0x03, + 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, + 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, + 0x01, 0x00, 0x00, 0x34, 0x00, 0x0b, 0x00, 0x02, + 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, + 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, + 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, + 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, + 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, + 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, }; static const uint8_t cipher_list_tls13_aes[] = { @@ -249,9 +248,8 @@ static const uint8_t cipher_list_tls13_aes[] = { 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, - 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04, - 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, - 0x00, 0xff + 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, + 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, }; static const uint8_t cipher_list_tls13_chacha[] = { @@ -265,14 +263,13 @@ static const uint8_t cipher_list_tls13_chacha[] = { 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, - 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04, - 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, - 0x00, 0xff, + 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, + 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, }; static const uint8_t client_hello_tls13[] = { - 0x16, 0x03, 0x01, 0x01, 0x1a, 0x01, 0x00, 0x01, - 0x16, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x16, 0x03, 0x01, 0x01, 0x18, 0x01, 0x00, 0x01, + 0x14, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -280,7 +277,7 @@ static const uint8_t client_hello_tls13[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x62, 0x13, 0x03, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x60, 0x13, 0x03, 0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, @@ -291,22 +288,22 @@ static const uint8_t client_hello_tls13[] = { 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, - 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, - 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, - 0x01, 0x00, 0x00, 0x6b, 0x00, 0x2b, 0x00, 0x09, - 0x08, 0x03, 0x04, 0x03, 0x03, 0x03, 0x02, 0x03, - 0x01, 0x00, 0x33, 0x00, 0x26, 0x00, 0x24, 0x00, - 0x1d, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, + 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, + 0x00, 0x6b, 0x00, 0x2b, 0x00, 0x09, 0x08, 0x03, + 0x04, 0x03, 0x03, 0x03, 0x02, 0x03, 0x01, 0x00, + 0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00, + 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, - 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, - 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, - 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, - 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, - 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, - 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, + 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, + 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, + 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, + 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, + 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, + 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, + 0x03, 0x02, 0x01, 0x02, 0x03, }; static const uint8_t cipher_list_tls13_only_aes[] = { @@ -334,7 +331,7 @@ static const uint8_t client_hello_tls13_only[] = { 0x1d, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, @@ -628,7 +625,7 @@ client_hello_test(int testno, const struct client_hello_test *cht) int ret = 1; long len; - fprintf(stderr, "Test %i - %s\n", testno, cht->desc); + fprintf(stderr, "Test %d - %s\n", testno, cht->desc); /* Providing a small buf causes *_get_server_hello() to return. */ if ((rbio = BIO_new_mem_buf(rbuf, sizeof(rbuf))) == NULL) { @@ -652,9 +649,8 @@ client_hello_test(int testno, const struct client_hello_test *cht) goto failure; } - rbio->references = 2; - wbio->references = 2; - + BIO_up_ref(rbio); + BIO_up_ref(wbio); SSL_set_bio(ssl, rbio, wbio); if (SSL_connect(ssl) != 0) { @@ -669,7 +665,7 @@ client_hello_test(int testno, const struct client_hello_test *cht) errx(1, "failed to make client hello"); if ((size_t)len != client_hello_len) { - fprintf(stderr, "FAIL: test returned ClientHello length %li, " + fprintf(stderr, "FAIL: test returned ClientHello length %ld, " "want %zu\n", len, client_hello_len); fprintf(stderr, "received:\n"); hexdump(wbuf, len, NULL); @@ -712,11 +708,6 @@ client_hello_test(int testno, const struct client_hello_test *cht) SSL_CTX_free(ssl_ctx); SSL_free(ssl); - if (rbio != NULL) - rbio->references = 1; - if (wbio != NULL) - wbio->references = 1; - BIO_free(rbio); BIO_free(wbio); diff --git a/tests/cmstest.c b/tests/cmstest.c index 185d8831..4ff1e1ef 100644 --- a/tests/cmstest.c +++ b/tests/cmstest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cmstest.c,v 1.4 2021/03/22 20:31:34 tb Exp $ */ +/* $OpenBSD: cmstest.c,v 1.5 2022/06/22 09:56:45 tb Exp $ */ /* * Copyright (c) 2019 Joel Sing * @@ -167,8 +167,8 @@ test_cms_encrypt_decrypt(void) } if ((len = BIO_get_mem_data(bio_mem, &p)) != strlen(cms_msg)) { - fprintf(stderr, "FAIL: CMS decrypt returned %li bytes, " - "want %zi bytes\n", len, strlen(cms_msg)); + fprintf(stderr, "FAIL: CMS decrypt returned %zu bytes, " + "want %zu bytes\n", len, strlen(cms_msg)); fprintf(stderr, "Got CMS data:\n"); hexdump(p, len); fprintf(stderr, "Want CMS data:\n"); @@ -268,8 +268,8 @@ test_cms_sign_verify(void) } if ((len = BIO_get_mem_data(bio_mem, &p)) != strlen(cms_msg)) { - fprintf(stderr, "FAIL: CMS verify returned %li bytes, " - "want %zi bytes\n", len, strlen(cms_msg)); + fprintf(stderr, "FAIL: CMS verify returned %zu bytes, " + "want %zu bytes\n", len, strlen(cms_msg)); fprintf(stderr, "Got CMS data:\n"); hexdump(p, len); fprintf(stderr, "Want CMS data:\n"); diff --git a/tests/constraints.c b/tests/constraints.c index c4dedeb1..d4867a36 100644 --- a/tests/constraints.c +++ b/tests/constraints.c @@ -331,9 +331,11 @@ test_invalid_domain_constraints(void) } static int -test_invalid_uri(void) { +test_invalid_uri(void) +{ int j, failure=0; - char *hostpart; + char *hostpart = NULL; + for (j = 0; invaliduri[j] != NULL; j++) { if (x509_constraints_uri_host(invaliduri[j], strlen(invaliduri[j]), &hostpart) != 0) { @@ -342,7 +344,10 @@ test_invalid_uri(void) { failure = 1; goto done; } + free(hostpart); + hostpart = NULL; } + done: return failure; } @@ -392,6 +397,10 @@ test_constraints1(void) "", NULL, }; + unsigned char *noauthority[] = { + "urn:open62541.server.application", + NULL, + }; for (i = 0; constraints[i] != NULL; i++) { char *constraint = constraints[i]; size_t clen = strlen(constraints[i]); @@ -437,6 +446,28 @@ test_constraints1(void) goto done; } } + for (j = 0; noauthority[j] != NULL; j++) { + error = 0; + char *hostpart = NULL; + if (!x509_constraints_uri_host(noauthority[j], + strlen(noauthority[j]), &hostpart)) { + FAIL("name '%s' should parse as a URI", + noauthority[j]); + failure = 1; + free(hostpart); + goto done; + } + free(hostpart); + + if (x509_constraints_uri(noauthority[j], + strlen(noauthority[j]), constraint, clen, &error)) { + FAIL("constraint '%s' should not have matched URI" + " '%s' (error %d)\n", + constraint, failinguri[j], error); + failure = 1; + goto done; + } + } } c = ".openbsd.org"; cl = strlen(".openbsd.org"); diff --git a/tests/dhtest.c b/tests/dhtest.c index 599c51d5..ee06259d 100644 --- a/tests/dhtest.c +++ b/tests/dhtest.c @@ -1,25 +1,25 @@ -/* $OpenBSD: dhtest.c,v 1.5 2018/07/17 17:06:49 tb Exp $ */ +/* $OpenBSD: dhtest.c,v 1.7 2022/01/12 08:58:12 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -62,6 +62,7 @@ #undef OPENSSL_NO_DEPRECATED #endif +#include #include #include #include @@ -73,39 +74,47 @@ #include -static int cb(int p, int n, BN_GENCB *arg) +static int +cb(int p, int n, BN_GENCB *arg) { - char c='*'; + char c = '*'; if (p == 0) - c='.'; + c = '.'; if (p == 1) - c='+'; + c = '+'; if (p == 2) - c='*'; + c = '*'; if (p == 3) - c='\n'; - BIO_write(arg->arg,&c,1); - (void)BIO_flush(arg->arg); + c = '\n'; + BIO_write(BN_GENCB_get_arg(arg), &c, 1); + (void)BIO_flush(BN_GENCB_get_arg(arg)); return 1; } -int main(int argc, char *argv[]) +int +main(int argc, char *argv[]) { - BN_GENCB _cb; + BN_GENCB *_cb; DH *a; char buf[12]; unsigned char *abuf=NULL; - int i,alen,aout,ret=1; + int i, alen, aout; BIO *out; + int ret = 1; + + if ((out = BIO_new(BIO_s_file())) == NULL) + err(1, "BIO_new"); + BIO_set_fp(out, stdout, BIO_NOCLOSE); + + if ((_cb = BN_GENCB_new()) == NULL) + err(1, "BN_GENCB_new"); - out=BIO_new(BIO_s_file()); - if (out == NULL) exit(1); - BIO_set_fp(out,stdout,BIO_NOCLOSE); + BN_GENCB_set(_cb, &cb, out); + if ((a = DH_new()) == NULL) + goto err; - BN_GENCB_set(&_cb, &cb, out); - if (((a = DH_new()) == NULL) || - !DH_generate_parameters_ex(a, 64, DH_GENERATOR_5, &_cb)) + if (!DH_generate_parameters_ex(a, 64, DH_GENERATOR_5, _cb)) goto err; if (!DH_check(a, &i)) @@ -119,36 +128,38 @@ int main(int argc, char *argv[]) if (i & DH_NOT_SUITABLE_GENERATOR) BIO_puts(out, "the g value is not a generator\n"); - BIO_puts(out,"\np ="); - BN_print(out,a->p); - BIO_puts(out,"\ng ="); - BN_print(out,a->g); - BIO_puts(out,"\n"); + BIO_puts(out, "\np ="); + BN_print(out, DH_get0_p(a)); + BIO_puts(out, "\ng ="); + BN_print(out, DH_get0_g(a)); + BIO_puts(out, "\n"); if (!DH_generate_key(a)) goto err; - BIO_puts(out,"pri 1="); - BN_print(out,a->priv_key); - BIO_puts(out,"\npub 1="); - BN_print(out,a->pub_key); - BIO_puts(out,"\n"); - - alen=DH_size(a); - abuf=malloc(alen); - aout=DH_compute_key(abuf,a->pub_key,a); - - BIO_puts(out,"key1 ="); + BIO_puts(out, "pri 1="); + BN_print(out, DH_get0_priv_key(a)); + BIO_puts(out, "\npub 1="); + BN_print(out, DH_get0_pub_key(a)); + BIO_puts(out, "\n"); + + alen = DH_size(a); + if ((abuf = malloc(alen)) == NULL) + err(1, "malloc"); + aout = DH_compute_key(abuf, DH_get0_pub_key(a), a); + + BIO_puts(out, "key1 ="); for (i=0; i #include #include #include @@ -79,146 +80,155 @@ static int dsa_cb(int p, int n, BN_GENCB *arg); /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ -static unsigned char seed[20]={ - 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40, - 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3, - }; - -static unsigned char out_p[]={ - 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa, - 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb, - 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7, - 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5, - 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf, - 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac, - 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2, - 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91, - }; - -static unsigned char out_q[]={ - 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee, - 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e, - 0xda,0xce,0x91,0x5f, - }; - -static unsigned char out_g[]={ - 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13, - 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00, - 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb, - 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e, - 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf, - 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c, - 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c, - 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02, - }; - -static const unsigned char str1[]="12345678901234567890"; - -static BIO *bio_err=NULL; - -int main(int argc, char **argv) - { - BN_GENCB cb; - DSA *dsa=NULL; - int counter,ret=0,i,j; +static unsigned char seed[20] = { + 0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8, 0xb6, 0x21, 0x1b, 0x40, + 0x62, 0xba, 0x32, 0x24, 0xe0, 0x42, 0x7d, 0xd3, +}; + +static unsigned char out_p[] = { + 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa, + 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb, + 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7, + 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5, + 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf, + 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac, + 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2, + 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91, +}; + +static unsigned char out_q[] = { + 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee, + 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e, + 0xda, 0xce, 0x91, 0x5f, +}; + +static unsigned char out_g[] = { + 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13, + 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00, + 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb, + 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e, + 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf, + 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c, + 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c, + 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02, +}; + +static const unsigned char str1[] = "12345678901234567890"; + +static BIO *bio_err = NULL; + +int +main(int argc, char **argv) +{ + BN_GENCB *cb; + DSA *dsa = NULL; + int counter, i, j; unsigned char buf[256]; unsigned long h; unsigned char sig[256]; unsigned int siglen; + int ret = 0; if (bio_err == NULL) - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); ERR_load_crypto_strings(); - BIO_printf(bio_err,"test generation of DSA parameters\n"); + BIO_printf(bio_err, "test generation of DSA parameters\n"); - BN_GENCB_set(&cb, dsa_cb, bio_err); - if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, - seed, 20, &counter, &h, &cb)) + if ((cb = BN_GENCB_new()) == NULL) goto end; - BIO_printf(bio_err,"seed\n"); - for (i=0; i<20; i+=4) - { - BIO_printf(bio_err,"%02X%02X%02X%02X ", - seed[i],seed[i+1],seed[i+2],seed[i+3]); - } - BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h); - - DSA_print(bio_err,dsa,0); - if (counter != 105) - { - BIO_printf(bio_err,"counter should be 105\n"); + BN_GENCB_set(cb, dsa_cb, bio_err); + if ((dsa = DSA_new()) == NULL) goto end; - } - if (h != 2) - { - BIO_printf(bio_err,"h should be 2\n"); + + if (!DSA_generate_parameters_ex(dsa, 512, seed, 20, &counter, &h, cb)) goto end; - } - i=BN_bn2bin(dsa->q,buf); - j=sizeof(out_q); - if ((i != j) || (memcmp(buf,out_q,i) != 0)) - { - BIO_printf(bio_err,"q value is wrong\n"); + BIO_printf(bio_err, "seed\n"); + for (i = 0; i < 20; i += 4) { + BIO_printf(bio_err, "%02X%02X%02X%02X ", + seed[i], seed[i + 1], seed[i + 2], seed[i + 3]); + } + BIO_printf(bio_err, "\ncounter=%d h=%ld\n", counter, h); + + DSA_print(bio_err, dsa, 0); + if (counter != 105) { + BIO_printf(bio_err, "counter should be 105\n"); + goto end; + } + if (h != 2) { + BIO_printf(bio_err, "h should be 2\n"); goto end; - } + } - i=BN_bn2bin(dsa->p,buf); - j=sizeof(out_p); - if ((i != j) || (memcmp(buf,out_p,i) != 0)) - { - BIO_printf(bio_err,"p value is wrong\n"); + i = BN_bn2bin(DSA_get0_q(dsa), buf); + j = sizeof(out_q); + if ((i != j) || (memcmp(buf, out_q, i) != 0)) { + BIO_printf(bio_err, "q value is wrong\n"); goto end; - } + } - i=BN_bn2bin(dsa->g,buf); - j=sizeof(out_g); - if ((i != j) || (memcmp(buf,out_g,i) != 0)) - { - BIO_printf(bio_err,"g value is wrong\n"); + i = BN_bn2bin(DSA_get0_p(dsa), buf); + j = sizeof(out_p); + if ((i != j) || (memcmp(buf, out_p, i) != 0)) { + BIO_printf(bio_err, "p value is wrong\n"); goto end; - } + } + + i = BN_bn2bin(DSA_get0_g(dsa), buf); + j = sizeof(out_g); + if ((i != j) || (memcmp(buf, out_g, i) != 0)) { + BIO_printf(bio_err, "g value is wrong\n"); + goto end; + } DSA_generate_key(dsa); DSA_sign(0, str1, 20, sig, &siglen, dsa); if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) - ret=1; + ret = 1; end: + BN_GENCB_free(cb); if (!ret) ERR_print_errors(bio_err); - if (dsa != NULL) DSA_free(dsa); + DSA_free(dsa); CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); ERR_free_strings(); CRYPTO_mem_leaks(bio_err); - if (bio_err != NULL) - { - BIO_free(bio_err); - bio_err = NULL; - } - exit(!ret); + BIO_free(bio_err); + bio_err = NULL; + + return !ret; +} + +static int +dsa_cb(int p, int n, BN_GENCB *arg) +{ + char c = '*'; + static int ok = 0, num = 0; + + if (p == 0) { + c = '.'; + num++; + } + if (p == 1) + c = '+'; + if (p == 2) { + c = '*'; + ok++; } -static int dsa_cb(int p, int n, BN_GENCB *arg) - { - char c='*'; - static int ok=0,num=0; - - if (p == 0) { c='.'; num++; }; - if (p == 1) c='+'; - if (p == 2) { c='*'; ok++; } - if (p == 3) c='\n'; - BIO_write(arg->arg,&c,1); - (void)BIO_flush(arg->arg); - - if (!ok && (p == 0) && (num > 1)) - { - BIO_printf((BIO *)arg,"error in dsatest\n"); + if (p == 3) + c = '\n'; + BIO_write(BN_GENCB_get_arg(arg), &c, 1); + (void)BIO_flush(BN_GENCB_get_arg(arg)); + + if (!ok && (p == 0) && (num > 1)) { + BIO_printf((BIO *)arg, "error in dsatest\n"); return 0; - } - return 1; } + return 1; +} diff --git a/tests/dtlstest.c b/tests/dtlstest.c index 08424c1a..18df9952 100644 --- a/tests/dtlstest.c +++ b/tests/dtlstest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dtlstest.c,v 1.14 2021/06/19 18:28:51 tb Exp $ */ +/* $OpenBSD: dtlstest.c,v 1.15 2022/01/07 09:07:00 tb Exp $ */ /* * Copyright (c) 2020, 2021 Joel Sing * @@ -27,6 +27,7 @@ #include #include +#include "bio_local.h" #include "ssl_locl.h" const char *server_ca_file; diff --git a/tests/ec_asn1_test.c b/tests/ec_asn1_test.c new file mode 100644 index 00000000..512f5c52 --- /dev/null +++ b/tests/ec_asn1_test.c @@ -0,0 +1,206 @@ +/* $OpenBSD: ec_asn1_test.c,v 1.2 2021/12/04 17:03:43 tb Exp $ */ +/* + * Copyright (c) 2017, 2021 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include +#include +#include + +const uint8_t ec_secp256r1_pkparameters_named_curve[] = { + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, + 0x01, 0x07, +}; + +const uint8_t ec_secp256r1_pkparameters_parameters[] = { + 0x30, 0x81, 0xf7, 0x02, 0x01, 0x01, 0x30, 0x2c, + 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, + 0x01, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x30, 0x5b, 0x04, 0x20, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, + 0x04, 0x20, 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, + 0x93, 0xe7, 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, + 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, + 0xb0, 0xf6, 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, + 0x60, 0x4b, 0x03, 0x15, 0x00, 0xc4, 0x9d, 0x36, + 0x08, 0x86, 0xe7, 0x04, 0x93, 0x6a, 0x66, 0x78, + 0xe1, 0x13, 0x9d, 0x26, 0xb7, 0x81, 0x9f, 0x7e, + 0x90, 0x04, 0x41, 0x04, 0x6b, 0x17, 0xd1, 0xf2, + 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, + 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, + 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, + 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42, 0xe2, + 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, + 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, + 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, + 0x37, 0xbf, 0x51, 0xf5, 0x02, 0x21, 0x00, 0xff, + 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbc, + 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e, 0x84, 0xf3, + 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51, 0x02, + 0x01, 0x01, +}; + +static void +hexdump(const unsigned char *buf, size_t len) +{ + size_t i; + + for (i = 1; i <= len; i++) + fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n"); + + fprintf(stderr, "\n"); +} + +static int +compare_data(const char *label, const unsigned char *d1, size_t d1_len, + const unsigned char *d2, size_t d2_len) +{ + if (d1_len != d2_len) { + fprintf(stderr, "FAIL: got %s with length %zu, want %zu\n", + label, d1_len, d2_len); + return -1; + } + if (memcmp(d1, d2, d1_len) != 0) { + fprintf(stderr, "FAIL: %sdiffer\n", label); + fprintf(stderr, "got:\n"); + hexdump(d1, d1_len); + fprintf(stderr, "want:\n"); + hexdump(d2, d2_len); + return -1; + } + return 0; +} + +static int +ec_group_pkparameters_test(const char *label, int asn1_flag, + const uint8_t *test_data, size_t test_data_len) +{ + EC_GROUP *group_a = NULL, *group_b = NULL; + unsigned char *out = NULL, *data = NULL; + const unsigned char *p; + BIO *bio_mem = NULL; + int failure = 1; + int len; + + /* + * Test i2d_ECPKParameters/d2i_ECPKParameters. + */ + if ((group_a = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL) + errx(1, "failed to create EC_GROUP"); + + EC_GROUP_set_asn1_flag(group_a, asn1_flag); + + if ((len = i2d_ECPKParameters(group_a, &out)) < 0) { + fprintf(stderr, "FAIL: i2d_ECPKParameters failed\n"); + goto done; + } + if (compare_data(label, out, len, test_data, test_data_len) == -1) + goto done; + + p = out; + if ((group_b = d2i_ECPKParameters(NULL, &p, len)) == NULL) { + fprintf(stderr, "FAIL: d2i_ECPKParameters failed\n"); + goto done; + } + + if (EC_GROUP_cmp(group_a, group_b, NULL) != 0) { + fprintf(stderr, "FAIL: EC_GROUPs do not match!\n"); + goto done; + } + + p = out; + if ((group_a = d2i_ECPKParameters(&group_a, &p, len)) == NULL) { + fprintf(stderr, "FAIL: d2i_ECPKParameters failed\n"); + goto done; + } + + if (EC_GROUP_cmp(group_a, group_b, NULL) != 0) { + fprintf(stderr, "FAIL: EC_GROUPs do not match!\n"); + goto done; + } + + /* + * Test i2d_ECPKParameters_bio/d2i_ECPKParameters_bio. + */ + if ((bio_mem = BIO_new(BIO_s_mem())) == NULL) + errx(1, "BIO_new failed for BIO_s_mem"); + + if ((len = i2d_ECPKParameters_bio(bio_mem, group_a)) < 0) { + fprintf(stderr, "FAIL: i2d_ECPKParameters_bio failed\n"); + goto done; + } + + len = BIO_get_mem_data(bio_mem, &data); + if (compare_data(label, out, len, test_data, test_data_len) == -1) + goto done; + + EC_GROUP_free(group_b); + if ((group_b = d2i_ECPKParameters_bio(bio_mem, NULL)) == NULL) { + fprintf(stderr, "FAIL: d2i_ECPKParameters_bio failed\n"); + goto done; + } + + if (EC_GROUP_cmp(group_a, group_b, NULL) != 0) { + fprintf(stderr, "FAIL: EC_GROUPs do not match!\n"); + goto done; + } + + failure = 0; + + done: + BIO_free_all(bio_mem); + EC_GROUP_free(group_a); + EC_GROUP_free(group_b); + free(out); + + return (failure); +} + +static int +ec_group_pkparameters_named_curve_test(void) +{ + return ec_group_pkparameters_test("ECPKPARAMETERS named curve", + OPENSSL_EC_NAMED_CURVE, ec_secp256r1_pkparameters_named_curve, + sizeof(ec_secp256r1_pkparameters_named_curve)); +} + +static int +ec_group_pkparameters_parameters_test(void) +{ + return ec_group_pkparameters_test("ECPKPARAMETERS parameters", + OPENSSL_EC_EXPLICIT_CURVE, ec_secp256r1_pkparameters_parameters, + sizeof(ec_secp256r1_pkparameters_parameters)); +} + +int +main(int argc, char **argv) +{ + int failed = 0; + + failed |= ec_group_pkparameters_named_curve_test(); + failed |= ec_group_pkparameters_parameters_test(); + + return (failed); +} diff --git a/tests/ec_point_conversion.c b/tests/ec_point_conversion.c index 221bfc64..8327ac43 100644 --- a/tests/ec_point_conversion.c +++ b/tests/ec_point_conversion.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_point_conversion.c,v 1.5 2021/05/03 14:51:47 tb Exp $ */ +/* $OpenBSD: ec_point_conversion.c,v 1.6 2021/12/29 22:48:09 tb Exp $ */ /* * Copyright (c) 2021 Theo Buehler * Copyright (c) 2021 Joel Sing @@ -227,7 +227,7 @@ test_random_points(void) EC_get_builtin_curves(all_curves, ncurves); for (curve_id = 0; curve_id < ncurves; curve_id++) - test_random_points_on_curve(&all_curves[curve_id]); + failed |= test_random_points_on_curve(&all_curves[curve_id]); fprintf(stderr, "%s: %s\n", __func__, failed ? "FAILED" : "SUCCESS"); diff --git a/tests/ecdhtest.c b/tests/ecdhtest.c index 81ba5a47..b3470cec 100644 --- a/tests/ecdhtest.c +++ b/tests/ecdhtest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdhtest.c,v 1.11 2021/04/20 17:21:27 tb Exp $ */ +/* $OpenBSD: ecdhtest.c,v 1.12 2021/12/29 22:58:40 tb Exp $ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -130,34 +130,17 @@ test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) if (!EC_KEY_generate_key(a)) goto err; - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == - NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates(group, - EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err; - } -#ifndef OPENSSL_NO_EC2M - else { - if (!EC_POINT_get_affine_coordinates(group, - EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err; - } -#endif + if (!EC_POINT_get_affine_coordinates(group, + EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err; + BIO_printf(out, " ."); (void)BIO_flush(out); if (!EC_KEY_generate_key(b)) goto err; - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == - NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates(group, - EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err; - } -#ifndef OPENSSL_NO_EC2M - else { - if (!EC_POINT_get_affine_coordinates(group, - EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err; - } -#endif + if (!EC_POINT_get_affine_coordinates(group, + EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err; BIO_printf(out, "."); (void)BIO_flush(out); diff --git a/tests/ecdsatest.c b/tests/ecdsatest.c index 097768d1..64815812 100644 --- a/tests/ecdsatest.c +++ b/tests/ecdsatest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdsatest.c,v 1.6 2018/07/17 17:10:04 tb Exp $ */ +/* $OpenBSD: ecdsatest.c,v 1.14 2022/09/02 11:47:25 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -84,112 +84,116 @@ #include /* declaration of the test functions */ -int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s); -int test_builtin(BIO *); +int x9_62_test_internal(int nid, const char *r, const char *s); +int test_builtin(void); /* some tests from the X9.62 draft */ int -x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) +x9_62_test_internal(int nid, const char *r_in, const char *s_in) { - int ret = 0; + EVP_MD_CTX *md_ctx = NULL; const char message[] = "abc"; unsigned char digest[20]; - unsigned int dgst_len = 0; - EVP_MD_CTX md_ctx; - EC_KEY *key = NULL; + unsigned int dgst_len = 0; + EC_KEY *key = NULL; ECDSA_SIG *signature = NULL; - BIGNUM *r = NULL, *s = NULL; + BIGNUM *r = NULL, *s = NULL; + int failed = 1; - EVP_MD_CTX_init(&md_ctx); - /* get the message digest */ - EVP_DigestInit(&md_ctx, EVP_ecdsa()); - EVP_DigestUpdate(&md_ctx, (const void*)message, 3); - EVP_DigestFinal(&md_ctx, digest, &dgst_len); + if ((md_ctx = EVP_MD_CTX_new()) == NULL) + goto err; + + if (!EVP_DigestInit(md_ctx, EVP_sha1())) + goto err; + if (!EVP_DigestUpdate(md_ctx, message, 3)) + goto err; + if (!EVP_DigestFinal(md_ctx, digest, &dgst_len)) + goto err; + + printf("testing %s: ", OBJ_nid2sn(nid)); - BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid)); - /* create the key */ if ((key = EC_KEY_new_by_curve_name(nid)) == NULL) - goto x962_int_err; + goto err; if (!EC_KEY_generate_key(key)) - goto x962_int_err; - BIO_printf(out, "."); - (void)BIO_flush(out); - /* create the signature */ - signature = ECDSA_do_sign(digest, 20, key); - if (signature == NULL) - goto x962_int_err; - BIO_printf(out, "."); - (void)BIO_flush(out); - /* compare the created signature with the expected signature */ - if ((r = BN_new()) == NULL || (s = BN_new()) == NULL) - goto x962_int_err; - if (!BN_dec2bn(&r, r_in) || - !BN_dec2bn(&s, s_in)) - goto x962_int_err; - if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s)) - goto x962_int_err; - BIO_printf(out, "."); - (void)BIO_flush(out); - /* verify the signature */ + goto err; + + printf("."); + fflush(stdout); + + if ((signature = ECDSA_do_sign(digest, 20, key)) == NULL) + goto err; + + printf("."); + fflush(stdout); + + if (!BN_dec2bn(&r, r_in) || !BN_dec2bn(&s, s_in)) + goto err; + if (BN_cmp(ECDSA_SIG_get0_r(signature), r) || + BN_cmp(ECDSA_SIG_get0_s(signature), s)) + goto err; + + printf("."); + fflush(stdout); + if (ECDSA_do_verify(digest, 20, signature, key) != 1) - goto x962_int_err; - BIO_printf(out, "."); - (void)BIO_flush(out); - - BIO_printf(out, " ok\n"); - ret = 1; - x962_int_err: - if (!ret) - BIO_printf(out, " failed\n"); - if (key) - EC_KEY_free(key); - if (signature) - ECDSA_SIG_free(signature); - if (r) - BN_free(r); - if (s) - BN_free(s); - EVP_MD_CTX_cleanup(&md_ctx); - return ret; + goto err; + + printf("."); + fflush(stdout); + + printf(" ok\n"); + + failed = 0; + + err: + if (failed) + printf(" failed\n"); + EC_KEY_free(key); + ECDSA_SIG_free(signature); + BN_free(r); + BN_free(s); + EVP_MD_CTX_free(md_ctx); + return failed; } int -test_builtin(BIO *out) +test_builtin(void) { + unsigned char digest[20], wrong_digest[20]; EC_builtin_curve *curves = NULL; - size_t num_curves = 0, n = 0; - EC_KEY *eckey = NULL, *wrong_eckey = NULL; - EC_GROUP *group; - ECDSA_SIG *ecdsa_sig = NULL; - unsigned char digest[20], wrong_digest[20]; - unsigned char *signature = NULL; - const unsigned char *sig_ptr; - unsigned char *sig_ptr2; - unsigned char *raw_buf = NULL; - unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len; - int nid, ret = 0; + size_t num_curves = 0, n = 0; + EC_KEY *eckey = NULL, *wrong_eckey = NULL; + EC_GROUP *group; + ECDSA_SIG *ecdsa_sig = NULL; + BIGNUM *r = NULL, *s = NULL; + unsigned char *signature = NULL; + const unsigned char *sig_ptr; + unsigned char *sig_ptr2; + unsigned char *raw_buf = NULL; + unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len; + int nid; + int failed = 1; /* fill digest values with some random data */ arc4random_buf(digest, 20); arc4random_buf(wrong_digest, 20); /* create and verify a ecdsa signature with every available curve */ - BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() " - "with some internal curves:\n"); + printf("\ntesting ECDSA_sign() and ECDSA_verify() " + "with some internal curves:\n"); /* get a list of all internal curves */ num_curves = EC_get_builtin_curves(NULL, 0); curves = reallocarray(NULL, sizeof(EC_builtin_curve), num_curves); - if (curves == NULL) { - BIO_printf(out, "reallocarray error\n"); - goto builtin_err; + printf("reallocarray error\n"); + goto err; } if (!EC_get_builtin_curves(curves, num_curves)) { - BIO_printf(out, "unable to get internal curves\n"); - goto builtin_err; + printf("unable to get internal curves\n"); + goto err; } /* now create and verify a signature for every curve */ @@ -199,93 +203,85 @@ test_builtin(BIO *out) nid = curves[n].nid; if (nid == NID_ipsec4) continue; - /* create new ecdsa key (== EC_KEY) */ + if ((eckey = EC_KEY_new()) == NULL) - goto builtin_err; + goto err; group = EC_GROUP_new_by_curve_name(nid); if (group == NULL) - goto builtin_err; + goto err; if (EC_KEY_set_group(eckey, group) == 0) - goto builtin_err; + goto err; + degree = EC_GROUP_get_degree(group); EC_GROUP_free(group); - degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey)); if (degree < 160) { /* drop the curve */ EC_KEY_free(eckey); eckey = NULL; continue; } - BIO_printf(out, "%s: ", OBJ_nid2sn(nid)); - /* create key */ + printf("%s: ", OBJ_nid2sn(nid)); + if (!EC_KEY_generate_key(eckey)) { - BIO_printf(out, " failed\n"); - goto builtin_err; + goto err; } - /* create second key */ + if ((wrong_eckey = EC_KEY_new()) == NULL) - goto builtin_err; + goto err; group = EC_GROUP_new_by_curve_name(nid); if (group == NULL) - goto builtin_err; + goto err; if (EC_KEY_set_group(wrong_eckey, group) == 0) - goto builtin_err; + goto err; EC_GROUP_free(group); - if (!EC_KEY_generate_key(wrong_eckey)) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } + if (!EC_KEY_generate_key(wrong_eckey)) + goto err; - BIO_printf(out, "."); - (void)BIO_flush(out); - /* check key */ - if (!EC_KEY_check_key(eckey)) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - /* create signature */ - sig_len = ECDSA_size(eckey); + printf("."); + fflush(stdout); + + if (!EC_KEY_check_key(eckey)) + goto err; + + printf("."); + fflush(stdout); + + if ((sig_len = ECDSA_size(eckey)) == 0) + goto err; if ((signature = malloc(sig_len)) == NULL) - goto builtin_err; - if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - /* verify signature */ - if (ECDSA_verify(0, digest, 20, signature, sig_len, - eckey) != 1) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); + goto err; + if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) + goto err; + + printf("."); + fflush(stdout); + + if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) + goto err; + + printf("."); + fflush(stdout); + /* verify signature with the wrong key */ if (ECDSA_verify(0, digest, 20, signature, sig_len, - wrong_eckey) == 1) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - /* wrong digest */ + wrong_eckey) == 1) + goto err; + + printf("."); + fflush(stdout); + if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, - eckey) == 1) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - /* wrong length */ + eckey) == 1) + goto err; + + printf("."); + fflush(stdout); + if (ECDSA_verify(0, digest, 20, signature, sig_len - 1, - eckey) == 1) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); + eckey) == 1) + goto err; + + printf("."); + fflush(stdout); /* * Modify a single byte of the signature: to ensure we don't @@ -294,60 +290,77 @@ test_builtin(BIO *out) */ sig_ptr = signature; if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, - sig_len)) == NULL) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } + sig_len)) == NULL) + goto err; /* Store the two BIGNUMs in raw_buf. */ - r_len = BN_num_bytes(ecdsa_sig->r); - s_len = BN_num_bytes(ecdsa_sig->s); + r_len = BN_num_bytes(ECDSA_SIG_get0_r(ecdsa_sig)); + s_len = BN_num_bytes(ECDSA_SIG_get0_s(ecdsa_sig)); bn_len = (degree + 7) / 8; - if ((r_len > bn_len) || (s_len > bn_len)) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } + if ((r_len > bn_len) || (s_len > bn_len)) + goto err; + buf_len = 2 * bn_len; if ((raw_buf = calloc(1, buf_len)) == NULL) - goto builtin_err; - BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len); - BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len); + goto err; + BN_bn2bin(ECDSA_SIG_get0_r(ecdsa_sig), + raw_buf + bn_len - r_len); + BN_bn2bin(ECDSA_SIG_get0_s(ecdsa_sig), + raw_buf + buf_len - s_len); /* Modify a single byte in the buffer. */ offset = raw_buf[10] % buf_len; - dirt = raw_buf[11] ? raw_buf[11] : 1; + dirt = raw_buf[11] ? raw_buf[11] : 1; raw_buf[offset] ^= dirt; /* Now read the BIGNUMs back in from raw_buf. */ - if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) || - (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL)) - goto builtin_err; + if ((r = BN_bin2bn(raw_buf, bn_len, NULL)) == NULL || + (s = BN_bin2bn(raw_buf + bn_len, bn_len, NULL)) == NULL) + goto err; + if (!ECDSA_SIG_set0(ecdsa_sig, r, s)) + goto err; + r = NULL; + s = NULL; + + if ((sig_len = i2d_ECDSA_SIG(ecdsa_sig, NULL)) <= 0) + goto err; + free(signature); + if ((signature = calloc(1, sig_len)) == NULL) + goto err; sig_ptr2 = signature; - sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); - if (ECDSA_verify(0, digest, 20, signature, sig_len, - eckey) == 1) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } + if ((sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2)) <= 0) + goto err; + if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) + goto err; + /* Sanity check: undo the modification and verify signature. */ raw_buf[offset] ^= dirt; - if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) || - (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL)) - goto builtin_err; + if ((r = BN_bin2bn(raw_buf, bn_len, NULL)) == NULL || + (s = BN_bin2bn(raw_buf + bn_len, bn_len, NULL)) == NULL) + goto err; + if (!ECDSA_SIG_set0(ecdsa_sig, r, s)) + goto err; + r = NULL; + s = NULL; + + if ((sig_len = i2d_ECDSA_SIG(ecdsa_sig, NULL)) <= 0) + goto err; + free(signature); + if ((signature = calloc(1, sig_len)) == NULL) + goto err; sig_ptr2 = signature; - sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); + if ((sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2)) <= 0) + goto err; if (ECDSA_verify(0, digest, 20, signature, sig_len, - eckey) != 1) { - BIO_printf(out, " failed\n"); - goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); + eckey) != 1) + goto err; + + printf("."); + fflush(stdout); + + printf(" ok\n"); - BIO_printf(out, " ok\n"); - /* cleanup */ - /* clean bogus errors */ ERR_clear_error(); free(signature); signature = NULL; @@ -361,8 +374,14 @@ test_builtin(BIO *out) raw_buf = NULL; } - ret = 1; - builtin_err: + failed = 0; + + err: + if (failed) + printf(" failed\n"); + + BN_free(r); + BN_free(s); EC_KEY_free(eckey); EC_KEY_free(wrong_eckey); ECDSA_SIG_free(ecdsa_sig); @@ -370,36 +389,30 @@ test_builtin(BIO *out) free(raw_buf); free(curves); - return ret; + return failed; } int main(void) { - int ret = 1; - BIO *out; - - out = BIO_new_fp(stdout, BIO_NOCLOSE); - - ERR_load_crypto_strings(); + int failed = 1; /* the tests */ - if (!test_builtin(out)) + if (test_builtin()) goto err; - ret = 0; + printf("\nECDSA test passed\n"); + failed = 0; + err: - if (ret) - BIO_printf(out, "\nECDSA test failed\n"); - else - BIO_printf(out, "\nECDSA test passed\n"); - if (ret) - ERR_print_errors(out); + if (failed) { + printf("\nECDSA test failed\n"); + ERR_print_errors_fp(stdout); + } + CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); ERR_free_strings(); - CRYPTO_mem_leaks(out); - if (out != NULL) - BIO_free(out); - return ret; + + return failed; } diff --git a/tests/enginetest.c b/tests/enginetest.c index 12386625..40e598ab 100644 --- a/tests/enginetest.c +++ b/tests/enginetest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: enginetest.c,v 1.8 2018/07/17 17:06:49 tb Exp $ */ +/* $OpenBSD: enginetest.c,v 1.9 2022/09/05 21:06:31 tb Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -73,7 +73,7 @@ static void display_engine_list(void) loop = 0; printf("listing available engine types\n"); while (h) { - printf("engine %i, id = \"%s\", name = \"%s\"\n", + printf("engine %d, id = \"%s\", name = \"%s\"\n", loop++, ENGINE_get_id(h), ENGINE_get_name(h)); h = ENGINE_get_next(h); } @@ -188,9 +188,9 @@ int main(int argc, char *argv[]) printf("About to beef up the engine-type list\n"); for (loop = 0; loop < 512; loop++) { - if (asprintf(&id, "id%i", loop) == -1) + if (asprintf(&id, "id%d", loop) == -1) goto end; - if (asprintf(&name, "Fake engine type %i", loop) == -1) + if (asprintf(&name, "Fake engine type %d", loop) == -1) goto end; if (((block[loop] = ENGINE_new()) == NULL) || @@ -203,7 +203,7 @@ int main(int argc, char *argv[]) for (loop = 0; loop < 512; loop++) { if (!ENGINE_add(block[loop])) { - printf("\nAdding stopped at %i, (%s,%s)\n", + printf("\nAdding stopped at %d, (%s,%s)\n", loop, ENGINE_get_id(block[loop]), ENGINE_get_name(block[loop])); break; diff --git a/tests/evp_pkey_check.c b/tests/evp_pkey_check.c new file mode 100644 index 00000000..db26d3aa --- /dev/null +++ b/tests/evp_pkey_check.c @@ -0,0 +1,404 @@ +/* $OpenBSD: evp_pkey_check.c,v 1.2 2022/01/11 19:27:35 tb Exp $ */ +/* + * Copyright (c) 2021-2022 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include +#include + +#define EVP_TEST_RSA_BITS 2048 + +static int +evp_pkey_check_rsa(void) +{ + EVP_PKEY_CTX *pkey_ctx = NULL; + EVP_PKEY *pkey = NULL; + RSA *rsa = NULL; + BIGNUM *rsa_d; + int ret; + int fail_soft = 0; + int failed = 1; + + /* + * Generate a run-off-the-mill RSA key. + */ + + if ((pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL) { + fprintf(stderr, "%s: EVP_PKEY_CTX_new_id()\n", __func__); + goto err; + } + if (EVP_PKEY_keygen_init(pkey_ctx) <= 0) { + fprintf(stderr, "%s: EVP_PKEY_keygen_init\n", __func__); + goto err; + } + if (!EVP_PKEY_CTX_set_rsa_keygen_bits(pkey_ctx, EVP_TEST_RSA_BITS)) { + fprintf(stderr, "%s: EVP_PKEY_CTX_set_rsa_keygen_bits\n", + __func__); + goto err; + } + if (EVP_PKEY_keygen(pkey_ctx, &pkey) <= 0) { + fprintf(stderr, "%s: EVP_PKEY_keygen\n", __func__); + goto err; + } + + /* At this point, no pkey is set on pkey_ctx, we should fail with 0. */ + if (EVP_PKEY_check(pkey_ctx) != 0) { + fprintf(stderr, "%s: EVP_PKEY_check() succeeded without pkey\n", + __func__); + ERR_print_errors_fp(stderr); + fail_soft = 1; + } + + ERR_clear_error(); + + /* + * Create a new EVP_PKEY_CTX with pkey set. + */ + + EVP_PKEY_CTX_free(pkey_ctx); + if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) { + fprintf(stderr, "%s: EVP_PKEY_CTX_new\n", __func__); + goto err; + } + + /* The freshly generated pkey is set on pkey_ctx. We should succeed. */ + if ((ret = EVP_PKEY_check(pkey_ctx)) <= 0) { + fprintf(stderr, "%s: EVP_PKEY_check(), generated pkey: %d\n", + __func__, ret); + ERR_print_errors_fp(stderr); + ERR_clear_error(); + fail_soft = 1; + } + + /* Public key checking for RSA is not supported. */ + if (EVP_PKEY_public_check(pkey_ctx) != -2) { + fprintf(stderr, + "%s: EVP_PKEY_public_check() supported for RSA?\n", + __func__); + goto err; + } + ERR_clear_error(); + + /* Parameter checking for RSA is not supported. */ + if (EVP_PKEY_param_check(pkey_ctx) != -2) { + fprintf(stderr, + "%s: EVP_PKEY_param_check() supported for RSA?\n", + __func__); + goto err; + } + ERR_clear_error(); + + /* + * Now modify the RSA key a bit. The check should then fail. + */ + + if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) { + fprintf(stderr, "%s: EVP_PKEY_get0_RSA\n", __func__); + goto err; + } + /* We're lazy and modify rsa->d directly, hence the ugly cast. */ + if ((rsa_d = (BIGNUM *)RSA_get0_d(rsa)) == NULL) { + fprintf(stderr, "%s: RSA_get0_d()\n", __func__); + goto err; + } + if (!BN_add_word(rsa_d, 2)) { + fprintf(stderr, "%s: BN_add_word\n", __func__); + goto err; + } + + /* Since (d+2) * e != 1 mod (p-1)*(q-1), we should fail */ + if (EVP_PKEY_check(pkey_ctx) == 1) { + fprintf(stderr, "%s: EVP_PKEY_check success with modified d\n", + __func__); + fail_soft = 1; + } + + /* + * Spew some garbage to stderr. + */ + + fprintf(stderr, "We should see some errors about RSA d:\n"); + ERR_print_errors_fp(stderr); + ERR_clear_error(); + fprintf(stderr, "EVP_PKEY_check test for RSA done.\n"); + + failed = 0; + + err: + EVP_PKEY_CTX_free(pkey_ctx); + EVP_PKEY_free(pkey); + + return failed | fail_soft; +} + +static int +evp_pkey_check_ec(void) +{ + EVP_PKEY_CTX *pkey_ctx = NULL; + EVP_PKEY *pkey = NULL; + EC_KEY *eckey = NULL; + BIGNUM *private_key = NULL; + EC_GROUP *group; + const EC_POINT *generator; + BIGNUM *cofactor = NULL, *order = NULL; + int ret; + int fail_soft = 0; + int failed = 1; + + /* + * Generate an elliptic curve key on secp384r1 + */ + + if ((pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) == NULL) { + fprintf(stderr, "%s: EVP_PKEY_CTX_new_id\n", __func__); + goto err; + } + if (EVP_PKEY_keygen_init(pkey_ctx) <= 0) { + fprintf(stderr, "%s: EVP_PKEY_keygen_init\n", __func__); + goto err; + } + if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pkey_ctx, + NID_secp384r1) <= 0) { + fprintf(stderr, "%s: EVP_PKEY_CTX_set_ec_paramgen_curve_nid\n", + __func__); + goto err; + } + if (EVP_PKEY_keygen(pkey_ctx, &pkey) <= 0) { + fprintf(stderr, "%s: EVP_PKEY_keygen\n", __func__); + goto err; + } + + /* At this point, no pkey is set on pkey_ctx, we should fail with 0. */ + if (EVP_PKEY_check(pkey_ctx) != 0) { + fprintf(stderr, "%s: EVP_PKEY_check() succeeded without pkey\n", + __func__); + ERR_print_errors_fp(stderr); + fail_soft = 1; + } + + ERR_clear_error(); + + /* + * Create a new EVP_PKEY_CTX with pkey set. + */ + + EVP_PKEY_CTX_free(pkey_ctx); + if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) { + fprintf(stderr, "%s: EVP_PKEY_CTX_new\n", __func__); + goto err; + } + + /* The freshly generated pkey is set on pkey_ctx. We should succeed. */ + if ((ret = EVP_PKEY_check(pkey_ctx)) <= 0) { + fprintf(stderr, "%s: EVP_PKEY_check(), generated pkey: %d\n", + __func__, ret); + ERR_print_errors_fp(stderr); + ERR_clear_error(); + fail_soft = 1; + } + + /* We should also succeed the public check. */ + if ((ret = EVP_PKEY_public_check(pkey_ctx)) <= 0) { + fprintf(stderr, + "%s: EVP_PKEY_public_check(), generated pkey: %d\n", + __func__, ret); + ERR_print_errors_fp(stderr); + ERR_clear_error(); + fail_soft = 1; + } + + /* We should also succeed the parameter check. */ + if ((ret = EVP_PKEY_param_check(pkey_ctx)) <= 0) { + fprintf(stderr, + "%s: EVP_PKEY_param_check(), generated pkey: %d\n", + __func__, ret); + ERR_print_errors_fp(stderr); + ERR_clear_error(); + fail_soft = 1; + } + + /* + * Modify the private key slightly. + */ + + if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) { + fprintf(stderr, "%s: EVP_PKEY_get0_EC_KEY\n", __func__); + goto err; + } + + /* We're lazy and modify the private key directly. */ + if ((private_key = (BIGNUM *)EC_KEY_get0_private_key(eckey)) == NULL) { + fprintf(stderr, "%s: EC_KEY_get0_private_key\n", __func__); + goto err; + } + + /* + * The private key is a random number in [1, order). Preserve this + * property by adding 1 if it is equal to 1 and subtracting 1 otherwise. + */ + if (BN_cmp(private_key, BN_value_one()) == 0) { + if (!BN_add_word(private_key, 1)) { + fprintf(stderr, "%s: BN_add_word\n", __func__); + goto err; + } + } else { + if (!BN_sub_word(private_key, 1)) { + fprintf(stderr, "%s: BN_sub_word\n", __func__); + goto err; + } + } + + /* Generator times private key will no longer be equal to public key. */ + if (EVP_PKEY_check(pkey_ctx) == 1) { + fprintf(stderr, "%s: EVP_PKEY_check succeeded unexpectedly\n", + __func__); + fail_soft = 1; + } + + /* + * Spew some garbage to stderr. + */ + + fprintf(stderr, "We should see an error about the EC private key:\n"); + ERR_print_errors_fp(stderr); + ERR_clear_error(); + + /* EVP_PKEY_public_check checks the private key (sigh), so we fail. */ + if (EVP_PKEY_public_check(pkey_ctx) == 1) { + fprintf(stderr, + "%s: EVP_PKEY_public_check succeeded unexpectedly\n", + __func__); + fail_soft = 1; + } + + /* We should still succeed the parameter check. */ + if ((ret = EVP_PKEY_param_check(pkey_ctx)) <= 0) { + fprintf(stderr, + "%s: EVP_PKEY_param_check(), modified privkey pkey: %d\n", + __func__, ret); + ERR_print_errors_fp(stderr); + ERR_clear_error(); + fail_soft = 1; + } + + /* Now set the private key to NULL. The API will think malloc failed. */ + if (EC_KEY_set_private_key(eckey, NULL) != 0) { + fprintf(stderr, "%s: EC_KEY_set_private_key succeeded?!", + __func__); + goto err; + } + + /* + * EVP_PKEY_public_check now only checks that the public key is on the + * curve. We should succeed again. + */ + + if ((ret = EVP_PKEY_public_check(pkey_ctx)) <= 0) { + fprintf(stderr, "%s: EVP_PKEY_check(), generated pkey: %d\n", + __func__, ret); + fail_soft = 1; + } + + ERR_clear_error(); + + /* + * Now let's modify the group to trip the parameter check. + */ + + if ((group = (EC_GROUP *)EC_KEY_get0_group(eckey)) == NULL) { + fprintf(stderr, "%s: EC_KEY_get0_group() failed\n", __func__); + goto err; + } + + if ((generator = EC_GROUP_get0_generator(group)) == NULL) { + fprintf(stderr, "%s: EC_GROUP_get0_generator() failed\n", + __func__); + goto err; + } + + if ((order = BN_new()) == NULL) { + fprintf(stderr, "%s: order = BN_new() failed\n", __func__); + goto err; + } + if ((cofactor = BN_new()) == NULL) { + fprintf(stderr, "%s: cofactor = BN_new() failed\n", __func__); + goto err; + } + + if (!EC_GROUP_get_order(group, order, NULL)) { + fprintf(stderr, "%s: EC_GROUP_get_order() failed\n", __func__); + goto err; + } + if (!EC_GROUP_get_cofactor(group, cofactor, NULL)) { + fprintf(stderr, "%s: EC_GROUP_get_cofactor() failed\n", + __func__); + goto err; + } + + /* Decrement order so order * generator != (point at infinity). */ + if (!BN_sub_word(order, 1)) { + fprintf(stderr, "%s: BN_sub_word() failed\n", __func__); + goto err; + } + + /* Now set this nonsense on the group. */ + if (!EC_GROUP_set_generator(group, generator, order, cofactor)) { + fprintf(stderr, "%s: EC_GROUP_set_generator() failed\n", + __func__); + goto err; + } + + /* We should now fail the parameter check. */ + if (EVP_PKEY_param_check(pkey_ctx) == 1) { + fprintf(stderr, + "%s: EVP_PKEY_param_check(), succeeded unexpectedly\n", + __func__); + fail_soft = 1; + } + + fprintf(stderr, "We should see an error on invalid group order\n"); + ERR_print_errors_fp(stderr); + ERR_clear_error(); + + fprintf(stderr, "EVP_PKEY_check test for EC done.\n"); + + failed = 0; + + err: + EVP_PKEY_CTX_free(pkey_ctx); + EVP_PKEY_free(pkey); + BN_free(order); + BN_free(cofactor); + + return failed | fail_soft; +} + +int +main(void) +{ + int failed = 0; + + failed |= evp_pkey_check_rsa(); + failed |= evp_pkey_check_ec(); + + printf("%s\n", failed ? "FAILED" : "SUCCESS"); + + return failed; +} diff --git a/tests/evp_pkey_cleanup.c b/tests/evp_pkey_cleanup.c new file mode 100644 index 00000000..5f8cc20d --- /dev/null +++ b/tests/evp_pkey_cleanup.c @@ -0,0 +1,86 @@ +/* $OpenBSD: evp_pkey_cleanup.c,v 1.1 2022/03/30 08:57:26 tb Exp $ */ + +/* + * Copyright (c) 2022 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include + +#include "evp_locl.h" + +struct pkey_cleanup_test { + const char *name; + int nid; + void (*free)(void); +}; + +int pkey_ids[] = { + EVP_PKEY_CMAC, + EVP_PKEY_DH, + EVP_PKEY_DSA, + EVP_PKEY_EC, + EVP_PKEY_GOSTIMIT, + EVP_PKEY_GOSTR01, + EVP_PKEY_HMAC, + EVP_PKEY_RSA, + EVP_PKEY_RSA_PSS, +}; + +static const size_t N_PKEY_IDS = sizeof(pkey_ids) / sizeof(pkey_ids[0]); + +static int +test_evp_pkey_ctx_cleanup(int nid) +{ + EVP_PKEY_CTX *pkey_ctx = NULL; + void *data; + int failed = 1; + + if ((pkey_ctx = EVP_PKEY_CTX_new_id(nid, NULL)) == NULL) { + fprintf(stderr, "EVP_PKEY_CTX_new_id(%d, NULL) failed\n", nid); + goto err; + } + + data = EVP_PKEY_CTX_get_data(pkey_ctx); + + EVP_PKEY_CTX_set_data(pkey_ctx, NULL); + if (pkey_ctx->pmeth->cleanup != NULL) + pkey_ctx->pmeth->cleanup(pkey_ctx); + + EVP_PKEY_CTX_set_data(pkey_ctx, data); + + failed = 0; + + err: + EVP_PKEY_CTX_free(pkey_ctx); + + return failed; +} + +int +main(void) +{ + size_t i; + int failed = 0; + + for (i = 0; i < N_PKEY_IDS; i++) + failed |= test_evp_pkey_ctx_cleanup(pkey_ids[i]); + + if (!failed) + printf("SUCCESS\n"); + + return failed; +} diff --git a/tests/evptest.c b/tests/evptest.c index 8dc9fc0b..e6108de9 100644 --- a/tests/evptest.c +++ b/tests/evptest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evptest.c,v 1.9 2020/01/26 02:46:26 tb Exp $ */ +/* $OpenBSD: evptest.c,v 1.11 2021/11/18 21:18:28 tb Exp $ */ /* Written by Ben Laurie, 2001 */ /* * Copyright (c) 2001 The OpenSSL Project. All rights reserved. @@ -142,7 +142,7 @@ test1(const EVP_CIPHER *c, const unsigned char *key, int kn, const unsigned char *iv, int in, const unsigned char *plaintext, int pn, const unsigned char *ciphertext, int cn, int encdec) { - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; unsigned char out[4096]; const unsigned char *eiv; int outl, outl2; @@ -155,30 +155,34 @@ test1(const EVP_CIPHER *c, const unsigned char *key, int kn, hexdump(stdout, "Plaintext",plaintext,pn); hexdump(stdout, "Ciphertext",ciphertext,cn); - if (kn != c->key_len) { + if (kn != EVP_CIPHER_key_length(c)) { fprintf(stderr, "Key length doesn't match, got %d expected %lu\n",kn, - (unsigned long)c->key_len); + (unsigned long)EVP_CIPHER_key_length(c)); test1_exit(5); } - EVP_CIPHER_CTX_init(&ctx); - EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) { + fprintf(stderr, "EVP_CIPHER_CTX_new failed\n"); + ERR_print_errors_fp(stderr); + test1_exit(12); + } + EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); if (encdec != 0) { eiv = iv; if (EVP_CIPHER_mode(c) == EVP_CIPH_WRAP_MODE && in == 0) eiv = NULL; - if (!EVP_EncryptInit_ex(&ctx, c, NULL, key, eiv)) { + if (!EVP_EncryptInit_ex(ctx, c, NULL, key, eiv)) { fprintf(stderr, "EncryptInit failed\n"); ERR_print_errors_fp(stderr); test1_exit(10); } - EVP_CIPHER_CTX_set_padding(&ctx, 0); + EVP_CIPHER_CTX_set_padding(ctx, 0); - if (!EVP_EncryptUpdate(&ctx, out, &outl, plaintext, pn)) { + if (!EVP_EncryptUpdate(ctx, out, &outl, plaintext, pn)) { fprintf(stderr, "Encrypt failed\n"); ERR_print_errors_fp(stderr); test1_exit(6); } - if (!EVP_EncryptFinal_ex(&ctx, out + outl, &outl2)) { + if (!EVP_EncryptFinal_ex(ctx, out + outl, &outl2)) { fprintf(stderr, "EncryptFinal failed\n"); ERR_print_errors_fp(stderr); test1_exit(7); @@ -202,19 +206,19 @@ test1(const EVP_CIPHER *c, const unsigned char *key, int kn, eiv = iv; if (EVP_CIPHER_mode(c) == EVP_CIPH_WRAP_MODE && in == 0) eiv = NULL; - if (!EVP_DecryptInit_ex(&ctx, c,NULL, key, eiv)) { + if (!EVP_DecryptInit_ex(ctx, c,NULL, key, eiv)) { fprintf(stderr, "DecryptInit failed\n"); ERR_print_errors_fp(stderr); test1_exit(11); } - EVP_CIPHER_CTX_set_padding(&ctx, 0); + EVP_CIPHER_CTX_set_padding(ctx, 0); - if (!EVP_DecryptUpdate(&ctx, out, &outl, ciphertext, cn)) { + if (!EVP_DecryptUpdate(ctx, out, &outl, ciphertext, cn)) { fprintf(stderr, "Decrypt failed\n"); ERR_print_errors_fp(stderr); test1_exit(6); } - if (!EVP_DecryptFinal_ex(&ctx, out + outl, &outl2)) { + if (!EVP_DecryptFinal_ex(ctx, out + outl, &outl2)) { fprintf(stderr, "DecryptFinal failed\n"); ERR_print_errors_fp(stderr); test1_exit(7); @@ -234,7 +238,7 @@ test1(const EVP_CIPHER *c, const unsigned char *key, int kn, } } - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); printf("\n"); } @@ -260,7 +264,7 @@ test_digest(const char *digest, const unsigned char *plaintext, int pn, const unsigned char *ciphertext, unsigned int cn) { const EVP_MD *d; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx; unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdn; @@ -272,23 +276,28 @@ test_digest(const char *digest, const unsigned char *plaintext, int pn, hexdump(stdout, "Plaintext",plaintext,pn); hexdump(stdout, "Digest",ciphertext,cn); - EVP_MD_CTX_init(&ctx); - if (!EVP_DigestInit_ex(&ctx, d, NULL)) { + if ((ctx = EVP_MD_CTX_new()) == NULL) { + fprintf(stderr, "EVP_CIPHER_CTX_new failed\n"); + ERR_print_errors_fp(stderr); + test1_exit(104); + } + if (!EVP_DigestInit_ex(ctx, d, NULL)) { fprintf(stderr, "DigestInit failed\n"); ERR_print_errors_fp(stderr); exit(100); } - if (!EVP_DigestUpdate(&ctx, plaintext, pn)) { + if (!EVP_DigestUpdate(ctx, plaintext, pn)) { fprintf(stderr, "DigestUpdate failed\n"); ERR_print_errors_fp(stderr); exit(101); } - if (!EVP_DigestFinal_ex(&ctx, md, &mdn)) { + if (!EVP_DigestFinal_ex(ctx, md, &mdn)) { fprintf(stderr, "DigestFinal failed\n"); ERR_print_errors_fp(stderr); exit(101); } - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_free(ctx); + ctx = NULL; if (mdn != cn) { fprintf(stderr, "Digest length mismatch, got %d expected %d\n",mdn,cn); @@ -304,8 +313,6 @@ test_digest(const char *digest, const unsigned char *plaintext, int pn, printf("\n"); - EVP_MD_CTX_cleanup(&ctx); - return 1; } diff --git a/tests/explicit_bzero.c b/tests/explicit_bzero.c index 9c0e9178..496bafb2 100644 --- a/tests/explicit_bzero.c +++ b/tests/explicit_bzero.c @@ -1,4 +1,4 @@ -/* $OpenBSD: explicit_bzero.c,v 1.7 2021/03/27 11:17:58 bcook Exp $ */ +/* $OpenBSD: explicit_bzero.c,v 1.9 2022/02/10 08:39:32 tb Exp $ */ /* * Copyright (c) 2014 Google Inc. * @@ -26,6 +26,17 @@ #define ASSERT_NE(a, b) assert((a) != (b)) #define ASSERT_GE(a, b) assert((a) >= (b)) +#if defined(__has_feature) +#if __has_feature(address_sanitizer) +#define __SANITIZE_ADDRESS__ +#endif +#endif +#ifdef __SANITIZE_ADDRESS__ +#define ATTRIBUTE_NO_SANITIZE_ADDRESS __attribute__((no_sanitize_address)) +#else +#define ATTRIBUTE_NO_SANITIZE_ADDRESS +#endif + /* 128 bits of random data. */ static const char secret[16] = { 0xa0, 0x6c, 0x0c, 0x81, 0xba, 0xd8, 0x5b, 0x0c, @@ -138,8 +149,8 @@ count_secrets(const char *buf) return (res); } -static char * -test_without_bzero() +ATTRIBUTE_NO_SANITIZE_ADDRESS static char * +test_without_bzero(void) { char buf[SECRETBYTES]; assert_on_stack(); @@ -149,8 +160,8 @@ test_without_bzero() return (res); } -static char * -test_with_bzero() +ATTRIBUTE_NO_SANITIZE_ADDRESS static char * +test_with_bzero(void) { char buf[SECRETBYTES]; assert_on_stack(); @@ -161,14 +172,14 @@ test_with_bzero() return (res); } -static void +static void do_test_without_bzero(int signo) { char *buf = test_without_bzero(); ASSERT_GE(count_secrets(buf), 1); } -static void +static void do_test_with_bzero(int signo) { char *buf = test_with_bzero(); @@ -176,7 +187,7 @@ do_test_with_bzero(int signo) } int -main() +main(void) { setup_stack(); diff --git a/tests/exptest.c b/tests/exptest.c index e7f58485..e6260071 100644 --- a/tests/exptest.c +++ b/tests/exptest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exptest.c,v 1.7 2018/11/08 22:20:25 jsing Exp $ */ +/* $OpenBSD: exptest.c,v 1.8 2021/11/18 15:17:31 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -79,8 +79,9 @@ int BN_mod_exp_mont_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, * Test that r == 0 in test_exp_mod_zero(). Returns one on success, * returns zero and prints debug output otherwise. */ -static int a_is_zero_mod_one(const char *method, const BIGNUM *r, - const BIGNUM *a) { +static int +a_is_zero_mod_one(const char *method, const BIGNUM *r, const BIGNUM *a) +{ if (!BN_is_zero(r)) { fprintf(stderr, "%s failed:\n", method); fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n"); @@ -97,95 +98,101 @@ static int a_is_zero_mod_one(const char *method, const BIGNUM *r, /* * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. */ -static int test_exp_mod_zero(void) +static int +test_exp_mod_zero(void) { - BIGNUM a, p, m; - BIGNUM r; + BIGNUM *a = NULL, *p = NULL, *m = NULL, *r = NULL; BN_ULONG one_word = 1; - BN_CTX *ctx = BN_CTX_new(); + BN_CTX *ctx; int ret = 1, failed = 0; - BN_init(&m); - BN_one(&m); + if ((ctx = BN_CTX_new()) == NULL) + goto err; + if ((m = BN_new()) == NULL) + goto err; + BN_one(m); - BN_init(&a); - BN_one(&a); + if ((a = BN_new()) == NULL) + goto err; + BN_one(a); - BN_init(&p); - BN_zero(&p); + if ((p = BN_new()) == NULL) + goto err; + BN_zero(p); - BN_init(&r); + if ((r = BN_new()) == NULL) + goto err; - if (!BN_rand(&a, 1024, 0, 0)) + if (!BN_rand(a, 1024, 0, 0)) goto err; - if (!BN_mod_exp(&r, &a, &p, &m, ctx)) + if (!BN_mod_exp(r, a, p, m, ctx)) goto err; - if (!a_is_zero_mod_one("BN_mod_exp", &r, &a)) + if (!a_is_zero_mod_one("BN_mod_exp", r, a)) failed = 1; - if (!BN_mod_exp_ct(&r, &a, &p, &m, ctx)) + if (!BN_mod_exp_ct(r, a, p, m, ctx)) goto err; - if (!a_is_zero_mod_one("BN_mod_exp_ct", &r, &a)) + if (!a_is_zero_mod_one("BN_mod_exp_ct", r, a)) failed = 1; - if (!BN_mod_exp_nonct(&r, &a, &p, &m, ctx)) + if (!BN_mod_exp_nonct(r, a, p, m, ctx)) goto err; - if (!a_is_zero_mod_one("BN_mod_exp_nonct", &r, &a)) + if (!a_is_zero_mod_one("BN_mod_exp_nonct", r, a)) failed = 1; - if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx)) + if (!BN_mod_exp_recp(r, a, p, m, ctx)) goto err; - if (!a_is_zero_mod_one("BN_mod_exp_recp", &r, &a)) + if (!a_is_zero_mod_one("BN_mod_exp_recp", r, a)) failed = 1; - if (!BN_mod_exp_simple(&r, &a, &p, &m, ctx)) + if (!BN_mod_exp_simple(r, a, p, m, ctx)) goto err; - if (!a_is_zero_mod_one("BN_mod_exp_simple", &r, &a)) + if (!a_is_zero_mod_one("BN_mod_exp_simple", r, a)) failed = 1; - if (!BN_mod_exp_mont(&r, &a, &p, &m, ctx, NULL)) + if (!BN_mod_exp_mont(r, a, p, m, ctx, NULL)) goto err; - if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a)) + if (!a_is_zero_mod_one("BN_mod_exp_mont", r, a)) failed = 1; - if (!BN_mod_exp_mont_ct(&r, &a, &p, &m, ctx, NULL)) + if (!BN_mod_exp_mont_ct(r, a, p, m, ctx, NULL)) goto err; - if (!a_is_zero_mod_one("BN_mod_exp_mont_ct", &r, &a)) + if (!a_is_zero_mod_one("BN_mod_exp_mont_ct", r, a)) failed = 1; - if (!BN_mod_exp_mont_nonct(&r, &a, &p, &m, ctx, NULL)) + if (!BN_mod_exp_mont_nonct(r, a, p, m, ctx, NULL)) goto err; - if (!a_is_zero_mod_one("BN_mod_exp_mont_nonct", &r, &a)) + if (!a_is_zero_mod_one("BN_mod_exp_mont_nonct", r, a)) failed = 1; - if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) { + if (!BN_mod_exp_mont_consttime(r, a, p, m, ctx, NULL)) { goto err; } - if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", &r, &a)) + if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a)) failed = 1; /* * A different codepath exists for single word multiplication * in non-constant-time only. */ - if (!BN_mod_exp_mont_word(&r, one_word, &p, &m, ctx, NULL)) + if (!BN_mod_exp_mont_word(r, one_word, p, m, ctx, NULL)) goto err; - if (!BN_is_zero(&r)) { + if (!BN_is_zero(r)) { fprintf(stderr, "BN_mod_exp_mont_word failed:\n"); fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n"); fprintf(stderr, "r = "); - BN_print_fp(stderr, &r); + BN_print_fp(stderr, r); fprintf(stderr, "\n"); return 0; } @@ -193,10 +200,10 @@ static int test_exp_mod_zero(void) ret = failed; err: - BN_free(&r); - BN_free(&a); - BN_free(&p); - BN_free(&m); + BN_free(r); + BN_free(a); + BN_free(p); + BN_free(m); BN_CTX_free(ctx); return ret; diff --git a/tests/freenull.c b/tests/freenull.c index 18bd3a58..17c3f339 100644 --- a/tests/freenull.c +++ b/tests/freenull.c @@ -1,10 +1,11 @@ -/* $OpenBSD: freenull.c.head,v 1.3 2019/11/02 15:38:46 jsing Exp $ */ +/* $OpenBSD: freenull.c.head,v 1.4 2022/01/15 02:46:12 inoguchi Exp $ */ #include #include #include #include #include +#include #include #ifndef OPENSSL_NO_ENGINE #include @@ -17,6 +18,7 @@ #include #include #include +#include #include #include @@ -27,6 +29,9 @@ int main(int argc, char **argv) { ACCESS_DESCRIPTION_free(NULL); + ASIdOrRange_free(NULL); + ASIdentifierChoice_free(NULL); + ASIdentifiers_free(NULL); ASN1_BIT_STRING_free(NULL); ASN1_BMPSTRING_free(NULL); ASN1_ENUMERATED_free(NULL); @@ -48,6 +53,7 @@ main(int argc, char **argv) ASN1_UTCTIME_free(NULL); ASN1_UTF8STRING_free(NULL); ASN1_VISIBLESTRING_free(NULL); + ASRange_free(NULL); AUTHORITY_INFO_ACCESS_free(NULL); AUTHORITY_KEYID_free(NULL); BASIC_CONSTRAINTS_free(NULL); @@ -68,6 +74,9 @@ main(int argc, char **argv) COMP_CTX_free(NULL); CONF_free(NULL); CRL_DIST_POINTS_free(NULL); + CTLOG_STORE_free(NULL); + CTLOG_free(NULL); + CT_POLICY_EVAL_CTX_free(NULL); DH_free(NULL); DIRECTORYSTRING_free(NULL); DISPLAYTEXT_free(NULL); @@ -91,9 +100,11 @@ main(int argc, char **argv) ESS_CERT_ID_free(NULL); ESS_ISSUER_SERIAL_free(NULL); ESS_SIGNING_CERT_free(NULL); + EVP_AEAD_CTX_free(NULL); EVP_CIPHER_CTX_free(NULL); EVP_ENCODE_CTX_free(NULL); EVP_MD_CTX_free(NULL); + EVP_MD_meth_free(NULL); EVP_PKEY_CTX_free(NULL); EVP_PKEY_asn1_free(NULL); EVP_PKEY_free(NULL); @@ -105,13 +116,16 @@ main(int argc, char **argv) GOST_CIPHER_PARAMS_free(NULL); GOST_KEY_free(NULL); HMAC_CTX_free(NULL); + IPAddressChoice_free(NULL); + IPAddressFamily_free(NULL); + IPAddressOrRange_free(NULL); + IPAddressRange_free(NULL); ISSUING_DIST_POINT_free(NULL); NAME_CONSTRAINTS_free(NULL); NCONF_free(NULL); NETSCAPE_CERT_SEQUENCE_free(NULL); NETSCAPE_SPKAC_free(NULL); NETSCAPE_SPKI_free(NULL); - NETSCAPE_X509_free(NULL); NOTICEREF_free(NULL); OCSP_BASICRESP_free(NULL); OCSP_CERTID_free(NULL); @@ -159,6 +173,8 @@ main(int argc, char **argv) RSA_PSS_PARAMS_free(NULL); RSA_free(NULL); RSA_meth_free(NULL); + SCT_LIST_free(NULL); + SCT_free(NULL); SXNETID_free(NULL); SXNET_free(NULL); TS_ACCURACY_free(NULL); @@ -178,7 +194,6 @@ main(int argc, char **argv) X509_ALGOR_free(NULL); X509_ATTRIBUTE_free(NULL); X509_CERT_AUX_free(NULL); - X509_CERT_PAIR_free(NULL); X509_CINF_free(NULL); X509_CRL_INFO_free(NULL); X509_CRL_METHOD_free(NULL); @@ -188,6 +203,7 @@ main(int argc, char **argv) X509_LOOKUP_free(NULL); X509_NAME_ENTRY_free(NULL); X509_NAME_free(NULL); + X509_OBJECT_free(NULL); X509_PKEY_free(NULL); X509_PUBKEY_free(NULL); X509_REQ_INFO_free(NULL); diff --git a/tests/gcm128test.c b/tests/gcm128test.c index 07c6128c..def7653c 100644 --- a/tests/gcm128test.c +++ b/tests/gcm128test.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gcm128test.c,v 1.6 2018/07/17 17:06:49 tb Exp $ */ +/* $OpenBSD: gcm128test.c,v 1.7 2022/09/05 21:06:31 tb Exp $ */ /* ==================================================================== * Copyright (c) 2010 The OpenSSL Project. All rights reserved. * @@ -880,12 +880,12 @@ do_gcm128_test(int test_no, struct gcm128_test *tv) if (tv->P_len > 0) CRYPTO_gcm128_encrypt(&ctx, tv->P, out, out_len); if (CRYPTO_gcm128_finish(&ctx, tv->T, 16)) { - fprintf(stderr, "TEST %i: CRYPTO_gcm128_finish failed\n", + fprintf(stderr, "TEST %d: CRYPTO_gcm128_finish failed\n", test_no); goto fail; } if (tv->C_len > 0 && memcmp(out, tv->C, out_len)) { - fprintf(stderr, "TEST %i: encrypt failed\n", test_no); + fprintf(stderr, "TEST %d: encrypt failed\n", test_no); goto fail; } @@ -897,12 +897,12 @@ do_gcm128_test(int test_no, struct gcm128_test *tv) if (tv->C_len > 0) CRYPTO_gcm128_decrypt(&ctx, tv->C, out, out_len); if (CRYPTO_gcm128_finish(&ctx, tv->T, 16)) { - fprintf(stderr, "TEST %i: CRYPTO_gcm128_finish failed\n", + fprintf(stderr, "TEST %d: CRYPTO_gcm128_finish failed\n", test_no); goto fail; } if (tv->P_len > 0 && memcmp(out, tv->P, out_len)) { - fprintf(stderr, "TEST %i: decrypt failed\n", test_no); + fprintf(stderr, "TEST %d: decrypt failed\n", test_no); goto fail; } diff --git a/tests/gost2814789t.c b/tests/gost2814789t.c index 30aaead3..e531229f 100644 --- a/tests/gost2814789t.c +++ b/tests/gost2814789t.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gost2814789t.c,v 1.2 2014/12/15 06:03:15 miod Exp $ */ +/* $OpenBSD: gost2814789t.c,v 1.8 2022/09/12 04:20:59 tb Exp $ */ /* vim: set fileencoding=ascii : Charset: ASCII */ /* test/gostr2814789t.c */ /* ==================================================================== @@ -1251,8 +1251,8 @@ int main(int argc, char *argv[]) unsigned int t; uint64_t ullMaxLen = 6*1000*1000; int ignore = 0; - EVP_MD_CTX mctx; - EVP_CIPHER_CTX ectx; + EVP_MD_CTX *mctx = NULL; + EVP_CIPHER_CTX *ectx = NULL; EVP_PKEY *mac_key; unsigned char bDerive[EVP_MAX_KEY_LENGTH]; unsigned char bTest[G89_MAX_TC_LEN]; @@ -1270,17 +1270,19 @@ int main(int argc, char *argv[]) const EVP_CIPHER *cp_g89cnt = NULL; const EVP_CIPHER *ctype = NULL; const EVP_MD *md_g89imit = NULL; + int ret = 0; printf("Testing GOST 28147-89 "); if(1 < argc) { if(1 != sscanf(argv[1], "%" SCNu64, &ullMaxLen) || - ( 2 < argc ? + ( 2 < argc ? 1 != sscanf(argv[2], "%d", &ignore) : 0)) { fflush(NULL); - fprintf(stderr, "Usage: %s [maxlen [ignore-error]]\n", + fprintf(stderr, "Usage: %s [maxlen [ignore-error]]\n", argv[0]); - return 1; + ret = 1; + goto out; } } @@ -1297,35 +1299,40 @@ int main(int argc, char *argv[]) fflush(NULL); fprintf(stderr, "\"" SN_id_GostR3411_94 "\" - not found\n"); if(!ignore) { - return 7; + ret = 7; + goto out; } } if(NULL == (cp_g89cfb = EVP_get_cipherbyname(SN_id_Gost28147_89))) { fflush(NULL); fprintf(stderr, "\"" SN_id_Gost28147_89 "\" - not found\n"); if(!ignore) { - return 8; + ret = 8; + goto out; } } if(NULL == (cp_g89cnt = EVP_get_cipherbyname(SN_gost89_cnt))) { fflush(NULL); fprintf(stderr, "\"" SN_gost89_cnt "\" - not found\n"); if(!ignore) { - return 9; + ret = 9; + goto out; } } if(NULL == (cp_g89ecb = EVP_get_cipherbyname(SN_gost89_ecb))) { fflush(NULL); fprintf(stderr, "\"" SN_gost89_ecb "\" - not found\n"); if(!ignore) { - return 8; + ret = 8; + goto out; } } if(NULL == (md_g89imit = EVP_get_digestbyname(SN_id_Gost28147_89_MAC))) { fflush(NULL); fprintf(stderr, "\"" SN_id_Gost28147_89_MAC "\" - not found\n"); if(!ignore) { - return 10; + ret = 10; + goto out; } } @@ -1334,15 +1341,16 @@ int main(int argc, char *argv[]) if(NULL != tcs[t].szDerive) { memset(bDerive, 0x3c, sizeof(bDerive)); mdl = sizeof(bDerive); - EVP_Digest(tcs[t].szDerive, strlen(tcs[t].szDerive), - bDerive, &mdl, - md_gost94, NULL); + if (!EVP_Digest(tcs[t].szDerive, strlen(tcs[t].szDerive), bDerive, + &mdl, md_gost94, NULL)) + goto out; if(0 != memcmp(tcs[t].bRawKey, bDerive, mdl)) { fflush(NULL); fprintf(stderr, "Engine test t=%d " - "derive key error.\n", t); + "derive key error.\n", t); if(!ignore) { - return 12; + ret = 12; + goto out; } } } @@ -1363,29 +1371,35 @@ int main(int argc, char *argv[]) case G89_CNT: ctype = cp_g89cnt; engine_cipher_check: - EVP_CIPHER_CTX_init(&ectx); - EVP_EncryptInit_ex(&ectx, ctype, NULL, - tcs[t].bRawKey, tcs[t].bIV); - EVP_CIPHER_CTX_ctrl(&ectx, EVP_CTRL_GOST_SET_SBOX, OBJ_txt2nid(tcs[t].szParamSet), 0); + if ((ectx = EVP_CIPHER_CTX_new()) == NULL) + goto imit_fail; + if (!EVP_EncryptInit_ex(ectx, ctype, NULL, tcs[t].bRawKey, + tcs[t].bIV)) + goto imit_fail; + if (!EVP_CIPHER_CTX_ctrl(ectx, EVP_CTRL_GOST_SET_SBOX, + OBJ_txt2nid(tcs[t].szParamSet), 0)) + goto imit_fail; if(G89_MAX_TC_LEN >= tcs[t].ullLen) { enlu = sizeof(bTest); - EVP_EncryptUpdate(&ectx, bTest, &enlu, - tcs[t].bIn, (int)tcs[t].ullLen); + if (!EVP_EncryptUpdate(ectx, bTest, &enlu, tcs[t].bIn, + (int)tcs[t].ullLen)) + goto imit_fail; l = (size_t)tcs[t].ullLen; } else { - for(ullLeft = tcs[t].ullLen; - ullLeft >= sizeof(bZB); + for(ullLeft = tcs[t].ullLen; + ullLeft >= sizeof(bZB); ullLeft -= sizeof(bZB)) { - printf("B"); + printf("B"); fflush(NULL); enlu = sizeof(bTS); - EVP_EncryptUpdate(&ectx, bTS, &enlu, - bZB, sizeof(bZB)); + if (!EVP_EncryptUpdate(ectx, bTS, &enlu, bZB, + sizeof(bZB))) + goto imit_fail; } - printf("b%" PRIu64 "/%" PRIu64, ullLeft, tcs[t].ullLen); + printf("b%" PRIu64 "/%" PRIu64, ullLeft, tcs[t].ullLen); fflush(NULL); - EVP_EncryptUpdate(&ectx, bTS, &enlu, - bZB, (int)ullLeft); + if (!EVP_EncryptUpdate(ectx, bTS, &enlu, bZB, (int)ullLeft)) + goto imit_fail; memcpy(bTest, &bTS[enlu-16], 16); enlu = (int)tcs[t].ullLen; l = 16; @@ -1393,39 +1407,48 @@ int main(int argc, char *argv[]) enlf = sizeof(bTest1); if (tcs[t].gMode == G89_ECB) enlf = 0; - else - EVP_EncryptFinal_ex(&ectx, bTest1, &enlf); - EVP_CIPHER_CTX_cleanup(&ectx); + else { + if (!EVP_EncryptFinal_ex(ectx, bTest1, &enlf)) + goto imit_fail; + } + EVP_CIPHER_CTX_free(ectx); + ectx = NULL; break; case G89_IMIT: - EVP_MD_CTX_init(&mctx); + if ((mctx = EVP_MD_CTX_new()) == NULL) + goto imit_fail; mac_key = EVP_PKEY_new_mac_key( NID_id_Gost28147_89_MAC, NULL, bDerive, mdl); - if (!mac_key) - goto imit_fail; - EVP_DigestSignInit(&mctx, NULL, - md_g89imit, NULL, mac_key); - EVP_MD_CTX_ctrl(&mctx, EVP_MD_CTRL_GOST_SET_SBOX, OBJ_txt2nid(tcs[t].szParamSet), 0); + if (mac_key == NULL) + goto imit_fail; + if (!EVP_DigestSignInit(mctx, NULL, md_g89imit, NULL, mac_key)) + goto imit_fail; + if (!EVP_MD_CTX_ctrl(mctx, EVP_MD_CTRL_GOST_SET_SBOX, + OBJ_txt2nid(tcs[t].szParamSet), 0)) + goto imit_fail; if(G89_MAX_TC_LEN >= tcs[t].ullLen) { - EVP_DigestSignUpdate(&mctx, tcs[t].bIn, - (unsigned int)tcs[t].ullLen); + if (!EVP_DigestSignUpdate(mctx, tcs[t].bIn, + (unsigned int)tcs[t].ullLen)) + goto imit_fail; } else { - for(ullLeft = tcs[t].ullLen; - ullLeft >= sizeof(bZB); + for(ullLeft = tcs[t].ullLen; + ullLeft >= sizeof(bZB); ullLeft -= sizeof(bZB)) { - printf("B"); + printf("B"); fflush(NULL); - EVP_DigestSignUpdate(&mctx, bZB, sizeof(bZB)); + if (!EVP_DigestSignUpdate(mctx, bZB, sizeof(bZB))) + goto imit_fail; } - printf("b%" PRIu64 "/%" PRIu64, ullLeft, tcs[t].ullLen); + printf("b%" PRIu64 "/%" PRIu64, ullLeft, tcs[t].ullLen); fflush(NULL); - EVP_DigestSignUpdate(&mctx, bZB, - (unsigned int)ullLeft); + if (!EVP_DigestSignUpdate(mctx, bZB, (unsigned int)ullLeft)) + goto imit_fail; } siglen = 4; - OPENSSL_assert(EVP_DigestSignFinal(&mctx, bTest, &siglen)); - EVP_MD_CTX_cleanup(&mctx); + OPENSSL_assert(EVP_DigestSignFinal(mctx, bTest, &siglen)); + EVP_MD_CTX_free(mctx); + mctx = NULL; EVP_PKEY_free(mac_key); enlu = (int)tcs[t].ullLen; enlf = 0; @@ -1439,7 +1462,8 @@ int main(int argc, char *argv[]) fprintf(stderr, "\nEngine test t=%d len=%" PRIu64 " mode=%d failed.\n", t, tcs[t].ullLen, tcs[t].gMode); if(!ignore) { - return 13; + ret = 13; + goto out; } } else { printf("."); @@ -1450,10 +1474,14 @@ int main(int argc, char *argv[]) printf(" passed\n"); fflush(NULL); + out: + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); ERR_print_errors(bio_err); (void)BIO_flush(bio_err); BIO_free(bio_err); - return 0; + EVP_CIPHER_CTX_free(ectx); + EVP_MD_CTX_free(mctx); + return ret; } #endif diff --git a/tests/handshake_table.c b/tests/handshake_table.c index de59ca19..85dff0c5 100644 --- a/tests/handshake_table.c +++ b/tests/handshake_table.c @@ -1,4 +1,4 @@ -/* $OpenBSD: handshake_table.c,v 1.15 2020/05/14 18:04:19 tb Exp $ */ +/* $OpenBSD: handshake_table.c,v 1.17 2022/03/08 16:59:25 tb Exp $ */ /* * Copyright (c) 2019 Theo Buehler * @@ -84,52 +84,91 @@ struct child { uint8_t illegal; }; -#define DEFAULT 0x00 - static struct child stateinfo[][TLS13_NUM_MESSAGE_TYPES] = { [CLIENT_HELLO] = { - {SERVER_HELLO_RETRY_REQUEST, DEFAULT, 0, 0}, - {SERVER_HELLO, WITHOUT_HRR, 0, 0}, + { + .mt = SERVER_HELLO_RETRY_REQUEST, + }, + { + .mt = SERVER_HELLO, + .flag = WITHOUT_HRR, + }, }, [SERVER_HELLO_RETRY_REQUEST] = { - {CLIENT_HELLO_RETRY, DEFAULT, 0, 0}, + { + .mt = CLIENT_HELLO_RETRY, + }, }, [CLIENT_HELLO_RETRY] = { - {SERVER_HELLO, DEFAULT, 0, 0}, + { + .mt = SERVER_HELLO, + }, }, [SERVER_HELLO] = { - {SERVER_ENCRYPTED_EXTENSIONS, DEFAULT, 0, 0}, + { + .mt = SERVER_ENCRYPTED_EXTENSIONS, + }, }, [SERVER_ENCRYPTED_EXTENSIONS] = { - {SERVER_CERTIFICATE_REQUEST, DEFAULT, 0, 0}, - {SERVER_CERTIFICATE, WITHOUT_CR, 0, 0}, - {SERVER_FINISHED, WITH_PSK, 0, 0}, + { + .mt = SERVER_CERTIFICATE_REQUEST, + }, + { .mt = SERVER_CERTIFICATE, + .flag = WITHOUT_CR, + }, + { + .mt = SERVER_FINISHED, + .flag = WITH_PSK, + }, }, [SERVER_CERTIFICATE_REQUEST] = { - {SERVER_CERTIFICATE, DEFAULT, 0, 0}, + { + .mt = SERVER_CERTIFICATE, + }, }, [SERVER_CERTIFICATE] = { - {SERVER_CERTIFICATE_VERIFY, DEFAULT, 0, 0}, + { + .mt = SERVER_CERTIFICATE_VERIFY, + }, }, [SERVER_CERTIFICATE_VERIFY] = { - {SERVER_FINISHED, DEFAULT, 0, 0}, + { + .mt = SERVER_FINISHED, + }, }, [SERVER_FINISHED] = { - {CLIENT_FINISHED, DEFAULT, WITHOUT_CR | WITH_PSK, 0}, - {CLIENT_CERTIFICATE, DEFAULT, 0, WITHOUT_CR | WITH_PSK}, + { + .mt = CLIENT_FINISHED, + .forced = WITHOUT_CR | WITH_PSK, + }, + { + .mt = CLIENT_CERTIFICATE, + .illegal = WITHOUT_CR | WITH_PSK, + }, }, [CLIENT_CERTIFICATE] = { - {CLIENT_FINISHED, DEFAULT, 0, 0}, - {CLIENT_CERTIFICATE_VERIFY, WITH_CCV, 0, 0}, + { + .mt = CLIENT_FINISHED, + }, + { + .mt = CLIENT_CERTIFICATE_VERIFY, + .flag = WITH_CCV, + }, }, [CLIENT_CERTIFICATE_VERIFY] = { - {CLIENT_FINISHED, DEFAULT, 0, 0}, + { + .mt = CLIENT_FINISHED, + }, }, [CLIENT_FINISHED] = { - {APPLICATION_DATA, DEFAULT, 0, 0}, + { + .mt = APPLICATION_DATA, + }, }, [APPLICATION_DATA] = { - {0, DEFAULT, 0, 0}, + { + .mt = 0, + }, }, }; @@ -152,7 +191,7 @@ void fprint_entry(FILE *stream, uint8_t flags); void fprint_flags(FILE *stream, uint8_t flags); const char *mt2str(enum tls13_message_type mt); -__dead void usage(void); +void usage(void); int verify_table(enum tls13_message_type table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES], int print); @@ -449,7 +488,7 @@ verify_table(enum tls13_message_type table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES], return success; } -__dead void +void usage(void) { fprintf(stderr, "usage: handshake_table [-C | -g]\n"); @@ -469,10 +508,10 @@ main(int argc, char *argv[]) }, }; struct child start = { - CLIENT_HELLO, DEFAULT, 0, 0, + .mt = CLIENT_HELLO, }; struct child end = { - APPLICATION_DATA, DEFAULT, 0, 0, + .mt = APPLICATION_DATA, }; struct child path[TLS13_NUM_MESSAGE_TYPES] = {{0}}; uint8_t flags = NEGOTIATED; diff --git a/tests/hmactest.c b/tests/hmactest.c index 1f120da5..f61a177e 100644 --- a/tests/hmactest.c +++ b/tests/hmactest.c @@ -1,25 +1,25 @@ -/* $OpenBSD: hmactest.c,v 1.4 2018/07/17 17:06:49 tb Exp $ */ +/* $OpenBSD: hmactest.c,v 1.7 2021/11/18 20:11:55 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -142,7 +142,7 @@ main(int argc, char *argv[]) char *p; #endif int err = 0; - HMAC_CTX ctx, ctx2; + HMAC_CTX *ctx = NULL, *ctx2 = NULL; unsigned char buf[EVP_MAX_MD_SIZE]; unsigned int len; @@ -166,57 +166,59 @@ main(int argc, char *argv[]) #endif /* OPENSSL_NO_MD5 */ /* test4 */ - HMAC_CTX_init(&ctx); - if (HMAC_Init_ex(&ctx, NULL, 0, NULL, NULL)) { + if ((ctx = HMAC_CTX_new()) == NULL) { + printf("HMAC_CTX_init failed (test 4)\n"); + exit(1); + } + if (HMAC_Init_ex(ctx, NULL, 0, NULL, NULL)) { printf("Should fail to initialise HMAC with empty MD and key (test 4)\n"); err++; goto test5; } - if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + if (HMAC_Update(ctx, test[4].data, test[4].data_len)) { printf("Should fail HMAC_Update with ctx not set up (test 4)\n"); err++; goto test5; } - if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha1(), NULL)) { + if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha1(), NULL)) { printf("Should fail to initialise HMAC with empty key (test 4)\n"); err++; goto test5; } - if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + if (HMAC_Update(ctx, test[4].data, test[4].data_len)) { printf("Should fail HMAC_Update with ctx not set up (test 4)\n"); err++; goto test5; } printf("test 4 ok\n"); test5: - HMAC_CTX_cleanup(&ctx); - HMAC_CTX_init(&ctx); - if (HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, NULL, NULL)) { + HMAC_CTX_reset(ctx); + if (HMAC_Init_ex(ctx, test[4].key, test[4].key_len, NULL, NULL)) { printf("Should fail to initialise HMAC with empty MD (test 5)\n"); err++; goto test6; } - if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + if (HMAC_Update(ctx, test[4].data, test[4].data_len)) { printf("Should fail HMAC_Update with ctx not set up (test 5)\n"); err++; goto test6; } - if (HMAC_Init_ex(&ctx, test[4].key, -1, EVP_sha1(), NULL)) { + if (HMAC_Init_ex(ctx, test[4].key, -1, EVP_sha1(), NULL)) { printf("Should fail to initialise HMAC with invalid key len(test 5)\n"); err++; goto test6; } - if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) { + if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) { printf("Failed to initialise HMAC (test 5)\n"); err++; goto test6; } - if (!HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + if (!HMAC_Update(ctx, test[4].data, test[4].data_len)) { printf("Error updating HMAC with data (test 5)\n"); err++; goto test6; } - if (!HMAC_Final(&ctx, buf, &len)) { + if (!HMAC_Final(ctx, buf, &len)) { printf("Error finalising data (test 5)\n"); err++; goto test6; @@ -228,22 +230,22 @@ main(int argc, char *argv[]) err++; goto test6; } - if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) { + if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha256(), NULL)) { printf("Should disallow changing MD without a new key (test 5)\n"); err++; goto test6; } - if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) { + if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) { printf("Failed to reinitialise HMAC (test 5)\n"); err++; goto test6; } - if (!HMAC_Update(&ctx, test[5].data, test[5].data_len)) { + if (!HMAC_Update(ctx, test[5].data, test[5].data_len)) { printf("Error updating HMAC with data (sha256) (test 5)\n"); err++; goto test6; } - if (!HMAC_Final(&ctx, buf, &len)) { + if (!HMAC_Final(ctx, buf, &len)) { printf("Error finalising data (sha256) (test 5)\n"); err++; goto test6; @@ -255,17 +257,17 @@ main(int argc, char *argv[]) err++; goto test6; } - if (!HMAC_Init_ex(&ctx, test[6].key, test[6].key_len, NULL, NULL)) { + if (!HMAC_Init_ex(ctx, test[6].key, test[6].key_len, NULL, NULL)) { printf("Failed to reinitialise HMAC with key (test 5)\n"); err++; goto test6; } - if (!HMAC_Update(&ctx, test[6].data, test[6].data_len)) { + if (!HMAC_Update(ctx, test[6].data, test[6].data_len)) { printf("Error updating HMAC with data (new key) (test 5)\n"); err++; goto test6; } - if (!HMAC_Final(&ctx, buf, &len)) { + if (!HMAC_Final(ctx, buf, &len)) { printf("Error finalising data (new key) (test 5)\n"); err++; goto test6; @@ -279,24 +281,27 @@ main(int argc, char *argv[]) printf("test 5 ok\n"); } test6: - HMAC_CTX_cleanup(&ctx); - HMAC_CTX_init(&ctx); - if (!HMAC_Init_ex(&ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) { + HMAC_CTX_reset(ctx); + if (!HMAC_Init_ex(ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) { printf("Failed to initialise HMAC (test 6)\n"); err++; goto end; } - if (!HMAC_Update(&ctx, test[7].data, test[7].data_len)) { + if (!HMAC_Update(ctx, test[7].data, test[7].data_len)) { printf("Error updating HMAC with data (test 6)\n"); err++; goto end; } - if (!HMAC_CTX_copy(&ctx2, &ctx)) { + if ((ctx2 = HMAC_CTX_new()) == NULL) { + printf("HMAC_CTX_new failed (test 6)\n"); + exit(1); + } + if (!HMAC_CTX_copy(ctx2, ctx)) { printf("Failed to copy HMAC_CTX (test 6)\n"); err++; goto end; } - if (!HMAC_Final(&ctx2, buf, &len)) { + if (!HMAC_Final(ctx2, buf, &len)) { printf("Error finalising data (test 6)\n"); err++; goto end; @@ -310,7 +315,8 @@ main(int argc, char *argv[]) printf("test 6 ok\n"); } end: - HMAC_CTX_cleanup(&ctx); + HMAC_CTX_free(ctx); + HMAC_CTX_free(ctx2); exit(err); return(0); } diff --git a/tests/keypairtest.c b/tests/keypairtest.c index 732464af..31bf7d6a 100644 --- a/tests/keypairtest.c +++ b/tests/keypairtest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: keypairtest.c,v 1.4 2018/04/07 16:42:17 jsing Exp $ */ +/* $OpenBSD: keypairtest.c,v 1.6 2022/02/08 18:05:57 tb Exp $ */ /* * Copyright (c) 2018 Joel Sing * @@ -89,7 +89,6 @@ do_keypair_tests(void) X509 *x509_cert = NULL; struct tls_keypair *kp; struct tls_error err; - char *hash = NULL; int failed = 1; load_file(cert_file, &cert, &cert_len); @@ -126,7 +125,7 @@ do_keypair_tests(void) goto done; if (strcmp(kp->pubkey_hash, PUBKEY_HASH) != 0) { fprintf(stderr, "FAIL: got pubkey hash '%s', want '%s'", - hash, PUBKEY_HASH); + kp->pubkey_hash, PUBKEY_HASH); goto done; } @@ -161,7 +160,7 @@ do_keypair_tests(void) goto done; if (strcmp(kp->pubkey_hash, PUBKEY_HASH) != 0) { fprintf(stderr, "FAIL: got pubkey hash '%s', want '%s'", - hash, PUBKEY_HASH); + kp->pubkey_hash, PUBKEY_HASH); goto done; } @@ -179,13 +178,14 @@ do_keypair_tests(void) goto done; } - tls_keypair_free(kp); - failed = 0; done: + tls_keypair_free(kp); X509_free(x509_cert); - free(hash); + free((uint8_t *)cert); + free((uint8_t *)key); + free((uint8_t *)ocsp_staple); return (failed); } diff --git a/tests/md_test.c b/tests/md_test.c new file mode 100644 index 00000000..f2b4eca3 --- /dev/null +++ b/tests/md_test.c @@ -0,0 +1,301 @@ +/* $OpenBSD: md_test.c,v 1.1.1.1 2022/09/02 13:34:48 tb Exp $ */ +/* + * Copyright (c) 2022 Joshua Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include + +#include +#include + +struct md_test { + const int algorithm; + const uint8_t in[128]; + const size_t in_len; + const uint8_t out[EVP_MAX_MD_SIZE]; +}; + +static const struct md_test md_tests[] = { + /* MD4 (RFC 1320 test vectors) */ + { + .algorithm = NID_md4, + .in = "", + .in_len = 0, + .out = { + 0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31, + 0xb7, 0x3c, 0x59, 0xd7, 0xe0, 0xc0, 0x89, 0xc0, + } + }, + { + .algorithm = NID_md4, + .in = "a", + .in_len = 1, + .out = { + 0xbd, 0xe5, 0x2c, 0xb3, 0x1d, 0xe3, 0x3e, 0x46, + 0x24, 0x5e, 0x05, 0xfb, 0xdb, 0xd6, 0xfb, 0x24, + } + }, + { + .algorithm = NID_md4, + .in = "abc", + .in_len = 3, + .out = { + 0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52, + 0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d, + } + }, + { + .algorithm = NID_md4, + .in = "message digest", + .in_len = 14, + .out = { + 0xd9, 0x13, 0x0a, 0x81, 0x64, 0x54, 0x9f, 0xe8, + 0x18, 0x87, 0x48, 0x06, 0xe1, 0xc7, 0x01, 0x4b, + } + }, + { + .algorithm = NID_md4, + .in = "abcdefghijklmnopqrstuvwxyz", + .in_len = 26, + .out = { + 0xd7, 0x9e, 0x1c, 0x30, 0x8a, 0xa5, 0xbb, 0xcd, + 0xee, 0xa8, 0xed, 0x63, 0xdf, 0x41, 0x2d, 0xa9, + } + }, + { + .algorithm = NID_md4, + .in = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuv" + "wxyz0123456789", + .in_len = 62, + .out = { + 0x04, 0x3f, 0x85, 0x82, 0xf2, 0x41, 0xdb, 0x35, + 0x1c, 0xe6, 0x27, 0xe1, 0x53, 0xe7, 0xf0, 0xe4, + } + }, + { + .algorithm = NID_md4, + .in = + "123456789012345678901234567890123456789012345678" + "90123456789012345678901234567890", + .in_len = 80, + .out = { + 0xe3, 0x3b, 0x4d, 0xdc, 0x9c, 0x38, 0xf2, 0x19, + 0x9c, 0x3e, 0x7b, 0x16, 0x4f, 0xcc, 0x05, 0x36, + } + }, + + /* MD5 (RFC 1321 test vectors) */ + { + .algorithm = NID_md5, + .in = "", + .in_len = 0, + .out = { + 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04, + 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e, + } + }, + { + .algorithm = NID_md5, + .in = "a", + .in_len = 1, + .out = { + 0x0c, 0xc1, 0x75, 0xb9, 0xc0, 0xf1, 0xb6, 0xa8, + 0x31, 0xc3, 0x99, 0xe2, 0x69, 0x77, 0x26, 0x61, + } + }, + { + .algorithm = NID_md5, + .in = "abc", + .in_len = 3, + .out = { + 0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0, + 0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72, + } + }, + { + .algorithm = NID_md5, + .in = "message digest", + .in_len = 14, + .out = { + 0xf9, 0x6b, 0x69, 0x7d, 0x7c, 0xb7, 0x93, 0x8d, + 0x52, 0x5a, 0x2f, 0x31, 0xaa, 0xf1, 0x61, 0xd0, + } + }, + { + .algorithm = NID_md5, + .in = "abcdefghijklmnopqrstuvwxyz", + .in_len = 26, + .out = { + 0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00, + 0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b, + } + }, + { + .algorithm = NID_md5, + .in = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuv" + "wxyz0123456789", + .in_len = 62, + .out = { + 0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5, + 0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f, + } + }, + { + .algorithm = NID_md5, + .in = + "123456789012345678901234567890123456789012345678" + "90123456789012345678901234567890", + .in_len = 80, + .out = { + 0x57, 0xed, 0xf4, 0xa2, 0x2b, 0xe3, 0xc9, 0x55, + 0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a, + } + }, +}; + +#define N_MD_TESTS (sizeof(md_tests) / sizeof(md_tests[0])) + +typedef unsigned char *(*md_hash_func)(const unsigned char *, size_t, + unsigned char *); + +static int +md_hash_from_algorithm(int algorithm, const char **out_label, + md_hash_func *out_func, const EVP_MD **out_md, size_t *out_len) +{ + switch (algorithm) { + case NID_md4: + *out_label = SN_md4; + *out_func = MD4; + *out_md = EVP_md4(); + *out_len = MD4_DIGEST_LENGTH; + break; + case NID_md5: + *out_label = SN_md5; + *out_func = MD5; + *out_md = EVP_md5(); + *out_len = MD5_DIGEST_LENGTH; + break; + default: + fprintf(stderr, "FAIL: unknown algorithm (%d)\n", + algorithm); + return 0; + } + + return 1; +} + +static int +md_test(void) +{ + unsigned char *(*md_func)(const unsigned char *, size_t, unsigned char *); + const struct md_test *st; + EVP_MD_CTX *hash = NULL; + const EVP_MD *md; + uint8_t out[EVP_MAX_MD_SIZE]; + size_t in_len, out_len; + size_t i; + const char *label; + int failed = 1; + + if ((hash = EVP_MD_CTX_new()) == NULL) { + fprintf(stderr, "FAIL: EVP_MD_CTX_new() failed\n"); + goto failed; + } + + for (i = 0; i < N_MD_TESTS; i++) { + st = &md_tests[i]; + if (!md_hash_from_algorithm(st->algorithm, &label, &md_func, + &md, &out_len)) + goto failed; + + /* Digest */ + memset(out, 0, sizeof(out)); + md_func(st->in, st->in_len, out); + if (memcmp(st->out, out, out_len) != 0) { + fprintf(stderr, "FAIL (%s): mismatch\n", label); + goto failed; + } + + /* EVP single-shot digest */ + memset(out, 0, sizeof(out)); + if (!EVP_Digest(st->in, st->in_len, out, NULL, md, NULL)) { + fprintf(stderr, "FAIL (%s): EVP_Digest failed\n", + label); + goto failed; + } + + if (memcmp(st->out, out, out_len) != 0) { + fprintf(stderr, "FAIL (%s): EVP single-shot mismatch\n", + label); + goto failed; + } + + /* EVP digest */ + memset(out, 0, sizeof(out)); + if (!EVP_DigestInit_ex(hash, md, NULL)) { + fprintf(stderr, "FAIL (%s): EVP_DigestInit_ex failed\n", + label); + goto failed; + } + + in_len = st->in_len / 2; + if (!EVP_DigestUpdate(hash, st->in, in_len)) { + fprintf(stderr, + "FAIL (%s): EVP_DigestUpdate first half failed\n", + label); + goto failed; + } + + if (!EVP_DigestUpdate(hash, st->in + in_len, + st->in_len - in_len)) { + fprintf(stderr, + "FAIL (%s): EVP_DigestUpdate second half failed\n", + label); + goto failed; + } + + if (!EVP_DigestFinal_ex(hash, out, NULL)) { + fprintf(stderr, + "FAIL (%s): EVP_DigestFinal_ex failed\n", + label); + goto failed; + } + + if (memcmp(st->out, out, out_len) != 0) { + fprintf(stderr, "FAIL (%s): EVP mismatch\n", label); + goto failed; + } + } + + failed = 0; + + failed: + EVP_MD_CTX_free(hash); + return failed; +} + +int +main(int argc, char **argv) +{ + int failed = 0; + + failed |= md_test(); + + return failed; +} diff --git a/tests/mont.c b/tests/mont.c index 54626b5c..8b9b14a2 100644 --- a/tests/mont.c +++ b/tests/mont.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mont.c,v 1.4 2021/04/04 19:36:09 tb Exp $ */ +/* $OpenBSD: mont.c,v 1.6 2022/01/14 09:32:27 tb Exp $ */ /* * Copyright (c) 2014 Miodrag Vallat. @@ -35,6 +35,7 @@ int main(int argc, char *argv[]) { DH *dh = NULL; + BIGNUM *priv_key = NULL; unsigned char *key = NULL; unsigned char r[32 + 16 * 8]; size_t privsz; @@ -50,16 +51,20 @@ main(int argc, char *argv[]) goto err; /* force private key to be much larger than public one */ - dh->priv_key = BN_bin2bn(r, privsz, NULL); - if (dh->priv_key == NULL) + priv_key = BN_bin2bn(r, privsz, NULL); + if (priv_key == NULL) goto err; + if (!DH_set0_key(dh, NULL, priv_key)) + goto err; + priv_key = NULL; + if (DH_generate_key(dh) == 0) goto err; key = malloc(DH_size(dh)); if (key == NULL) err(1, "malloc"); - if (DH_compute_key(key, dh->pub_key, dh) == -1) + if (DH_compute_key(key, DH_get0_pub_key(dh), dh) == -1) goto err; free(key); @@ -73,6 +78,7 @@ main(int argc, char *argv[]) err: ERR_print_errors_fp(stderr); free(key); + BN_free(priv_key); DH_free(dh); return 1; } diff --git a/tests/objectstest.c b/tests/objectstest.c new file mode 100644 index 00000000..dba38644 --- /dev/null +++ b/tests/objectstest.c @@ -0,0 +1,544 @@ +/* $OpenBSD: objectstest.c,v 1.6 2022/09/05 21:06:31 tb Exp $ */ +/* + * Copyright (c) 2017, 2022 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include + +static void +hexdump(const unsigned char *buf, size_t len) +{ + size_t i; + + for (i = 1; i <= len; i++) + fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n"); + + fprintf(stderr, "\n"); +} + +static int +obj_compare_bytes(const char *label, const unsigned char *d1, int len1, + const unsigned char *d2, int len2) +{ + if (len1 != len2) { + fprintf(stderr, "FAIL: %s - byte lengths differ " + "(%d != %d)\n", label, len1, len2); + fprintf(stderr, "Got:\n"); + hexdump(d1, len1); + fprintf(stderr, "Want:\n"); + hexdump(d2, len2); + return 0; + } + if (memcmp(d1, d2, len1) != 0) { + fprintf(stderr, "FAIL: %s - bytes differ\n", label); + fprintf(stderr, "Got:\n"); + hexdump(d1, len1); + fprintf(stderr, "Want:\n"); + hexdump(d2, len2); + return 0; + } + return 1; +} + +struct obj_test { + const char *oid; + const char *sn; + const char *ln; + int nid; + uint8_t data[255]; + size_t data_len; +}; + +struct obj_test obj_tests[] = { + { + .oid = NULL, + .sn = "UNDEF", + .ln = "undefined", + .nid = NID_undef, + }, + { + .oid = "2.5.4.10", + .sn = "O", + .ln = "organizationName", + .nid = NID_organizationName, + .data = { + 0x55, 0x04, 0x0a, + }, + .data_len = 3, + }, + { + .oid = "2.5.4.8", + .sn = "ST", + .ln = "stateOrProvinceName", + .nid = NID_stateOrProvinceName, + .data = { + 0x55, 0x04, 0x08, + }, + .data_len = 3, + }, + { + .oid = "2.23.43.1", + .sn = "wap-wsg", + .nid = NID_wap_wsg, + .data = { + 0x67, 0x2b, 0x01, + }, + .data_len = 3, + }, + { + .oid = "1.3.6.1.4.1.11129.2.4.5", + .sn = "ct_cert_scts", + .ln = "CT Certificate SCTs", + .nid = NID_ct_cert_scts, + .data = { + 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, + 0x04, 0x05, + }, + .data_len = 10, + }, + { + .oid = "1.3.6.1.4.1", + .sn = "enterprises", + .ln = "Enterprises", + .nid = NID_Enterprises, + .data = { + 0x2b, 0x06, 0x01, 0x04, 0x01, + }, + .data_len = 5, + }, + { + .oid = "1.3.6.1.4.1.5454.1.70.6.11.2", + .nid = NID_undef, + .data = { + 0x2b, 0x06, 0x01, 0x04, 0x01, 0xaa, 0x4e, 0x01, + 0x46, 0x06, 0x0b, 0x02, + }, + .data_len = 12, + }, + { + .oid = "1.3.6.1.4.1.890.1.5.8.60.102.2", + .nid = NID_undef, + .data = { + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x86, 0x7a, 0x01, + 0x05, 0x08, 0x3c, 0x66, 0x02, + }, + .data_len = 13, + }, + { + .oid = "1.3.6.1.4.1.173.7.3.4.1.1.26", + .nid = NID_undef, + .data = { + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x2d, 0x07, + 0x03, 0x04, 0x01, 0x01, 0x1a, + }, + .data_len = 13, + }, +}; + +#define N_OBJ_TESTS (sizeof(obj_tests) / sizeof(*obj_tests)) + +static int +obj_name_test(struct obj_test *ot) +{ + const char *ln, *sn; + int nid; + int failed = 1; + + if (ot->ln != NULL) { + if ((nid = OBJ_ln2nid(ot->ln)) != ot->nid) { + fprintf(stderr, "FAIL: OBJ_ln2nid() for '%s' = %d, " + "want %d\n", ot->ln, nid, ot->nid); + goto failed; + } + if ((ln = OBJ_nid2ln(ot->nid)) == NULL) { + fprintf(stderr, "FAIL: OBJ_nid2ln() for '%s' returned " + "NULL\n", ot->oid); + goto failed; + } + if (strcmp(ln, ot->ln) != 0) { + fprintf(stderr, "FAIL: OBJ_nid2ln() for '%s' = '%s', " + "want '%s'\n", ot->oid, ln, ot->ln); + goto failed; + } + } + if (ot->sn != NULL) { + if ((nid = OBJ_sn2nid(ot->sn)) != ot->nid) { + fprintf(stderr, "FAIL: OBJ_sn2nid() for '%s' = %d, " + "want %d\n", ot->sn, nid, ot->nid); + goto failed; + } + if ((sn = OBJ_nid2sn(ot->nid)) == NULL) { + fprintf(stderr, "FAIL: OBJ_nid2sn() for '%s' returned " + "NULL\n", ot->oid); + goto failed; + } + if (strcmp(sn, ot->sn) != 0) { + fprintf(stderr, "FAIL: OBJ_nid2sn() for '%s' = '%s', " + "want '%s'\n", ot->oid, sn, ot->sn); + goto failed; + } + } + + failed = 0; + + failed: + return failed; +} + +static int +obj_name_tests(void) +{ + int failed = 0; + size_t i; + + for (i = 0; i < N_OBJ_TESTS; i++) + failed |= obj_name_test(&obj_tests[i]); + + return failed; +} + +static int +obj_nid_test(struct obj_test *ot) +{ + ASN1_OBJECT *obj = NULL; + int nid; + int failed = 1; + + if (ot->nid == NID_undef && ot->oid != NULL) + return 0; + + if ((obj = OBJ_nid2obj(ot->nid)) == NULL) { + fprintf(stderr, "FAIL: OBJ_nid2obj() failed for '%s' (NID %d)\n", + ot->oid, ot->nid); + goto failed; + } + if ((nid = OBJ_obj2nid(obj)) != ot->nid) { + fprintf(stderr, "FAIL: OBJ_obj2nid() failed for '%s' - got %d, " + "want %d\n", ot->oid ? ot->oid : "undef", nid, ot->nid); + goto failed; + } + + failed = 0; + + failed: + ASN1_OBJECT_free(obj); + + return failed; +} + +static int +obj_nid_tests(void) +{ + int failed = 0; + size_t i; + + for (i = 0; i < N_OBJ_TESTS; i++) + failed |= obj_nid_test(&obj_tests[i]); + + return failed; +} + +static int +obj_oid_test(struct obj_test *ot) +{ + ASN1_OBJECT *obj = NULL; + char buf[1024]; + int len, nid; + int failed = 1; + + if (ot->oid == NULL) + return 0; + + if ((obj = OBJ_txt2obj(ot->oid, 0)) == NULL) { + fprintf(stderr, "FAIL: OBJ_txt2obj() failed for '%s'\n", ot->oid); + goto failed; + } + if ((nid = OBJ_txt2nid(ot->oid)) != ot->nid) { + fprintf(stderr, "FAIL: OBJ_txt2nid() failed for '%s', got %d " + "want %d\n", ot->oid, nid, ot->nid); + goto failed; + } + + if (!obj_compare_bytes("object data", OBJ_get0_data(obj), OBJ_length(obj), + ot->data, ot->data_len)) + goto failed; + + len = OBJ_obj2txt(buf, sizeof(buf), obj, 1); + if (len <= 0 || (size_t)len >= sizeof(buf)) { + fprintf(stderr, "FAIL: OBJ_obj2txt() failed for '%s'\n", ot->oid); + goto failed; + } + if (strcmp(buf, ot->oid) != 0) { + fprintf(stderr, "FAIL: OBJ_obj2txt() returned '%s', want '%s'\n", + buf, ot->oid); + goto failed; + } + + if ((OBJ_obj2txt(NULL, 0, obj, 1) != len)) { + fprintf(stderr, "FAIL: OBJ_obj2txt() with NULL buffer != %d\n", + len); + goto failed; + } + if ((OBJ_obj2txt(buf, 3, obj, 1) != len)) { + fprintf(stderr, "FAIL: OBJ_obj2txt() with short buffer != %d\n", + len); + goto failed; + } + + failed = 0; + + failed: + ASN1_OBJECT_free(obj); + + return failed; +} + +static int +obj_oid_tests(void) +{ + int failed = 0; + size_t i; + + for (i = 0; i < N_OBJ_TESTS; i++) + failed |= obj_oid_test(&obj_tests[i]); + + return failed; +} + +static int +obj_txt_test(struct obj_test *ot) +{ + ASN1_OBJECT *obj = NULL; + const char *want; + char buf[1024]; + int len, nid; + int failed = 1; + + if (ot->oid == NULL) + return 0; + + if (ot->sn != NULL) { + if ((obj = OBJ_txt2obj(ot->sn, 0)) == NULL) { + fprintf(stderr, "FAIL: OBJ_txt2obj() failed for '%s'\n", + ot->sn); + goto failed; + } + if ((nid = OBJ_obj2nid(obj)) != ot->nid) { + fprintf(stderr, "FAIL: OBJ_txt2obj() failed for '%s', " + "got nid %d want %d\n", ot->sn, nid, ot->nid); + goto failed; + } + ASN1_OBJECT_free(obj); + obj = NULL; + } + if (ot->ln != NULL) { + if ((obj = OBJ_txt2obj(ot->ln, 0)) == NULL) { + fprintf(stderr, "FAIL: OBJ_txt2obj() failed for '%s'\n", + ot->ln); + goto failed; + } + if ((nid = OBJ_obj2nid(obj)) != ot->nid) { + fprintf(stderr, "FAIL: OBJ_txt2obj() failed for '%s', " + "got nid %d want %d\n", ot->ln, nid, ot->nid); + goto failed; + } + ASN1_OBJECT_free(obj); + obj = NULL; + } + + if ((obj = OBJ_txt2obj(ot->oid, 0)) == NULL) { + fprintf(stderr, "FAIL: OBJ_txt2obj() failed for '%s'\n", ot->oid); + goto failed; + } + if ((nid = OBJ_obj2nid(obj)) != ot->nid) { + fprintf(stderr, "FAIL: OBJ_txt2obj() failed for '%s', " + "got nid %d want %d\n", ot->oid, nid, ot->nid); + goto failed; + } + + len = OBJ_obj2txt(buf, sizeof(buf), obj, 0); + if (len <= 0 || (size_t)len >= sizeof(buf)) { + fprintf(stderr, "FAIL: OBJ_obj2txt() failed for '%s'\n", ot->oid); + goto failed; + } + want = ot->ln; + if (want == NULL) + want = ot->sn; + if (want == NULL) + want = ot->oid; + if (strcmp(buf, want) != 0) { + fprintf(stderr, "FAIL: OBJ_obj2txt() returned '%s', want '%s'\n", + buf, want); + goto failed; + } + + failed = 0; + + failed: + ASN1_OBJECT_free(obj); + + return failed; +} + +static int +obj_txt_tests(void) +{ + int failed = 0; + size_t i; + + for (i = 0; i < N_OBJ_TESTS; i++) + failed |= obj_txt_test(&obj_tests[i]); + + return failed; +} + +/* OID 1.3.18446744073709551615 (64 bits). */ +const uint8_t asn1_large_oid1[] = { + 0x06, 0x0b, + 0x2b, 0x81, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x7f, +}; + +/* OID 1.3.18446744073709551616 (65 bits). */ +const uint8_t asn1_large_oid2[] = { + 0x06, 0x0b, + 0x2b, 0x82, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, + 0x80, 0x80, 0x00, +}; + +/* OID 1.3.340282366920938463463374607431768211455 (128 bits). */ +const uint8_t asn1_large_oid3[] = { + 0x06, 0x14, + 0x2b, 0x83, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0x7f, +}; + +/* OID 1.3.115792089237316195423570985008687907853269984665640564039457584007913129639935 (256 bits). */ +const uint8_t asn1_large_oid4[] = { + 0x06, 0x26, + 0x2b, 0x8f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, +}; + +struct oid_large_test { + const char *oid; + const uint8_t *asn1_der; + size_t asn1_der_len; + int obj2txt; +}; + +struct oid_large_test oid_large_tests[] = { + { + .oid = "1.3.18446744073709551615", + .asn1_der = asn1_large_oid1, + .asn1_der_len = sizeof(asn1_large_oid1), + .obj2txt = 1, + }, + { + .oid = "1.3.18446744073709551616", + .asn1_der = asn1_large_oid2, + .asn1_der_len = sizeof(asn1_large_oid2), + .obj2txt = 0, + }, + { + .oid = "1.3.340282366920938463463374607431768211455", + .asn1_der = asn1_large_oid3, + .asn1_der_len = sizeof(asn1_large_oid3), + .obj2txt = 0, + }, + { + .oid = "1.3.115792089237316195423570985008687907853269984665640" + "564039457584007913129639935", + .asn1_der = asn1_large_oid4, + .asn1_der_len = sizeof(asn1_large_oid4), + .obj2txt = 0, + }, +}; + +#define N_OID_LARGE_TESTS (sizeof(oid_large_tests) / sizeof(*oid_large_tests)) + +static int +obj_oid_large_test(size_t test_no, struct oid_large_test *olt) +{ + ASN1_OBJECT *obj = NULL; + const uint8_t *p; + char buf[1024]; + int len; + int failed = 1; + + p = olt->asn1_der; + if ((obj = d2i_ASN1_OBJECT(NULL, &p, olt->asn1_der_len)) == NULL) { + fprintf(stderr, "FAIL: d2i_ASN1_OBJECT() failed for large " + "oid %zu\n", test_no); + goto failed; + } + len = OBJ_obj2txt(buf, sizeof(buf), obj, 1); + if (len < 0 || (size_t)len >= sizeof(buf)) { + fprintf(stderr, "FAIL: OBJ_obj2txt() failed for large " + "oid %zu\n", test_no); + goto failed; + } + if ((len != 0) != olt->obj2txt) { + fprintf(stderr, "FAIL: OBJ_obj2txt() failed for large " + "oid %zu\n", test_no); + goto failed; + } + if (len != 0 && strcmp(buf, olt->oid) != 0) { + fprintf(stderr, "FAIL: OBJ_obj2txt() returned '%s', want '%s'\n", + buf, olt->oid); + goto failed; + } + + failed = 0; + + failed: + ASN1_OBJECT_free(obj); + + return failed; +} + +static int +obj_oid_large_tests(void) +{ + int failed = 0; + size_t i; + + for (i = 0; i < N_OID_LARGE_TESTS; i++) + failed |= obj_oid_large_test(i, &oid_large_tests[i]); + + return failed; +} + +int +main(int argc, char **argv) +{ + int failed = 0; + + failed |= obj_name_tests(); + failed |= obj_nid_tests(); + failed |= obj_oid_tests(); + failed |= obj_txt_tests(); + failed |= obj_oid_large_tests(); + + return (failed); +} diff --git a/tests/optionstest.c b/tests/optionstest.c index e860f0d9..af9dc1ef 100644 --- a/tests/optionstest.c +++ b/tests/optionstest.c @@ -24,7 +24,6 @@ #include #include -#include /* Needed to keep apps.c happy... */ BIO *bio_err; diff --git a/tests/quictest.bat b/tests/quictest.bat new file mode 100644 index 00000000..1d48884c --- /dev/null +++ b/tests/quictest.bat @@ -0,0 +1,14 @@ +@echo off +setlocal enabledelayedexpansion +REM quictest.bat + +set quictest_bin=%1 +set quictest_bin=%quictest_bin:/=\% +if not exist %quictest_bin% exit /b 1 + +%quictest_bin% %srcdir%\server.pem %srcdir%\server.pem %srcdir%\ca.pem +if !errorlevel! neq 0 ( + exit /b 1 +) + +endlocal diff --git a/tests/quictest.c b/tests/quictest.c new file mode 100644 index 00000000..cdd4b238 --- /dev/null +++ b/tests/quictest.c @@ -0,0 +1,339 @@ +/* $OpenBSD: quictest.c,v 1.1 2022/08/27 09:16:29 jsing Exp $ */ +/* + * Copyright (c) 2020, 2021, 2022 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include + +const char *server_ca_file; +const char *server_cert_file; +const char *server_key_file; + +int debug = 0; + +static void +hexdump(const unsigned char *buf, size_t len) +{ + size_t i; + + for (i = 1; i <= len; i++) + fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n"); + + if (len % 8) + fprintf(stderr, "\n"); +} + +struct quic_data { + enum ssl_encryption_level_t rlevel; + enum ssl_encryption_level_t wlevel; + BIO *rbio; + BIO *wbio; +}; + +static int +quic_set_read_secret(SSL *ssl, enum ssl_encryption_level_t level, + const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len) +{ + struct quic_data *qd = SSL_get_app_data(ssl); + + qd->rlevel = level; + + return 1; +} + +static int +quic_set_write_secret(SSL *ssl, enum ssl_encryption_level_t level, + const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len) +{ + struct quic_data *qd = SSL_get_app_data(ssl); + + qd->wlevel = level; + + return 1; +} + +static int +quic_read_handshake_data(SSL *ssl) +{ + struct quic_data *qd = SSL_get_app_data(ssl); + uint8_t buf[2048]; + int ret; + + if ((ret = BIO_read(qd->rbio, buf, sizeof(buf))) > 0) { + if (debug > 1) { + fprintf(stderr, "== quic_read_handshake_data ==\n"); + hexdump(buf, ret); + } + if (!SSL_provide_quic_data(ssl, qd->rlevel, buf, ret)) + return -1; + } + + return 1; +} + +static int +quic_add_handshake_data(SSL *ssl, enum ssl_encryption_level_t level, + const uint8_t *data, size_t len) +{ + struct quic_data *qd = SSL_get_app_data(ssl); + int ret; + + if (debug > 1) { + fprintf(stderr, "== quic_add_handshake_data\n"); + hexdump(data, len); + } + + if ((ret = BIO_write(qd->wbio, data, len)) <= 0) + return 0; + + return (size_t)ret == len; +} + +static int +quic_flush_flight(SSL *ssl) +{ + return 1; +} + +static int +quic_send_alert(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert) +{ + return 1; +} + +const SSL_QUIC_METHOD quic_method = { + .set_read_secret = quic_set_read_secret, + .set_write_secret = quic_set_write_secret, + .add_handshake_data = quic_add_handshake_data, + .flush_flight = quic_flush_flight, + .send_alert = quic_send_alert, +}; + +static SSL * +quic_client(struct quic_data *data) +{ + SSL_CTX *ssl_ctx = NULL; + SSL *ssl = NULL; + + if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) + errx(1, "client context"); + + if (!SSL_CTX_set_quic_method(ssl_ctx, &quic_method)) { + fprintf(stderr, "FAIL: Failed to set QUIC method\n"); + goto failure; + } + + if ((ssl = SSL_new(ssl_ctx)) == NULL) + errx(1, "client ssl"); + + SSL_set_connect_state(ssl); + SSL_set_app_data(ssl, data); + + failure: + SSL_CTX_free(ssl_ctx); + + return ssl; +} + +static SSL * +quic_server(struct quic_data *data) +{ + SSL_CTX *ssl_ctx = NULL; + SSL *ssl = NULL; + + if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) + errx(1, "server context"); + + SSL_CTX_set_dh_auto(ssl_ctx, 2); + + if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file, + SSL_FILETYPE_PEM) != 1) { + fprintf(stderr, "FAIL: Failed to load server certificate\n"); + goto failure; + } + if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file, + SSL_FILETYPE_PEM) != 1) { + fprintf(stderr, "FAIL: Failed to load server private key\n"); + goto failure; + } + + if (!SSL_CTX_set_quic_method(ssl_ctx, &quic_method)) { + fprintf(stderr, "FAIL: Failed to set QUIC method\n"); + goto failure; + } + + if ((ssl = SSL_new(ssl_ctx)) == NULL) + errx(1, "server ssl"); + + SSL_set_accept_state(ssl); + SSL_set_app_data(ssl, data); + + failure: + SSL_CTX_free(ssl_ctx); + + return ssl; +} + +static int +ssl_error(SSL *ssl, const char *name, const char *desc, int ssl_ret) +{ + int ssl_err; + + ssl_err = SSL_get_error(ssl, ssl_ret); + + if (ssl_err == SSL_ERROR_WANT_READ) { + if (quic_read_handshake_data(ssl) < 0) + return 0; + return 1; + } else if (ssl_err == SSL_ERROR_WANT_WRITE) { + return 1; + } else if (ssl_err == SSL_ERROR_SYSCALL && errno == 0) { + /* Yup, this is apparently a thing... */ + } else { + fprintf(stderr, "FAIL: %s %s failed - ssl err = %d, errno = %d\n", + name, desc, ssl_err, errno); + ERR_print_errors_fp(stderr); + return 0; + } + + return 1; +} + +static int +do_handshake(SSL *ssl, const char *name, int *done) +{ + int ssl_ret; + + if ((ssl_ret = SSL_do_handshake(ssl)) == 1) { + fprintf(stderr, "INFO: %s handshake done\n", name); + *done = 1; + return 1; + } + + return ssl_error(ssl, name, "handshake", ssl_ret); +} + +typedef int (*ssl_func)(SSL *ssl, const char *name, int *done); + +static int +do_client_server_loop(SSL *client, ssl_func client_func, SSL *server, + ssl_func server_func) +{ + int client_done = 0, server_done = 0; + int i = 0; + + do { + if (!client_done) { + if (debug) + fprintf(stderr, "DEBUG: client loop\n"); + if (!client_func(client, "client", &client_done)) + return 0; + } + if (!server_done) { + if (debug) + fprintf(stderr, "DEBUG: server loop\n"); + if (!server_func(server, "server", &server_done)) + return 0; + } + } while (i++ < 100 && (!client_done || !server_done)); + + if (!client_done || !server_done) + fprintf(stderr, "FAIL: gave up\n"); + + return client_done && server_done; +} + +static int +quictest(void) +{ + struct quic_data *client_data = NULL, *server_data = NULL; + BIO *client_wbio = NULL, *server_wbio = NULL; + SSL *client = NULL, *server = NULL; + int failed = 1; + + if ((client_wbio = BIO_new(BIO_s_mem())) == NULL) + goto failure; + if (BIO_set_mem_eof_return(client_wbio, -1) <= 0) + goto failure; + + if ((server_wbio = BIO_new(BIO_s_mem())) == NULL) + goto failure; + if (BIO_set_mem_eof_return(server_wbio, -1) <= 0) + goto failure; + + if ((client_data = calloc(1, sizeof(*client_data))) == NULL) + goto failure; + + client_data->rbio = server_wbio; + client_data->wbio = client_wbio; + + if ((client = quic_client(client_data)) == NULL) + goto failure; + + if ((server_data = calloc(1, sizeof(*server_data))) == NULL) + goto failure; + + server_data->rbio = client_wbio; + server_data->wbio = server_wbio; + + if ((server = quic_server(server_data)) == NULL) + goto failure; + + if (!do_client_server_loop(client, do_handshake, server, do_handshake)) { + fprintf(stderr, "FAIL: client and server handshake failed\n"); + ERR_print_errors_fp(stderr); + goto failure; + } + + fprintf(stderr, "INFO: Done!\n"); + + failed = 0; + + failure: + BIO_free(client_wbio); + BIO_free(server_wbio); + + free(client_data); + free(server_data); + + SSL_free(client); + SSL_free(server); + + return failed; +} + +int +main(int argc, char **argv) +{ + int failed = 0; + + if (argc != 4) { + fprintf(stderr, "usage: %s keyfile certfile cafile\n", + argv[0]); + exit(1); + } + + server_key_file = argv[1]; + server_cert_file = argv[2]; + server_ca_file = argv[3]; + + failed |= quictest(); + + return failed; +} diff --git a/tests/quictest.sh b/tests/quictest.sh new file mode 100644 index 00000000..cc1982f6 --- /dev/null +++ b/tests/quictest.sh @@ -0,0 +1,13 @@ +#!/bin/sh +set -e + +quictest_bin=./quictest +if [ -e ./quictest.exe ]; then + quictest_bin=./quictest.exe +fi + +if [ -z $srcdir ]; then + srcdir=. +fi + +$quictest_bin $srcdir/server.pem $srcdir/server.pem $srcdir/ca.pem diff --git a/tests/rc2_test.c b/tests/rc2_test.c new file mode 100644 index 00000000..ab95e587 --- /dev/null +++ b/tests/rc2_test.c @@ -0,0 +1,917 @@ +/* $OpenBSD: rc2_test.c,v 1.5 2022/09/12 13:11:36 tb Exp $ */ +/* + * Copyright (c) 2022 Joshua Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include +#include + +struct rc2_test { + const int mode; + const uint8_t key[64]; + const int key_len; + const int key_bits; + const uint8_t iv[64]; + const int iv_len; + const uint8_t in[64]; + const int in_len; + const uint8_t out[64]; + const int out_len; + const int padding; +}; + +static const struct rc2_test rc2_tests[] = { + /* ECB (Test vectors from RFC 2268) */ + { + .mode = NID_rc2_ecb, + .key = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .key_len = 8, + .key_bits = 63, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .in_len = 8, + .out = { + 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff, + }, + .out_len = 8, + }, + { + .mode = NID_rc2_ecb, + .key = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + }, + .key_len = 8, + .key_bits = 64, + .in = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + }, + .in_len = 8, + .out = { + 0x27, 0x8b, 0x27, 0xe4, 0x2e, 0x2f, 0x0d, 0x49, + }, + .out_len = 8, + }, + { + .mode = NID_rc2_ecb, + .key = { + 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .key_len = 8, + .key_bits = 64, + .in = { + 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + }, + .in_len = 8, + .out = { + 0x30, 0x64, 0x9e, 0xdf, 0x9b, 0xe7, 0xd2, 0xc2, + }, + .out_len = 8, + }, + { + .mode = NID_rc2_ecb, + .key = { + 0x88, + }, + .key_len = 1, + .key_bits = 64, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .in_len = 8, + .out = { + 0x61, 0xa8, 0xa2, 0x44, 0xad, 0xac, 0xcc, 0xf0, + }, + .out_len = 8, + }, + { + .mode = NID_rc2_ecb, + .key = { + 0x88, 0xbc, 0xa9, 0x0e, 0x90, 0x87, 0x5a, + }, + .key_len = 7, + .key_bits = 64, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .in_len = 8, + .out = { + 0x6c, 0xcf, 0x43, 0x08, 0x97, 0x4c, 0x26, 0x7f, + }, + .out_len = 8, + }, + { + .mode = NID_rc2_ecb, + .key = { + 0x88, 0xbc, 0xa9, 0x0e, 0x90, 0x87, 0x5a, 0x7f, + 0x0f, 0x79, 0xc3, 0x84, 0x62, 0x7b, 0xaf, 0xb2, + }, + .key_len = 16, + .key_bits = 64, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .in_len = 8, + .out = { + 0x1a, 0x80, 0x7d, 0x27, 0x2b, 0xbe, 0x5d, 0xb1, + }, + .out_len = 8, + }, + { + .mode = NID_rc2_ecb, + .key = { + 0x88, 0xbc, 0xa9, 0x0e, 0x90, 0x87, 0x5a, 0x7f, + 0x0f, 0x79, 0xc3, 0x84, 0x62, 0x7b, 0xaf, 0xb2, + }, + .key_len = 16, + .key_bits = 128, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .in_len = 8, + .out = { + 0x22, 0x69, 0x55, 0x2a, 0xb0, 0xf8, 0x5c, 0xa6, + }, + .out_len = 8, + }, + { + .mode = NID_rc2_ecb, + .key = { + 0x88, 0xbc, 0xa9, 0x0e, 0x90, 0x87, 0x5a, 0x7f, + 0x0f, 0x79, 0xc3, 0x84, 0x62, 0x7b, 0xaf, 0xb2, + 0x16, 0xf8, 0x0a, 0x6f, 0x85, 0x92, 0x05, 0x84, + 0xc4, 0x2f, 0xce, 0xb0, 0xbe, 0x25, 0x5d, 0xaf, + 0x1e, + }, + .key_len = 33, + .key_bits = 129, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .in_len = 8, + .out = { + 0x5b, 0x78, 0xd3, 0xa4, 0x3d, 0xff, 0xf1, 0xf1, + }, + .out_len = 8, + }, + + /* ECB (Test vectors from http://websites.umich.edu/~x509/ssleay/rrc2.html) */ + { + .mode = NID_rc2_ecb, + .key = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .key_len = 16, + .key_bits = 1024, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .in_len = 8, + .out = { + 0x1c, 0x19, 0x8a, 0x83, 0x8d, 0xf0, 0x28, 0xb7, + }, + .out_len = 8, + }, + { + .mode = NID_rc2_ecb, + .key = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + }, + .key_len = 16, + .key_bits = 1024, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .in_len = 8, + .out = { + 0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74, + }, + .out_len = 8, + }, + { + .mode = NID_rc2_ecb, + .key = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .key_len = 16, + .key_bits = 1024, + .in = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + }, + .in_len = 8, + .out = { + 0x13, 0xdb, 0x35, 0x17, 0xd3, 0x21, 0x86, 0x9e, + }, + .out_len = 8, + }, + { + .mode = NID_rc2_ecb, + .key = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + }, + .key_len = 16, + .key_bits = 1024, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .in_len = 8, + .out = { + 0x50, 0xdc, 0x01, 0x62, 0xbd, 0x75, 0x7f, 0x31, + }, + .out_len = 8, + }, + + /* CBC (generated using https://github.com/joshuasing/libressl-test-gen) */ + { + .mode = NID_rc2_cbc, + .key = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .key_len = 8, + .key_bits = 64, + .iv = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .iv_len = 8, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .in_len = 16, + .out = { + 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff, + 0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57, + }, + .out_len = 16, + }, + { + .mode = NID_rc2_cbc, + .key = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + }, + .key_len = 16, + .key_bits = 128, + .iv = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .iv_len = 8, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .in_len = 16, + .out = { + 0x9c, 0x4b, 0xfe, 0x6d, 0xfe, 0x73, 0x9c, 0x2b, + 0x52, 0x8f, 0xc8, 0x47, 0x2b, 0x66, 0xf9, 0x70, + }, + .out_len = 16, + }, + { + .mode = NID_rc2_cbc, + .key = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + }, + .key_len = 16, + .key_bits = 128, + .iv = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .iv_len = 8, + .in = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + }, + .in_len = 16, + .out = { + 0x8b, 0x11, 0x08, 0x1c, 0xf0, 0xa0, 0x86, 0xe9, + 0x60, 0x57, 0x69, 0x5d, 0xdd, 0x42, 0x38, 0xe3, + }, + .out_len = 16, + }, + { + .mode = NID_rc2_cbc, + .key = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + }, + .key_len = 16, + .key_bits = 128, + .iv = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + }, + .iv_len = 8, + .in = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + }, + .in_len = 32, + .out = { + 0x9c, 0x4b, 0xfe, 0x6d, 0xfe, 0x73, 0x9c, 0x2b, + 0x29, 0xf1, 0x7a, 0xd2, 0x16, 0xa0, 0xb2, 0xc6, + 0xd1, 0xa2, 0x31, 0xbe, 0xa3, 0x94, 0xc6, 0xb0, + 0x81, 0x22, 0x27, 0x17, 0x5b, 0xd4, 0x6d, 0x29, + }, + .out_len = 32, + }, + + /* CFB64 (generated using https://github.com/joshuasing/libressl-test-gen) */ + { + .mode = NID_rc2_cfb64, + .key = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .key_len = 8, + .key_bits = 64, + .iv = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .iv_len = 8, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .in_len = 16, + .out = { + 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff, + 0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57, + }, + .out_len = 16, + }, + { + .mode = NID_rc2_cfb64, + .key = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + }, + .key_len = 16, + .key_bits = 128, + .iv = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .iv_len = 8, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .in_len = 16, + .out = { + 0x9c, 0x4b, 0xfe, 0x6d, 0xfe, 0x73, 0x9c, 0x2b, + 0x52, 0x8f, 0xc8, 0x47, 0x2b, 0x66, 0xf9, 0x70, + }, + .out_len = 16, + }, + { + .mode = NID_rc2_cfb64, + .key = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + }, + .key_len = 16, + .key_bits = 128, + .iv = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .iv_len = 8, + .in = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + }, + .in_len = 16, + .out = { + 0x9c, 0x4a, 0xfc, 0x6e, 0xfa, 0x76, 0x9a, 0x2c, + 0xeb, 0xdf, 0x25, 0xb0, 0x15, 0x8b, 0x6a, 0x2a, + }, + .out_len = 16, + }, + { + .mode = NID_rc2_cfb64, + .key = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + }, + .key_len = 16, + .key_bits = 128, + .iv = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + }, + .iv_len = 8, + .in = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + }, + .in_len = 32, + .out = { + 0x8b, 0x10, 0x0a, 0x1f, 0xf4, 0xa5, 0x80, 0xee, + 0x94, 0x4d, 0xc3, 0xcd, 0x26, 0x79, 0x81, 0xc0, + 0xe9, 0x3e, 0x20, 0x85, 0x11, 0x71, 0x61, 0x2a, + 0x1d, 0x4c, 0x8a, 0xe2, 0xb7, 0x0a, 0xa8, 0xcf, + }, + .out_len = 32, + }, + + /* OFB64 (generated using https://github.com/joshuasing/libressl-test-gen) */ + { + .mode = NID_rc2_ofb64, + .key = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .key_len = 8, + .key_bits = 64, + .iv = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .iv_len = 8, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .in_len = 16, + .out = { + 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff, + 0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57, + }, + .out_len = 16, + }, + { + .mode = NID_rc2_ofb64, + .key = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + }, + .key_len = 16, + .key_bits = 128, + .iv = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .iv_len = 8, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .in_len = 16, + .out = { + 0x9c, 0x4b, 0xfe, 0x6d, 0xfe, 0x73, 0x9c, 0x2b, + 0x52, 0x8f, 0xc8, 0x47, 0x2b, 0x66, 0xf9, 0x70, + }, + .out_len = 16, + }, + { + .mode = NID_rc2_ofb64, + .key = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + }, + .key_len = 16, + .key_bits = 128, + .iv = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .iv_len = 8, + .in = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + }, + .in_len = 16, + .out = { + 0x9c, 0x4a, 0xfc, 0x6e, 0xfa, 0x76, 0x9a, 0x2c, + 0x5a, 0x86, 0xc2, 0x4c, 0x27, 0x6b, 0xf7, 0x7f, + }, + .out_len = 16, + }, + { + .mode = NID_rc2_ofb64, + .key = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + }, + .key_len = 16, + .key_bits = 128, + .iv = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + }, + .iv_len = 8, + .in = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + }, + .in_len = 32, + .out = { + 0x8b, 0x10, 0x0a, 0x1f, 0xf4, 0xa5, 0x80, 0xee, + 0xfa, 0x1d, 0x1a, 0x7c, 0xb2, 0x93, 0x00, 0x9d, + 0x36, 0xa1, 0xff, 0x3a, 0x77, 0x1d, 0x00, 0x9b, + 0x20, 0xde, 0x5f, 0x93, 0xcc, 0x3e, 0x51, 0xaa, + }, + .out_len = 32, + }, +}; + +#define N_RC2_TESTS (sizeof(rc2_tests) / sizeof(rc2_tests[0])) + +static int +rc2_ecb_test(size_t test_number, const struct rc2_test *rt) +{ + RC2_KEY key; + uint8_t out[8]; + + /* Encryption */ + memset(out, 0, sizeof(out)); + RC2_set_key(&key, rt->key_len, rt->key, rt->key_bits); + RC2_ecb_encrypt(rt->in, out, &key, 1); + + if (memcmp(rt->out, out, rt->out_len) != 0) { + fprintf(stderr, "FAIL (%s:%zu): encryption mismatch\n", + SN_rc2_ecb, test_number); + return 0; + } + + /* Decryption */ + memset(out, 0, sizeof(out)); + RC2_set_key(&key, rt->key_len, rt->key, rt->key_bits); + RC2_ecb_encrypt(rt->out, out, &key, 0); + + if (memcmp(rt->in, out, rt->in_len) != 0) { + fprintf(stderr, "FAIL (%s:%zu): decryption mismatch\n", + SN_rc2_ecb, test_number); + return 0; + } + + return 1; +} + +static int +rc2_cbc_test(size_t test_number, const struct rc2_test *rt) +{ + RC2_KEY key; + uint8_t out[512]; + uint8_t iv[64]; + + /* Encryption */ + memset(out, 0, sizeof(out)); + memcpy(iv, rt->iv, rt->iv_len); + RC2_set_key(&key, rt->key_len, rt->key, rt->key_bits); + RC2_cbc_encrypt(rt->in, out, rt->in_len, &key, iv, 1); + + if (memcmp(rt->out, out, rt->out_len) != 0) { + fprintf(stderr, "FAIL (%s:%zu): encryption mismatch\n", + SN_rc2_cbc, test_number); + return 0; + } + + /* Decryption */ + memset(out, 0, sizeof(out)); + memcpy(iv, rt->iv, rt->iv_len); + RC2_set_key(&key, rt->key_len, rt->key, rt->key_bits); + RC2_cbc_encrypt(rt->out, out, rt->out_len, &key, iv, 0); + + if (memcmp(rt->in, out, rt->in_len) != 0) { + fprintf(stderr, "FAIL (%s:%zu): decryption mismatch\n", + SN_rc2_cbc, test_number); + return 0; + } + + return 1; +} + +static int +rc2_cfb64_test(size_t test_number, const struct rc2_test *rt) +{ + RC2_KEY key; + uint8_t out[512]; + uint8_t iv[64]; + int remainder = 0; + + /* Encryption */ + memset(out, 0, sizeof(out)); + memcpy(iv, rt->iv, rt->iv_len); + RC2_set_key(&key, rt->key_len, rt->key, rt->key_bits); + RC2_cfb64_encrypt(rt->in, out, rt->in_len * 8, &key, iv, &remainder, 1); + + if (memcmp(rt->out, out, rt->out_len) != 0) { + fprintf(stderr, "FAIL (%s:%zu): encryption mismatch\n", + SN_rc2_cbc, test_number); + return 0; + } + + /* Decryption */ + memset(out, 0, sizeof(out)); + memcpy(iv, rt->iv, rt->iv_len); + RC2_set_key(&key, rt->key_len, rt->key, rt->key_bits); + RC2_cfb64_encrypt(rt->out, out, rt->out_len, &key, iv, &remainder, 0); + + if (memcmp(rt->in, out, rt->in_len) != 0) { + fprintf(stderr, "FAIL (%s:%zu): decryption mismatch\n", + SN_rc2_cbc, test_number); + return 0; + } + + return 1; +} + +static int +rc2_ofb64_test(size_t test_number, const struct rc2_test *rt) +{ + RC2_KEY key; + uint8_t out[512]; + uint8_t iv[64]; + int remainder = 0; + + /* Encryption */ + memset(out, 0, sizeof(out)); + memcpy(iv, rt->iv, rt->iv_len); + RC2_set_key(&key, rt->key_len, rt->key, rt->key_bits); + RC2_ofb64_encrypt(rt->in, out, rt->in_len, &key, iv, &remainder); + + if (memcmp(rt->out, out, rt->out_len) != 0) { + fprintf(stderr, "FAIL (%s:%zu): encryption mismatch\n", + SN_rc2_cbc, test_number); + return 0; + } + + /* Decryption */ + memset(out, 0, sizeof(out)); + memcpy(iv, rt->iv, rt->iv_len); + RC2_set_key(&key, rt->key_len, rt->key, rt->key_bits); + RC2_ofb64_encrypt(rt->out, out, rt->out_len, &key, iv, &remainder); + + if (memcmp(rt->in, out, rt->in_len) != 0) { + fprintf(stderr, "FAIL (%s:%zu): decryption mismatch\n", + SN_rc2_cbc, test_number); + return 0; + } + + return 1; +} + +static int +rc2_evp_test(size_t test_number, const struct rc2_test *rt, const char *label, + const EVP_CIPHER *cipher) +{ + EVP_CIPHER_CTX *ctx; + uint8_t out[512]; + int in_len, out_len, total_len; + int i; + int success = 0; + + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) { + fprintf(stderr, "FAIL (%s:%zu): EVP_CIPHER_CTX_new failed\n", + label, test_number); + goto failed; + } + + /* EVP encryption */ + total_len = 0; + memset(out, 0, sizeof(out)); + if (!EVP_EncryptInit(ctx, cipher, NULL, NULL)) { + fprintf(stderr, "FAIL (%s:%zu): EVP_EncryptInit failed\n", + label, test_number); + goto failed; + } + + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, + rt->key_bits, NULL) <= 0) { + fprintf(stderr, "FAIL (%s:%zu): EVP_CIPHER_CTX_ctrl failed\n", + label, test_number); + goto failed; + } + + if (!EVP_CIPHER_CTX_set_key_length(ctx, rt->key_len)) { + fprintf(stderr, + "FAIL (%s:%zu): EVP_CIPHER_CTX_set_key_length failed\n", + label, test_number); + goto failed; + } + + if (!EVP_CIPHER_CTX_set_padding(ctx, rt->padding)) { + fprintf(stderr, + "FAIL (%s:%zu): EVP_CIPHER_CTX_set_padding failed\n", + label, test_number); + goto failed; + } + + if (!EVP_EncryptInit(ctx, NULL, rt->key, rt->iv)) { + fprintf(stderr, "FAIL (%s:%zu): EVP_EncryptInit failed\n", + label, test_number); + goto failed; + } + + for (i = 0; i < rt->in_len;) { + in_len = arc4random_uniform(sizeof(rt->in_len) / 2); + if (in_len > rt->in_len - i) + in_len = rt->in_len - i; + + if (!EVP_EncryptUpdate(ctx, out + total_len, &out_len, + rt->in + i, in_len)) { + fprintf(stderr, + "FAIL (%s:%zu): EVP_EncryptUpdate failed\n", + label, test_number); + goto failed; + } + + i += in_len; + total_len += out_len; + } + + if (!EVP_EncryptFinal_ex(ctx, out + out_len, &out_len)) { + fprintf(stderr, "FAIL (%s:%zu): EVP_EncryptFinal_ex failed\n", + label, test_number); + goto failed; + } + total_len += out_len; + + if (!EVP_CIPHER_CTX_reset(ctx)) { + fprintf(stderr, + "FAIL (%s:%zu): EVP_CIPHER_CTX_reset failed\n", + label, test_number); + goto failed; + } + + if (total_len != rt->out_len) { + fprintf(stderr, + "FAIL (%s:%zu): EVP encryption length mismatch\n", + label, test_number); + goto failed; + } + + if (memcmp(rt->out, out, rt->out_len) != 0) { + fprintf(stderr, "FAIL (%s:%zu): EVP encryption mismatch\n", + label, test_number); + goto failed; + } + + /* EVP decryption */ + total_len = 0; + memset(out, 0, sizeof(out)); + if (!EVP_DecryptInit(ctx, cipher, NULL, NULL)) { + fprintf(stderr, "FAIL (%s:%zu): EVP_DecryptInit failed\n", + label, test_number); + goto failed; + } + + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, + rt->key_bits, NULL) <= 0) { + fprintf(stderr, "FAIL (%s:%zu): EVP_CIPHER_CTX_ctrl failed\n", + label, test_number); + goto failed; + } + + if (!EVP_CIPHER_CTX_set_key_length(ctx, rt->key_len)) { + fprintf(stderr, + "FAIL (%s:%zu): EVP_CIPHER_CTX_set_key_length failed\n", + label, test_number); + goto failed; + } + + if (!EVP_CIPHER_CTX_set_padding(ctx, rt->padding)) { + fprintf(stderr, + "FAIL (%s:%zu): EVP_CIPHER_CTX_set_padding failed\n", + label, test_number); + goto failed; + } + + if (!EVP_DecryptInit(ctx, NULL, rt->key, rt->iv)) { + fprintf(stderr, "FAIL (%s:%zu): EVP_DecryptInit failed\n", + label, test_number); + goto failed; + } + + for (i = 0; i < rt->out_len;) { + in_len = arc4random_uniform(sizeof(rt->out_len) / 2); + if (in_len > rt->out_len - i) + in_len = rt->out_len - i; + + if (!EVP_DecryptUpdate(ctx, out + total_len, &out_len, + rt->out + i, in_len)) { + fprintf(stderr, + "FAIL (%s:%zu): EVP_DecryptUpdate failed\n", + label, test_number); + goto failed; + } + + i += in_len; + total_len += out_len; + } + + if (!EVP_DecryptFinal_ex(ctx, out + total_len, &out_len)) { + fprintf(stderr, "FAIL (%s:%zu): EVP_DecryptFinal_ex failed\n", + label, test_number); + goto failed; + } + total_len += out_len; + + if (!EVP_CIPHER_CTX_reset(ctx)) { + fprintf(stderr, + "FAIL (%s:%zu): EVP_CIPHER_CTX_reset failed\n", + label, test_number); + goto failed; + } + + if (total_len != rt->in_len) { + fprintf(stderr, + "FAIL (%s:%zu): EVP decryption length mismatch\n", + label, test_number); + goto failed; + } + + if (memcmp(rt->in, out, rt->in_len) != 0) { + fprintf(stderr, "FAIL (%s:%zu): EVP decryption mismatch\n", + label, test_number); + goto failed; + } + + success = 1; + + failed: + EVP_CIPHER_CTX_free(ctx); + return success; +} + +static int +rc2_test(void) +{ + const struct rc2_test *rt; + const char *label; + const EVP_CIPHER *cipher; + size_t i; + int failed = 1; + + for (i = 0; i < N_RC2_TESTS; i++) { + rt = &rc2_tests[i]; + switch (rt->mode) { + case NID_rc2_ecb: + label = SN_rc2_ecb; + cipher = EVP_rc2_ecb(); + if (!rc2_ecb_test(i, rt)) + goto failed; + break; + case NID_rc2_cbc: + label = SN_rc2_cbc; + cipher = EVP_rc2_cbc(); + if (!rc2_cbc_test(i, rt)) + goto failed; + break; + case NID_rc2_cfb64: + label = SN_rc2_cfb64; + cipher = EVP_rc2_cfb64(); + if (!rc2_cfb64_test(i, rt)) + goto failed; + break; + case NID_rc2_ofb64: + label = SN_rc2_ofb64; + cipher = EVP_rc2_ofb(); + if (!rc2_ofb64_test(i, rt)) + goto failed; + break; + default: + fprintf(stderr, "FAIL: unknown mode (%d)\n", + rt->mode); + goto failed; + } + + if (!rc2_evp_test(i, rt, label, cipher)) + goto failed; + } + + failed = 0; + + failed: + return failed; +} + +int +main(int argc, char **argv) +{ + int failed = 0; + + failed |= rc2_test(); + + return failed; +} diff --git a/tests/rc4_test.c b/tests/rc4_test.c new file mode 100644 index 00000000..4f5ea626 --- /dev/null +++ b/tests/rc4_test.c @@ -0,0 +1,479 @@ +/* $OpenBSD: rc4_test.c,v 1.5 2022/09/12 04:26:38 tb Exp $ */ +/* + * Copyright (c) 2022 Joshua Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include +#include + +struct rc4_test { + const uint8_t key[32]; + const int key_len; + const int len; + const uint8_t in[512]; + const uint8_t out[512]; +}; + +static const struct rc4_test rc4_tests[] = { + /* + * Test vectors from RFC 6229, with 40 and 128-bit keys. + * Note that this only uses the first 32 bytes of each test vector due + * to stream offsets. + */ + { + .key = { + 0x01, 0x02, 0x03, 0x04, 0x05, + }, + .key_len = 5, + .len = 32, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .out = { + 0xb2, 0x39, 0x63, 0x05, 0xf0, 0x3d, 0xc0, 0x27, + 0xcc, 0xc3, 0x52, 0x4a, 0x0a, 0x11, 0x18, 0xa8, + 0x69, 0x82, 0x94, 0x4f, 0x18, 0xfc, 0x82, 0xd5, + 0x89, 0xc4, 0x03, 0xa4, 0x7a, 0x0d, 0x09, 0x19, + }, + }, + { + .key = { + 0x83, 0x32, 0x22, 0x77, 0x2a, + }, + .key_len = 5, + .len = 32, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .out = { + 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, + 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda, + 0x20, 0xf0, 0x60, 0xc2, 0xf2, 0xe5, 0x12, 0x65, + 0x01, 0xd3, 0xd4, 0xfe, 0xa1, 0x0d, 0x5f, 0xc0, + }, + }, + { + .key = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, + }, + .key_len = 16, + .len = 32, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .out = { + 0x9a, 0xc7, 0xcc, 0x9a, 0x60, 0x9d, 0x1e, 0xf7, + 0xb2, 0x93, 0x28, 0x99, 0xcd, 0xe4, 0x1b, 0x97, + 0x52, 0x48, 0xc4, 0x95, 0x90, 0x14, 0x12, 0x6a, + 0x6e, 0x8a, 0x84, 0xf1, 0x1d, 0x1a, 0x9e, 0x1c, + }, + }, + { + .key = { + 0xeb, 0xb4, 0x62, 0x27, 0xc6, 0xcc, 0x8b, 0x37, + 0x64, 0x19, 0x10, 0x83, 0x32, 0x22, 0x77, 0x2a, + }, + .key_len = 16, + .len = 32, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .out = { + 0x72, 0x0c, 0x94, 0xb6, 0x3e, 0xdf, 0x44, 0xe1, + 0x31, 0xd9, 0x50, 0xca, 0x21, 0x1a, 0x5a, 0x30, + 0xc3, 0x66, 0xfd, 0xea, 0xcf, 0x9c, 0xa8, 0x04, + 0x36, 0xbe, 0x7c, 0x35, 0x84, 0x24, 0xd2, 0x0b, + }, + }, + + /* + * Test vectors from the original cypherpunk posting of ARC4: + * https://groups.google.com/group/sci.crypt/msg/10a300c9d21afca0?pli=1 + */ + { + .key = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + }, + .key_len = 8, + .len = 8, + .in = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + }, + .out = { + 0x75, 0xb7, 0x87, 0x80, 0x99, 0xe0, 0xc5, 0x96, + }, + }, + { + .key = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + }, + .key_len = 8, + .len = 8, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .out = { + 0x74, 0x94, 0xc2, 0xe7, 0x10, 0x4b, 0x08, 0x79, + }, + }, + { + .key = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .key_len = 8, + .len = 8, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .out = { + 0xde, 0x18, 0x89, 0x41, 0xa3, 0x37, 0x5d, 0x3a, + }, + }, + { + .key = { + 0xef, 0x01, 0x23, 0x45, + }, + .key_len = 4, + .len = 10, + .in = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, + }, + .out = { + 0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf, + 0xbd, 0x61, + }, + }, + { + .key = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + }, + .key_len = 8, + .len = 512, + .in = { + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + }, + .out = { + 0x75, 0x95, 0xc3, 0xe6, 0x11, 0x4a, 0x09, 0x78, + 0x0c, 0x4a, 0xd4, 0x52, 0x33, 0x8e, 0x1f, 0xfd, + 0x9a, 0x1b, 0xe9, 0x49, 0x8f, 0x81, 0x3d, 0x76, + 0x53, 0x34, 0x49, 0xb6, 0x77, 0x8d, 0xca, 0xd8, + 0xc7, 0x8a, 0x8d, 0x2b, 0xa9, 0xac, 0x66, 0x08, + 0x5d, 0x0e, 0x53, 0xd5, 0x9c, 0x26, 0xc2, 0xd1, + 0xc4, 0x90, 0xc1, 0xeb, 0xbe, 0x0c, 0xe6, 0x6d, + 0x1b, 0x6b, 0x1b, 0x13, 0xb6, 0xb9, 0x19, 0xb8, + 0x47, 0xc2, 0x5a, 0x91, 0x44, 0x7a, 0x95, 0xe7, + 0x5e, 0x4e, 0xf1, 0x67, 0x79, 0xcd, 0xe8, 0xbf, + 0x0a, 0x95, 0x85, 0x0e, 0x32, 0xaf, 0x96, 0x89, + 0x44, 0x4f, 0xd3, 0x77, 0x10, 0x8f, 0x98, 0xfd, + 0xcb, 0xd4, 0xe7, 0x26, 0x56, 0x75, 0x00, 0x99, + 0x0b, 0xcc, 0x7e, 0x0c, 0xa3, 0xc4, 0xaa, 0xa3, + 0x04, 0xa3, 0x87, 0xd2, 0x0f, 0x3b, 0x8f, 0xbb, + 0xcd, 0x42, 0xa1, 0xbd, 0x31, 0x1d, 0x7a, 0x43, + 0x03, 0xdd, 0xa5, 0xab, 0x07, 0x88, 0x96, 0xae, + 0x80, 0xc1, 0x8b, 0x0a, 0xf6, 0x6d, 0xff, 0x31, + 0x96, 0x16, 0xeb, 0x78, 0x4e, 0x49, 0x5a, 0xd2, + 0xce, 0x90, 0xd7, 0xf7, 0x72, 0xa8, 0x17, 0x47, + 0xb6, 0x5f, 0x62, 0x09, 0x3b, 0x1e, 0x0d, 0xb9, + 0xe5, 0xba, 0x53, 0x2f, 0xaf, 0xec, 0x47, 0x50, + 0x83, 0x23, 0xe6, 0x71, 0x32, 0x7d, 0xf9, 0x44, + 0x44, 0x32, 0xcb, 0x73, 0x67, 0xce, 0xc8, 0x2f, + 0x5d, 0x44, 0xc0, 0xd0, 0x0b, 0x67, 0xd6, 0x50, + 0xa0, 0x75, 0xcd, 0x4b, 0x70, 0xde, 0xdd, 0x77, + 0xeb, 0x9b, 0x10, 0x23, 0x1b, 0x6b, 0x5b, 0x74, + 0x13, 0x47, 0x39, 0x6d, 0x62, 0x89, 0x74, 0x21, + 0xd4, 0x3d, 0xf9, 0xb4, 0x2e, 0x44, 0x6e, 0x35, + 0x8e, 0x9c, 0x11, 0xa9, 0xb2, 0x18, 0x4e, 0xcb, + 0xef, 0x0c, 0xd8, 0xe7, 0xa8, 0x77, 0xef, 0x96, + 0x8f, 0x13, 0x90, 0xec, 0x9b, 0x3d, 0x35, 0xa5, + 0x58, 0x5c, 0xb0, 0x09, 0x29, 0x0e, 0x2f, 0xcd, + 0xe7, 0xb5, 0xec, 0x66, 0xd9, 0x08, 0x4b, 0xe4, + 0x40, 0x55, 0xa6, 0x19, 0xd9, 0xdd, 0x7f, 0xc3, + 0x16, 0x6f, 0x94, 0x87, 0xf7, 0xcb, 0x27, 0x29, + 0x12, 0x42, 0x64, 0x45, 0x99, 0x85, 0x14, 0xc1, + 0x5d, 0x53, 0xa1, 0x8c, 0x86, 0x4c, 0xe3, 0xa2, + 0xb7, 0x55, 0x57, 0x93, 0x98, 0x81, 0x26, 0x52, + 0x0e, 0xac, 0xf2, 0xe3, 0x06, 0x6e, 0x23, 0x0c, + 0x91, 0xbe, 0xe4, 0xdd, 0x53, 0x04, 0xf5, 0xfd, + 0x04, 0x05, 0xb3, 0x5b, 0xd9, 0x9c, 0x73, 0x13, + 0x5d, 0x3d, 0x9b, 0xc3, 0x35, 0xee, 0x04, 0x9e, + 0xf6, 0x9b, 0x38, 0x67, 0xbf, 0x2d, 0x7b, 0xd1, + 0xea, 0xa5, 0x95, 0xd8, 0xbf, 0xc0, 0x06, 0x6f, + 0xf8, 0xd3, 0x15, 0x09, 0xeb, 0x0c, 0x6c, 0xaa, + 0x00, 0x6c, 0x80, 0x7a, 0x62, 0x3e, 0xf8, 0x4c, + 0x3d, 0x33, 0xc1, 0x95, 0xd2, 0x3e, 0xe3, 0x20, + 0xc4, 0x0d, 0xe0, 0x55, 0x81, 0x57, 0xc8, 0x22, + 0xd4, 0xb8, 0xc5, 0x69, 0xd8, 0x49, 0xae, 0xd5, + 0x9d, 0x4e, 0x0f, 0xd7, 0xf3, 0x79, 0x58, 0x6b, + 0x4b, 0x7f, 0xf6, 0x84, 0xed, 0x6a, 0x18, 0x9f, + 0x74, 0x86, 0xd4, 0x9b, 0x9c, 0x4b, 0xad, 0x9b, + 0xa2, 0x4b, 0x96, 0xab, 0xf9, 0x24, 0x37, 0x2c, + 0x8a, 0x8f, 0xff, 0xb1, 0x0d, 0x55, 0x35, 0x49, + 0x00, 0xa7, 0x7a, 0x3d, 0xb5, 0xf2, 0x05, 0xe1, + 0xb9, 0x9f, 0xcd, 0x86, 0x60, 0x86, 0x3a, 0x15, + 0x9a, 0xd4, 0xab, 0xe4, 0x0f, 0xa4, 0x89, 0x34, + 0x16, 0x3d, 0xdd, 0xe5, 0x42, 0xa6, 0x58, 0x55, + 0x40, 0xfd, 0x68, 0x3c, 0xbf, 0xd8, 0xc0, 0x0f, + 0x12, 0x12, 0x9a, 0x28, 0x4d, 0xea, 0xcc, 0x4c, + 0xde, 0xfe, 0x58, 0xbe, 0x71, 0x37, 0x54, 0x1c, + 0x04, 0x71, 0x26, 0xc8, 0xd4, 0x9e, 0x27, 0x55, + 0xab, 0x18, 0x1a, 0xb7, 0xe9, 0x40, 0xb0, 0xc0, + }, + }, +}; + +#define N_RC4_TESTS (sizeof(rc4_tests) / sizeof(rc4_tests[0])) + +static int +rc4_test(void) +{ + const struct rc4_test *rt; + RC4_KEY key; + EVP_CIPHER_CTX *ctx = NULL; + const EVP_CIPHER *cipher; + uint8_t out[512]; + int in_len, out_len, total_len; + size_t i; + int j; + int failed = 1; + + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) { + fprintf(stderr, "FAIL: EVP_CIPHER_CTX_new() failed\n"); + goto failed; + } + + for (i = 0; i < N_RC4_TESTS; i++) { + rt = &rc4_tests[i]; + + /* Encryption */ + memset(out, 0, sizeof(out)); + RC4_set_key(&key, rt->key_len, rt->key); + RC4(&key, rt->len, rt->in, out); + + if (memcmp(rt->out, out, rt->len) != 0) { + fprintf(stderr, "FAIL: encryption mismatch\n"); + goto failed; + } + + /* Decryption */ + memset(out, 0, sizeof(out)); + RC4_set_key(&key, rt->key_len, rt->key); + RC4(&key, rt->len, rt->out, out); + + if (memcmp(rt->in, out, rt->len) != 0) { + fprintf(stderr, "FAIL: decryption mismatch\n"); + goto failed; + } + + /* + * EVP tests + */ + if (rt->key_len == 5) { + cipher = EVP_rc4_40(); + } else if (rt->key_len == 16) { + cipher = EVP_rc4(); + } else { + /* EVP does not support this key length */ + continue; + } + + /* EVP encryption */ + total_len = 0; + memset(out, 0, sizeof(out)); + if (!EVP_EncryptInit(ctx, cipher, rt->key, NULL)) { + fprintf(stderr, "FAIL: EVP_EncryptInit failed\n"); + goto failed; + } + + for (j = 0; j < rt->len;) { + in_len = arc4random_uniform(sizeof(rt->len) / 2); + if (in_len > rt->len - j) + in_len = rt->len - j; + + if (!EVP_EncryptUpdate(ctx, out + total_len, &out_len, + rt->in + j, in_len)) { + fprintf(stderr, + "FAIL: EVP_EncryptUpdate failed\n"); + goto failed; + } + + j += in_len; + total_len += out_len; + } + + if (!EVP_EncryptFinal_ex(ctx, out + total_len, &out_len)) { + fprintf(stderr, "FAIL: EVP_EncryptFinal_ex failed\n"); + goto failed; + } + total_len += out_len; + + if (!EVP_CIPHER_CTX_reset(ctx)) { + fprintf(stderr, "FAIL: EVP_CIPHER_CTX_reset failed\n"); + goto failed; + } + + if (total_len != rt->len) { + fprintf(stderr, + "FAIL: EVP encryption length mismatch\n"); + goto failed; + } + + if (memcmp(rt->out, out, rt->len) != 0) { + fprintf(stderr, "FAIL: EVP encryption mismatch\n"); + goto failed; + } + + /* EVP decryption */ + total_len = 0; + memset(out, 0, sizeof(out)); + if (!EVP_DecryptInit(ctx, cipher, rt->key, NULL)) { + fprintf(stderr, "FAIL: EVP_DecryptInit failed\n"); + goto failed; + } + + for (j = 0; j < rt->len;) { + in_len = arc4random_uniform(sizeof(rt->len) / 2); + if (in_len > rt->len - j) + in_len = rt->len - j; + + if (!EVP_DecryptUpdate(ctx, out + total_len, &out_len, + rt->in + j, in_len)) { + fprintf(stderr, + "FAIL: EVP_DecryptUpdate failed\n"); + goto failed; + } + + j += in_len; + total_len += out_len; + } + + if (!EVP_DecryptFinal_ex(ctx, out + total_len, &out_len)) { + fprintf(stderr, "FAIL: EVP_DecryptFinal_ex failed\n"); + goto failed; + } + total_len += out_len; + + if (!EVP_CIPHER_CTX_reset(ctx)) { + fprintf(stderr, "FAIL: EVP_CIPHER_CTX_reset failed\n"); + goto failed; + } + + if (total_len != rt->len) { + fprintf(stderr, + "FAIL: EVP decryption length mismatch\n"); + goto failed; + } + + if (memcmp(rt->out, out, rt->len) != 0) { + fprintf(stderr, "FAIL: EVP decryption mismatch\n"); + goto failed; + } + } + + failed = 0; + + failed: + EVP_CIPHER_CTX_free(ctx); + return failed; +} + +int +main(int argc, char **argv) +{ + int failed = 0; + + failed |= rc4_test(); + + return failed; +} diff --git a/tests/record_layer_test.c b/tests/record_layer_test.c index 4e75ba4a..95f13b8c 100644 --- a/tests/record_layer_test.c +++ b/tests/record_layer_test.c @@ -1,4 +1,4 @@ -/* $OpenBSD: record_layer_test.c,v 1.4 2021/03/29 16:22:02 jsing Exp $ */ +/* $OpenBSD: record_layer_test.c,v 1.5 2022/06/10 22:00:15 tb Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * @@ -211,7 +211,7 @@ do_seq_num_test_tls12(size_t test_no, int dtls, struct seq_num_test *snt) memcpy(seq_num, snt->seq_num, sizeof(seq_num)); if ((ret = tls12_record_layer_inc_seq_num(rl, seq_num)) != snt->want) { - fprintf(stderr, "FAIL: Test %zu - got return %i, want %i\n", + fprintf(stderr, "FAIL: Test %zu - got return %d, want %d\n", test_no, ret, snt->want); goto failure; } @@ -260,7 +260,7 @@ do_seq_num_test_tls13(size_t test_no, struct seq_num_test *snt) memcpy(seq_num, snt->seq_num, sizeof(seq_num)); if ((ret = tls13_record_layer_inc_seq_num(seq_num)) != snt->want) { - fprintf(stderr, "FAIL: Test %zu - got return %i, want %i\n", + fprintf(stderr, "FAIL: Test %zu - got return %d, want %d\n", test_no, ret, snt->want); goto failure; } diff --git a/tests/recordtest.c b/tests/recordtest.c index c345a68c..de9bfd69 100644 --- a/tests/recordtest.c +++ b/tests/recordtest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: recordtest.c,v 1.4 2020/05/11 18:08:37 jsing Exp $ */ +/* $OpenBSD: recordtest.c,v 1.5 2022/06/10 22:00:15 tb Exp $ */ /* * Copyright (c) 2019 Joel Sing * @@ -389,7 +389,7 @@ test_record_recv(size_t test_no, struct record_recv_test *rrt) ret = tls13_record_recv(rec, read_cb, &rs); if (ret != rrt->rt[i].want_ret) { fprintf(stderr, "FAIL: Test %zu/%zu - tls_record_recv " - "returned %zi, want %zi\n", test_no, i, ret, + "returned %zd, want %zd\n", test_no, i, ret, rrt->rt[i].want_ret); goto failure; } @@ -494,7 +494,7 @@ test_record_send(size_t test_no, struct record_send_test *rst) ret = tls13_record_send(rec, write_cb, &ws); if (ret != rst->rt[i].want_ret) { fprintf(stderr, "FAIL: Test %zu/%zu - tls_record_send " - "returned %zi, want %zi\n", test_no, i, ret, + "returned %zd, want %zd\n", test_no, i, ret, rst->rt[i].want_ret); goto failure; } diff --git a/tests/rfc3779.c b/tests/rfc3779.c new file mode 100644 index 00000000..efdb6516 --- /dev/null +++ b/tests/rfc3779.c @@ -0,0 +1,1940 @@ +/* $OpenBSD: rfc3779.c,v 1.8 2022/05/12 19:58:45 tb Exp $ */ +/* + * Copyright (c) 2021 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include +#include +#include + +#define RAW_ADDRESS_SIZE 16 + +static void +hexdump(const unsigned char *buf, size_t len) +{ + size_t i; + + for (i = 1; i <= len; i++) + fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n"); + + if (len % 8) + fprintf(stderr, "\n"); +} + +static void +report_hexdump(const char *func, const char *description, const char *msg, + const unsigned char *want, size_t want_len, + const unsigned char *got, size_t got_len) +{ + fprintf(stderr, "%s: \"%s\" %s\nwant:\n", func, description, msg); + hexdump(want, want_len); + fprintf(stderr, "got:\n"); + hexdump(got, got_len); +} + +static int +afi_size(int afi) +{ + switch (afi) { + case IANA_AFI_IPV4: + return 4; + case IANA_AFI_IPV6: + return 16; + } + return 0; +} + +struct IPAddressOrRange_test { + const char *description; + const uint8_t der[32]; + size_t der_len; + unsigned afi; + const uint8_t min[RAW_ADDRESS_SIZE]; + const uint8_t max[RAW_ADDRESS_SIZE]; +}; + +const struct IPAddressOrRange_test IPAddressOrRange_test_data[] = { + /* Examples from RFC 3779, section 2.1.1 */ + { + .description = "address 10.5.0.4", + .der = { + 0x03, 0x05, 0x00, 0x0a, 0x05, 0x00, 0x04, + }, + .der_len = 7, + .afi = IANA_AFI_IPV4, + .min = { + 0x0a, 0x05, 0x00, 0x04, + }, + .max = { + 0x0a, 0x05, 0x00, 0x04, + } + }, + { + .description = "prefix 10.5.0/23", + .der = { + 0x03, 0x04, 0x01, 0x0a, 0x05, 0x00, + }, + .der_len = 6, + .afi = IANA_AFI_IPV4, + .min = { + 0x0a, 0x05, 0x00, 0x00, + }, + .max = { + 0x0a, 0x05, 0x01, 0xff, + } + }, + { + .description = "address 2001:0:200:3::1", + .der = { + 0x03, 0x11, 0x00, 0x20, 0x01, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x01, + }, + .der_len = 19, + .afi = IANA_AFI_IPV6, + .min = { + 0x20, 0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0x03, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + }, + .max = { + 0x20, 0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0x03, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + }, + }, + { + .description = "prefix 2001:0:200/39", + .der = { + 0x03, 0x06, 0x01, 0x20, 0x01, 0x00, 0x00, 0x02, + }, + .der_len = 8, + .afi = IANA_AFI_IPV6, + .min = { + 0x20, 0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .max = { + 0x20, 0x01, 0x00, 0x00, 0x03, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + }, + }, + + /* Examples from RFC 3779, Section 2.1.2 */ + { + .description = "prefix 10.5.0/23 as a range", + .der = { + /* Sequence */ + 0x30, 0x0b, + /* 10.5.0.0 */ + 0x03, 0x03, 0x00, 0x0a, 0x05, + /* 10.5.1.255 */ + 0x03, 0x04, 0x01, 0x0a, 0x05, 0x00, + }, + .der_len = 13, + .afi = IANA_AFI_IPV4, + .min = { + 0x0a, 0x05, 0x00, 0x00, + }, + .max = { + 0x0a, 0x05, 0x01, 0xff, + } + }, + { + .description = "prefix 2001:0:200/39 as a range", + .der = { + /* Sequence */ + 0x30, 0x10, + /* 2001:0:200:: */ + 0x03, 0x06, 0x01, 0x20, 0x01, 0x00, 0x00, 0x02, + /* 2001:0:3ff:ffff:ffff:ffff:ffff:ffff */ + 0x03, 0x06, 0x02, 0x20, 0x01, 0x00, 0x00, 0x00, + }, + .der_len = 18, + .afi = IANA_AFI_IPV6, + .min = { + 0x20, 0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }, + .max = { + 0x20, 0x01, 0x00, 0x00, 0x03, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + } + }, + { + .description = "prefix 0/0", + .der = { + 0x03, 0x01, 0x00, + }, + .der_len = 3, + .afi = IANA_AFI_IPV4, + .min = { + 0x00, 0x00, 0x00, 0x00, + }, + .max = { + 0xff, 0xff, 0xff, 0xff, + } + }, + { + .description = "prefix 10.64/12", + .der = { + 0x03, 0x03, 0x04, 0x0a, 0x40, + }, + .der_len = 5, + .afi = IANA_AFI_IPV4, + .min = { + 0x0a, 0x40, 0x00, 0x00, + }, + .max = { + 0x0a, 0x4f, 0xff, 0xff, + }, + }, + { + .description = "prefix 10.64/20", + .der = { + 0x03, 0x04, 0x04, 0x0a, 0x40, 0x00, + }, + .der_len = 6, + .afi = IANA_AFI_IPV4, + .min = { + 0x0a, 0x40, 0x00, 0x00, + }, + .max = { + 0x0a, 0x40, 0x0f, 0xff, + }, + }, +}; + +const size_t N_IPADDRESSORRANGE_TESTS = + sizeof(IPAddressOrRange_test_data) / sizeof(IPAddressOrRange_test_data[0]); + +static int +test_IPAddressOrRange(const struct IPAddressOrRange_test *test) +{ + IPAddressOrRange *aor; + const unsigned char *p; + unsigned char min[RAW_ADDRESS_SIZE] = {0}, max[RAW_ADDRESS_SIZE] = {0}; + unsigned char *out = NULL; + int out_len; + int afi_len; + int memcmp_failed = 0; + int failed = 1; + + /* + * First, decode DER from the test case. + */ + + p = &test->der[0]; + if ((aor = d2i_IPAddressOrRange(NULL, &p, test->der_len)) == NULL) { + fprintf(stderr, "%s: \"%s\" d2i_IPAddressOrRange failed\n", + __func__, test->description); + goto err; + } + + /* + * Now extract minimum and maximum from the parsed range. + */ + + afi_len = afi_size(test->afi); + + if (X509v3_addr_get_range(aor, test->afi, min, max, sizeof min) != + afi_len) { + fprintf(stderr, "%s: \"%s\" X509v3_addr_get_range failed\n", + __func__, test->description); + goto err; + } + + /* + * Check that min and max match expectations. + */ + + if (memcmp(min, test->min, afi_len) != 0) { + memcmp_failed |= 1; + report_hexdump(__func__, test->description, "memcmp min failed", + test->min, afi_len, min, afi_len); + } + if (memcmp(max, test->max, afi_len) != 0) { + memcmp_failed |= 1; + report_hexdump(__func__, test->description, "memcmp max failed", + test->max, afi_len, max, afi_len); + } + if (memcmp_failed) + goto err; + + /* + * Now turn the parsed IPAddressOrRange back into DER and check that + * it matches the DER in the test case. + */ + + out = NULL; + if ((out_len = i2d_IPAddressOrRange(aor, &out)) <= 0) { + fprintf(stderr, "%s: \"%s\" i2d_IPAddressOrRange failed\n", + __func__, test->description); + goto err; + } + + memcmp_failed = (size_t)out_len != test->der_len; + if (!memcmp_failed) + memcmp_failed = memcmp(test->der, out, out_len); + + if (memcmp_failed) { + report_hexdump(__func__, test->description, "memcmp DER failed", + test->der, test->der_len, out, out_len); + goto err; + } + + failed = 0; + err: + IPAddressOrRange_free(aor); + free(out); + + return failed; +} + +static int +run_IPAddressOrRange_tests(void) +{ + size_t i; + int failed = 0; + + for (i = 0; i < N_IPADDRESSORRANGE_TESTS; i++) + failed |= + test_IPAddressOrRange(&IPAddressOrRange_test_data[i]); + + return failed; +} + +/* + * XXX: These should really be part of the public API... + */ +static IPAddrBlocks *IPAddrBlocks_new(void); +static void IPAddrBlocks_free(IPAddrBlocks *addr); +static __unused IPAddrBlocks *d2i_IPAddrBlocks(IPAddrBlocks **addrs, + const unsigned char **in, long len); +static int i2d_IPAddrBlocks(IPAddrBlocks *addrs, unsigned char **out); + +static IPAddrBlocks * +IPAddrBlocks_new(void) +{ + IPAddrBlocks *addrs; + + /* + * XXX The comparison function IPAddressFamily_cmp() isn't public. + * Start with the default and exploit a side effect of the lovely API + * which helpfully sets the correct function in a few places. Let's + * use the cheapest and easiest to reach one. + */ + if ((addrs = sk_IPAddressFamily_new_null()) == NULL) + return NULL; + if (!X509v3_addr_canonize(addrs)) { + IPAddrBlocks_free(addrs); + return NULL; + } + + return addrs; +} + +static void +IPAddrBlocks_free(IPAddrBlocks *addr) +{ + sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free); +} + +/* + * We want {d2i,i2d}_IPAddrBlocks() to play with the DER of the extension. + * These don't exist, so we have to implement them ourselves. IPAddrBlocks_it + * isn't public, so we need to fetch it from the library. We cache it in a + * static variable to avoid the cost of a binary search through all supported + * extensions on each call. + */ + +static const ASN1_ITEM_EXP * +get_IPAddrBlocks_it(void) +{ + static const ASN1_ITEM_EXP *my_IPAddrBlocks_it; + const X509V3_EXT_METHOD *v3_addr; + + if (my_IPAddrBlocks_it != NULL) + return my_IPAddrBlocks_it; + + if ((v3_addr = X509V3_EXT_get_nid(NID_sbgp_ipAddrBlock)) == NULL) { + fprintf(stderr, "could not get v3_addr\n"); + return NULL; + } + + my_IPAddrBlocks_it = v3_addr->it; + + return my_IPAddrBlocks_it; +} + +static __unused IPAddrBlocks * +d2i_IPAddrBlocks(IPAddrBlocks **addrs, const unsigned char **in, long len) +{ + const ASN1_ITEM_EXP *my_IPAddrBlocks_it; + + if ((my_IPAddrBlocks_it = get_IPAddrBlocks_it()) == NULL) + return NULL; + + return (IPAddrBlocks *)ASN1_item_d2i((ASN1_VALUE **)addrs, in, len, + my_IPAddrBlocks_it); +} + +static int +i2d_IPAddrBlocks(IPAddrBlocks *addrs, unsigned char **out) +{ + const ASN1_ITEM_EXP *my_IPAddrBlocks_it; + + if ((my_IPAddrBlocks_it = get_IPAddrBlocks_it()) == NULL) + return -1; + + return ASN1_item_i2d((ASN1_VALUE *)addrs, out, my_IPAddrBlocks_it); +} + +struct ipv4_prefix { + unsigned char addr[4]; + size_t addr_len; + size_t prefix_len; +}; + +struct ipv4_range { + unsigned char min[4]; + unsigned char max[4]; +}; + +union ipv4_choice { + struct ipv4_prefix prefix; + struct ipv4_range range; +}; + +struct ipv6_prefix { + unsigned char addr[16]; + size_t addr_len; + size_t prefix_len; +}; + +struct ipv6_range { + unsigned char min[16]; + unsigned char max[16]; +}; + +union ipv6_choice { + struct ipv6_prefix prefix; + struct ipv6_range range; +}; + +enum choice_type { + choice_prefix, + choice_range, + choice_inherit, + choice_last, +}; + +union ip { + union ipv4_choice ipv4; + union ipv6_choice ipv6; +}; + +enum safi { + safi_none, + safi_unicast, + safi_multicast, +}; + +struct ip_addr_block { + unsigned int afi; + enum safi safi; + enum choice_type type; + union ip addr; +}; + +struct build_addr_block_test_data { + char *description; + struct ip_addr_block addrs[16]; + char der[128]; + size_t der_len; + int is_canonical; + int inherits; + unsigned int afis[4]; + int afi_len; +}; + +const struct build_addr_block_test_data build_addr_block_tests[] = { + { + .description = "RFC 3779, Appendix B, example 1", + .addrs = { + { + .afi = IANA_AFI_IPV4, + .safi = safi_unicast, + .type = choice_prefix, + .addr.ipv4.prefix = { + .addr = { + 10, 0, 32, + }, + .addr_len = 3, + .prefix_len = 20, + }, + }, + { + .afi = IANA_AFI_IPV4, + .safi = safi_unicast, + .type = choice_prefix, + .addr.ipv4.prefix = { + .addr = { + 10, 0, 64, + }, + .addr_len = 3, + .prefix_len = 24, + }, + }, + { + .afi = IANA_AFI_IPV4, + .safi = safi_unicast, + .type = choice_prefix, + .addr.ipv4.prefix = { + .addr = { + 10, 1, + }, + .addr_len = 2, + .prefix_len = 16, + }, + }, + { + .afi = IANA_AFI_IPV4, + .safi = safi_unicast, + .type = choice_prefix, + .addr.ipv4.prefix = { + .addr = { + 10, 2, 48, + }, + .addr_len = 3, + .prefix_len = 20, + }, + }, + { + .afi = IANA_AFI_IPV4, + .safi = safi_unicast, + .type = choice_prefix, + .addr.ipv4.prefix = { + .addr = { + 10, 2, 64, + }, + .addr_len = 3, + .prefix_len = 24, + }, + }, + { + .afi = IANA_AFI_IPV4, + .safi = safi_unicast, + .type = choice_prefix, + .addr.ipv4.prefix = { + .addr = { + 10, 3, + }, + .addr_len = 2, + .prefix_len = 16, + }, + }, + { + .afi = IANA_AFI_IPV6, + .safi = safi_none, + .type = choice_inherit, + }, + { + .type = choice_last, + }, + }, + .der = { + 0x30, 0x35, 0x30, 0x2b, 0x04, 0x03, 0x00, 0x01, + 0x01, 0x30, 0x24, 0x03, 0x04, 0x04, 0x0a, 0x00, + 0x20, 0x03, 0x04, 0x00, 0x0a, 0x00, 0x40, 0x03, + 0x03, 0x00, 0x0a, 0x01, 0x30, 0x0c, 0x03, 0x04, + 0x04, 0x0a, 0x02, 0x30, 0x03, 0x04, 0x00, 0x0a, + 0x02, 0x40, 0x03, 0x03, 0x00, 0x0a, 0x03, 0x30, + 0x06, 0x04, 0x02, 0x00, 0x02, 0x05, 0x00, + }, + .der_len = 55, + .is_canonical = 0, + .inherits = 1, + .afis = { + IANA_AFI_IPV4, IANA_AFI_IPV6, + }, + .afi_len = 2, + }, + { + .description = "RFC 3779, Appendix B, example 1 canonical", + .addrs = { + { + .afi = IANA_AFI_IPV4, + .safi = safi_unicast, + .type = choice_prefix, + .addr.ipv4.prefix = { + .addr = { + 10, 0, 32, + }, + .addr_len = 3, + .prefix_len = 20, + }, + }, + { + .afi = IANA_AFI_IPV4, + .safi = safi_unicast, + .type = choice_prefix, + .addr.ipv4.prefix = { + .addr = { + 10, 0, 64, + }, + .addr_len = 3, + .prefix_len = 24, + }, + }, + { + .afi = IANA_AFI_IPV4, + .safi = safi_unicast, + .type = choice_prefix, + .addr.ipv4.prefix = { + .addr = { + 10, 1, + }, + .addr_len = 2, + .prefix_len = 16, + }, + }, + { + .afi = IANA_AFI_IPV4, + .safi = safi_unicast, + .type = choice_range, + .addr.ipv4.range = { + .min = { + 10, 2, 48, 00, + }, + .max = { + 10, 2, 64, 255, + }, + }, + }, + { + .afi = IANA_AFI_IPV4, + .safi = safi_unicast, + .type = choice_prefix, + .addr.ipv4.prefix = { + .addr = { + 10, 3, + }, + .addr_len = 2, + .prefix_len = 16, + }, + }, + { + .afi = IANA_AFI_IPV6, + .safi = safi_none, + .type = choice_inherit, + }, + { + .type = choice_last, + }, + }, + .der = { + 0x30, 0x35, 0x30, 0x2b, 0x04, 0x03, 0x00, 0x01, + 0x01, 0x30, 0x24, 0x03, 0x04, 0x04, 0x0a, 0x00, + 0x20, 0x03, 0x04, 0x00, 0x0a, 0x00, 0x40, 0x03, + 0x03, 0x00, 0x0a, 0x01, 0x30, 0x0c, 0x03, 0x04, + 0x04, 0x0a, 0x02, 0x30, 0x03, 0x04, 0x00, 0x0a, + 0x02, 0x40, 0x03, 0x03, 0x00, 0x0a, 0x03, 0x30, + 0x06, 0x04, 0x02, 0x00, 0x02, 0x05, 0x00, + }, + .der_len = 55, + .is_canonical = 1, + .inherits = 1, + .afis = { + IANA_AFI_IPV4, IANA_AFI_IPV6, + }, + .afi_len = 2, + }, + { + .description = "RFC 3779, Appendix B, example 2", + .addrs = { + { + .afi = IANA_AFI_IPV6, + .safi = safi_none, + .type = choice_prefix, + .addr.ipv6.prefix = { + .addr = { + 0x20, 0x01, 0x00, 0x00, + 0x00, 0x02, + }, + .addr_len = 6, + .prefix_len = 48, + }, + }, + { + .afi = IANA_AFI_IPV4, + .safi = safi_unicast, + .type = choice_prefix, + .addr.ipv4.prefix = { + .addr = { + 10, + }, + .addr_len = 1, + .prefix_len = 8, + }, + }, + { + .afi = IANA_AFI_IPV4, + .safi = safi_unicast, + .type = choice_prefix, + .addr.ipv4.prefix = { + .addr = { + 172, 16, + }, + .addr_len = 2, + .prefix_len = 12, + }, + }, + { + .afi = IANA_AFI_IPV4, + .safi = safi_multicast, + .type = choice_inherit, + }, + { + .type = choice_last, + }, + }, + .der = { + 0x30, 0x2c, 0x30, 0x10, 0x04, 0x03, 0x00, 0x01, + 0x01, 0x30, 0x09, 0x03, 0x02, 0x00, 0x0a, 0x03, + 0x03, 0x04, 0xac, 0x10, 0x30, 0x07, 0x04, 0x03, + 0x00, 0x01, 0x02, 0x05, 0x00, 0x30, 0x0f, 0x04, + 0x02, 0x00, 0x02, 0x30, 0x09, 0x03, 0x07, 0x00, + 0x20, 0x01, 0x00, 0x00, 0x00, 0x02, + }, + .der_len = 46, + .is_canonical = 0, + .inherits = 1, + .afis = { + IANA_AFI_IPV4, IANA_AFI_IPV4, + }, + .afi_len = 2, + }, + { + .description = "Range should be prefix 127/8", + .addrs = { + { + .afi = IANA_AFI_IPV4, + .safi = safi_none, + .type = choice_range, + .addr.ipv4.range = { + .min = { + 127, 0, 0, 0, + }, + .max = { + 127, 255, 255, 255, + }, + }, + }, + { + .type = choice_last, + }, + }, + .der = { + 0x30, 0x0c, 0x30, 0x0a, 0x04, 0x02, 0x00, 0x01, + 0x30, 0x04, 0x03, 0x02, 0x00, 0x7f, + }, + .der_len = 14, + .is_canonical = 1, + .inherits = 0, + .afis = { + IANA_AFI_IPV4, + }, + .afi_len = 1, + }, +}; + +const size_t N_BUILD_ADDR_BLOCK_TESTS = + sizeof(build_addr_block_tests) / sizeof(build_addr_block_tests[0]); + +static unsigned int * +addr_block_get_safi(const struct ip_addr_block *addr) +{ + static unsigned int safi; + + switch (addr->safi) { + case safi_none: + return NULL; + case safi_unicast: + safi = 1; + break; + case safi_multicast: + safi = 2; + break; + } + + return &safi; +} + +static int +addr_block_add_ipv4_addr(IPAddrBlocks *block, enum choice_type type, + const union ipv4_choice *ipv4, unsigned int *safi) +{ + unsigned char addr[RAW_ADDRESS_SIZE] = {0}; + unsigned char min[RAW_ADDRESS_SIZE]; + unsigned char max[RAW_ADDRESS_SIZE]; + + switch (type) { + case choice_prefix: + memcpy(addr, ipv4->prefix.addr, ipv4->prefix.addr_len); + return X509v3_addr_add_prefix(block, IANA_AFI_IPV4, safi, + addr, ipv4->prefix.prefix_len); + case choice_range: + memcpy(min, ipv4->range.min, sizeof(ipv4->range.min)); + memcpy(max, ipv4->range.max, sizeof(ipv4->range.max)); + return X509v3_addr_add_range(block, IANA_AFI_IPV4, safi, + min, max); + case choice_inherit: + return X509v3_addr_add_inherit(block, IANA_AFI_IPV4, safi); + case choice_last: + default: + return 0; + } +} + +static int +addr_block_add_ipv6_addr(IPAddrBlocks *block, enum choice_type type, + const union ipv6_choice *ipv6, unsigned int *safi) +{ + unsigned char addr[RAW_ADDRESS_SIZE] = {0}; + unsigned char min[RAW_ADDRESS_SIZE]; + unsigned char max[RAW_ADDRESS_SIZE]; + + switch (type) { + case choice_prefix: + memcpy(addr, ipv6->prefix.addr, ipv6->prefix.addr_len); + return X509v3_addr_add_prefix(block, IANA_AFI_IPV6, safi, + addr, ipv6->prefix.prefix_len); + case choice_range: + memcpy(min, ipv6->range.min, sizeof(ipv6->range.min)); + memcpy(max, ipv6->range.max, sizeof(ipv6->range.max)); + return X509v3_addr_add_range(block, IANA_AFI_IPV6, safi, + min, max); + case choice_inherit: + return X509v3_addr_add_inherit(block, IANA_AFI_IPV6, safi); + case choice_last: + default: + return 0; + } +} + +static int +addr_block_add_addrs(IPAddrBlocks *block, const struct ip_addr_block addrs[]) +{ + const struct ip_addr_block *addr; + unsigned int *safi; + + for (addr = &addrs[0]; addr->type != choice_last; addr++) { + safi = addr_block_get_safi(addr); + switch (addr->afi) { + case IANA_AFI_IPV4: + if (!addr_block_add_ipv4_addr(block, addr->type, + &addr->addr.ipv4, safi)) + return 0; + break; + case IANA_AFI_IPV6: + if (!addr_block_add_ipv6_addr(block, addr->type, + &addr->addr.ipv6, safi)) + return 0; + break; + default: + fprintf(stderr, "%s: corrupt test data", __func__); + exit(1); + } + } + + return 1; +} + +static int +build_addr_block_test(const struct build_addr_block_test_data *test) +{ + IPAddrBlocks *addrs = NULL; + unsigned char *out = NULL; + int out_len; + int i; + int memcmp_failed = 1; + int failed = 1; + + if ((addrs = IPAddrBlocks_new()) == NULL) + goto err; + + if (!addr_block_add_addrs(addrs, test->addrs)) + goto err; + + if (X509v3_addr_is_canonical(addrs) != test->is_canonical) { + fprintf(stderr, "%s: \"%s\" X509v3_addr_is_canonical not %d\n", + __func__, test->description, test->is_canonical); + goto err; + } + + if (!X509v3_addr_canonize(addrs)) { + fprintf(stderr, "%s: \"%s\" failed to canonize\n", + __func__, test->description); + goto err; + } + + if (!X509v3_addr_is_canonical(addrs)) { + fprintf(stderr, "%s: \"%s\" canonization wasn't canonical\n", + __func__, test->description); + goto err; + } + + if ((out_len = i2d_IPAddrBlocks(addrs, &out)) <= 0) { + fprintf(stderr, "%s: \"%s\" i2d_IPAddrBlocks failed\n", + __func__, test->description); + goto err; + } + + memcmp_failed = (size_t)out_len != test->der_len; + if (!memcmp_failed) + memcmp_failed = memcmp(out, test->der, test->der_len); + if (memcmp_failed) { + report_hexdump(__func__, test->description, "memcmp DER failed", + test->der, test->der_len, out, out_len); + goto err; + } + + if (X509v3_addr_inherits(addrs) != test->inherits) { + fprintf(stderr, "%s: \"%s\" X509v3_addr_inherits not %d\n", + __func__, test->description, test->inherits); + goto err; + } + + for (i = 0; i < sk_IPAddressFamily_num(addrs) && i < test->afi_len; i++) { + IPAddressFamily *family; + unsigned int afi; + + family = sk_IPAddressFamily_value(addrs, i); + + if ((afi = X509v3_addr_get_afi(family)) == 0) { + fprintf(stderr, "%s: \"%s\" X509v3_addr_get_afi" + " failed\n", __func__, test->description); + goto err; + } + if (test->afis[i] != afi){ + fprintf(stderr, "%s: \"%s\" afi[%d] mismatch. " + "want: %u, got: %u\n", __func__, + test->description, i, test->afis[i], afi); + goto err; + } + } + if (i != test->afi_len) { + fprintf(stderr, "%s: \"%s\" checked %d afis, expected %d\n", + __func__, test->description, i, test->afi_len); + goto err; + } + + failed = 0; + + err: + IPAddrBlocks_free(addrs); + free(out); + + return failed; +} + +static int +run_IPAddrBlock_tests(void) +{ + size_t i; + int failed = 0; + + for (i = 0; i < N_BUILD_ADDR_BLOCK_TESTS; i++) + failed |= build_addr_block_test(&build_addr_block_tests[i]); + + return failed; +} + +struct asid_or_range { + int type; + int inherit; + const unsigned char *min; + const unsigned char *max; +}; + +struct ASIdentifiers_build_test { + const char *description; + int should_build; + int inherits; + int canonical; + int should_canonize; + struct asid_or_range delegations[8]; + const unsigned char der[128]; + size_t der_len; +}; + +/* Sentinel value used for marking the end of the delegations table. */ +#define V3_ASID_END -1 + +const struct ASIdentifiers_build_test ASIdentifiers_build_data[] = { + { + .description = "RFC 3779, Appendix C", + .should_build = 1, + .inherits = 1, + .canonical = 1, + .delegations = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "135", + .max = NULL, + }, + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "3000", + .max = "3999", + }, + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "5001", + .max = NULL, + }, + { + .type = V3_ASID_RDI, + .inherit = 1, + .min = NULL, + .max = NULL, + }, + { + .type = V3_ASID_END, + }, + }, + .der = { + 0x30, 0x1a, 0xa0, 0x14, 0x30, 0x12, 0x02, 0x02, + 0x00, 0x87, 0x30, 0x08, 0x02, 0x02, 0x0b, 0xb8, + 0x02, 0x02, 0x0f, 0x9f, 0x02, 0x02, 0x13, 0x89, + 0xa1, 0x02, 0x05, 0x00, + }, + .der_len = 28, + }, + { + .description = "RFC 3779, Appendix C without rdi", + .should_build = 1, + .inherits = 0, + .canonical = 1, + .delegations = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "135", + .max = NULL, + }, + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "3000", + .max = "3999", + }, + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "5001", + .max = NULL, + }, + { + .type = V3_ASID_END, + }, + }, + .der = { + 0x30, 0x16, 0xa0, 0x14, 0x30, 0x12, 0x02, 0x02, + 0x00, 0x87, 0x30, 0x08, 0x02, 0x02, 0x0b, 0xb8, + 0x02, 0x02, 0x0f, 0x9f, 0x02, 0x02, 0x13, 0x89, + }, + .der_len = 24, + }, + { + .description = "RFC 3779, Appendix C variant", + .should_build = 1, + .inherits = 0, + .canonical = 1, + .delegations = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "135", + .max = NULL, + }, + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "3000", + .max = "3999", + }, + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "5001", + .max = NULL, + }, + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "135", + .max = NULL, + }, + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "3000", + .max = "3999", + }, + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "5001", + .max = NULL, + }, + { + .type = V3_ASID_END, + }, + }, + .der = { + 0x30, 0x2c, 0xa0, 0x14, 0x30, 0x12, 0x02, 0x02, + 0x00, 0x87, 0x30, 0x08, 0x02, 0x02, 0x0b, 0xb8, + 0x02, 0x02, 0x0f, 0x9f, 0x02, 0x02, 0x13, 0x89, + 0xa1, 0x14, 0x30, 0x12, 0x02, 0x02, 0x00, 0x87, + 0x30, 0x08, 0x02, 0x02, 0x0b, 0xb8, 0x02, 0x02, + 0x0f, 0x9f, 0x02, 0x02, 0x13, 0x89, + }, + .der_len = 46, + }, + { + .description = "inherit only", + .should_build = 1, + .inherits = 1, + .canonical = 1, + .delegations = { + { + .type = V3_ASID_ASNUM, + .inherit = 1, + }, + { + .type = V3_ASID_RDI, + .inherit = 1, + }, + { + .type = V3_ASID_END, + }, + }, + .der = { + 0x30, 0x08, 0xa0, 0x02, 0x05, 0x00, 0xa1, 0x02, + 0x05, 0x00, + }, + .der_len = 10, + }, + { + .description = "adjacent unsorted ranges are merged", + .should_build = 1, + .inherits = 0, + .canonical = 0, + .should_canonize = 1, + .delegations = { + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "27", + .max = NULL, + }, + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "28", + .max = "57", + }, + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "66", + .max = "68", + }, + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "58", + .max = "63", + }, + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "64", + .max = NULL, + }, + { + .type = V3_ASID_END, + }, + }, + .der = { + 0x30, 0x14, 0xa1, 0x12, 0x30, 0x10, 0x30, 0x06, + 0x02, 0x01, 0x1b, 0x02, 0x01, 0x40, 0x30, 0x06, + 0x02, 0x01, 0x42, 0x02, 0x01, 0x44, + }, + .der_len = 22, + }, + { + .description = "range of length 0", + .should_build = 1, + .inherits = 1, + .canonical = 1, + .should_canonize = 1, + .delegations = { + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "27", + .max = "27", + }, + { + .type = V3_ASID_ASNUM, + .inherit = 1, + }, + { + .type = V3_ASID_END, + }, + }, + .der = { + 0x30, 0x10, 0xa0, 0x02, 0x05, 0x00, 0xa1, 0x0a, + 0x30, 0x08, 0x30, 0x06, 0x02, 0x01, 0x1b, 0x02, + 0x01, 0x1b, + }, + .der_len = 18, + }, + { + .description = "reversed range doesn't canonize", + .should_build = 1, + .inherits = 0, + .canonical = 0, + .should_canonize = 0, + .delegations = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "57", + .max = "42", + }, + { + .type = V3_ASID_END, + }, + }, + }, + { + .description = "overlapping ranges don't canonize", + .should_build = 1, + .inherits = 0, + .canonical = 0, + .should_canonize = 0, + .delegations = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "42", + .max = "57", + }, + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "57", + .max = "60", + }, + { + .type = V3_ASID_END, + }, + }, + }, + { + .description = "reversed interior range doesn't canonize", + .should_build = 1, + .inherits = 0, + .canonical = 0, + .should_canonize = 0, + .delegations = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "1", + .max = "2", + }, + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "57", + .max = "42", + }, + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "65523", + .max = "65535", + }, + { + .type = V3_ASID_END, + }, + }, + }, + { + .description = "can't inherit and add AS ids", + .should_build = 0, + .inherits = 0, + .canonical = 0, + .should_canonize = 0, + .delegations = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "1", + .max = "2", + }, + { + .type = V3_ASID_ASNUM, + .inherit = 1, + }, + { + .type = V3_ASID_END, + }, + }, + }, + { + .description = "can't inherit and add rdis", + .should_build = 0, + .inherits = 0, + .canonical = 0, + .should_canonize = 0, + .delegations = { + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "1", + .max = "2", + }, + { + .type = V3_ASID_RDI, + .inherit = 1, + }, + { + .type = V3_ASID_END, + }, + }, + }, +}; + +const size_t N_ASIDENTIFIERS_BUILD_TESTS = + sizeof(ASIdentifiers_build_data) / sizeof(ASIdentifiers_build_data[0]); + +static int +add_as_delegation(ASIdentifiers *asid, const struct asid_or_range *delegation) +{ + ASN1_INTEGER *min = NULL, *max = NULL; + int ret = 0; + + if (delegation->inherit) + return X509v3_asid_add_inherit(asid, delegation->type); + + if ((min = s2i_ASN1_INTEGER(NULL, delegation->min)) == NULL) + goto err; + + if (delegation->max != NULL) { + if ((max = s2i_ASN1_INTEGER(NULL, delegation->max)) == NULL) + goto err; + } + + if (!X509v3_asid_add_id_or_range(asid, delegation->type, min, max)) + goto err; + min = NULL; + max = NULL; + + ret = 1; + + err: + ASN1_INTEGER_free(min); + ASN1_INTEGER_free(max); + + return ret; +} + +static ASIdentifiers * +build_asid(const struct asid_or_range delegations[]) +{ + ASIdentifiers *asid = NULL; + const struct asid_or_range *delegation; + + if ((asid = ASIdentifiers_new()) == NULL) + goto err; + + for (delegation = &delegations[0]; delegation->type != V3_ASID_END; + delegation++) { + if (!add_as_delegation(asid, delegation)) + goto err; + } + + return asid; + + err: + ASIdentifiers_free(asid); + return NULL; +} + +static int +build_asid_test(const struct ASIdentifiers_build_test *test) +{ + ASIdentifiers *asid = NULL; + unsigned char *out = NULL; + int out_len; + int memcmp_failed = 1; + int failed = 1; + + if ((asid = build_asid(test->delegations)) == NULL) { + if (!test->should_build) { + failed = 0; + return failed; + } + fprintf(stderr, "%s: \"%s\" failed to build\n", __func__, + test->description); + return failed; + } + + if (!test->canonical) { + if (X509v3_asid_is_canonical(asid)) { + fprintf(stderr, "%s: \"%s\" shouldn't be canonical\n", + __func__, test->description); + goto err; + } + if (X509v3_asid_canonize(asid) != test->should_canonize) { + fprintf(stderr, "%s: \"%s\" failed to canonize\n", + __func__, test->description); + goto err; + } + if (!test->should_canonize) { + failed = 0; + goto err; + } + } + + /* + * Verify that asid is in canonical form before converting it to DER. + */ + if (!X509v3_asid_is_canonical(asid)) { + fprintf(stderr, "%s: asid is not canonical\n", __func__); + goto err; + } + + /* + * Convert asid to DER and check that it matches expectations + */ + out = NULL; + if ((out_len = i2d_ASIdentifiers(asid, &out)) <= 0) { + fprintf(stderr, "%s: \"%s\" i2d_ASIdentifiers failed\n", + __func__, test->description); + goto err; + } + + + memcmp_failed = (size_t)out_len != test->der_len; + if (!memcmp_failed) + memcmp_failed = memcmp(out, test->der, test->der_len); + if (memcmp_failed) { + report_hexdump(__func__, test->description, "memcmp DER failed", + test->der, test->der_len, out, out_len); + goto err; + } + + /* + * Verify that asid inherits as expected + */ + if (X509v3_asid_inherits(asid) != test->inherits) { + fprintf(stderr, "%s: \"%s\" unexpected asid inherit %d\n", + __func__, test->description, test->inherits); + goto err; + } + + failed = 0; + + err: + free(out); + ASIdentifiers_free(asid); + + return failed; +} + +static int +run_ASIdentifiers_build_test(void) +{ + size_t i; + int failed = 0; + + for (i = 0; i < N_ASIDENTIFIERS_BUILD_TESTS; i++) + failed |= build_asid_test(&ASIdentifiers_build_data[i]); + + return failed; +} + +struct ASIdentifiers_subset_test { + const char *description; + struct asid_or_range delegationsA[8]; + struct asid_or_range delegationsB[8]; + int is_subset; + int is_subset_if_canonized; +}; + +const struct ASIdentifiers_subset_test ASIdentifiers_subset_data[] = { + { + .description = "simple subset relation", + .delegationsA = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "2", + .max = "4", + }, + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "2", + .max = NULL, + }, + { + .type = V3_ASID_END, + }, + }, + .delegationsB = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "1", + .max = "5", + }, + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "1", + .max = "5", + }, + { + .type = V3_ASID_END, + }, + }, + .is_subset = 1, + .is_subset_if_canonized = 1, + }, + { + .description = "only asnums", + .delegationsA = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "2", + .max = "4", + }, + { + .type = V3_ASID_END, + }, + }, + .delegationsB = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "1", + .max = "5", + }, + { + .type = V3_ASID_END, + }, + }, + .is_subset = 1, + .is_subset_if_canonized = 1, + }, + { + .description = "only rdis", + .delegationsA = { + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "2", + .max = NULL, + }, + { + .type = V3_ASID_END, + }, + }, + .delegationsB = { + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "1", + .max = "5", + }, + { + .type = V3_ASID_END, + }, + }, + .is_subset = 1, + .is_subset_if_canonized = 1, + }, + { + .description = "child only has asnums, parent only has rdis", + .delegationsA = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "2", + .max = "4", + }, + { + .type = V3_ASID_END, + }, + }, + .delegationsB = { + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "1", + .max = "5", + }, + { + .type = V3_ASID_END, + }, + }, + .is_subset = 0, + .is_subset_if_canonized = 0, + }, + { + .description = "child only has rdis, parent only has asnums", + .delegationsA = { + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "2", + .max = "4", + }, + { + .type = V3_ASID_END, + }, + }, + .delegationsB = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "1", + .max = "5", + }, + { + .type = V3_ASID_END, + }, + }, + .is_subset = 0, + .is_subset_if_canonized = 0, + }, + { + .description = "child only has rdis, parent has both", + .delegationsA = { + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "2", + .max = "4", + }, + { + .type = V3_ASID_END, + }, + }, + .delegationsB = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "1", + .max = "5", + }, + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "1", + .max = "5", + }, + { + .type = V3_ASID_END, + }, + }, + .is_subset = 1, + .is_subset_if_canonized = 1, + }, + { + .description = "subset relation only after canonization", + .delegationsA = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "2", + .max = NULL, + }, + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "3", + .max = "4", + }, + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "2", + .max = NULL, + }, + { + .type = V3_ASID_END, + }, + }, + .delegationsB = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "1", + .max = "3", + }, + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "4", + .max = "5", + }, + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "1", + .max = "5", + }, + { + .type = V3_ASID_END, + }, + }, + .is_subset = 0, + .is_subset_if_canonized = 1, + }, + { + .description = "no subset if A inherits", + .delegationsA = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "2", + .max = NULL, + }, + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "3", + .max = "4", + }, + { + .type = V3_ASID_RDI, + .inherit = 1, + }, + { + .type = V3_ASID_END, + }, + }, + .delegationsB = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "1", + .max = "3", + }, + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "4", + .max = "5", + }, + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "1", + .max = "5", + }, + { + .type = V3_ASID_END, + }, + }, + .is_subset = 0, + .is_subset_if_canonized = 0, + }, + { + .description = "no subset if B inherits", + .delegationsA = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "2", + .max = NULL, + }, + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "3", + .max = "4", + }, + { + .type = V3_ASID_RDI, + .inherit = 0, + .min = "5", + .max = NULL, + }, + { + .type = V3_ASID_END, + }, + }, + .delegationsB = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "1", + .max = "3", + }, + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "4", + .max = "5", + }, + { + .type = V3_ASID_RDI, + .inherit = 1, + }, + { + .type = V3_ASID_END, + }, + }, + .is_subset = 0, + .is_subset_if_canonized = 0, + }, + { + .description = "no subset if both inherit", + .delegationsA = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "2", + .max = NULL, + }, + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "3", + .max = "4", + }, + { + .type = V3_ASID_RDI, + .inherit = 1, + }, + { + .type = V3_ASID_END, + }, + }, + .delegationsB = { + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "1", + .max = "3", + }, + { + .type = V3_ASID_ASNUM, + .inherit = 0, + .min = "4", + .max = "5", + }, + { + .type = V3_ASID_RDI, + .inherit = 1, + }, + { + .type = V3_ASID_END, + }, + }, + .is_subset = 0, + .is_subset_if_canonized = 0, + }, +}; + +const size_t N_ASIDENTIFIERS_SUBSET_TESTS = + sizeof(ASIdentifiers_subset_data) / sizeof(ASIdentifiers_subset_data[0]); + +static int +asid_subset_test(const struct ASIdentifiers_subset_test *test) +{ + ASIdentifiers *asidA = NULL, *asidB = NULL; + int failed = 0; + + if ((asidA = build_asid(test->delegationsA)) == NULL) + goto err; + if ((asidB = build_asid(test->delegationsB)) == NULL) + goto err; + + if (X509v3_asid_subset(asidA, asidB) != test->is_subset) { + fprintf(stderr, "%s: \"%s\" X509v3_asid_subset failed\n", + __func__, test->description); + failed = 1; + } + + if (!test->is_subset) { + if (!X509v3_asid_canonize(asidA)) + goto err; + if (!X509v3_asid_canonize(asidB)) + goto err; + if (X509v3_asid_subset(asidA, asidB) != + test->is_subset_if_canonized) { + fprintf(stderr, "%s: \"%s\" canonized subset failed\n", + __func__, test->description); + failed = 1; + } + } + + err: + ASIdentifiers_free(asidA); + ASIdentifiers_free(asidB); + + return failed; +} + +static int +run_ASIdentifiers_subset_test(void) +{ + size_t i; + int failed = 0; + + for (i = 0; i < N_ASIDENTIFIERS_SUBSET_TESTS; i++) + failed |= asid_subset_test(&ASIdentifiers_subset_data[i]); + + return failed; +} + +int +main(void) +{ + int failed = 0; + + failed |= run_IPAddressOrRange_tests(); + failed |= run_IPAddrBlock_tests(); + failed |= run_ASIdentifiers_build_test(); + failed |= run_ASIdentifiers_subset_test(); + + return failed; +} diff --git a/tests/rfc5280time.c b/tests/rfc5280time.c index 800aadfe..dfffb357 100644 --- a/tests/rfc5280time.c +++ b/tests/rfc5280time.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rfc5280time.c,v 1.4 2015/10/30 15:52:55 miod Exp $ */ +/* $OpenBSD: rfc5280time.c,v 1.7 2022/09/05 21:12:08 tb Exp $ */ /* * Copyright (c) 2015 Joel Sing * Copyright (c) 2015 Bob Beck @@ -197,12 +197,12 @@ asn1_compare_str(int test_no, struct asn1_string_st *asn1str, const char *str) int length = strlen(str); if (asn1str->length != length) { - fprintf(stderr, "FAIL: test %i - string lengths differ " - "(%i != %i)\n", test_no, asn1str->length, length); + fprintf(stderr, "FAIL: test %d - string lengths differ " + "(%d != %d)\n", test_no, asn1str->length, length); return (1); } if (strncmp(asn1str->data, str, length) != 0) { - fprintf(stderr, "FAIL: test %i - strings differ " + fprintf(stderr, "FAIL: test %d - strings differ " "('%s' != '%s')\n", test_no, asn1str->data, str); return (1); } @@ -228,21 +228,21 @@ rfc5280_invtime_test(int test_no, struct rfc5280_time_test *att) if (ASN1_GENERALIZEDTIME_set_string(gt, att->str) != 0) { if (X509_cmp_time(gt, &now) != 0) { - fprintf(stderr, "FAIL: test %i - successfully parsed as GENTIME " + fprintf(stderr, "FAIL: test %d - successfully parsed as GENTIME " "string '%s'\n", test_no, att->str); goto done; } } if (ASN1_UTCTIME_set_string(ut, att->str) != 0) { if (X509_cmp_time(ut, &now) != 0) { - fprintf(stderr, "FAIL: test %i - successfully parsed as UTCTIME " + fprintf(stderr, "FAIL: test %d - successfully parsed as UTCTIME " "string '%s'\n", test_no, att->str); goto done; } } if (ASN1_TIME_set_string(t, att->str) != 0) { if (X509_cmp_time(t, &now) != 0) { - fprintf(stderr, "FAIL: test %i - successfully parsed as UTCTIME " + fprintf(stderr, "FAIL: test %d - successfully parsed as UTCTIME " "string '%s'\n", test_no, att->str); goto done; } @@ -270,7 +270,7 @@ rfc5280_gentime_test(int test_no, struct rfc5280_time_test *att) goto done; if (ASN1_GENERALIZEDTIME_set_string(gt, att->str) != 1) { - fprintf(stderr, "FAIL: test %i - failed to set string '%s'\n", + fprintf(stderr, "FAIL: test %d - failed to set string '%s'\n", test_no, att->str); goto done; } @@ -278,14 +278,14 @@ rfc5280_gentime_test(int test_no, struct rfc5280_time_test *att) goto done; if ((i = X509_cmp_time(gt, &att->time)) != -1) { - fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n", + fprintf(stderr, "FAIL: test %d - X509_cmp_time failed - returned %d compared to %lld\n", test_no, i, (long long)att->time); goto done; } att->time--; if ((i = X509_cmp_time(gt, &att->time)) != 1) { - fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n", + fprintf(stderr, "FAIL: test %d - X509_cmp_time failed - returned %d compared to %lld\n", test_no, i, (long long)att->time); goto done; } @@ -294,7 +294,7 @@ rfc5280_gentime_test(int test_no, struct rfc5280_time_test *att) ASN1_GENERALIZEDTIME_free(gt); if ((gt = ASN1_GENERALIZEDTIME_set(NULL, att->time)) == NULL) { - fprintf(stderr, "FAIL: test %i - failed to set time %lli\n", + fprintf(stderr, "FAIL: test %d - failed to set time %lld\n", test_no, (long long)att->time); goto done; } @@ -322,7 +322,7 @@ rfc5280_utctime_test(int test_no, struct rfc5280_time_test *att) goto done; if (ASN1_UTCTIME_set_string(ut, att->str) != 1) { - fprintf(stderr, "FAIL: test %i - failed to set string '%s'\n", + fprintf(stderr, "FAIL: test %d - failed to set string '%s'\n", test_no, att->str); goto done; } @@ -330,14 +330,14 @@ rfc5280_utctime_test(int test_no, struct rfc5280_time_test *att) goto done; if ((i = X509_cmp_time(ut, &att->time)) != -1) { - fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n", + fprintf(stderr, "FAIL: test %d - X509_cmp_time failed - returned %d compared to %lld\n", test_no, i, (long long)att->time); goto done; } att->time--; if ((i = X509_cmp_time(ut, &att->time)) != 1) { - fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n", + fprintf(stderr, "FAIL: test %d - X509_cmp_time failed - returned %d compared to %lld\n", test_no, i, (long long)att->time); goto done; } @@ -346,7 +346,7 @@ rfc5280_utctime_test(int test_no, struct rfc5280_time_test *att) ASN1_UTCTIME_free(ut); if ((ut = ASN1_UTCTIME_set(NULL, att->time)) == NULL) { - fprintf(stderr, "FAIL: test %i - failed to set time %lli\n", + fprintf(stderr, "FAIL: test %d - failed to set time %lld\n", test_no, (long long)att->time); goto done; } diff --git a/tests/rmd_test.c b/tests/rmd_test.c new file mode 100644 index 00000000..0a88a9bb --- /dev/null +++ b/tests/rmd_test.c @@ -0,0 +1,201 @@ +/* $OpenBSD: rmd_test.c,v 1.1 2022/09/02 15:45:52 tb Exp $ */ +/* + * Copyright (c) 2022 Joshua Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include +#include + +struct rmd_test { + const uint8_t in[128]; + const size_t in_len; + const uint8_t out[EVP_MAX_MD_SIZE]; +}; + +static const struct rmd_test rmd_tests[] = { + /* + * RIPEMD-160 - Test vectors from + * https://homes.esat.kuleuven.be/~bosselae/ripemd160.html + */ + { + .in = "", + .in_len = 0, + .out = { + 0x9c, 0x11, 0x85, 0xa5, 0xc5, 0xe9, 0xfc, 0x54, + 0x61, 0x28, 0x08, 0x97, 0x7e, 0xe8, 0xf5, 0x48, + 0xb2, 0x25, 0x8d, 0x31, + }, + }, + { + .in = "a", + .in_len = 1, + .out = { + 0x0b, 0xdc, 0x9d, 0x2d, 0x25, 0x6b, 0x3e, 0xe9, + 0xda, 0xae, 0x34, 0x7b, 0xe6, 0xf4, 0xdc, 0x83, + 0x5a, 0x46, 0x7f, 0xfe, + }, + }, + { + .in = "abc", + .in_len = 3, + .out = { + 0x8e, 0xb2, 0x08, 0xf7, 0xe0, 0x5d, 0x98, 0x7a, + 0x9b, 0x04, 0x4a, 0x8e, 0x98, 0xc6, 0xb0, 0x87, + 0xf1, 0x5a, 0x0b, 0xfc, + }, + }, + { + .in = "message digest", + .in_len = 14, + .out = { + 0x5d, 0x06, 0x89, 0xef, 0x49, 0xd2, 0xfa, 0xe5, + 0x72, 0xb8, 0x81, 0xb1, 0x23, 0xa8, 0x5f, 0xfa, + 0x21, 0x59, 0x5f, 0x36, + }, + }, + { + .in = "abcdefghijklmnopqrstuvwxyz", + .in_len = 26, + .out = { + 0xf7, 0x1c, 0x27, 0x10, 0x9c, 0x69, 0x2c, 0x1b, + 0x56, 0xbb, 0xdc, 0xeb, 0x5b, 0x9d, 0x28, 0x65, + 0xb3, 0x70, 0x8d, 0xbc, + }, + }, + { + .in = + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + .in_len = 56, + .out = { + 0x12, 0xa0, 0x53, 0x38, 0x4a, 0x9c, 0x0c, 0x88, + 0xe4, 0x05, 0xa0, 0x6c, 0x27, 0xdc, 0xf4, 0x9a, + 0xda, 0x62, 0xeb, 0x2b, + }, + }, + { + .in = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuv" + "wxyz0123456789", + .in_len = 62, + .out = { + 0xb0, 0xe2, 0x0b, 0x6e, 0x31, 0x16, 0x64, 0x02, + 0x86, 0xed, 0x3a, 0x87, 0xa5, 0x71, 0x30, 0x79, + 0xb2, 0x1f, 0x51, 0x89, + }, + }, + { + .in = + "123456789012345678901234567890123456789012345678" + "90123456789012345678901234567890", + .in_len = 80, + .out = { + 0x9b, 0x75, 0x2e, 0x45, 0x57, 0x3d, 0x4b, 0x39, + 0xf4, 0xdb, 0xd3, 0x32, 0x3c, 0xab, 0x82, 0xbf, + 0x63, 0x32, 0x6b, 0xfb, + }, + }, +}; + +#define N_RMD_TESTS (sizeof(rmd_tests) / sizeof(rmd_tests[0])) + +static int +rmd_test(void) +{ + const struct rmd_test *rt; + EVP_MD_CTX *hash = NULL; + uint8_t out[EVP_MAX_MD_SIZE]; + size_t in_len; + size_t i; + int failed = 1; + + if ((hash = EVP_MD_CTX_new()) == NULL) { + fprintf(stderr, "FAIL: EVP_MD_CTX_new() failed\n"); + goto failed; + } + + for (i = 0; i < N_RMD_TESTS; i++) { + rt = &rmd_tests[i]; + + /* Digest */ + memset(out, 0, sizeof(out)); + RIPEMD160(rt->in, rt->in_len, out); + if (memcmp(rt->out, out, RIPEMD160_DIGEST_LENGTH) != 0) { + fprintf(stderr, "FAIL: mismatch\n"); + goto failed; + } + + /* EVP single-shot digest */ + memset(out, 0, sizeof(out)); + if (!EVP_Digest(rt->in, rt->in_len, out, NULL, EVP_ripemd160(), NULL)) { + fprintf(stderr, "FAIL: EVP_Digest failed\n"); + goto failed; + } + + if (memcmp(rt->out, out, RIPEMD160_DIGEST_LENGTH) != 0) { + fprintf(stderr, "FAIL: EVP single-shot mismatch\n"); + goto failed; + } + + /* EVP digest */ + memset(out, 0, sizeof(out)); + if (!EVP_DigestInit_ex(hash, EVP_ripemd160(), NULL)) { + fprintf(stderr, "FAIL: EVP_DigestInit_ex failed\n"); + goto failed; + } + + in_len = rt->in_len / 2; + if (!EVP_DigestUpdate(hash, rt->in, in_len)) { + fprintf(stderr, + "FAIL: EVP_DigestUpdate first half failed\n"); + goto failed; + } + + if (!EVP_DigestUpdate(hash, rt->in + in_len, + rt->in_len - in_len)) { + fprintf(stderr, + "FAIL: EVP_DigestUpdate second half failed\n"); + goto failed; + } + + if (!EVP_DigestFinal_ex(hash, out, NULL)) { + fprintf(stderr, "FAIL: EVP_DigestFinal_ex failed\n"); + goto failed; + } + + if (memcmp(rt->out, out, RIPEMD160_DIGEST_LENGTH) != 0) { + fprintf(stderr, "FAIL: EVP mismatch\n"); + goto failed; + } + } + + failed = 0; + + failed: + EVP_MD_CTX_free(hash); + return failed; +} + +int +main(int argc, char **argv) +{ + int failed = 0; + + failed |= rmd_test(); + + return failed; +} diff --git a/tests/rsa_test.c b/tests/rsa_test.c index 9e7cd6f4..6fd0ddc7 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_test.c,v 1.3 2018/07/17 17:06:49 tb Exp $ */ +/* $OpenBSD: rsa_test.c,v 1.4 2021/11/25 16:51:31 tb Exp $ */ /* * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * @@ -17,311 +17,456 @@ #include #include #include + #ifdef OPENSSL_NO_RSA int main(int argc, char *argv[]) { - printf("No RSA support\n"); - return (0); + printf("No RSA support\n"); + return (0); } #else # include -# define SetKey \ - key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \ - key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \ - key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \ - key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \ - key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \ - key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \ - key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \ - key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \ - memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \ - return (sizeof(ctext_ex) - 1); - -static int key1(RSA *key, unsigned char *c) +static int +key1(RSA *key, unsigned char *c) { - static unsigned char n[] = - "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" - "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" - "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" - "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" - "\xF5"; - - static unsigned char e[] = "\x11"; - - static unsigned char d[] = - "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44" - "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64" - "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9" - "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"; - - static unsigned char p[] = - "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" - "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12" - "\x0D"; - - static unsigned char q[] = - "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" - "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" - "\x89"; - - static unsigned char dmp1[] = - "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF" - "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05"; - - static unsigned char dmq1[] = - "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99" - "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D" - "\x51"; - - static unsigned char iqmp[] = - "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8" - "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26"; - - static unsigned char ctext_ex[] = - "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89" - "\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52" - "\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44" - "\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2"; - - SetKey; + static unsigned char n[] = + "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" + "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" + "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" + "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" + "\xF5"; + + static unsigned char e[] = "\x11"; + + static unsigned char d[] = + "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44" + "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64" + "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9" + "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"; + + static unsigned char p[] = + "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" + "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12" + "\x0D"; + + static unsigned char q[] = + "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" + "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" + "\x89"; + + static unsigned char dmp1[] = + "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF" + "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05"; + + static unsigned char dmq1[] = + "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99" + "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D" + "\x51"; + + static unsigned char iqmp[] = + "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8" + "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26"; + + static unsigned char ctext_ex[] = + "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89" + "\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52" + "\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44" + "\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2"; + + BIGNUM *bn_n = NULL, *bn_e = NULL, *bn_d = NULL; + BIGNUM *bn_p = NULL, *bn_q = NULL; + BIGNUM *bn_dmp1 = NULL, *bn_dmq1 = NULL, *bn_iqmp = NULL; + + bn_n = BN_bin2bn(n, sizeof(n) - 1, NULL); + bn_e = BN_bin2bn(e, sizeof(e) - 1, NULL); + bn_d = BN_bin2bn(d, sizeof(d) - 1, NULL); + if (bn_n == NULL || bn_e == NULL || bn_d == NULL) + goto err; + if (!RSA_set0_key(key, bn_n, bn_e, bn_d)) + goto err; + bn_n = NULL; + bn_e = NULL; + bn_d = NULL; + + bn_p = BN_bin2bn(p, sizeof(p) - 1, NULL); + bn_q = BN_bin2bn(q, sizeof(q) - 1, NULL); + if (bn_p == NULL || bn_q == NULL) + goto err; + if (!RSA_set0_factors(key, bn_p, bn_q)) + goto err; + bn_p = NULL; + bn_q = NULL; + + bn_dmp1 = BN_bin2bn(dmp1, sizeof(dmp1) - 1, NULL); + bn_dmq1 = BN_bin2bn(dmq1, sizeof(dmq1) - 1, NULL); + bn_iqmp = BN_bin2bn(iqmp, sizeof(iqmp) - 1, NULL); + if (bn_dmp1 == NULL || bn_dmq1 == NULL || bn_iqmp == NULL) + goto err; + if (!RSA_set0_crt_params(key, bn_dmp1, bn_dmq1, bn_iqmp)) + goto err; + bn_dmp1 = NULL; + bn_dmq1 = NULL; + bn_iqmp = NULL; + + memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); + return sizeof(ctext_ex) - 1; + + err: + BN_free(bn_n); + BN_free(bn_e); + BN_free(bn_d); + BN_free(bn_p); + BN_free(bn_q); + BN_free(bn_dmp1); + BN_free(bn_dmq1); + BN_free(bn_iqmp); + + return -1; } -static int key2(RSA *key, unsigned char *c) +static int +key2(RSA *key, unsigned char *c) { - static unsigned char n[] = - "\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8" - "\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26" - "\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8" - "\x34\x77\xCF"; - - static unsigned char e[] = "\x3"; - - static unsigned char d[] = - "\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2" - "\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41" - "\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21" - "\xE5\xEB"; - - static unsigned char p[] = - "\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92" - "\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91"; - - static unsigned char q[] = - "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" - "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F"; - - static unsigned char dmp1[] = - "\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61" - "\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B"; - - static unsigned char dmq1[] = - "\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90" - "\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F"; - - static unsigned char iqmp[] = - "\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13" - "\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D"; - - static unsigned char ctext_ex[] = - "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a" - "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4" - "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52" - "\x62\x51"; - - SetKey; + static unsigned char n[] = + "\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8" + "\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26" + "\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8" + "\x34\x77\xCF"; + + static unsigned char e[] = "\x3"; + + static unsigned char d[] = + "\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2" + "\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41" + "\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21" + "\xE5\xEB"; + + static unsigned char p[] = + "\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92" + "\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91"; + + static unsigned char q[] = + "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" + "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F"; + + static unsigned char dmp1[] = + "\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61" + "\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B"; + + static unsigned char dmq1[] = + "\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90" + "\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F"; + + static unsigned char iqmp[] = + "\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13" + "\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D"; + + static unsigned char ctext_ex[] = + "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a" + "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4" + "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52" + "\x62\x51"; + + BIGNUM *bn_n = NULL, *bn_e = NULL, *bn_d = NULL; + BIGNUM *bn_p = NULL, *bn_q = NULL; + BIGNUM *bn_dmp1 = NULL, *bn_dmq1 = NULL, *bn_iqmp = NULL; + + bn_n = BN_bin2bn(n, sizeof(n) - 1, NULL); + bn_e = BN_bin2bn(e, sizeof(e) - 1, NULL); + bn_d = BN_bin2bn(d, sizeof(d) - 1, NULL); + if (bn_n == NULL || bn_e == NULL || bn_d == NULL) + goto err; + if (!RSA_set0_key(key, bn_n, bn_e, bn_d)) + goto err; + bn_n = NULL; + bn_e = NULL; + bn_d = NULL; + + bn_p = BN_bin2bn(p, sizeof(p) - 1, NULL); + bn_q = BN_bin2bn(q, sizeof(q) - 1, NULL); + if (bn_p == NULL || bn_q == NULL) + goto err; + if (!RSA_set0_factors(key, bn_p, bn_q)) + goto err; + bn_p = NULL; + bn_q = NULL; + + bn_dmp1 = BN_bin2bn(dmp1, sizeof(dmp1) - 1, NULL); + bn_dmq1 = BN_bin2bn(dmq1, sizeof(dmq1) - 1, NULL); + bn_iqmp = BN_bin2bn(iqmp, sizeof(iqmp) - 1, NULL); + if (bn_dmp1 == NULL || bn_dmq1 == NULL || bn_iqmp == NULL) + goto err; + if (!RSA_set0_crt_params(key, bn_dmp1, bn_dmq1, bn_iqmp)) + goto err; + bn_dmp1 = NULL; + bn_dmq1 = NULL; + bn_iqmp = NULL; + + memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); + return sizeof(ctext_ex) - 1; + + err: + BN_free(bn_n); + BN_free(bn_e); + BN_free(bn_d); + BN_free(bn_p); + BN_free(bn_q); + BN_free(bn_dmp1); + BN_free(bn_dmq1); + BN_free(bn_iqmp); + + return -1; } -static int key3(RSA *key, unsigned char *c) +static int +key3(RSA *key, unsigned char *c) { - static unsigned char n[] = - "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71" - "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5" - "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD" - "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80" - "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25" - "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39" - "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68" - "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD" - "\xCB"; - - static unsigned char e[] = "\x11"; - - static unsigned char d[] = - "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD" - "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41" - "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69" - "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA" - "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94" - "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A" - "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94" - "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3" - "\xC1"; - - static unsigned char p[] = - "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60" - "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6" - "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A" - "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65" - "\x99"; - - static unsigned char q[] = - "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" - "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" - "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" - "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15" - "\x03"; - - static unsigned char dmp1[] = - "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A" - "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E" - "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E" - "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81"; - - static unsigned char dmq1[] = - "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9" - "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7" - "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D" - "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D"; - - static unsigned char iqmp[] = - "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23" - "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11" - "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E" - "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39" - "\xF7"; - - static unsigned char ctext_ex[] = - "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7" - "\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce" - "\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3" - "\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06" - "\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86" - "\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4" - "\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a" - "\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1"; - - SetKey; + static unsigned char n[] = + "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71" + "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5" + "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD" + "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80" + "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25" + "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39" + "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68" + "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD" + "\xCB"; + + static unsigned char e[] = "\x11"; + + static unsigned char d[] = + "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD" + "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41" + "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69" + "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA" + "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94" + "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A" + "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94" + "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3" + "\xC1"; + + static unsigned char p[] = + "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60" + "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6" + "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A" + "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65" + "\x99"; + + static unsigned char q[] = + "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" + "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" + "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" + "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15" + "\x03"; + + static unsigned char dmp1[] = + "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A" + "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E" + "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E" + "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81"; + + static unsigned char dmq1[] = + "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9" + "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7" + "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D" + "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D"; + + static unsigned char iqmp[] = + "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23" + "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11" + "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E" + "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39" + "\xF7"; + + static unsigned char ctext_ex[] = + "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7" + "\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce" + "\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3" + "\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06" + "\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86" + "\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4" + "\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a" + "\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1"; + + BIGNUM *bn_n = NULL, *bn_e = NULL, *bn_d = NULL; + BIGNUM *bn_p = NULL, *bn_q = NULL; + BIGNUM *bn_dmp1 = NULL, *bn_dmq1 = NULL, *bn_iqmp = NULL; + + bn_n = BN_bin2bn(n, sizeof(n) - 1, NULL); + bn_e = BN_bin2bn(e, sizeof(e) - 1, NULL); + bn_d = BN_bin2bn(d, sizeof(d) - 1, NULL); + if (bn_n == NULL || bn_e == NULL || bn_d == NULL) + goto err; + if (!RSA_set0_key(key, bn_n, bn_e, bn_d)) + goto err; + bn_n = NULL; + bn_e = NULL; + bn_d = NULL; + + bn_p = BN_bin2bn(p, sizeof(p) - 1, NULL); + bn_q = BN_bin2bn(q, sizeof(q) - 1, NULL); + if (bn_p == NULL || bn_q == NULL) + goto err; + if (!RSA_set0_factors(key, bn_p, bn_q)) + goto err; + bn_p = NULL; + bn_q = NULL; + + bn_dmp1 = BN_bin2bn(dmp1, sizeof(dmp1) - 1, NULL); + bn_dmq1 = BN_bin2bn(dmq1, sizeof(dmq1) - 1, NULL); + bn_iqmp = BN_bin2bn(iqmp, sizeof(iqmp) - 1, NULL); + if (bn_dmp1 == NULL || bn_dmq1 == NULL || bn_iqmp == NULL) + goto err; + if (!RSA_set0_crt_params(key, bn_dmp1, bn_dmq1, bn_iqmp)) + goto err; + bn_dmp1 = NULL; + bn_dmq1 = NULL; + bn_iqmp = NULL; + + memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); + + return sizeof(ctext_ex) - 1; + + err: + BN_free(bn_n); + BN_free(bn_e); + BN_free(bn_d); + BN_free(bn_p); + BN_free(bn_q); + BN_free(bn_dmp1); + BN_free(bn_dmq1); + BN_free(bn_iqmp); + + return -1; } -static int pad_unknown(void) +static int +pad_unknown(void) { - unsigned long l; - while ((l = ERR_get_error()) != 0) - if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE) - return (1); - return (0); + unsigned long l; + while ((l = ERR_get_error()) != 0) + if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE) + return (1); + return (0); } -int main(int argc, char *argv[]) +int +main(int argc, char *argv[]) { - int err = 0; - int v; - RSA *key; - unsigned char ptext[256]; - unsigned char ctext[256]; - static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; - unsigned char ctext_ex[256]; - int plen; - int clen = 0; - int num; - int n; - - plen = sizeof(ptext_ex) - 1; - - for (v = 0; v < 3; v++) { - key = RSA_new(); - switch (v) { - case 0: - clen = key1(key, ctext_ex); - break; - case 1: - clen = key2(key, ctext_ex); - break; - case 2: - clen = key3(key, ctext_ex); - break; - } - - num = RSA_public_encrypt(plen, ptext_ex, ctext, key, - RSA_PKCS1_PADDING); - if (num != clen) { - printf("PKCS#1 v1.5 encryption failed!\n"); - err = 1; - goto oaep; - } - - num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_PADDING); - if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { - printf("PKCS#1 v1.5 decryption failed!\n"); - err = 1; - } else - printf("PKCS #1 v1.5 encryption/decryption ok\n"); + int err = 0; + int v; + RSA *key; + unsigned char ptext[256]; + unsigned char ctext[256]; + static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; + unsigned char ctext_ex[256]; + int plen; + int clen = 0; + int num; + int n; + + plen = sizeof(ptext_ex) - 1; + + for (v = 0; v < 3; v++) { + key = RSA_new(); + switch (v) { + case 0: + clen = key1(key, ctext_ex); + break; + case 1: + clen = key2(key, ctext_ex); + break; + case 2: + clen = key3(key, ctext_ex); + break; + } + + if (clen <= 0) { + printf("failed to generate key%d\n", v); + err = 1; + goto next; + } + + num = RSA_public_encrypt(plen, ptext_ex, ctext, key, + RSA_PKCS1_PADDING); + if (num != clen) { + printf("PKCS#1 v1.5 encryption failed!\n"); + err = 1; + goto oaep; + } + + num = RSA_private_decrypt(num, ctext, ptext, key, + RSA_PKCS1_PADDING); + if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { + printf("PKCS#1 v1.5 decryption failed!\n"); + err = 1; + } else + printf("PKCS #1 v1.5 encryption/decryption ok\n"); oaep: - ERR_clear_error(); - num = RSA_public_encrypt(plen, ptext_ex, ctext, key, - RSA_PKCS1_OAEP_PADDING); - if (num == -1 && pad_unknown()) { - printf("No OAEP support\n"); - goto next; - } - if (num != clen) { - printf("OAEP encryption failed!\n"); - err = 1; - goto next; - } - - num = RSA_private_decrypt(num, ctext, ptext, key, - RSA_PKCS1_OAEP_PADDING); - if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { - printf("OAEP decryption (encrypted data) failed!\n"); - err = 1; - } else if (memcmp(ctext, ctext_ex, num) == 0) - printf("OAEP test vector %d passed!\n", v); - - /* - * Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT). Try - * decrypting ctext_ex - */ - - num = RSA_private_decrypt(clen, ctext_ex, ptext, key, - RSA_PKCS1_OAEP_PADDING); - - if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { - printf("OAEP decryption (test vector data) failed!\n"); - err = 1; - } else - printf("OAEP encryption/decryption ok\n"); - - /* Try decrypting corrupted ciphertexts. */ - for (n = 0; n < clen; ++n) { - ctext[n] ^= 1; - num = RSA_private_decrypt(clen, ctext, ptext, key, - RSA_PKCS1_OAEP_PADDING); - if (num > 0) { - printf("Corrupt data decrypted!\n"); - err = 1; - break; - } - ctext[n] ^= 1; - } - - /* Test truncated ciphertexts, as well as negative length. */ - for (n = -1; n < clen; ++n) { - num = RSA_private_decrypt(n, ctext, ptext, key, - RSA_PKCS1_OAEP_PADDING); - if (num > 0) { - printf("Truncated data decrypted!\n"); - err = 1; - break; - } - } + ERR_clear_error(); + num = RSA_public_encrypt(plen, ptext_ex, ctext, key, + RSA_PKCS1_OAEP_PADDING); + if (num == -1 && pad_unknown()) { + printf("No OAEP support\n"); + goto next; + } + if (num != clen) { + printf("OAEP encryption failed!\n"); + err = 1; + goto next; + } + + num = RSA_private_decrypt(num, ctext, ptext, key, + RSA_PKCS1_OAEP_PADDING); + if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { + printf("OAEP decryption (encrypted data) failed!\n"); + err = 1; + } else if (memcmp(ctext, ctext_ex, num) == 0) + printf("OAEP test vector %d passed!\n", v); + + /* + * Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT). + * Try decrypting ctext_ex + */ + + num = RSA_private_decrypt(clen, ctext_ex, ptext, key, + RSA_PKCS1_OAEP_PADDING); + if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { + printf("OAEP decryption (test vector data) failed!\n"); + err = 1; + } else + printf("OAEP encryption/decryption ok\n"); + + /* Try decrypting corrupted ciphertexts. */ + for (n = 0; n < clen; ++n) { + ctext[n] ^= 1; + num = RSA_private_decrypt(clen, ctext, ptext, key, + RSA_PKCS1_OAEP_PADDING); + if (num > 0) { + printf("Corrupt data decrypted!\n"); + err = 1; + break; + } + ctext[n] ^= 1; + } + + /* Test truncated ciphertexts, as well as negative length. */ + for (n = -1; n < clen; ++n) { + num = RSA_private_decrypt(n, ctext, ptext, key, + RSA_PKCS1_OAEP_PADDING); + if (num > 0) { + printf("Truncated data decrypted!\n"); + err = 1; + break; + } + } next: - RSA_free(key); - } + RSA_free(key); + } - return err; + return err; } #endif diff --git a/tests/server1-ecdsa-chain.pem b/tests/server1-ecdsa-chain.pem new file mode 100644 index 00000000..46add4d1 --- /dev/null +++ b/tests/server1-ecdsa-chain.pem @@ -0,0 +1,26 @@ +subject= CN = LibreSSL Test Server 1 ECDSA +issuer= CN = LibreSSL Test Intermediate CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBqzCCAVKgAwIBAgIJAOVssaaTYoH4MAoGCCqGSM49BAMCMC4xLDAqBgNVBAMM +I0xpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIEVDRFNBMB4XDTIxMTIyNzE0 +NDA0MFoXDTMxMTIyNTE0NDA0MFowJzElMCMGA1UEAwwcTGlicmVTU0wgVGVzdCBT +ZXJ2ZXIgMSBFQ0RTQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLCfzrwjvJ6V +m2Jog48gtuDNYupHd8TKOCVb6J7f1/U3Owwy2//ZVTvM+9uoIC8xxUJAmN0PC+9a ++5TkRWiD1KWjYDBeMB0GA1UdDgQWBBTo776/p89eGJwMmJRNk4k+xGVRPTAfBgNV +HSMEGDAWgBQXVj1v/EpXEjlCygJygatQDeTCCDAMBgNVHRMBAf8EAjAAMA4GA1Ud +DwEB/wQEAwIHgDAKBggqhkjOPQQDAgNHADBEAiAhHPaADQMcGea7iBRbKZWSHUAf +fZSNIWF/nYASNBvKLgIgQXLiuWxt6/a7vxaZwgYXkhP1YfDSC5Kpktxr/3jHcAU= +-----END CERTIFICATE----- +subject= CN = LibreSSL Test Intermediate CA ECDSA +issuer= CN = LibreSSL Test Root CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBrDCCAVOgAwIBAgIJAOVssaaTYoH3MAkGByqGSM49BAEwJjEkMCIGA1UEAwwb +TGlicmVTU0wgVGVzdCBSb290IENBIEVDRFNBMB4XDTIxMTIyNzE0NDA0MFoXDTMx +MTIyNTE0NDA0MFowLjEsMCoGA1UEAwwjTGlicmVTU0wgVGVzdCBJbnRlcm1lZGlh +dGUgQ0EgRUNEU0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATWRQbJh4aHPzHq +LOAmosW/o83bTpm3Sj1VxM44StmG7c1nnFM/+gS8rp2bVSgjWZQzRtZqGVGJgzbk +7/M1m3x3o2MwYTAdBgNVHQ4EFgQUF1Y9b/xKVxI5QsoCcoGrUA3kwggwHwYDVR0j +BBgwFoAUtvkat4UdcUEipt6L/PBgEFYH6AwwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwCQYHKoZIzj0EAQNIADBFAiBE4NiOdv/XRN3WWMnkE5QccvC6 +VThoIQRyBf4I97cRPQIhAK18dvwrLuOOfbhWMdkpNCddMkWZHxS7traw/8+s7OUU +-----END CERTIFICATE----- diff --git a/tests/server1-ecdsa.pem b/tests/server1-ecdsa.pem new file mode 100644 index 00000000..541fed6e --- /dev/null +++ b/tests/server1-ecdsa.pem @@ -0,0 +1,18 @@ +subject= CN = LibreSSL Test Server 1 ECDSA +issuer= CN = LibreSSL Test Intermediate CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBqzCCAVKgAwIBAgIJAOVssaaTYoH4MAoGCCqGSM49BAMCMC4xLDAqBgNVBAMM +I0xpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIEVDRFNBMB4XDTIxMTIyNzE0 +NDA0MFoXDTMxMTIyNTE0NDA0MFowJzElMCMGA1UEAwwcTGlicmVTU0wgVGVzdCBT +ZXJ2ZXIgMSBFQ0RTQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLCfzrwjvJ6V +m2Jog48gtuDNYupHd8TKOCVb6J7f1/U3Owwy2//ZVTvM+9uoIC8xxUJAmN0PC+9a ++5TkRWiD1KWjYDBeMB0GA1UdDgQWBBTo776/p89eGJwMmJRNk4k+xGVRPTAfBgNV +HSMEGDAWgBQXVj1v/EpXEjlCygJygatQDeTCCDAMBgNVHRMBAf8EAjAAMA4GA1Ud +DwEB/wQEAwIHgDAKBggqhkjOPQQDAgNHADBEAiAhHPaADQMcGea7iBRbKZWSHUAf +fZSNIWF/nYASNBvKLgIgQXLiuWxt6/a7vxaZwgYXkhP1YfDSC5Kpktxr/3jHcAU= +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgvh2q0Zzqn18tPux2 +csqpbWDtHGialpwtx/r/0ENHeKOhRANCAASwn868I7yelZtiaIOPILbgzWLqR3fE +yjglW+ie39f1NzsMMtv/2VU7zPvbqCAvMcVCQJjdDwvvWvuU5EVog9Sl +-----END PRIVATE KEY----- diff --git a/tests/server1-rsa-chain.pem b/tests/server1-rsa-chain.pem new file mode 100644 index 00000000..57dec7b5 --- /dev/null +++ b/tests/server1-rsa-chain.pem @@ -0,0 +1,44 @@ +subject= CN = LibreSSL Test Server 1 RSA +issuer= CN = LibreSSL Test Intermediate CA RSA +-----BEGIN CERTIFICATE----- +MIIDNDCCAhygAwIBAgIJAOVssaaTYoHzMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNV +BAMMIUxpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0yMTEyMjcx +NDQwMzdaFw0zMTEyMjUxNDQwMzdaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3Qg +U2VydmVyIDEgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvyt +i0uA2qaFltVb8+PElYk84AnjY0WZDcGtKSMCAYTD857fO2V4S/wpJ9ZMt8kBKQ29 +D2Glkkhc/HPpb7wJcAUT++aZ/PbOtuzOHzdxheOolfZ6aw+qCSiVlcflKfMp7VPL +swimqKpm6atl2aSqldKfmGzjhAAPiTXbzUjh9pbTfO8ykdn/6AqP7ju3+4sseMPL +seNq1wstWRdiHm0P/BoJn4lwDe7QTSp1AxMqDTz5BiO+UjCW2oTsOFfo/hhslQf5 +qv7uPLrz/VWiEojQP5RzfcnVwplUgTvtaOkXxZeOH7VkKS1v8W506/h3RIKj0X8Y +JDLuIPqSAPNLWGyH4wIDAQABo2AwXjAdBgNVHQ4EFgQUFJPGTfe+ULC/anJ4fCVz +DXA0JI4wHwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/ +BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGP5hYyAYzlj +YCV24ApNPb+mNEMHu1SL1MgDXJOTWZMFOvuYcibtmcVIfwpM4+UpC7cRqPRjBEqm +NdLbJi4jGzQDNOcI7OZCCx6oKvAhjMofpb42Iq4bDuBqlhHRXvYnO30y0yRbSGXt +GvKvkNKOSXUnY1UtcBAN5szcyFk30xQK+f/2VqJguvjsTquFV+piqFyq91ICyIeQ +1gjTn1N2/SkmYpwZdyf0HqSjyqJ0FG4xiW6T0HmX1QI651Kux49vLel7ySxzGY+6 +axnPilTYx/7pkciGk5ckLdujpXsDPhC+E2hdoee494c5NvX/uibYhigLU/gHK/ZP +YisY8ihnPl8= +-----END CERTIFICATE----- +subject= CN = LibreSSL Test Intermediate CA RSA +issuer= CN = LibreSSL Test Root CA RSA +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIJAOVssaaTYoHyMA0GCSqGSIb3DQEBCwUAMCQxIjAgBgNV +BAMMGUxpYnJlU1NMIFRlc3QgUm9vdCBDQSBSU0EwHhcNMjExMjI3MTQ0MDM3WhcN +MzExMjI1MTQ0MDM3WjAsMSowKAYDVQQDDCFMaWJyZVNTTCBUZXN0IEludGVybWVk +aWF0ZSBDQSBSU0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD151AI +I+W9MrEP3dO0PEjg6L9E1R6+CG6u0LT3Jobc/rG2RXqKLasEaXoBWYiJoTImVxFT +wtrY+IDDTaEV4/4RGII1fY8Js7v5NpwoEh15jCoJ6/qDjKd4y1s1M48PlWYNNRmv +OBKRIu3Fz7scUa1RSBCp1bZeHbq/V5SzG419nDq2xpyuUrwmfBhDZTH+kUwBNGn8 +XVRFCRJQVP3qEAH02Zai2emSVj13KrhEWMtNyA8fa34GIuV23Q40RKW3jUgGBF+D +5jPNN8EZCj34nvvbjCCBs7cxZvD4F/MzGbatKpNmNOKXKibeg/xCq8B/F1uzHcl3 +IzJuViNtQ3RjQ/1pAgMBAAGjYzBhMB0GA1UdDgQWBBQ2oaFa//6a3ZNBNV0NlN3n +A9jiZjAfBgNVHSMEGDAWgBQ+S/x79Kw0KqURKAHyiOhdj/8V0TAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAcok2oSct +BOkm75qA8+4eUilGxTaqFPCqY8fk8MKNRKNNzaqirPaLJW62mZaxRHOn1Bw9uzL3 +jgz2PaTwA7n5GpKs3r5JLk8BdtRyeqMLmqJVJKKuu4GtJLCA8jhQm+XNA1Z324hg +kVeBHLPpLKvQxb+0lmbRBORq/OtMirq2yK8OlF2USrfQx0jmhSvvLpWyA0hhAXRS +gg1ds9aL57dELvk6gR7Unob+J0O2Xq3FRwz2O1k9fF86a0qrWUkxcnAjobC2BczC +7Fe5B194LgrX2U4IIrzwgJ19kmtrb1Qol2okECxomTYsbQY36sBs+LOKxSuiagu6 +ZgJtfcNeVMglYQ== +-----END CERTIFICATE----- diff --git a/tests/server1-rsa.pem b/tests/server1-rsa.pem new file mode 100644 index 00000000..12e9ac9e --- /dev/null +++ b/tests/server1-rsa.pem @@ -0,0 +1,50 @@ +subject= CN = LibreSSL Test Server 1 RSA +issuer= CN = LibreSSL Test Intermediate CA RSA +-----BEGIN CERTIFICATE----- +MIIDNDCCAhygAwIBAgIJAOVssaaTYoHzMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNV +BAMMIUxpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0yMTEyMjcx +NDQwMzdaFw0zMTEyMjUxNDQwMzdaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3Qg +U2VydmVyIDEgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvyt +i0uA2qaFltVb8+PElYk84AnjY0WZDcGtKSMCAYTD857fO2V4S/wpJ9ZMt8kBKQ29 +D2Glkkhc/HPpb7wJcAUT++aZ/PbOtuzOHzdxheOolfZ6aw+qCSiVlcflKfMp7VPL +swimqKpm6atl2aSqldKfmGzjhAAPiTXbzUjh9pbTfO8ykdn/6AqP7ju3+4sseMPL +seNq1wstWRdiHm0P/BoJn4lwDe7QTSp1AxMqDTz5BiO+UjCW2oTsOFfo/hhslQf5 +qv7uPLrz/VWiEojQP5RzfcnVwplUgTvtaOkXxZeOH7VkKS1v8W506/h3RIKj0X8Y +JDLuIPqSAPNLWGyH4wIDAQABo2AwXjAdBgNVHQ4EFgQUFJPGTfe+ULC/anJ4fCVz +DXA0JI4wHwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/ +BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGP5hYyAYzlj +YCV24ApNPb+mNEMHu1SL1MgDXJOTWZMFOvuYcibtmcVIfwpM4+UpC7cRqPRjBEqm +NdLbJi4jGzQDNOcI7OZCCx6oKvAhjMofpb42Iq4bDuBqlhHRXvYnO30y0yRbSGXt +GvKvkNKOSXUnY1UtcBAN5szcyFk30xQK+f/2VqJguvjsTquFV+piqFyq91ICyIeQ +1gjTn1N2/SkmYpwZdyf0HqSjyqJ0FG4xiW6T0HmX1QI651Kux49vLel7ySxzGY+6 +axnPilTYx/7pkciGk5ckLdujpXsDPhC+E2hdoee494c5NvX/uibYhigLU/gHK/ZP +YisY8ihnPl8= +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCe/K2LS4DapoWW +1Vvz48SViTzgCeNjRZkNwa0pIwIBhMPznt87ZXhL/Ckn1ky3yQEpDb0PYaWSSFz8 +c+lvvAlwBRP75pn89s627M4fN3GF46iV9nprD6oJKJWVx+Up8yntU8uzCKaoqmbp +q2XZpKqV0p+YbOOEAA+JNdvNSOH2ltN87zKR2f/oCo/uO7f7iyx4w8ux42rXCy1Z +F2IebQ/8GgmfiXAN7tBNKnUDEyoNPPkGI75SMJbahOw4V+j+GGyVB/mq/u48uvP9 +VaISiNA/lHN9ydXCmVSBO+1o6RfFl44ftWQpLW/xbnTr+HdEgqPRfxgkMu4g+pIA +80tYbIfjAgMBAAECggEBAJDm9PkW6KrfyLPPZA5mUl6EBWKgQInS/gsmsT7j9EkU +C1A4RXcqJTkD6zKuw59h6NfU+LJTKgeoQm+o6WJ3/BYH2s3kwAZpn7/jFn4nFyWT +d6yuR6baUPwl7CfmV3wjbtwqWmajhNoG7OMd3yc9SGhi3iibXcWKFJ7W4q04NxJ5 +txswRddLYMFUeJxPBdImlyibyUIWaYFid4O2kozTQWpyJld5SP4+YQObb6sBJuvN +wR53eaRGb0OaUGppglGlWTahIADBjbhf0zd9YiUjvums/cjx2goHzQqt4rIj1Pid +I3duu/kw7AsuRlvmhk02Cu4Ixr8hljbeo2L7UAP+4BkCgYEAzVq8Fqi/5IVdjl0H +FwvS9NX3HFFzdixtI2p/jCQ721Kxpf73zvRpMG/YZL3vBt4sXT7WpJZZsKrYogL7 +8s/dG7p/GpzSnvJKQfT6Ko+jnv24MEIoqMx+Smd+nJJJ0KzZRvrqzcF+wsicmKnN +y/4t8T1DqSm4WxDyuy/uDozqCP0CgYEAxjJ9GJha40sHlY4sOTaJqapN6va/t70/ +iRj+Mt9Bm1O41PBgu+SMADGukrjL5DYp53QRGhyqb2PWmZsGYvftPZNq5b3pzKPo +8jiP9AxYDt/GLO3x/GppiywOxHD8CV19BDVqWcBkV1ATu2kkmokDbq+g94xnMBzN +nURtfL5Hml8CgYAMeJIrnhvpOOAxoRypHaK2E7hqE9g7OP93wyPz0s9/xknbltxd +ySIKOwCdPZuigyOWlhZa8HaJ8BYv4JaEbHM1F+JYL2XrGTPBRatbolWBdk8VPy9Q +8PpKcnaR86Bf999KHDreO/4CvkQkUUuaM9l+aQYO4+W6QhE7pPGEGLKt0QKBgCL2 +exzgm3/nF3JpfyGknkpA0bf2SUG3b8LWltkQizlEXqGpudbLbWsHWJ1nXghnCaNb +1Tx+/A3kVdIJB+pjhAVNwRjAFMNV0t0P300U9F/DV+lLHFoDx5SWdBBxQfTA+jHI +3nbwuoKwjJqN5LgiHWnkL4gby4QwQJFSpeHQiz8PAoGBAJaur4aFaSlgGAiKJX4/ +Om4AedImBgFsVKf44xx5pDwEcqLeEwRBxa0r5Sftqsrz+Ck60hR/MWCwJEBll5PV +MJtOHBb2bINFhLOqV1WoSkSoKEhtMvFnLbWGBi5gYHC4+lYuyQqD/vu3sxe5IT9C +PKgUgKV32Z7KBpDuFGtGmiDb +-----END PRIVATE KEY----- diff --git a/tests/server2-ecdsa-chain.pem b/tests/server2-ecdsa-chain.pem new file mode 100644 index 00000000..494d2ea2 --- /dev/null +++ b/tests/server2-ecdsa-chain.pem @@ -0,0 +1,26 @@ +subject= CN = LibreSSL Test Server 2 ECDSA +issuer= CN = LibreSSL Test Intermediate CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBpjCCAUygAwIBAgIDEAABMAoGCCqGSM49BAMCMC4xLDAqBgNVBAMMI0xpYnJl +U1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIEVDRFNBMB4XDTEwMDEwMTAwMDAwMFoX +DTIwMDEwMTAwMDAwMFowJzElMCMGA1UEAwwcTGlicmVTU0wgVGVzdCBTZXJ2ZXIg +MiBFQ0RTQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJOTftmDhBMSS23a+sRO +3Zr43RUwtdJvNfKhpHKRbBLIttBkbI1wWCgufMLCJXhL6pSpCeT/C9ioFks2JMg7 +CPCjYDBeMB0GA1UdDgQWBBSCtBk04EXYNjiFaaTcJumL0BFylTAfBgNVHSMEGDAW +gBQXVj1v/EpXEjlCygJygatQDeTCCDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE +AwIHgDAKBggqhkjOPQQDAgNIADBFAiEAqnQ+TRgMZRys3z3olZysrnP0d6XIdfgv +XvlXRaM0s/QCIHdrTx/IPfJSvo0rDN08CJfbO0NBOc9PFsnDRUKsxJd4 +-----END CERTIFICATE----- +subject= CN = LibreSSL Test Intermediate CA ECDSA +issuer= CN = LibreSSL Test Root CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBrDCCAVOgAwIBAgIJAOVssaaTYoH3MAkGByqGSM49BAEwJjEkMCIGA1UEAwwb +TGlicmVTU0wgVGVzdCBSb290IENBIEVDRFNBMB4XDTIxMTIyNzE0NDA0MFoXDTMx +MTIyNTE0NDA0MFowLjEsMCoGA1UEAwwjTGlicmVTU0wgVGVzdCBJbnRlcm1lZGlh +dGUgQ0EgRUNEU0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATWRQbJh4aHPzHq +LOAmosW/o83bTpm3Sj1VxM44StmG7c1nnFM/+gS8rp2bVSgjWZQzRtZqGVGJgzbk +7/M1m3x3o2MwYTAdBgNVHQ4EFgQUF1Y9b/xKVxI5QsoCcoGrUA3kwggwHwYDVR0j +BBgwFoAUtvkat4UdcUEipt6L/PBgEFYH6AwwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwCQYHKoZIzj0EAQNIADBFAiBE4NiOdv/XRN3WWMnkE5QccvC6 +VThoIQRyBf4I97cRPQIhAK18dvwrLuOOfbhWMdkpNCddMkWZHxS7traw/8+s7OUU +-----END CERTIFICATE----- diff --git a/tests/server2-ecdsa.pem b/tests/server2-ecdsa.pem new file mode 100644 index 00000000..2f49df99 --- /dev/null +++ b/tests/server2-ecdsa.pem @@ -0,0 +1,18 @@ +subject= CN = LibreSSL Test Server 2 ECDSA +issuer= CN = LibreSSL Test Intermediate CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBpjCCAUygAwIBAgIDEAABMAoGCCqGSM49BAMCMC4xLDAqBgNVBAMMI0xpYnJl +U1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIEVDRFNBMB4XDTEwMDEwMTAwMDAwMFoX +DTIwMDEwMTAwMDAwMFowJzElMCMGA1UEAwwcTGlicmVTU0wgVGVzdCBTZXJ2ZXIg +MiBFQ0RTQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJOTftmDhBMSS23a+sRO +3Zr43RUwtdJvNfKhpHKRbBLIttBkbI1wWCgufMLCJXhL6pSpCeT/C9ioFks2JMg7 +CPCjYDBeMB0GA1UdDgQWBBSCtBk04EXYNjiFaaTcJumL0BFylTAfBgNVHSMEGDAW +gBQXVj1v/EpXEjlCygJygatQDeTCCDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE +AwIHgDAKBggqhkjOPQQDAgNIADBFAiEAqnQ+TRgMZRys3z3olZysrnP0d6XIdfgv +XvlXRaM0s/QCIHdrTx/IPfJSvo0rDN08CJfbO0NBOc9PFsnDRUKsxJd4 +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgxkOt2jb6kQC1ZaUa +MLSz0lyS0YQtqChoyAvJ7yQf3FahRANCAASTk37Zg4QTEktt2vrETt2a+N0VMLXS +bzXyoaRykWwSyLbQZGyNcFgoLnzCwiV4S+qUqQnk/wvYqBZLNiTIOwjw +-----END PRIVATE KEY----- diff --git a/tests/server2-rsa-chain.pem b/tests/server2-rsa-chain.pem new file mode 100644 index 00000000..5bb660f4 --- /dev/null +++ b/tests/server2-rsa-chain.pem @@ -0,0 +1,44 @@ +subject= CN = LibreSSL Test Server 2 RSA +issuer= CN = LibreSSL Test Intermediate CA RSA +-----BEGIN CERTIFICATE----- +MIIDLjCCAhagAwIBAgIDEAABMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNVBAMMIUxp +YnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0xMDAxMDEwMDAwMDBa +Fw0yMDAxMDEwMDAwMDBaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3QgU2VydmVy +IDIgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu08owc3HqHu2 ++92bKDs/VCVjkGMZSVOrdAXYEKf9WQ6cGxiowjJy391szSd5bW/Yf7hbNhctr29G +8oIj0wsMfz3lxuHDYISt8uAjbjqFiZTNfBeg7PVE9aDWXqaophcq4DT2ygv9O190 +09RxTJD6PdclUtQNYZHr3c7kP2AdeBWWVPAmKISDSEkjXqc0x9LEtm7UA/0WAtKM +NUXUb/ZNBu90j7gRpjN6VyfaqJMdoDR31s7QXivL5hr4x0M0Y1ihN1/cHA5Qjb0s +6t8w6H2b0xtvJgO5N3ZUAVclAO3MsVRqr04aAyxcJ47qOkWPbh9OqaFyZFdl7L2r +UTLloQNkcwIDAQABo2AwXjAdBgNVHQ4EFgQUrDgWmmX6bVZt4Z7SvCSXEfJMoZQw +HwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/BAIwADAO +BgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBANbQG/fAGsV+J+cmEIlg +9i5c44hpr3BAXn5QYMbV9OQ8M9Rq8cZx/EkwNlCfPnQph2PqN2tZNstBnlL90rNq +pOj1Ee+ppemeJrHKFuEncytGHbgqjRLgi9n0vR5RF1I7dJvRlPugpf/FxeMC/7f2 +qDDfdMsvmu/+qWBMb+U5yPLXlibGr7nf7B3t9ZBtku5flP3OOmipIjFpLOmvu06Z +9fac0JHDRvBQCemvIbSIa8Sz6UVJ1hKTjaN+lqc7e5tgbovNqjgFiLx0lQrfBmg9 +tnNhoaEuwwyPNIVLUK3J1Q4lv/m9fX7BVmL5C56AexwtD/jupdXe2utjFx6YXrKG +nxU= +-----END CERTIFICATE----- +subject= CN = LibreSSL Test Intermediate CA RSA +issuer= CN = LibreSSL Test Root CA RSA +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIJAOVssaaTYoHyMA0GCSqGSIb3DQEBCwUAMCQxIjAgBgNV +BAMMGUxpYnJlU1NMIFRlc3QgUm9vdCBDQSBSU0EwHhcNMjExMjI3MTQ0MDM3WhcN +MzExMjI1MTQ0MDM3WjAsMSowKAYDVQQDDCFMaWJyZVNTTCBUZXN0IEludGVybWVk +aWF0ZSBDQSBSU0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD151AI +I+W9MrEP3dO0PEjg6L9E1R6+CG6u0LT3Jobc/rG2RXqKLasEaXoBWYiJoTImVxFT +wtrY+IDDTaEV4/4RGII1fY8Js7v5NpwoEh15jCoJ6/qDjKd4y1s1M48PlWYNNRmv +OBKRIu3Fz7scUa1RSBCp1bZeHbq/V5SzG419nDq2xpyuUrwmfBhDZTH+kUwBNGn8 +XVRFCRJQVP3qEAH02Zai2emSVj13KrhEWMtNyA8fa34GIuV23Q40RKW3jUgGBF+D +5jPNN8EZCj34nvvbjCCBs7cxZvD4F/MzGbatKpNmNOKXKibeg/xCq8B/F1uzHcl3 +IzJuViNtQ3RjQ/1pAgMBAAGjYzBhMB0GA1UdDgQWBBQ2oaFa//6a3ZNBNV0NlN3n +A9jiZjAfBgNVHSMEGDAWgBQ+S/x79Kw0KqURKAHyiOhdj/8V0TAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAcok2oSct +BOkm75qA8+4eUilGxTaqFPCqY8fk8MKNRKNNzaqirPaLJW62mZaxRHOn1Bw9uzL3 +jgz2PaTwA7n5GpKs3r5JLk8BdtRyeqMLmqJVJKKuu4GtJLCA8jhQm+XNA1Z324hg +kVeBHLPpLKvQxb+0lmbRBORq/OtMirq2yK8OlF2USrfQx0jmhSvvLpWyA0hhAXRS +gg1ds9aL57dELvk6gR7Unob+J0O2Xq3FRwz2O1k9fF86a0qrWUkxcnAjobC2BczC +7Fe5B194LgrX2U4IIrzwgJ19kmtrb1Qol2okECxomTYsbQY36sBs+LOKxSuiagu6 +ZgJtfcNeVMglYQ== +-----END CERTIFICATE----- diff --git a/tests/server2-rsa.pem b/tests/server2-rsa.pem new file mode 100644 index 00000000..ed7389a4 --- /dev/null +++ b/tests/server2-rsa.pem @@ -0,0 +1,50 @@ +subject= CN = LibreSSL Test Server 2 RSA +issuer= CN = LibreSSL Test Intermediate CA RSA +-----BEGIN CERTIFICATE----- +MIIDLjCCAhagAwIBAgIDEAABMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNVBAMMIUxp +YnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0xMDAxMDEwMDAwMDBa +Fw0yMDAxMDEwMDAwMDBaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3QgU2VydmVy +IDIgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu08owc3HqHu2 ++92bKDs/VCVjkGMZSVOrdAXYEKf9WQ6cGxiowjJy391szSd5bW/Yf7hbNhctr29G +8oIj0wsMfz3lxuHDYISt8uAjbjqFiZTNfBeg7PVE9aDWXqaophcq4DT2ygv9O190 +09RxTJD6PdclUtQNYZHr3c7kP2AdeBWWVPAmKISDSEkjXqc0x9LEtm7UA/0WAtKM +NUXUb/ZNBu90j7gRpjN6VyfaqJMdoDR31s7QXivL5hr4x0M0Y1ihN1/cHA5Qjb0s +6t8w6H2b0xtvJgO5N3ZUAVclAO3MsVRqr04aAyxcJ47qOkWPbh9OqaFyZFdl7L2r +UTLloQNkcwIDAQABo2AwXjAdBgNVHQ4EFgQUrDgWmmX6bVZt4Z7SvCSXEfJMoZQw +HwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/BAIwADAO +BgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBANbQG/fAGsV+J+cmEIlg +9i5c44hpr3BAXn5QYMbV9OQ8M9Rq8cZx/EkwNlCfPnQph2PqN2tZNstBnlL90rNq +pOj1Ee+ppemeJrHKFuEncytGHbgqjRLgi9n0vR5RF1I7dJvRlPugpf/FxeMC/7f2 +qDDfdMsvmu/+qWBMb+U5yPLXlibGr7nf7B3t9ZBtku5flP3OOmipIjFpLOmvu06Z +9fac0JHDRvBQCemvIbSIa8Sz6UVJ1hKTjaN+lqc7e5tgbovNqjgFiLx0lQrfBmg9 +tnNhoaEuwwyPNIVLUK3J1Q4lv/m9fX7BVmL5C56AexwtD/jupdXe2utjFx6YXrKG +nxU= +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7TyjBzceoe7b7 +3ZsoOz9UJWOQYxlJU6t0BdgQp/1ZDpwbGKjCMnLf3WzNJ3ltb9h/uFs2Fy2vb0by +giPTCwx/PeXG4cNghK3y4CNuOoWJlM18F6Ds9UT1oNZepqimFyrgNPbKC/07X3TT +1HFMkPo91yVS1A1hkevdzuQ/YB14FZZU8CYohINISSNepzTH0sS2btQD/RYC0ow1 +RdRv9k0G73SPuBGmM3pXJ9qokx2gNHfWztBeK8vmGvjHQzRjWKE3X9wcDlCNvSzq +3zDofZvTG28mA7k3dlQBVyUA7cyxVGqvThoDLFwnjuo6RY9uH06poXJkV2XsvatR +MuWhA2RzAgMBAAECggEAc5ApQzkkv+xkPwzAl5fGQLI4tXKOvVDj7VdVsSEUDAgZ +hBY4uGfLvBau8/wwzLY+yr4BeGPgieaLzT9BvwmIElEsHQJZOolhkQF8mpt8nB+0 +j6U8YjYI78rlt8v3LVIJ3/6NbKbs+96vA6qEpIql+dVtb6bpApO3BEiLRhaU1+ra +pi5YbF56S3XlUFL6H46hpNTUxOqbb6toZ/2rr1nscu4jkQhL8u/KS5Uz1Y7RW3zd +A3U4rbxXnM8SVZrRuWsN1DRL5CpAOdGGiVhew46vAxZU8iX6rODrRaRCp+Gbnoll +x/ubMMrBrE4WpCY5orb41FPb4U6raY9ZZzTGPuC9YQKBgQDs0LrDy8kh3V7wsIwn +6vMT9MD2Olpl6zwSyQJ0C04u+hGNur3L6intg78TSRqZ7ZKK7CspPy9JCGTYztTG +vFbXy2vahCFlI2G3lfZj2nS2D+UNSmo2pdpBtuk/iKj67pFAlaa8C3OQ8MXjldQn +3QPANsCo276t0E9SmFcbJYJVCwKBgQDKe7sfdg0tQr9xsBeDuSxRJQOrtWeTmXm6 +zcPKRX8avWr5Ag6w4/BX/RxGZkD4brV5LaK6Qsbwl8v8aNe8Hv4yBQFdW0IMP8mB +v4kVaNEGxoJE4fnKk1wS22TQvX5fxWPGZhOWQ1sgIqp3Dzvky0nalK7Ru0gRA4gS +Jl0a4Sp/OQKBgQCHwuW/B53n5yPdcij3XW87Go5g2nUmhqPq1QeuBSkuLzhO+yaB +t12QB35MDRXN9u+S6u+XdtyhzskZrgE3aZOTpM/Q9vy6IX2MpNEaz4snMJeMdgPM +DmrAT58KSEsviAMHdoOevCXlitK3tRZqP/89e2YZp9h5hrlizWjqbCd6nwKBgQCS +XFWqLB7iNHlFqE+W+2a5UNQSbhHscue2y71WnF1/6qNEUuRjoJ++OksR6B/Wc8/h +Q8d4c4RxrIfab75hUNXVOiD+ZlSbng/+JYDlZNqS1zKar+1rLJFFYCjDafXLLFcu +teI6n31jASvO28gjXX6I7ShgmctB4ReeZvSt1UxuoQKBgHQ/0fA3owx9kDRA41Hu +a+npibal0F2JOxn0xiwgW3JcH/EkcSIvUELm8Kjl3GBxf0y9Osu0uf3cSqW9K9+z +CRpwZmFq+q3HFN6FYHYI6oVvPKIljDhmkvw9HyexXFLRKNs1z2b7Noz2H7ysE0cb +1sAZitEjace2/eAx/wWr2dq0 +-----END PRIVATE KEY----- diff --git a/tests/server3-ecdsa-chain.pem b/tests/server3-ecdsa-chain.pem new file mode 100644 index 00000000..03f3373d --- /dev/null +++ b/tests/server3-ecdsa-chain.pem @@ -0,0 +1,26 @@ +subject= CN = LibreSSL Test Server 3 ECDSA +issuer= CN = LibreSSL Test Intermediate CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBqjCCAVGgAwIBAgIJAOVssaaTYoH5MAkGByqGSM49BAEwLjEsMCoGA1UEAwwj +TGlicmVTU0wgVGVzdCBJbnRlcm1lZGlhdGUgQ0EgRUNEU0EwHhcNMjExMjI3MTQ0 +MDQwWhcNMzExMjI1MTQ0MDQwWjAnMSUwIwYDVQQDDBxMaWJyZVNTTCBUZXN0IFNl +cnZlciAzIEVDRFNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0pRqRW+PDenx +cp+5za1pFDdECxXPXZY7LUPoXxens1lPSM2diexVMdLw1kEbVkOZ50s1X32vQnTa +TVpovmwna6NgMF4wHQYDVR0OBBYEFCXbw+Fdv+OWDOU163ujSYbdJZx3MB8GA1Ud +IwQYMBaAFBdWPW/8SlcSOULKAnKBq1AN5MIIMAwGA1UdEwEB/wQCMAAwDgYDVR0P +AQH/BAQDAgeAMAkGByqGSM49BAEDSAAwRQIhAMt01G90LOiCVRIcodKP1nsOg3oY +kX8VHUPk9myD52KZAiBu32mh/fgaWsR/lbo2dyGJQHKkmHNt9Wy8hOQ9eGO91A== +-----END CERTIFICATE----- +subject= CN = LibreSSL Test Intermediate CA ECDSA +issuer= CN = LibreSSL Test Root CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBrDCCAVOgAwIBAgIJAOVssaaTYoH3MAkGByqGSM49BAEwJjEkMCIGA1UEAwwb +TGlicmVTU0wgVGVzdCBSb290IENBIEVDRFNBMB4XDTIxMTIyNzE0NDA0MFoXDTMx +MTIyNTE0NDA0MFowLjEsMCoGA1UEAwwjTGlicmVTU0wgVGVzdCBJbnRlcm1lZGlh +dGUgQ0EgRUNEU0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATWRQbJh4aHPzHq +LOAmosW/o83bTpm3Sj1VxM44StmG7c1nnFM/+gS8rp2bVSgjWZQzRtZqGVGJgzbk +7/M1m3x3o2MwYTAdBgNVHQ4EFgQUF1Y9b/xKVxI5QsoCcoGrUA3kwggwHwYDVR0j +BBgwFoAUtvkat4UdcUEipt6L/PBgEFYH6AwwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwCQYHKoZIzj0EAQNIADBFAiBE4NiOdv/XRN3WWMnkE5QccvC6 +VThoIQRyBf4I97cRPQIhAK18dvwrLuOOfbhWMdkpNCddMkWZHxS7traw/8+s7OUU +-----END CERTIFICATE----- diff --git a/tests/server3-ecdsa.pem b/tests/server3-ecdsa.pem new file mode 100644 index 00000000..98950aab --- /dev/null +++ b/tests/server3-ecdsa.pem @@ -0,0 +1,18 @@ +subject= CN = LibreSSL Test Server 3 ECDSA +issuer= CN = LibreSSL Test Intermediate CA ECDSA +-----BEGIN CERTIFICATE----- +MIIBqjCCAVGgAwIBAgIJAOVssaaTYoH5MAkGByqGSM49BAEwLjEsMCoGA1UEAwwj +TGlicmVTU0wgVGVzdCBJbnRlcm1lZGlhdGUgQ0EgRUNEU0EwHhcNMjExMjI3MTQ0 +MDQwWhcNMzExMjI1MTQ0MDQwWjAnMSUwIwYDVQQDDBxMaWJyZVNTTCBUZXN0IFNl +cnZlciAzIEVDRFNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0pRqRW+PDenx +cp+5za1pFDdECxXPXZY7LUPoXxens1lPSM2diexVMdLw1kEbVkOZ50s1X32vQnTa +TVpovmwna6NgMF4wHQYDVR0OBBYEFCXbw+Fdv+OWDOU163ujSYbdJZx3MB8GA1Ud +IwQYMBaAFBdWPW/8SlcSOULKAnKBq1AN5MIIMAwGA1UdEwEB/wQCMAAwDgYDVR0P +AQH/BAQDAgeAMAkGByqGSM49BAEDSAAwRQIhAMt01G90LOiCVRIcodKP1nsOg3oY +kX8VHUPk9myD52KZAiBu32mh/fgaWsR/lbo2dyGJQHKkmHNt9Wy8hOQ9eGO91A== +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgTWRMClyUOn11mX5s +hTTIQT+3BeauAjrTvKMy5RryWtyhRANCAATSlGpFb48N6fFyn7nNrWkUN0QLFc9d +ljstQ+hfF6ezWU9IzZ2J7FUx0vDWQRtWQ5nnSzVffa9CdNpNWmi+bCdr +-----END PRIVATE KEY----- diff --git a/tests/server3-rsa-chain.pem b/tests/server3-rsa-chain.pem new file mode 100644 index 00000000..e40c9828 --- /dev/null +++ b/tests/server3-rsa-chain.pem @@ -0,0 +1,44 @@ +subject= CN = LibreSSL Test Server 3 RSA +issuer= CN = LibreSSL Test Intermediate CA RSA +-----BEGIN CERTIFICATE----- +MIIDNDCCAhygAwIBAgIJAOVssaaTYoH0MA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNV +BAMMIUxpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0yMTEyMjcx +NDQwMzdaFw0zMTEyMjUxNDQwMzdaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3Qg +U2VydmVyIDMgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqw4 +GSS7/WAR0VYbqFTltj9Cv17m+RuztM1jiJq+MU0Gscbx59NFPt8UFevNsMzWNmAK +qkioEMVJxXzSUDBjXjLesDt/+VTjR46z16fje3MhGmWa8lDt7hpuHwDF80dg3rZa +kVEcgKvd6LODTucgE7l07DzMb8qAdRp1SDXIFECO0wLJewkf2CihmNukTxQhI0d+ +XPZTYe3cyMelj8KpCXCXOVXKnXI+BWnYMHC1Op4S9z90xiVBNgQ+Vmg2K9NFifzT +ZyKIWsERq80rp1s+JmxmzA/vBRlsbj/Ec0h2kF4IavGtHwvAvdvIPV7AG/dIxwlT +VnHZkPDuLK0H396wmwIDAQABo2AwXjAdBgNVHQ4EFgQUSuP+QN+526Pxw/LGBTqP +WJpWGvwwHwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/ +BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAFBJ0mO7dpSN +euxoh2DJghVfqQB4ladEroDZJkJEDuDkY3SjC+WB/lJowBVPC2QkzjTZt/J4B0Om +6irtKUC8jQ7aqMBfESu/s//GEU4kwlvlJN/Z0nLOh1YEeCwbkavFDy/X62iZ9XvJ +gjLVVzaXKWGrgdJedHx9Di04rU9jME5qfpXZI50u8grZccpUuTTqpZBiGjFRda2j +nJhgPBrn9/ityYaOrif8taR+QM6AETvEpJWo+I/iQ7vATmxHuq6y+0Sza5j9wGH/ +begJs9H890AiwO2bbUi1ehNj7NHZHySWNJlzBerwOQv7Zo8j+kHBop82ABsb/Xet +kgn7bdkfKoI= +-----END CERTIFICATE----- +subject= CN = LibreSSL Test Intermediate CA RSA +issuer= CN = LibreSSL Test Root CA RSA +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIJAOVssaaTYoHyMA0GCSqGSIb3DQEBCwUAMCQxIjAgBgNV +BAMMGUxpYnJlU1NMIFRlc3QgUm9vdCBDQSBSU0EwHhcNMjExMjI3MTQ0MDM3WhcN +MzExMjI1MTQ0MDM3WjAsMSowKAYDVQQDDCFMaWJyZVNTTCBUZXN0IEludGVybWVk +aWF0ZSBDQSBSU0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD151AI +I+W9MrEP3dO0PEjg6L9E1R6+CG6u0LT3Jobc/rG2RXqKLasEaXoBWYiJoTImVxFT +wtrY+IDDTaEV4/4RGII1fY8Js7v5NpwoEh15jCoJ6/qDjKd4y1s1M48PlWYNNRmv +OBKRIu3Fz7scUa1RSBCp1bZeHbq/V5SzG419nDq2xpyuUrwmfBhDZTH+kUwBNGn8 +XVRFCRJQVP3qEAH02Zai2emSVj13KrhEWMtNyA8fa34GIuV23Q40RKW3jUgGBF+D +5jPNN8EZCj34nvvbjCCBs7cxZvD4F/MzGbatKpNmNOKXKibeg/xCq8B/F1uzHcl3 +IzJuViNtQ3RjQ/1pAgMBAAGjYzBhMB0GA1UdDgQWBBQ2oaFa//6a3ZNBNV0NlN3n +A9jiZjAfBgNVHSMEGDAWgBQ+S/x79Kw0KqURKAHyiOhdj/8V0TAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAcok2oSct +BOkm75qA8+4eUilGxTaqFPCqY8fk8MKNRKNNzaqirPaLJW62mZaxRHOn1Bw9uzL3 +jgz2PaTwA7n5GpKs3r5JLk8BdtRyeqMLmqJVJKKuu4GtJLCA8jhQm+XNA1Z324hg +kVeBHLPpLKvQxb+0lmbRBORq/OtMirq2yK8OlF2USrfQx0jmhSvvLpWyA0hhAXRS +gg1ds9aL57dELvk6gR7Unob+J0O2Xq3FRwz2O1k9fF86a0qrWUkxcnAjobC2BczC +7Fe5B194LgrX2U4IIrzwgJ19kmtrb1Qol2okECxomTYsbQY36sBs+LOKxSuiagu6 +ZgJtfcNeVMglYQ== +-----END CERTIFICATE----- diff --git a/tests/server3-rsa.pem b/tests/server3-rsa.pem new file mode 100644 index 00000000..256528ae --- /dev/null +++ b/tests/server3-rsa.pem @@ -0,0 +1,50 @@ +subject= CN = LibreSSL Test Server 3 RSA +issuer= CN = LibreSSL Test Intermediate CA RSA +-----BEGIN CERTIFICATE----- +MIIDNDCCAhygAwIBAgIJAOVssaaTYoH0MA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNV +BAMMIUxpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0yMTEyMjcx +NDQwMzdaFw0zMTEyMjUxNDQwMzdaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3Qg +U2VydmVyIDMgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqw4 +GSS7/WAR0VYbqFTltj9Cv17m+RuztM1jiJq+MU0Gscbx59NFPt8UFevNsMzWNmAK +qkioEMVJxXzSUDBjXjLesDt/+VTjR46z16fje3MhGmWa8lDt7hpuHwDF80dg3rZa +kVEcgKvd6LODTucgE7l07DzMb8qAdRp1SDXIFECO0wLJewkf2CihmNukTxQhI0d+ +XPZTYe3cyMelj8KpCXCXOVXKnXI+BWnYMHC1Op4S9z90xiVBNgQ+Vmg2K9NFifzT +ZyKIWsERq80rp1s+JmxmzA/vBRlsbj/Ec0h2kF4IavGtHwvAvdvIPV7AG/dIxwlT +VnHZkPDuLK0H396wmwIDAQABo2AwXjAdBgNVHQ4EFgQUSuP+QN+526Pxw/LGBTqP +WJpWGvwwHwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/ +BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAFBJ0mO7dpSN +euxoh2DJghVfqQB4ladEroDZJkJEDuDkY3SjC+WB/lJowBVPC2QkzjTZt/J4B0Om +6irtKUC8jQ7aqMBfESu/s//GEU4kwlvlJN/Z0nLOh1YEeCwbkavFDy/X62iZ9XvJ +gjLVVzaXKWGrgdJedHx9Di04rU9jME5qfpXZI50u8grZccpUuTTqpZBiGjFRda2j +nJhgPBrn9/ityYaOrif8taR+QM6AETvEpJWo+I/iQ7vATmxHuq6y+0Sza5j9wGH/ +begJs9H890AiwO2bbUi1ehNj7NHZHySWNJlzBerwOQv7Zo8j+kHBop82ABsb/Xet +kgn7bdkfKoI= +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDKrDgZJLv9YBHR +VhuoVOW2P0K/Xub5G7O0zWOImr4xTQaxxvHn00U+3xQV682wzNY2YAqqSKgQxUnF +fNJQMGNeMt6wO3/5VONHjrPXp+N7cyEaZZryUO3uGm4fAMXzR2DetlqRURyAq93o +s4NO5yATuXTsPMxvyoB1GnVINcgUQI7TAsl7CR/YKKGY26RPFCEjR35c9lNh7dzI +x6WPwqkJcJc5Vcqdcj4FadgwcLU6nhL3P3TGJUE2BD5WaDYr00WJ/NNnIohawRGr +zSunWz4mbGbMD+8FGWxuP8RzSHaQXghq8a0fC8C928g9XsAb90jHCVNWcdmQ8O4s +rQff3rCbAgMBAAECggEAAoOiaoVvI5SGhA9KZosvElS0kkUuHlb+oraNjotE4r2u +4JO0Ooj/aelAiYkUUyYnXiNQ3o3qL9MSuDV1MnN3OBrvckY6rzAjZabaiklV5Bko +hvhNtMXWPcbsKMxMqFjxVbHza6wS63G2XgWkEl2Bo10Am1Ghw51CfLFoVQ39vmqM +8xKqZBZRwRUNk/2ccNhG5crUOX9+wQJSVjZCTgevjCJVVsFX9NLsHsx7G1wtE580 +AuFb9JEe66QNrtpTbKQP61W8YiRKQHT5uAAL0X9o88d2rpjGAcpJ8214aGH5P1HH +oUjL7mZceYuVeWvAMwLFFmPbPZuj3Ricgo1OIkKyyQKBgQDtNNXod5GzJyHOUrFR +rijyHhS81sOeDOhTbc1Cx8eFNH/svGATAU01HqgFRZpeJPHsAVYwVizfyqp/CESk +EFKTkMqRTat8Pkk+BtAGZD5fEBejl1fwRiBF9bTnk+u6q1WvBsQ0Bngf3v1CYGuq +rvb57AvhkCsEMjWs1YplBLwdVwKBgQDauvNslanbFstrWVBJqxV1iEaWmN1Lr//C +fwCFU8rH8VEvp+JJCICu7sE5Te+1TF/ASEs/bCrsW51YXjH30z3De1oFrjFVjwOU +XFMqcaTCX5Fjxv739LmgGuO2MCrItmveQHYkpTzCl6/p/pI4I1QJN0S5a/FaBNcW +x5tV2Ks4XQKBgHCCiBdsZ1pPbFR9moeAkQFOTU3InB5iRuwTf7F2Kue+oBK8wuEg +0+snMFDX08Flyq3DcIsaxMwdR8NbO5uJ9nDx03MaIQWcUYcvGgp+D6ttaZj5lwdr +a7FjOrxAyCXRUKHlFrkKfH25eey66TabKKAgWv5RMGYcHqNs4ejKVyOfAoGALqUf +tFBWYLqDtujdDljFwsLFCuieiL2HtVqQKd6sp+b2gUs0Ho8JokSYQDg2nlsjMEY6 +hdPzc2Q2Mdoknc0WptFvaTa0nqJZCRKHSc3ibPEkeDq/tPEjhNk3JmsvNI5ygnsM +ttPmGTlv8l6vn/kouq5moYQ7fA78L4dxwOTr3qECgYBNuIf4vQq8WEkt0uSTJXom +UQVZglJu61NVGzR//lyukQB7/HrdEMB+JYJfev0o1GxLx1RV8rTVaeDJkUJjwn/h +qpqiLjJKF328oOuQdP3dH6AavH9r7gUOByOuxXgzZNbhtyNCrStAGOfX2xUxRZyZ +l0+QtrqbPtB4VSfZ0j+imw== +-----END PRIVATE KEY----- diff --git a/tests/servertest.c b/tests/servertest.c index a71c5f8c..3367836d 100644 --- a/tests/servertest.c +++ b/tests/servertest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servertest.c,v 1.5 2021/01/22 15:56:17 tb Exp $ */ +/* $OpenBSD: servertest.c,v 1.7 2022/06/10 22:00:15 tb Exp $ */ /* * Copyright (c) 2015, 2016, 2017 Joel Sing * @@ -116,7 +116,7 @@ server_hello_test(int testno, struct server_hello_test *sht) SSL *ssl = NULL; int ret = 1; - fprintf(stderr, "Test %i - %s\n", testno, sht->desc); + fprintf(stderr, "Test %d - %s\n", testno, sht->desc); if ((rbio = BIO_new_mem_buf(sht->client_hello, sht->client_hello_len)) == NULL) { @@ -155,9 +155,8 @@ server_hello_test(int testno, struct server_hello_test *sht) goto failure; } - rbio->references = 2; - wbio->references = 2; - + BIO_up_ref(rbio); + BIO_up_ref(wbio); SSL_set_bio(ssl, rbio, wbio); if (SSL_accept(ssl) != 0) { @@ -172,11 +171,6 @@ server_hello_test(int testno, struct server_hello_test *sht) SSL_CTX_free(ssl_ctx); SSL_free(ssl); - if (rbio != NULL) - rbio->references = 1; - if (wbio != NULL) - wbio->references = 1; - BIO_free(rbio); BIO_free(wbio); diff --git a/tests/sha_test.c b/tests/sha_test.c new file mode 100644 index 00000000..a04120e4 --- /dev/null +++ b/tests/sha_test.c @@ -0,0 +1,619 @@ +/* $OpenBSD: sha_test.c,v 1.4 2022/09/02 13:23:05 tb Exp $ */ +/* + * Copyright (c) 2022 Joshua Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include +#include + +struct sha_test { + const int algorithm; + const uint8_t in[128]; + const size_t in_len; + const uint8_t out[EVP_MAX_MD_SIZE]; +}; + +static const struct sha_test sha_tests[] = { + /* SHA-1 */ + { + .algorithm = NID_sha1, + .in = "abc", + .in_len = 3, + .out = { + 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, + 0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, + 0x9c, 0xd0, 0xd8, 0x9d, + } + }, + { + .algorithm = NID_sha1, + .in = "", + .in_len = 0, + .out = { + 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, + 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, + 0xaf, 0xd8, 0x07, 0x09, + } + }, + { + .algorithm = NID_sha1, + .in = + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmno" + "mnopnopq", + .in_len = 56, + .out = { + 0x84, 0x98, 0x3e, 0x44, 0x1c, 0x3b, 0xd2, 0x6e, + 0xba, 0xae, 0x4a, 0xa1, 0xf9, 0x51, 0x29, 0xe5, + 0xe5, 0x46, 0x70, 0xf1, + } + }, + { + .algorithm = NID_sha1, + .in = + "abcdefghbcdefghicdefghijdefghijkefghijklfghijklm" + "ghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrs" + "mnopqrstnopqrstu", + .in_len = 112, + .out = { + 0xa4, 0x9b, 0x24, 0x46, 0xa0, 0x2c, 0x64, 0x5b, + 0xf4, 0x19, 0xf9, 0x95, 0xb6, 0x70, 0x91, 0x25, + 0x3a, 0x04, 0xa2, 0x59, + } + }, + + /* SHA-224 */ + { + .algorithm = NID_sha224, + .in = "abc", + .in_len = 3, + .out = { + 0x23, 0x09, 0x7d, 0x22, 0x34, 0x05, 0xd8, 0x22, + 0x86, 0x42, 0xa4, 0x77, 0xbd, 0xa2, 0x55, 0xb3, + 0x2a, 0xad, 0xbc, 0xe4, 0xbd, 0xa0, 0xb3, 0xf7, + 0xe3, 0x6c, 0x9d, 0xa7, + } + }, + { + .algorithm = NID_sha224, + .in = "", + .in_len = 0, + .out = { + 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, + 0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, + 0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, + 0xc5, 0xb3, 0xe4, 0x2f, + } + }, + { + .algorithm = NID_sha224, + .in = + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmno" + "mnopnopq", + .in_len = 56, + .out = { + 0x75, 0x38, 0x8b, 0x16, 0x51, 0x27, 0x76, 0xcc, + 0x5d, 0xba, 0x5d, 0xa1, 0xfd, 0x89, 0x01, 0x50, + 0xb0, 0xc6, 0x45, 0x5c, 0xb4, 0xf5, 0x8b, 0x19, + 0x52, 0x52, 0x25, 0x25, + } + }, + { + .algorithm = NID_sha224, + .in = + "abcdefghbcdefghicdefghijdefghijkefghijklfghijklm" + "ghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrs" + "mnopqrstnopqrstu", + .in_len = 112, + .out = { + 0xc9, 0x7c, 0xa9, 0xa5, 0x59, 0x85, 0x0c, 0xe9, + 0x7a, 0x04, 0xa9, 0x6d, 0xef, 0x6d, 0x99, 0xa9, + 0xe0, 0xe0, 0xe2, 0xab, 0x14, 0xe6, 0xb8, 0xdf, + 0x26, 0x5f, 0xc0, 0xb3, + } + }, + + /* SHA-256 */ + { + .algorithm = NID_sha256, + .in = "abc", + .in_len = 3, + .out = { + 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, + 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, + 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, + 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad, + } + }, + { + .algorithm = NID_sha256, + .in = "", + .in_len = 0, + .out = { + 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, + 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, + 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, + 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55, + } + }, + { + .algorithm = NID_sha256, + .in = + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmno" + "mnopnopq", + .in_len = 56, + .out = { + 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, + 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, + 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, + 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1, + } + }, + { + .algorithm = NID_sha256, + .in = + "abcdefghbcdefghicdefghijdefghijkefghijklfghijklm" + "ghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrs" + "mnopqrstnopqrstu", + .in_len = 112, + .out = { + 0xcf, 0x5b, 0x16, 0xa7, 0x78, 0xaf, 0x83, 0x80, + 0x03, 0x6c, 0xe5, 0x9e, 0x7b, 0x04, 0x92, 0x37, + 0x0b, 0x24, 0x9b, 0x11, 0xe8, 0xf0, 0x7a, 0x51, + 0xaf, 0xac, 0x45, 0x03, 0x7a, 0xfe, 0xe9, 0xd1, + } + }, + + /* SHA-384 */ + { + .algorithm = NID_sha384, + .in = "abc", + .in_len = 3, + .out = { + 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b, + 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07, + 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63, + 0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed, + 0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23, + 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7, + } + }, + { + .algorithm = NID_sha384, + .in = "", + .in_len = 0, + .out = { + 0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38, + 0x4c, 0xd9, 0x32, 0x7e, 0xb1, 0xb1, 0xe3, 0x6a, + 0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43, + 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda, + 0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, 0xfb, + 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b, + } + }, + { + .algorithm = NID_sha384, + .in = + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmno" + "mnopnopq", + .in_len = 56, + .out = { + 0x33, 0x91, 0xfd, 0xdd, 0xfc, 0x8d, 0xc7, 0x39, + 0x37, 0x07, 0xa6, 0x5b, 0x1b, 0x47, 0x09, 0x39, + 0x7c, 0xf8, 0xb1, 0xd1, 0x62, 0xaf, 0x05, 0xab, + 0xfe, 0x8f, 0x45, 0x0d, 0xe5, 0xf3, 0x6b, 0xc6, + 0xb0, 0x45, 0x5a, 0x85, 0x20, 0xbc, 0x4e, 0x6f, + 0x5f, 0xe9, 0x5b, 0x1f, 0xe3, 0xc8, 0x45, 0x2b, + } + }, + { + .algorithm = NID_sha384, + .in = + "abcdefghbcdefghicdefghijdefghijkefghijklfghijklm" + "ghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrs" + "mnopqrstnopqrstu", + .in_len = 112, + .out = { + 0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8, + 0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47, + 0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2, + 0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12, + 0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9, + 0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39, + } + }, + + /* SHA-512 */ + { + .algorithm = NID_sha512, + .in = "abc", + .in_len = 3, + .out = { + 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, + 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, + 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, + 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a, + 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, + 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd, + 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, + 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f, + } + }, + { + .algorithm = NID_sha512, + .in = "", + .in_len = 0, + .out = { + 0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd, + 0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07, + 0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc, + 0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce, + 0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, 0xb0, + 0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f, + 0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81, + 0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e, + } + }, + { + .algorithm = NID_sha512, + .in = + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmno" + "mnopnopq", + .in_len = 56, + .out = { + 0x20, 0x4a, 0x8f, 0xc6, 0xdd, 0xa8, 0x2f, 0x0a, + 0x0c, 0xed, 0x7b, 0xeb, 0x8e, 0x08, 0xa4, 0x16, + 0x57, 0xc1, 0x6e, 0xf4, 0x68, 0xb2, 0x28, 0xa8, + 0x27, 0x9b, 0xe3, 0x31, 0xa7, 0x03, 0xc3, 0x35, + 0x96, 0xfd, 0x15, 0xc1, 0x3b, 0x1b, 0x07, 0xf9, + 0xaa, 0x1d, 0x3b, 0xea, 0x57, 0x78, 0x9c, 0xa0, + 0x31, 0xad, 0x85, 0xc7, 0xa7, 0x1d, 0xd7, 0x03, + 0x54, 0xec, 0x63, 0x12, 0x38, 0xca, 0x34, 0x45, + } + }, + { + .algorithm = NID_sha512, + .in = + "abcdefghbcdefghicdefghijdefghijkefghijklfghijklm" + "ghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrs" + "mnopqrstnopqrstu", + .in_len = 112, + .out = { + 0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda, + 0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f, + 0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1, + 0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18, + 0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4, + 0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a, + 0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54, + 0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09, + } + }, +}; + +struct sha_repetition_test { + const int algorithm; + const uint8_t in; + const size_t in_repetitions; + const uint8_t out[EVP_MAX_MD_SIZE]; +}; + +static const struct sha_repetition_test sha_repetition_tests[] = { + /* SHA-1 */ + { + .algorithm = NID_sha1, + .in = 'a', + .in_repetitions = 1000000, + .out = { + 0x34, 0xaa, 0x97, 0x3c, 0xd4, 0xc4, 0xda, 0xa4, + 0xf6, 0x1e, 0xeb, 0x2b, 0xdb, 0xad, 0x27, 0x31, + 0x65, 0x34, 0x01, 0x6f, + } + }, + + /* SHA-224 */ + { + .algorithm = NID_sha224, + .in = 'a', + .in_repetitions = 1000000, + .out = { + 0x20, 0x79, 0x46, 0x55, 0x98, 0x0c, 0x91, 0xd8, + 0xbb, 0xb4, 0xc1, 0xea, 0x97, 0x61, 0x8a, 0x4b, + 0xf0, 0x3f, 0x42, 0x58, 0x19, 0x48, 0xb2, 0xee, + 0x4e, 0xe7, 0xad, 0x67, + } + }, + + /* SHA-256 */ + { + .algorithm = NID_sha256, + .in = 'a', + .in_repetitions = 1000000, + .out = { + 0xcd, 0xc7, 0x6e, 0x5c, 0x99, 0x14, 0xfb, 0x92, + 0x81, 0xa1, 0xc7, 0xe2, 0x84, 0xd7, 0x3e, 0x67, + 0xf1, 0x80, 0x9a, 0x48, 0xa4, 0x97, 0x20, 0x0e, + 0x04, 0x6d, 0x39, 0xcc, 0xc7, 0x11, 0x2c, 0xd0, + } + }, + + /* SHA-384 */ + { + .algorithm = NID_sha384, + .in = 'a', + .in_repetitions = 1000000, + .out = { + 0x9d, 0x0e, 0x18, 0x09, 0x71, 0x64, 0x74, 0xcb, + 0x08, 0x6e, 0x83, 0x4e, 0x31, 0x0a, 0x4a, 0x1c, + 0xed, 0x14, 0x9e, 0x9c, 0x00, 0xf2, 0x48, 0x52, + 0x79, 0x72, 0xce, 0xc5, 0x70, 0x4c, 0x2a, 0x5b, + 0x07, 0xb8, 0xb3, 0xdc, 0x38, 0xec, 0xc4, 0xeb, + 0xae, 0x97, 0xdd, 0xd8, 0x7f, 0x3d, 0x89, 0x85, + } + }, + + /* SHA-512 */ + { + .algorithm = NID_sha512, + .in = 'a', + .in_repetitions = 1000000, + .out = { + 0xe7, 0x18, 0x48, 0x3d, 0x0c, 0xe7, 0x69, 0x64, + 0x4e, 0x2e, 0x42, 0xc7, 0xbc, 0x15, 0xb4, 0x63, + 0x8e, 0x1f, 0x98, 0xb1, 0x3b, 0x20, 0x44, 0x28, + 0x56, 0x32, 0xa8, 0x03, 0xaf, 0xa9, 0x73, 0xeb, + 0xde, 0x0f, 0xf2, 0x44, 0x87, 0x7e, 0xa6, 0x0a, + 0x4c, 0xb0, 0x43, 0x2c, 0xe5, 0x77, 0xc3, 0x1b, + 0xeb, 0x00, 0x9c, 0x5c, 0x2c, 0x49, 0xaa, 0x2e, + 0x4e, 0xad, 0xb2, 0x17, 0xad, 0x8c, 0xc0, 0x9b, + } + }, +}; + +#define N_SHA_TESTS (sizeof(sha_tests) / sizeof(sha_tests[0])) +#define N_SHA_REPETITION_TESTS (sizeof(sha_repetition_tests) / sizeof(sha_repetition_tests[0])) + +typedef unsigned char *(*sha_hash_func)(const unsigned char *, size_t, + unsigned char *); + +static int +sha_hash_from_algorithm(int algorithm, const char **out_label, + sha_hash_func *out_func, const EVP_MD **out_md, size_t *out_len) +{ + const char *label; + sha_hash_func sha_func; + const EVP_MD *md; + size_t len; + + switch (algorithm) { + case NID_sha1: + label = SN_sha1; + sha_func = SHA1; + md = EVP_sha1(); + len = SHA_DIGEST_LENGTH; + break; + case NID_sha224: + label = SN_sha224; + sha_func = SHA224; + md = EVP_sha224(); + len = SHA224_DIGEST_LENGTH; + break; + case NID_sha256: + label = SN_sha256; + sha_func = SHA256; + md = EVP_sha256(); + len = SHA256_DIGEST_LENGTH; + break; + case NID_sha384: + label = SN_sha384; + sha_func = SHA384; + md = EVP_sha384(); + len = SHA384_DIGEST_LENGTH; + break; + case NID_sha512: + label = SN_sha512; + sha_func = SHA512; + md = EVP_sha512(); + len = SHA512_DIGEST_LENGTH; + break; + default: + fprintf(stderr, "FAIL: unknown algorithm (%d)\n", + algorithm); + return 0; + } + + if (out_label != NULL) + *out_label = label; + if (out_func != NULL) + *out_func = sha_func; + if (out_md != NULL) + *out_md = md; + if (out_len != NULL) + *out_len = len; + + return 1; +} + +static int +sha_test(void) +{ + sha_hash_func sha_func; + const struct sha_test *st; + EVP_MD_CTX *hash = NULL; + const EVP_MD *md; + uint8_t out[EVP_MAX_MD_SIZE]; + size_t in_len, out_len; + size_t i; + const char *label; + int failed = 1; + + if ((hash = EVP_MD_CTX_new()) == NULL) { + fprintf(stderr, "FAIL: EVP_MD_CTX_new() failed\n"); + goto failed; + } + + for (i = 0; i < N_SHA_TESTS; i++) { + st = &sha_tests[i]; + if (!sha_hash_from_algorithm(st->algorithm, &label, &sha_func, + &md, &out_len)) + goto failed; + + /* Digest */ + memset(out, 0, sizeof(out)); + sha_func(st->in, st->in_len, out); + if (memcmp(st->out, out, out_len) != 0) { + fprintf(stderr, "FAIL (%s): mismatch\n", label); + goto failed; + } + + /* EVP single-shot digest */ + memset(out, 0, sizeof(out)); + if (!EVP_Digest(st->in, st->in_len, out, NULL, md, NULL)) { + fprintf(stderr, "FAIL (%s): EVP_Digest failed\n", + label); + goto failed; + } + + if (memcmp(st->out, out, out_len) != 0) { + fprintf(stderr, "FAIL (%s): EVP single-shot mismatch\n", + label); + goto failed; + } + + /* EVP digest */ + memset(out, 0, sizeof(out)); + if (!EVP_DigestInit_ex(hash, md, NULL)) { + fprintf(stderr, "FAIL (%s): EVP_DigestInit_ex failed\n", + label); + goto failed; + } + + in_len = st->in_len / 2; + if (!EVP_DigestUpdate(hash, st->in, in_len)) { + fprintf(stderr, + "FAIL (%s): EVP_DigestUpdate first half failed\n", + label); + goto failed; + } + + if (!EVP_DigestUpdate(hash, st->in + in_len, + st->in_len - in_len)) { + fprintf(stderr, + "FAIL (%s): EVP_DigestUpdate second half failed\n", + label); + goto failed; + } + + if (!EVP_DigestFinal_ex(hash, out, NULL)) { + fprintf(stderr, + "FAIL (%s): EVP_DigestFinal_ex failed\n", + label); + goto failed; + } + + if (memcmp(st->out, out, out_len) != 0) { + fprintf(stderr, "FAIL (%s): EVP mismatch\n", label); + goto failed; + } + } + + failed = 0; + + failed: + EVP_MD_CTX_free(hash); + return failed; +} + +static int +sha_repetition_test(void) +{ + const struct sha_repetition_test *st; + EVP_MD_CTX *hash = NULL; + const EVP_MD *md; + uint8_t buf[1024]; + uint8_t out[EVP_MAX_MD_SIZE]; + size_t out_len, part_len; + size_t i, j; + const char *label; + int failed = 1; + + if ((hash = EVP_MD_CTX_new()) == NULL) { + fprintf(stderr, "FAIL: EVP_MD_CTX_new() failed\n"); + goto failed; + } + + for (i = 0; i < N_SHA_REPETITION_TESTS; i++) { + st = &sha_repetition_tests[i]; + if (!sha_hash_from_algorithm(st->algorithm, &label, NULL, &md, + &out_len)) + goto failed; + + /* EVP digest */ + if (!EVP_DigestInit_ex(hash, md, NULL)) { + fprintf(stderr, + "FAIL (%s): EVP_DigestInit_ex failed\n", + label); + goto failed; + } + + memset(buf, st->in, sizeof(buf)); + + for (j = 0; j < st->in_repetitions;) { + part_len = arc4random_uniform(sizeof(buf)); + if (part_len > st->in_repetitions - j) + part_len = st->in_repetitions - j; + + if (!EVP_DigestUpdate(hash, buf, part_len)) { + fprintf(stderr, + "FAIL (%s): EVP_DigestUpdate failed\n", + label); + goto failed; + } + + j += part_len; + } + + if (!EVP_DigestFinal_ex(hash, out, NULL)) { + fprintf(stderr, + "FAIL (%s): EVP_DigestFinal_ex failed\n", + label); + goto failed; + } + + if (memcmp(st->out, out, out_len) != 0) { + fprintf(stderr, "FAIL (%s): EVP mismatch\n", label); + goto failed; + } + } + + failed = 0; + + failed: + EVP_MD_CTX_free(hash); + return failed; +} + +int +main(int argc, char **argv) +{ + int failed = 0; + + failed |= sha_test(); + failed |= sha_repetition_test(); + + return failed; +} diff --git a/tests/ssl_get_shared_ciphers.c b/tests/ssl_get_shared_ciphers.c index 212ea99f..33efc15f 100644 --- a/tests/ssl_get_shared_ciphers.c +++ b/tests/ssl_get_shared_ciphers.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_get_shared_ciphers.c,v 1.10 2021/05/04 18:20:05 tb Exp $ */ +/* $OpenBSD: ssl_get_shared_ciphers.c,v 1.11 2022/02/05 18:19:39 tb Exp $ */ /* * Copyright (c) 2021 Theo Buehler * @@ -53,9 +53,9 @@ static const struct ssl_shared_ciphers_test_data ssl_shared_ciphers_tests[] = { .max_version = TLS1_3_VERSION, .min_version = TLS1_3_VERSION, .ciphers = - "AEAD-AES256-GCM-SHA384:" - "AEAD-CHACHA20-POLY1305-SHA256:" - "AEAD-AES128-GCM-SHA256", + "TLS_AES_256_GCM_SHA384:" + "TLS_CHACHA20_POLY1305_SHA256:" + "TLS_AES_128_GCM_SHA256", }, .server_config = { .name = "server", @@ -63,14 +63,14 @@ static const struct ssl_shared_ciphers_test_data ssl_shared_ciphers_tests[] = { .max_version = TLS1_3_VERSION, .min_version = TLS1_3_VERSION, .ciphers = - "AEAD-AES256-GCM-SHA384:" - "AEAD-CHACHA20-POLY1305-SHA256:" - "AEAD-AES128-GCM-SHA256", + "TLS_AES_256_GCM_SHA384:" + "TLS_CHACHA20_POLY1305_SHA256:" + "TLS_AES_128_GCM_SHA256", }, .shared_ciphers = - "AEAD-AES256-GCM-SHA384:" - "AEAD-CHACHA20-POLY1305-SHA256:" - "AEAD-AES128-GCM-SHA256", + "TLS_AES_256_GCM_SHA384:" + "TLS_CHACHA20_POLY1305_SHA256:" + "TLS_AES_128_GCM_SHA256", }, { @@ -81,8 +81,8 @@ static const struct ssl_shared_ciphers_test_data ssl_shared_ciphers_tests[] = { .max_version = TLS1_3_VERSION, .min_version = TLS1_3_VERSION, .ciphers = - "AEAD-AES256-GCM-SHA384:" - "AEAD-AES128-GCM-SHA256", + "TLS_AES_256_GCM_SHA384:" + "TLS_AES_128_GCM_SHA256", }, .server_config = { .name = "server", @@ -90,13 +90,13 @@ static const struct ssl_shared_ciphers_test_data ssl_shared_ciphers_tests[] = { .max_version = TLS1_3_VERSION, .min_version = TLS1_3_VERSION, .ciphers = - "AEAD-AES256-GCM-SHA384:" - "AEAD-CHACHA20-POLY1305-SHA256:" - "AEAD-AES128-GCM-SHA256", + "TLS_AES_256_GCM_SHA384:" + "TLS_CHACHA20_POLY1305_SHA256:" + "TLS_AES_128_GCM_SHA256", }, .shared_ciphers = - "AEAD-AES256-GCM-SHA384:" - "AEAD-AES128-GCM-SHA256", + "TLS_AES_256_GCM_SHA384:" + "TLS_AES_128_GCM_SHA256", }, { @@ -186,14 +186,14 @@ static const struct ssl_shared_ciphers_test_data ssl_shared_ciphers_tests[] = { "ECDHE-RSA-AES256-GCM-SHA384", }, .shared_ciphers = - "AEAD-AES256-GCM-SHA384:" - "AEAD-CHACHA20-POLY1305-SHA256:" - "AEAD-AES128-GCM-SHA256:" + "TLS_AES_256_GCM_SHA384:" + "TLS_CHACHA20_POLY1305_SHA256:" + "TLS_AES_128_GCM_SHA256:" "ECDHE-RSA-AES256-GCM-SHA384", .shared_ciphers_without_aesni = - "AEAD-CHACHA20-POLY1305-SHA256:" - "AEAD-AES256-GCM-SHA384:" - "AEAD-AES128-GCM-SHA256:" + "TLS_CHACHA20_POLY1305_SHA256:" + "TLS_AES_256_GCM_SHA384:" + "TLS_AES_128_GCM_SHA256:" "ECDHE-RSA-AES256-GCM-SHA384", }, }; diff --git a/tests/ssl_set_alpn_protos.c b/tests/ssl_set_alpn_protos.c new file mode 100644 index 00000000..87dd4d9e --- /dev/null +++ b/tests/ssl_set_alpn_protos.c @@ -0,0 +1,204 @@ +/* $OpenBSD: ssl_set_alpn_protos.c,v 1.2 2022/07/21 03:59:04 tb Exp $ */ +/* + * Copyright (c) 2022 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include + +struct alpn_test { + const char *description; + const uint8_t protocols[24]; + size_t protocols_len; + int ret; +}; + +static const struct alpn_test alpn_tests[] = { + { + .description = "valid protocol list", + .protocols = { + 6, 's', 'p', 'd', 'y', '/', '1', + 8, 'h', 't', 't', 'p', '/', '1', '.', '1', + }, + .protocols_len = 16, + .ret = 0, + }, + { + .description = "zero length protocol", + .protocols = { + 0, + }, + .protocols_len = 1, + .ret = 1, + }, + { + .description = "zero length protocol at start", + .protocols = { + 0, + 8, 'h', 't', 't', 'p', '/', '1', '.', '1', + 6, 's', 'p', 'd', 'y', '/', '1', + }, + .protocols_len = 17, + .ret = 1, + }, + { + .description = "zero length protocol embedded", + .protocols = { + 8, 'h', 't', 't', 'p', '/', '1', '.', '1', + 0, + 6, 's', 'p', 'd', 'y', '/', '1', + }, + .protocols_len = 17, + .ret = 1, + }, + { + .description = "zero length protocol at end", + .protocols = { + 8, 'h', 't', 't', 'p', '/', '1', '.', '1', + 6, 's', 'p', 'd', 'y', '/', '1', + 0, + }, + .protocols_len = 17, + .ret = 1, + }, + { + .description = "protocol length too short", + .protocols = { + 6, 'h', 't', 't', 'p', '/', '1', '.', '1', + }, + .protocols_len = 9, + .ret = 1, + }, + { + .description = "protocol length too long", + .protocols = { + 8, 's', 'p', 'd', 'y', '/', '1', + }, + .protocols_len = 7, + .ret = 1, + }, +}; + +static const size_t N_ALPN_TESTS = sizeof(alpn_tests) / sizeof(alpn_tests[0]); + +static int +test_ssl_set_alpn_protos(const struct alpn_test *tc) +{ + SSL_CTX *ctx; + SSL *ssl; + int ret; + int failed = 0; + + if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) + errx(1, "SSL_CTX_new"); + + ret = SSL_CTX_set_alpn_protos(ctx, tc->protocols, tc->protocols_len); + if (ret != tc->ret) { + warnx("%s: setting on SSL_CTX: want %d, got %d", + tc->description, tc->ret, ret); + failed = 1; + } + + if ((ssl = SSL_new(ctx)) == NULL) + errx(1, "SSL_new"); + + ret = SSL_set_alpn_protos(ssl, tc->protocols, tc->protocols_len); + if (ret != tc->ret) { + warnx("%s: setting on SSL: want %d, got %d", + tc->description, tc->ret, ret); + failed = 1; + } + + SSL_CTX_free(ctx); + SSL_free(ssl); + + return failed; +} + +static int +test_ssl_set_alpn_protos_edge_cases(void) +{ + SSL_CTX *ctx; + SSL *ssl; + const uint8_t valid[] = { + 6, 's', 'p', 'd', 'y', '/', '3', + 8, 'h', 't', 't', 'p', '/', '1', '.', '1', + }; + int failed = 0; + + if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) + errx(1, "SSL_CTX_new"); + + if (SSL_CTX_set_alpn_protos(ctx, valid, sizeof(valid)) != 0) { + warnx("setting valid protocols on SSL_CTX failed"); + failed = 1; + } + if (SSL_CTX_set_alpn_protos(ctx, NULL, 0) != 0) { + warnx("setting 'NULL, 0' on SSL_CTX failed"); + failed = 1; + } + if (SSL_CTX_set_alpn_protos(ctx, valid, 0) != 0) { + warnx("setting 'valid, 0' on SSL_CTX failed"); + failed = 1; + } + if (SSL_CTX_set_alpn_protos(ctx, NULL, 43) != 0) { + warnx("setting 'NULL, 43' on SSL_CTX failed"); + failed = 1; + } + + if ((ssl = SSL_new(ctx)) == NULL) + errx(1, "SSL_new"); + + if (SSL_set_alpn_protos(ssl, valid, sizeof(valid)) != 0) { + warnx("setting valid protocols on SSL failed"); + failed = 1; + } + if (SSL_set_alpn_protos(ssl, NULL, 0) != 0) { + warnx("setting 'NULL, 0' on SSL failed"); + failed = 1; + } + if (SSL_set_alpn_protos(ssl, valid, 0) != 0) { + warnx("setting 'valid, 0' on SSL failed"); + failed = 1; + } + if (SSL_set_alpn_protos(ssl, NULL, 43) != 0) { + warnx("setting 'NULL, 43' on SSL failed"); + failed = 1; + } + + SSL_CTX_free(ctx); + SSL_free(ssl); + + return failed; +} + +int +main(void) +{ + size_t i; + int failed = 0; + + for (i = 0; i < N_ALPN_TESTS; i++) + failed |= test_ssl_set_alpn_protos(&alpn_tests[i]); + + failed |= test_ssl_set_alpn_protos_edge_cases(); + + if (!failed) + printf("PASS %s\n", __FILE__); + + return failed; +} diff --git a/tests/ssl_versions.c b/tests/ssl_versions.c index 2ca72157..8a636055 100644 --- a/tests/ssl_versions.c +++ b/tests/ssl_versions.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_versions.c,v 1.15 2021/06/27 16:54:55 jsing Exp $ */ +/* $OpenBSD: ssl_versions.c,v 1.17 2022/02/08 19:06:56 tb Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing * @@ -502,11 +502,13 @@ test_ssl_max_shared_version(void) if ((ssl_ctx = SSL_CTX_new(svt->ssl_method())) == NULL) { fprintf(stderr, "SSL_CTX_new() returned NULL\n"); - return 1; + failed++; + goto err; } if ((ssl = SSL_new(ssl_ctx)) == NULL) { fprintf(stderr, "SSL_new() returned NULL\n"); - return 1; + failed++; + goto err; } SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | @@ -524,6 +526,10 @@ test_ssl_max_shared_version(void) i, svt->peerver); failed++; } + SSL_CTX_free(ssl_ctx); + SSL_free(ssl); + ssl_ctx = NULL; + ssl = NULL; continue; } if (maxver != svt->want_maxver) { @@ -535,8 +541,14 @@ test_ssl_max_shared_version(void) SSL_CTX_free(ssl_ctx); SSL_free(ssl); + ssl_ctx = NULL; + ssl = NULL; } + err: + SSL_CTX_free(ssl_ctx); + SSL_free(ssl); + return (failed); } diff --git a/tests/ssltest.bat b/tests/ssltest.bat index f068cb00..5dda6bcd 100644 --- a/tests/ssltest.bat +++ b/tests/ssltest.bat @@ -10,8 +10,8 @@ set openssl_bin=%2 set openssl_bin=%openssl_bin:/=\% if not exist %openssl_bin% exit /b 1 -%srcdir%\testssl.bat %srcdir%\server.pem %srcdir%\server.pem %srcdir%\ca.pem ^ - %ssltest_bin% %openssl_bin% +%srcdir%\testssl.bat %srcdir%\server1-rsa.pem %srcdir%\server1-rsa-chain.pem ^ + %srcdir%\ca-root-rsa.pem %ssltest_bin% %openssl_bin% if !errorlevel! neq 0 ( exit /b 1 ) diff --git a/tests/ssltest.c b/tests/ssltest.c index 97caf523..ff5a584d 100644 --- a/tests/ssltest.c +++ b/tests/ssltest.c @@ -1,4 +1,4 @@ -/* ssl/ssltest.c */ +/* $OpenBSD: ssltest.c,v 1.35 2022/07/07 13:10:22 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -143,7 +143,6 @@ #define _BSD_SOURCE 1 /* Or gethostname won't be declared properly on Linux and GNU platforms. */ #include -#include #include #include @@ -177,6 +176,8 @@ #include #include +#include "ssl_locl.h" + #define TEST_SERVER_CERT "../apps/server.pem" #define TEST_CLIENT_CERT "../apps/client.pem" @@ -370,34 +371,45 @@ static void print_details(SSL *c_ssl, const char *prefix) { const SSL_CIPHER *ciph; - X509 *cert; + X509 *cert = NULL; + EVP_PKEY *pkey; ciph = SSL_get_current_cipher(c_ssl); BIO_printf(bio_stdout, "%s%s, cipher %s %s", prefix, SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph)); - cert = SSL_get_peer_certificate(c_ssl); - if (cert != NULL) { - EVP_PKEY *pkey = X509_get_pubkey(cert); - if (pkey != NULL) { - if (pkey->type == EVP_PKEY_RSA && - pkey->pkey.rsa != NULL && - pkey->pkey.rsa->n != NULL) { - BIO_printf(bio_stdout, ", %d bit RSA", - BN_num_bits(pkey->pkey.rsa->n)); - } else if (pkey->type == EVP_PKEY_DSA && - pkey->pkey.dsa != NULL && - pkey->pkey.dsa->p != NULL) { - BIO_printf(bio_stdout, ", %d bit DSA", - BN_num_bits(pkey->pkey.dsa->p)); - } - EVP_PKEY_free(pkey); - } - X509_free(cert); + + if ((cert = SSL_get_peer_certificate(c_ssl)) == NULL) + goto out; + if ((pkey = X509_get0_pubkey(cert)) == NULL) + goto out; + if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) { + RSA *rsa; + + if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) + goto out; + + BIO_printf(bio_stdout, ", %d bit RSA", RSA_bits(rsa)); + } else if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) { + DSA *dsa; + const BIGNUM *p; + + if ((dsa = EVP_PKEY_get0_DSA(pkey)) == NULL) + goto out; + + DSA_get0_pqg(dsa, &p, NULL, NULL); + + BIO_printf(bio_stdout, ", %d bit DSA", BN_num_bits(p)); } - /* The SSL API does not allow us to look at temporary RSA/DH keys, - * otherwise we should print their lengths too */ + + out: + /* + * The SSL API does not allow us to look at temporary RSA/DH keys, + * otherwise we should print their lengths too + */ BIO_printf(bio_stdout, "\n"); + + X509_free(cert); } int @@ -422,6 +434,7 @@ main(int argc, char *argv[]) const SSL_METHOD *meth = NULL; SSL *c_ssl, *s_ssl; int number = 1, reuse = 0; + int seclevel = 0; long bytes = 256L; DH *dh; int dhe1024dsa = 0; @@ -482,6 +495,10 @@ main(int argc, char *argv[]) number = atoi(*(++argv)); if (number == 0) number = 1; + } else if (strncmp(*argv, "-seclevel", 9) == 0) { + if (--argc < 1) + goto bad; + seclevel = atoi(*(++argv)); } else if (strcmp(*argv, "-bytes") == 0) { if (--argc < 1) goto bad; @@ -608,6 +625,9 @@ main(int argc, char *argv[]) goto end; } + SSL_CTX_set_security_level(c_ctx, seclevel); + SSL_CTX_set_security_level(s_ctx, seclevel); + if (cipher != NULL) { SSL_CTX_set_cipher_list(c_ctx, cipher); SSL_CTX_set_cipher_list(s_ctx, cipher); @@ -647,8 +667,7 @@ main(int argc, char *argv[]) EC_KEY_free(ecdh); } - if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, - SSL_FILETYPE_PEM)) { + if (!SSL_CTX_use_certificate_chain_file(s_ctx, server_cert)) { ERR_print_errors(bio_err); } else if (!SSL_CTX_use_PrivateKey_file(s_ctx, (server_key ? server_key : server_cert), SSL_FILETYPE_PEM)) { @@ -657,8 +676,7 @@ main(int argc, char *argv[]) } if (client_auth) { - SSL_CTX_use_certificate_file(c_ctx, client_cert, - SSL_FILETYPE_PEM); + SSL_CTX_use_certificate_chain_file(c_ctx, client_cert); SSL_CTX_use_PrivateKey_file(c_ctx, (client_key ? client_key : client_cert), SSL_FILETYPE_PEM); @@ -1389,24 +1407,27 @@ get_proxy_auth_ex_data_idx(void) static int verify_callback(int ok, X509_STORE_CTX *ctx) { + X509 *xs; char *s, buf[256]; + int error, error_depth; - s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf, - sizeof buf); + xs = X509_STORE_CTX_get_current_cert(ctx); + s = X509_NAME_oneline(X509_get_subject_name(xs), buf, sizeof buf); + error = X509_STORE_CTX_get_error(ctx); + error_depth = X509_STORE_CTX_get_error_depth(ctx); if (s != NULL) { if (ok) - fprintf(stderr, "depth=%d %s\n", - ctx->error_depth, buf); + fprintf(stderr, "depth=%d %s\n", error_depth, buf); else { - fprintf(stderr, "depth=%d error=%d %s\n", - ctx->error_depth, ctx->error, buf); + fprintf(stderr, "depth=%d error=%d %s\n", error_depth, + error, buf); } } if (ok == 0) { fprintf(stderr, "Error string: %s\n", - X509_verify_cert_error_string(ctx->error)); - switch (ctx->error) { + X509_verify_cert_error_string(error)); + switch (error) { case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: @@ -1416,12 +1437,7 @@ verify_callback(int ok, X509_STORE_CTX *ctx) } if (ok == 1) { - X509 *xs = ctx->current_cert; -#if 0 - X509 *xi = ctx->current_issuer; -#endif - - if (xs->ex_flags & EXFLAG_PROXY) { + if (X509_get_extension_flags(xs) & EXFLAG_PROXY) { unsigned int *letters = X509_STORE_CTX_get_ex_data(ctx, get_proxy_auth_ex_data_idx()); @@ -1759,16 +1775,19 @@ app_verify_callback(X509_STORE_CTX *ctx, void *arg) unsigned int letters[26]; /* only used with proxy_auth */ if (cb_arg->app_verify) { + X509 *xs; char *s = NULL, buf[256]; + xs = X509_STORE_CTX_get0_cert(ctx); fprintf(stderr, "In app_verify_callback, allowing cert. "); fprintf(stderr, "Arg is: %s\n", cb_arg->string); fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n", - (void *)ctx, (void *)ctx->cert); - if (ctx->cert) - s = X509_NAME_oneline(X509_get_subject_name(ctx->cert), buf, 256); + (void *)ctx, (void *)xs); + if (xs) + s = X509_NAME_oneline(X509_get_subject_name(xs), buf, 256); if (s != NULL) { - fprintf(stderr, "cert depth=%d %s\n", ctx->error_depth, buf); + fprintf(stderr, "cert depth=%d %s\n", + X509_STORE_CTX_get_error_depth(ctx), buf); } return (1); } @@ -1855,16 +1874,26 @@ get_dh1024() 0x02, }; DH *dh; + BIGNUM *dh_p = NULL, *dh_g = NULL; if ((dh = DH_new()) == NULL) - return (NULL); - dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); - dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); - if ((dh->p == NULL) || (dh->g == NULL)) { - DH_free(dh); - return (NULL); - } - return (dh); + return NULL; + + dh_p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); + dh_g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); + if (dh_p == NULL || dh_g == NULL) + goto err; + + if (!DH_set0_pqg(dh, dh_p, NULL, dh_g)) + goto err; + + return dh; + + err: + BN_free(dh_p); + BN_free(dh_g); + DH_free(dh); + return NULL; } static DH * @@ -1897,15 +1926,26 @@ get_dh1024dsa() 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2, }; DH *dh; + BIGNUM *dh_p = NULL, *dh_g = NULL; if ((dh = DH_new()) == NULL) - return (NULL); - dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); - dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); - if ((dh->p == NULL) || (dh->g == NULL)) { - DH_free(dh); - return (NULL); - } - dh->length = 160; - return (dh); + return NULL; + + dh_p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); + dh_g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); + if (dh_p == NULL || dh_g == NULL) + goto err; + + if (!DH_set0_pqg(dh, dh_p, NULL, dh_g)) + goto err; + + DH_set_length(dh, 160); + + return dh; + + err: + BN_free(dh_p); + BN_free(dh_g); + DH_free(dh); + return NULL; } diff --git a/tests/ssltest.sh b/tests/ssltest.sh index 28da3acb..22a89366 100644 --- a/tests/ssltest.sh +++ b/tests/ssltest.sh @@ -22,5 +22,6 @@ if [ -z $srcdir ]; then srcdir=. fi -$srcdir/testssl $srcdir/server.pem $srcdir/server.pem $srcdir/ca.pem \ +$srcdir/testssl $srcdir/server1-rsa.pem $srcdir/server1-rsa-chain.pem \ + $srcdir/ca-root-rsa.pem \ $ssltest_bin $openssl_bin diff --git a/tests/string_table.c b/tests/string_table.c new file mode 100644 index 00000000..e80cf0f2 --- /dev/null +++ b/tests/string_table.c @@ -0,0 +1,128 @@ +/* $OpenBSD: string_table.c,v 1.1 2021/12/11 22:58:48 schwarze Exp $ */ +/* + * Copyright (c) 2021 Ingo Schwarze + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include + +static int errcount; + +static void +report(const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + vwarnx(fmt, ap); + va_end(ap); + + errcount++; +} + +static void +stable_check(const char *testname, ASN1_STRING_TABLE *have, + ASN1_STRING_TABLE *want, unsigned long want_flags) +{ + if (have == NULL) { + report("%s returned NULL", testname); + return; + } + if (have->nid != want->nid) + report("%s nid %d, expected %d", testname, + have->nid, want->nid); + if (have->minsize != want->minsize) + report("%s minsize %ld, expected %ld", testname, + have->minsize, want->minsize); + if (have->maxsize != want->maxsize) + report("%s maxsize %ld, expected %ld", testname, + have->maxsize, want->maxsize); + if (have->mask != want->mask) + report("%s mask %lu, expected %lu", testname, + have->mask, want->mask); + if (have->flags != want_flags) + report("%s flags %lu, expected %lu", testname, + have->flags, want_flags); +} + +int +main(void) +{ + ASN1_STRING_TABLE orig, mine, *have; + int irc; + + orig.nid = NID_name; + orig.minsize = 1; + orig.maxsize = ub_name; + orig.mask = DIRSTRING_TYPE; + orig.flags = 0; + + mine.nid = NID_name; + mine.minsize = 4; + mine.maxsize = 64; + mine.mask = B_ASN1_PRINTABLESTRING; + mine.flags = STABLE_NO_MASK; + + /* Original entry. */ + + have = ASN1_STRING_TABLE_get(orig.nid); + stable_check("orig", have, &orig, 0); + + /* Copy, but don't really change. */ + + irc = ASN1_STRING_TABLE_add(orig.nid, -1, -1, 0, 0); + if (irc != 1) + report("set noop returned %d, expected 1", irc); + have = ASN1_STRING_TABLE_get(orig.nid); + stable_check("noop", have, &orig, STABLE_FLAGS_MALLOC); + + /* Change entry. */ + + irc = ASN1_STRING_TABLE_add(mine.nid, mine.minsize, mine.maxsize, + mine.mask, mine.flags); + if (irc != 1) + report("set returned %d, expected 1", irc); + have = ASN1_STRING_TABLE_get(mine.nid); + stable_check("set", have, &mine, STABLE_FLAGS_MALLOC | STABLE_NO_MASK); + + /* New entry. */ + + mine.nid = NID_title; + irc = ASN1_STRING_TABLE_add(mine.nid, mine.minsize, mine.maxsize, + mine.mask, mine.flags); + if (irc != 1) + report("new returned %d, expected 1", irc); + have = ASN1_STRING_TABLE_get(mine.nid); + stable_check("new", have, &mine, STABLE_FLAGS_MALLOC | STABLE_NO_MASK); + + /* Back to the initial state. */ + + ASN1_STRING_TABLE_cleanup(); + have = ASN1_STRING_TABLE_get(orig.nid); + stable_check("back", have, &orig, 0); + if (ASN1_STRING_TABLE_get(mine.nid) != NULL) + report("deleted entry is not NULL"); + + switch (errcount) { + case 0: + return 0; + case 1: + errx(1, "one error"); + default: + errx(1, "%d errors", errcount); + } +} diff --git a/tests/testssl b/tests/testssl index fe633e87..43efaa64 100644 --- a/tests/testssl +++ b/tests/testssl @@ -66,17 +66,29 @@ for protocol in SSLv3 TLSv1.2; do done done for protocol in TLSv1.3; do - echo "Testing ciphersuites for $protocol" + echo "Testing ciphersuites for $protocol at security level 2" for cipher in `$openssl ciphers -v "$protocol" | awk "/ $protocol / { print \\$1 }"`; do echo "Testing $cipher" - $ssltest -cipher $cipher + $ssltest -cipher $cipher -seclevel 2 if [ $? -ne 0 ] ; then echo "Failed $cipher" exit 1 fi done done +for protocol in TLSv1.3; do + echo "Testing ciphersuites for $protocol at security level 3" + for cipher in `$openssl ciphers -v "$protocol" | + awk "/ $protocol / { print \\$1 }"`; do + echo "Testing $cipher" + $ssltest -cipher $cipher -seclevel 3 + if [ $? -eq 0 ] ; then + echo "Failed $cipher should not have succeeded" + exit 1 + fi + done +done ############################################################################# diff --git a/tests/tls_prf.c b/tests/tls_prf.c index 9e8f5b40..bf0de1f0 100644 --- a/tests/tls_prf.c +++ b/tests/tls_prf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_prf.c,v 1.5 2021/03/24 19:02:35 jsing Exp $ */ +/* $OpenBSD: tls_prf.c,v 1.7 2022/06/10 22:00:15 tb Exp $ */ /* * Copyright (c) 2017 Joel Sing * @@ -182,7 +182,7 @@ do_tls_prf_test(int test_no, struct tls_prf_test *tpt) int failure = 1; int len; - fprintf(stderr, "Test %i - %s\n", test_no, tpt->desc); + fprintf(stderr, "Test %d - %s\n", test_no, tpt->desc); if ((out = malloc(TLS_PRF_OUT_LEN)) == NULL) errx(1, "failed to allocate out"); @@ -197,7 +197,7 @@ do_tls_prf_test(int test_no, struct tls_prf_test *tpt) goto failure; } - S3I(ssl)->hs.cipher = cipher; + ssl->s3->hs.cipher = cipher; for (len = 1; len <= TLS_PRF_OUT_LEN; len++) { memset(out, 'A', TLS_PRF_OUT_LEN); @@ -207,14 +207,14 @@ do_tls_prf_test(int test_no, struct tls_prf_test *tpt) sizeof(TLS_PRF_SEED2), TLS_PRF_SEED3, sizeof(TLS_PRF_SEED3), TLS_PRF_SEED4, sizeof(TLS_PRF_SEED4), TLS_PRF_SEED5, sizeof(TLS_PRF_SEED5), out, len) != 1) { - fprintf(stderr, "FAIL: tls_PRF failed for len %i\n", + fprintf(stderr, "FAIL: tls_PRF failed for len %d\n", len); goto failure; } if (memcmp(out, tpt->out, len) != 0) { fprintf(stderr, "FAIL: tls_PRF output differs for " - "len %i\n", len); + "len %d\n", len); fprintf(stderr, "output:\n"); hexdump(out, TLS_PRF_OUT_LEN); fprintf(stderr, "test data:\n"); diff --git a/tests/tlsexttest.c b/tests/tlsexttest.c index 63c16a28..f75c70ef 100644 --- a/tests/tlsexttest.c +++ b/tests/tlsexttest.c @@ -1,8 +1,9 @@ -/* $OpenBSD: tlsexttest.c,v 1.49 2021/03/24 21:36:26 tb Exp $ */ +/* $OpenBSD: tlsexttest.c,v 1.75 2022/08/21 19:46:19 jsing Exp $ */ /* * Copyright (c) 2017 Joel Sing * Copyright (c) 2017 Doug Hogan * Copyright (c) 2019 Bob Beck + * Copyright (c) 2022 Theo Buehler * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -19,11 +20,42 @@ #include +#include + #include "ssl_locl.h" #include "bytestring.h" #include "ssl_tlsext.h" +struct tls_extension_funcs { + int (*needs)(SSL *s, uint16_t msg_type); + int (*build)(SSL *s, uint16_t msg_type, CBB *cbb); + int (*parse)(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); +}; + +const struct tls_extension *tls_extension_find(uint16_t, size_t *); +const struct tls_extension_funcs *tlsext_funcs(const struct tls_extension *, + int); + +static int +tls_extension_funcs(int type, const struct tls_extension_funcs **client_funcs, + const struct tls_extension_funcs **server_funcs) +{ + const struct tls_extension *ext; + size_t idx; + + if ((ext = tls_extension_find(type, &idx)) == NULL) + return 0; + + if ((*client_funcs = tlsext_funcs(ext, 0)) == NULL) + return 0; + + if ((*server_funcs = tlsext_funcs(ext, 1)) == NULL) + return 0; + + return 1; +} + static void hexdump(const unsigned char *buf, size_t len) { @@ -119,28 +151,36 @@ const uint8_t tlsext_alpn_single_proto[] = { 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 }; +#define TLSEXT_TYPE_alpn TLSEXT_TYPE_application_layer_protocol_negotiation + static int test_tlsext_alpn_client(void) { SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; uint8_t *data = NULL; CBB cbb; CBS cbs; int failure, alert; size_t dlen; - CBB_init(&cbb, 0); - failure = 1; + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); + if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); + if (!tls_extension_funcs(TLSEXT_TYPE_alpn, &client_funcs, &server_funcs)) + errx(1, "failed to fetch ALPN funcs"); + /* By default, we don't need this */ - if (tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need ALPN by default\n"); goto err; } @@ -150,21 +190,21 @@ test_tlsext_alpn_client(void) * 1) Set s->internal->alpn_client_proto_list * - Using SSL_set_alpn_protos() * 2) We have not finished or renegotiated. - * - S3I(s)->tmp.finish_md_len == 0 + * - s->s3->tmp.finish_md_len == 0 */ if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val, sizeof(tlsext_alpn_single_proto_val)) != 0) { FAIL("should be able to set ALPN to http/1.1\n"); goto err; } - if (!tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { - FAIL("client should need ALPN by now\n"); + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { + FAIL("client should need ALPN by default\n"); goto err; } /* Make sure we can build the client with a single proto. */ - if (!tlsext_alpn_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build ALPN\n"); goto err; } @@ -187,7 +227,8 @@ test_tlsext_alpn_client(void) } CBB_cleanup(&cbb); - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); free(data); data = NULL; @@ -195,7 +236,7 @@ test_tlsext_alpn_client(void) CBS_init(&cbs, tlsext_alpn_single_proto, sizeof(tlsext_alpn_single_proto)); - if (!tlsext_alpn_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse ALPN\n"); goto err; } @@ -231,12 +272,12 @@ test_tlsext_alpn_client(void) FAIL("should be able to set ALPN to http/1.1\n"); goto err; } - if (!tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need ALPN by now\n"); goto err; } - if (!tlsext_alpn_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build ALPN\n"); goto err; } @@ -262,7 +303,7 @@ test_tlsext_alpn_client(void) CBS_init(&cbs, tlsext_alpn_multiple_protos, sizeof(tlsext_alpn_multiple_protos)); - if (!tlsext_alpn_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse ALPN\n"); goto err; } @@ -297,7 +338,7 @@ test_tlsext_alpn_client(void) ssl->internal->alpn_client_proto_list = NULL; ssl->internal->alpn_client_proto_list_len = 0; - if (tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need ALPN by default\n"); goto err; } @@ -318,23 +359,29 @@ test_tlsext_alpn_server(void) { SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; uint8_t *data = NULL; CBB cbb; CBS cbs; int failure, alert; size_t dlen; - CBB_init(&cbb, 0); - failure = 1; + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); + if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); + if (!tls_extension_funcs(TLSEXT_TYPE_alpn, &client_funcs, &server_funcs)) + errx(1, "failed to fetch ALPN funcs"); + /* By default, ALPN isn't needed. */ - if (tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need ALPN by default\n"); goto err; } @@ -345,21 +392,21 @@ test_tlsext_alpn_server(void) * * This will be a plain name and separate length. */ - if ((S3I(ssl)->alpn_selected = malloc(sizeof(tlsext_alpn_single_proto_name))) == NULL) { + if ((ssl->s3->alpn_selected = malloc(sizeof(tlsext_alpn_single_proto_name))) == NULL) { errx(1, "failed to malloc"); } - memcpy(S3I(ssl)->alpn_selected, tlsext_alpn_single_proto_name, + memcpy(ssl->s3->alpn_selected, tlsext_alpn_single_proto_name, sizeof(tlsext_alpn_single_proto_name)); - S3I(ssl)->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name); + ssl->s3->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name); - if (!tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should need ALPN after a protocol is selected\n"); goto err; } /* Make sure we can build a server with one protocol */ - if (!tlsext_alpn_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server should be able to build a response\n"); goto err; } @@ -382,7 +429,8 @@ test_tlsext_alpn_server(void) } CBB_cleanup(&cbb); - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); free(data); data = NULL; @@ -392,7 +440,7 @@ test_tlsext_alpn_server(void) sizeof(tlsext_alpn_single_proto)); /* Shouldn't be able to parse without requesting */ - if (tlsext_alpn_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("Should only parse server if we requested it\n"); goto err; } @@ -403,7 +451,7 @@ test_tlsext_alpn_server(void) FAIL("should be able to set ALPN to http/1.1\n"); goto err; } - if (!tlsext_alpn_server_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("Should be able to parse server when we request it\n"); goto err; } @@ -412,23 +460,23 @@ test_tlsext_alpn_server(void) goto err; } - if (S3I(ssl)->alpn_selected_len != + if (ssl->s3->alpn_selected_len != sizeof(tlsext_alpn_single_proto_name)) { FAIL("got server ALPN with length %zu, " "want length %zu\n", dlen, sizeof(tlsext_alpn_single_proto_name)); - compare_data(S3I(ssl)->alpn_selected, - S3I(ssl)->alpn_selected_len, + compare_data(ssl->s3->alpn_selected, + ssl->s3->alpn_selected_len, tlsext_alpn_single_proto_name, sizeof(tlsext_alpn_single_proto_name)); goto err; } - if (memcmp(S3I(ssl)->alpn_selected, + if (memcmp(ssl->s3->alpn_selected, tlsext_alpn_single_proto_name, sizeof(tlsext_alpn_single_proto_name)) != 0) { FAIL("server ALPN differs:\n"); - compare_data(S3I(ssl)->alpn_selected, - S3I(ssl)->alpn_selected_len, + compare_data(ssl->s3->alpn_selected, + ssl->s3->alpn_selected_len, tlsext_alpn_single_proto_name, sizeof(tlsext_alpn_single_proto_name)); goto err; @@ -442,12 +490,12 @@ test_tlsext_alpn_server(void) /* Make sure we can remove the list and avoid ALPN */ - free(S3I(ssl)->alpn_selected); - S3I(ssl)->alpn_selected = NULL; - S3I(ssl)->alpn_selected_len = 0; + free(ssl->s3->alpn_selected); + ssl->s3->alpn_selected = NULL; + ssl->s3->alpn_selected_len = 0; - if (tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { - FAIL("server should need ALPN by default\n"); + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { + FAIL("server should not need ALPN by default\n"); goto err; } @@ -478,7 +526,7 @@ static uint8_t tlsext_supportedgroups_client_default[] = { }; static uint16_t tlsext_supportedgroups_client_secp384r1_val[] = { - 0x0018 /* tls1_ec_nid2curve_id(NID_secp384r1) */ + 0x0018 /* tls1_ec_nid2group_id(NID_secp384r1) */ }; static uint8_t tlsext_supportedgroups_client_secp384r1[] = { 0x00, 0x02, @@ -487,8 +535,8 @@ static uint8_t tlsext_supportedgroups_client_secp384r1[] = { /* Example from RFC 4492 section 5.1.1 */ static uint16_t tlsext_supportedgroups_client_nistp192and224_val[] = { - 0x0013, /* tls1_ec_nid2curve_id(NID_X9_62_prime192v1) */ - 0x0015 /* tls1_ec_nid2curve_id(NID_secp224r1) */ + 0x0013, /* tls1_ec_nid2group_id(NID_X9_62_prime192v1) */ + 0x0015 /* tls1_ec_nid2group_id(NID_secp224r1) */ }; static uint8_t tlsext_supportedgroups_client_nistp192and224[] = { 0x00, 0x04, @@ -502,6 +550,8 @@ test_tlsext_supportedgroups_client(void) unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; size_t dlen; int failure, alert; CBB cbb; @@ -517,10 +567,14 @@ test_tlsext_supportedgroups_client(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); + if (!tls_extension_funcs(TLSEXT_TYPE_supported_groups, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch supported groups funcs"); + /* * Default ciphers include EC so we need it by default. */ - if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need Ellipticcurves for default " "ciphers\n"); goto err; @@ -533,7 +587,7 @@ test_tlsext_supportedgroups_client(void) FAIL("client should be able to set cipher list\n"); goto err; } - if (tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need Ellipticcurves\n"); goto err; } @@ -545,7 +599,7 @@ test_tlsext_supportedgroups_client(void) FAIL("client should be able to set cipher list\n"); goto err; } - if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need Ellipticcurves\n"); goto err; } @@ -556,20 +610,22 @@ test_tlsext_supportedgroups_client(void) if ((ssl->session = SSL_SESSION_new()) == NULL) errx(1, "failed to create session"); - if ((SSI(ssl)->tlsext_supportedgroups = malloc(sizeof(uint16_t))) + if ((ssl->session->tlsext_supportedgroups = malloc(sizeof(uint16_t))) == NULL) { FAIL("client could not malloc\n"); goto err; } - SSI(ssl)->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_secp384r1); - SSI(ssl)->tlsext_supportedgroups_length = 1; + if (!tls1_ec_nid2group_id(NID_secp384r1, + &ssl->session->tlsext_supportedgroups[0])) + goto err; + ssl->session->tlsext_supportedgroups_length = 1; - if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need Ellipticcurves\n"); goto err; } - if (!tlsext_supportedgroups_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build Ellipticcurves\n"); goto err; } @@ -597,7 +653,8 @@ test_tlsext_supportedgroups_client(void) * Test parsing secp384r1 */ CBB_cleanup(&cbb); - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); free(data); data = NULL; @@ -607,7 +664,7 @@ test_tlsext_supportedgroups_client(void) CBS_init(&cbs, tlsext_supportedgroups_client_secp384r1, sizeof(tlsext_supportedgroups_client_secp384r1)); - if (!tlsext_supportedgroups_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse client Ellipticcurves\n"); goto err; } @@ -616,20 +673,20 @@ test_tlsext_supportedgroups_client(void) goto err; } - if (SSI(ssl)->tlsext_supportedgroups_length != + if (ssl->session->tlsext_supportedgroups_length != sizeof(tlsext_supportedgroups_client_secp384r1_val) / sizeof(uint16_t)) { FAIL("no tlsext_ellipticcurves from client " "Ellipticcurves\n"); goto err; } - if (memcmp(SSI(ssl)->tlsext_supportedgroups, + if (memcmp(ssl->session->tlsext_supportedgroups, tlsext_supportedgroups_client_secp384r1_val, sizeof(tlsext_supportedgroups_client_secp384r1_val)) != 0) { FAIL("client had an incorrect Ellipticcurves " "entry\n"); - compare_data2(SSI(ssl)->tlsext_supportedgroups, - SSI(ssl)->tlsext_supportedgroups_length * 2, + compare_data2(ssl->session->tlsext_supportedgroups, + ssl->session->tlsext_supportedgroups_length * 2, tlsext_supportedgroups_client_secp384r1_val, sizeof(tlsext_supportedgroups_client_secp384r1_val)); goto err; @@ -639,7 +696,8 @@ test_tlsext_supportedgroups_client(void) * Use a custom order. */ CBB_cleanup(&cbb); - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); SSL_SESSION_free(ssl->session); if ((ssl->session = SSL_SESSION_new()) == NULL) @@ -649,16 +707,20 @@ test_tlsext_supportedgroups_client(void) FAIL("client could not malloc\n"); goto err; } - ssl->internal->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_X9_62_prime192v1); - ssl->internal->tlsext_supportedgroups[1] = tls1_ec_nid2curve_id(NID_secp224r1); + if (!tls1_ec_nid2group_id(NID_X9_62_prime192v1, + &ssl->internal->tlsext_supportedgroups[0])) + goto err; + if (!tls1_ec_nid2group_id(NID_secp224r1, + &ssl->internal->tlsext_supportedgroups[1])) + goto err; ssl->internal->tlsext_supportedgroups_length = 2; - if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need Ellipticcurves\n"); goto err; } - if (!tlsext_supportedgroups_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build Ellipticcurves\n"); goto err; } @@ -692,7 +754,8 @@ test_tlsext_supportedgroups_client(void) * Parse non-default curves to session. */ CBB_cleanup(&cbb); - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); free(data); data = NULL; @@ -707,7 +770,7 @@ test_tlsext_supportedgroups_client(void) CBS_init(&cbs, tlsext_supportedgroups_client_nistp192and224, sizeof(tlsext_supportedgroups_client_nistp192and224)); - if (!tlsext_supportedgroups_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse client Ellipticcurves\n"); goto err; } @@ -716,18 +779,18 @@ test_tlsext_supportedgroups_client(void) goto err; } - if (SSI(ssl)->tlsext_supportedgroups_length != + if (ssl->session->tlsext_supportedgroups_length != sizeof(tlsext_supportedgroups_client_nistp192and224_val) / sizeof(uint16_t)) { FAIL("no tlsext_ellipticcurves from client Ellipticcurves\n"); goto err; } - if (memcmp(SSI(ssl)->tlsext_supportedgroups, + if (memcmp(ssl->session->tlsext_supportedgroups, tlsext_supportedgroups_client_nistp192and224_val, sizeof(tlsext_supportedgroups_client_nistp192and224_val)) != 0) { FAIL("client had an incorrect Ellipticcurves entry\n"); - compare_data2(SSI(ssl)->tlsext_supportedgroups, - SSI(ssl)->tlsext_supportedgroups_length * 2, + compare_data2(ssl->session->tlsext_supportedgroups, + ssl->session->tlsext_supportedgroups_length * 2, tlsext_supportedgroups_client_nistp192and224_val, sizeof(tlsext_supportedgroups_client_nistp192and224_val)); goto err; @@ -751,6 +814,8 @@ test_tlsext_supportedgroups_server(void) { SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; int failure; failure = 1; @@ -760,7 +825,11 @@ test_tlsext_supportedgroups_server(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_supportedgroups_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!tls_extension_funcs(TLSEXT_TYPE_supported_groups, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch supported groups funcs"); + + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need elliptic_curves\n"); goto err; } @@ -768,7 +837,7 @@ test_tlsext_supportedgroups_server(void) if ((ssl->session = SSL_SESSION_new()) == NULL) errx(1, "failed to create session"); - if (tlsext_supportedgroups_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need elliptic_curves\n"); goto err; } @@ -821,6 +890,8 @@ test_tlsext_ecpf_client(void) uint8_t *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; size_t dlen; int failure, alert; CBB cbb; @@ -828,17 +899,22 @@ test_tlsext_ecpf_client(void) failure = 1; - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); + if (!tls_extension_funcs(TLSEXT_TYPE_ec_point_formats, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch ecpf funcs"); + /* * Default ciphers include EC so we need it by default. */ - if (!tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need ECPointFormats for default " "ciphers\n"); goto err; @@ -851,7 +927,7 @@ test_tlsext_ecpf_client(void) FAIL("client should be able to set cipher list\n"); goto err; } - if (tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need ECPointFormats\n"); goto err; } @@ -863,7 +939,7 @@ test_tlsext_ecpf_client(void) FAIL("client should be able to set cipher list\n"); goto err; } - if (!tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need ECPointFormats\n"); goto err; } @@ -874,7 +950,7 @@ test_tlsext_ecpf_client(void) if ((ssl->session = SSL_SESSION_new()) == NULL) errx(1, "failed to create session"); - if (!tlsext_ecpf_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build ECPointFormats\n"); goto err; } @@ -902,7 +978,8 @@ test_tlsext_ecpf_client(void) * Make sure we can parse the default. */ CBB_cleanup(&cbb); - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); free(data); data = NULL; @@ -912,7 +989,7 @@ test_tlsext_ecpf_client(void) CBS_init(&cbs, tlsext_ecpf_hello_uncompressed, sizeof(tlsext_ecpf_hello_uncompressed)); - if (!tlsext_ecpf_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse client ECPointFormats\n"); goto err; } @@ -921,14 +998,14 @@ test_tlsext_ecpf_client(void) goto err; } - if (SSI(ssl)->tlsext_ecpointformatlist_length != + if (ssl->session->tlsext_ecpointformatlist_length != sizeof(tlsext_ecpf_hello_uncompressed_val)) { FAIL("no tlsext_ecpointformats from client " "ECPointFormats\n"); goto err; } - if (memcmp(SSI(ssl)->tlsext_ecpointformatlist, + if (memcmp(ssl->session->tlsext_ecpointformatlist, tlsext_ecpf_hello_uncompressed_val, sizeof(tlsext_ecpf_hello_uncompressed_val)) != 0) { FAIL("client had an incorrect ECPointFormats entry\n"); @@ -939,7 +1016,8 @@ test_tlsext_ecpf_client(void) * Test with a custom order. */ CBB_cleanup(&cbb); - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); free(data); data = NULL; @@ -956,13 +1034,13 @@ test_tlsext_ecpf_client(void) ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; ssl->internal->tlsext_ecpointformatlist_length = 3; - if (!tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need ECPointFormats with a custom " "format\n"); goto err; } - if (!tlsext_ecpf_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build ECPointFormats\n"); goto err; } @@ -990,7 +1068,8 @@ test_tlsext_ecpf_client(void) * Make sure that we can parse this custom order. */ CBB_cleanup(&cbb); - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); free(data); data = NULL; @@ -1005,7 +1084,7 @@ test_tlsext_ecpf_client(void) CBS_init(&cbs, tlsext_ecpf_hello_prefer_order, sizeof(tlsext_ecpf_hello_prefer_order)); - if (!tlsext_ecpf_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse client ECPointFormats\n"); goto err; } @@ -1014,14 +1093,14 @@ test_tlsext_ecpf_client(void) goto err; } - if (SSI(ssl)->tlsext_ecpointformatlist_length != + if (ssl->session->tlsext_ecpointformatlist_length != sizeof(tlsext_ecpf_hello_prefer_order_val)) { FAIL("no tlsext_ecpointformats from client " "ECPointFormats\n"); goto err; } - if (memcmp(SSI(ssl)->tlsext_ecpointformatlist, + if (memcmp(ssl->session->tlsext_ecpointformatlist, tlsext_ecpf_hello_prefer_order_val, sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) { FAIL("client had an incorrect ECPointFormats entry\n"); @@ -1046,6 +1125,8 @@ test_tlsext_ecpf_server(void) uint8_t *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; size_t dlen; int failure, alert; CBB cbb; @@ -1053,32 +1134,37 @@ test_tlsext_ecpf_server(void) failure = 1; - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); + if (!tls_extension_funcs(TLSEXT_TYPE_ec_point_formats, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch ecpf funcs"); + if ((ssl->session = SSL_SESSION_new()) == NULL) errx(1, "failed to create session"); /* Setup the state so we can call needs. */ - if ((S3I(ssl)->hs.cipher = + if ((ssl->s3->hs.cipher = ssl3_get_cipher_by_id(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305)) == NULL) { FAIL("server cannot find cipher\n"); goto err; } - if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(sizeof(uint8_t))) + if ((ssl->session->tlsext_ecpointformatlist = malloc(sizeof(uint8_t))) == NULL) { FAIL("server could not malloc\n"); goto err; } - SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; - SSI(ssl)->tlsext_ecpointformatlist_length = 1; + ssl->session->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; + ssl->session->tlsext_ecpointformatlist_length = 1; - if (!tlsext_ecpf_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should need ECPointFormats now\n"); goto err; } @@ -1087,7 +1173,7 @@ test_tlsext_ecpf_server(void) * The server will ignore the session list and use either a custom * list or the default (uncompressed). */ - if (!tlsext_ecpf_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server failed to build ECPointFormats\n"); goto err; } @@ -1115,7 +1201,8 @@ test_tlsext_ecpf_server(void) * Cannot parse a non-default list without at least uncompressed. */ CBB_cleanup(&cbb); - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); free(data); data = NULL; @@ -1125,7 +1212,7 @@ test_tlsext_ecpf_server(void) CBS_init(&cbs, tlsext_ecpf_hello_prime, sizeof(tlsext_ecpf_hello_prime)); - if (tlsext_ecpf_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("must include uncompressed in server ECPointFormats\n"); goto err; } @@ -1138,7 +1225,8 @@ test_tlsext_ecpf_server(void) * Test with a custom order that replaces the default uncompressed. */ CBB_cleanup(&cbb); - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); free(data); data = NULL; @@ -1147,13 +1235,13 @@ test_tlsext_ecpf_server(void) errx(1, "failed to create session"); /* Add a session list even though it will be ignored. */ - if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(sizeof(uint8_t))) + if ((ssl->session->tlsext_ecpointformatlist = malloc(sizeof(uint8_t))) == NULL) { FAIL("server could not malloc\n"); goto err; } - SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; - SSI(ssl)->tlsext_ecpointformatlist_length = 1; + ssl->session->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; + ssl->session->tlsext_ecpointformatlist_length = 1; /* Replace the default list with a custom one. */ if ((ssl->internal->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) { @@ -1165,12 +1253,12 @@ test_tlsext_ecpf_server(void) ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; ssl->internal->tlsext_ecpointformatlist_length = 3; - if (!tlsext_ecpf_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should need ECPointFormats\n"); goto err; } - if (!tlsext_ecpf_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server failed to build ECPointFormats\n"); goto err; } @@ -1198,7 +1286,8 @@ test_tlsext_ecpf_server(void) * Should be able to parse the custom list into a session list. */ CBB_cleanup(&cbb); - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); free(data); data = NULL; @@ -1213,7 +1302,7 @@ test_tlsext_ecpf_server(void) CBS_init(&cbs, tlsext_ecpf_hello_prefer_order, sizeof(tlsext_ecpf_hello_prefer_order)); - if (!tlsext_ecpf_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("failed to parse server ECPointFormats\n"); goto err; } @@ -1222,14 +1311,14 @@ test_tlsext_ecpf_server(void) goto err; } - if (SSI(ssl)->tlsext_ecpointformatlist_length != + if (ssl->session->tlsext_ecpointformatlist_length != sizeof(tlsext_ecpf_hello_prefer_order_val)) { FAIL("no tlsext_ecpointformats from server " "ECPointFormats\n"); goto err; } - if (memcmp(SSI(ssl)->tlsext_ecpointformatlist, + if (memcmp(ssl->session->tlsext_ecpointformatlist, tlsext_ecpf_hello_prefer_order_val, sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) { FAIL("server had an incorrect ECPointFormats entry\n"); @@ -1281,6 +1370,8 @@ test_tlsext_ri_client(void) unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; int failure; size_t dlen; int alert; @@ -1289,14 +1380,19 @@ test_tlsext_ri_client(void) failure = 1; - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); if ((ssl_ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_ri_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_funcs(TLSEXT_TYPE_renegotiate, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch ri funcs"); + + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need RI\n"); goto err; } @@ -1306,18 +1402,18 @@ test_tlsext_ri_client(void) goto err; } - if (!tlsext_ri_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need RI\n"); goto err; } - memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client, + memcpy(ssl->s3->previous_client_finished, tlsext_ri_prev_client, sizeof(tlsext_ri_prev_client)); - S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client); + ssl->s3->previous_client_finished_len = sizeof(tlsext_ri_prev_client); - S3I(ssl)->renegotiate_seen = 0; + ssl->s3->renegotiate_seen = 0; - if (!tlsext_ri_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build RI\n"); goto err; } @@ -1341,7 +1437,7 @@ test_tlsext_ri_client(void) } CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client)); - if (!tlsext_ri_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse client RI\n"); goto err; } @@ -1350,28 +1446,27 @@ test_tlsext_ri_client(void) goto err; } - if (S3I(ssl)->renegotiate_seen != 1) { + if (ssl->s3->renegotiate_seen != 1) { FAIL("renegotiate seen not set\n"); goto err; } - if (S3I(ssl)->send_connection_binding != 1) { + if (ssl->s3->send_connection_binding != 1) { FAIL("send connection binding not set\n"); goto err; } - memset(S3I(ssl)->previous_client_finished, 0, - sizeof(S3I(ssl)->previous_client_finished)); + memset(ssl->s3->previous_client_finished, 0, + sizeof(ssl->s3->previous_client_finished)); - S3I(ssl)->renegotiate_seen = 0; + ssl->s3->renegotiate_seen = 0; CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client)); - if (tlsext_ri_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("parsed invalid client RI\n"); - failure = 1; goto err; } - if (S3I(ssl)->renegotiate_seen == 1) { + if (ssl->s3->renegotiate_seen == 1) { FAIL("renegotiate seen set\n"); goto err; } @@ -1393,6 +1488,8 @@ test_tlsext_ri_server(void) unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; int failure; size_t dlen; int alert; @@ -1401,37 +1498,42 @@ test_tlsext_ri_server(void) failure = 1; - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); + if (!tls_extension_funcs(TLSEXT_TYPE_renegotiate, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch ri funcs"); + ssl->version = TLS1_2_VERSION; - if (tlsext_ri_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need RI\n"); goto err; } - S3I(ssl)->send_connection_binding = 1; + ssl->s3->send_connection_binding = 1; - if (!tlsext_ri_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should need RI\n"); goto err; } - memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client, + memcpy(ssl->s3->previous_client_finished, tlsext_ri_prev_client, sizeof(tlsext_ri_prev_client)); - S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client); + ssl->s3->previous_client_finished_len = sizeof(tlsext_ri_prev_client); - memcpy(S3I(ssl)->previous_server_finished, tlsext_ri_prev_server, + memcpy(ssl->s3->previous_server_finished, tlsext_ri_prev_server, sizeof(tlsext_ri_prev_server)); - S3I(ssl)->previous_server_finished_len = sizeof(tlsext_ri_prev_server); + ssl->s3->previous_server_finished_len = sizeof(tlsext_ri_prev_server); - S3I(ssl)->renegotiate_seen = 0; + ssl->s3->renegotiate_seen = 0; - if (!tlsext_ri_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server failed to build RI\n"); goto err; } @@ -1455,7 +1557,7 @@ test_tlsext_ri_server(void) } CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server)); - if (!tlsext_ri_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("failed to parse server RI\n"); goto err; } @@ -1464,29 +1566,29 @@ test_tlsext_ri_server(void) goto err; } - if (S3I(ssl)->renegotiate_seen != 1) { + if (ssl->s3->renegotiate_seen != 1) { FAIL("renegotiate seen not set\n"); goto err; } - if (S3I(ssl)->send_connection_binding != 1) { + if (ssl->s3->send_connection_binding != 1) { FAIL("send connection binding not set\n"); goto err; } - memset(S3I(ssl)->previous_client_finished, 0, - sizeof(S3I(ssl)->previous_client_finished)); - memset(S3I(ssl)->previous_server_finished, 0, - sizeof(S3I(ssl)->previous_server_finished)); + memset(ssl->s3->previous_client_finished, 0, + sizeof(ssl->s3->previous_client_finished)); + memset(ssl->s3->previous_server_finished, 0, + sizeof(ssl->s3->previous_server_finished)); - S3I(ssl)->renegotiate_seen = 0; + ssl->s3->renegotiate_seen = 0; CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server)); - if (tlsext_ri_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("parsed invalid server RI\n"); goto err; } - if (S3I(ssl)->renegotiate_seen == 1) { + if (ssl->s3->renegotiate_seen == 1) { FAIL("renegotiate seen set\n"); goto err; } @@ -1518,38 +1620,44 @@ test_tlsext_sigalgs_client(void) unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; - int failure = 0; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; + int failure; size_t dlen; int alert; CBB cbb; CBS cbs; - CBB_init(&cbb, 0); + failure = 1; + + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - S3I(ssl)->hs.our_max_tls_version = TLS1_1_VERSION; + if (!tls_extension_funcs(TLSEXT_TYPE_signature_algorithms, + &client_funcs, &server_funcs)) + errx(1, "failed to fetch sigalgs funcs"); - if (tlsext_sigalgs_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { - fprintf(stderr, "FAIL: client should not need sigalgs\n"); - failure = 1; + ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION; + + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { + FAIL("client should not need sigalgs\n"); goto done; } - S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; - if (!tlsext_sigalgs_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { - fprintf(stderr, "FAIL: client should need sigalgs\n"); - failure = 1; + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { + FAIL("client should need sigalgs\n"); goto done; } - if (!tlsext_sigalgs_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { - fprintf(stderr, "FAIL: client failed to build sigalgs\n"); - failure = 1; + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + FAIL("client failed to build sigalgs\n"); goto done; } @@ -1557,26 +1665,23 @@ test_tlsext_sigalgs_client(void) errx(1, "failed to finish CBB"); if (dlen != sizeof(tlsext_sigalgs_client)) { - fprintf(stderr, "FAIL: got client sigalgs with length %zu, " + FAIL("got client sigalgs length %zu, " "want length %zu\n", dlen, sizeof(tlsext_sigalgs_client)); - failure = 1; goto done; } if (memcmp(data, tlsext_sigalgs_client, dlen) != 0) { - fprintf(stderr, "FAIL: client SNI differs:\n"); + FAIL("client SNI differs:\n"); fprintf(stderr, "received:\n"); hexdump(data, dlen); fprintf(stderr, "test data:\n"); hexdump(tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); - failure = 1; goto done; } CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); - if (!tlsext_sigalgs_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { - fprintf(stderr, "FAIL: failed to parse client SNI\n"); - failure = 1; + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + FAIL("failed to parse client SNI\n"); goto done; } if (CBS_len(&cbs) != 0) { @@ -1584,6 +1689,8 @@ test_tlsext_sigalgs_client(void) goto done; } + failure = 0; + done: CBB_cleanup(&cbb); SSL_CTX_free(ssl_ctx); @@ -1600,28 +1707,35 @@ test_tlsext_sigalgs_server(void) unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; - int failure = 0; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; + int failure; size_t dlen; int alert; CBB cbb; CBS cbs; - CBB_init(&cbb, 0); + failure = 1; + + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_sigalgs_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { - fprintf(stderr, "FAIL: server should not need sigalgs\n"); - failure = 1; + if (!tls_extension_funcs(TLSEXT_TYPE_server_name, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch sigalgs funcs"); + + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { + FAIL("server should not need sigalgs\n"); goto done; } - if (tlsext_sigalgs_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { - fprintf(stderr, "FAIL: server should not build sigalgs\n"); - failure = 1; + if (server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + FAIL("server should not build sigalgs\n"); goto done; } @@ -1629,12 +1743,13 @@ test_tlsext_sigalgs_server(void) errx(1, "failed to finish CBB"); CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); - if (tlsext_sigalgs_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { - fprintf(stderr, "FAIL: server should not parse sigalgs\n"); - failure = 1; + if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + FAIL("server should not parse sigalgs\n"); goto done; } + failure = 0; + done: CBB_cleanup(&cbb); SSL_CTX_free(ssl_ctx); @@ -1668,6 +1783,8 @@ test_tlsext_sni_client(void) unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; int failure; size_t dlen; int alert; @@ -1676,14 +1793,19 @@ test_tlsext_sni_client(void) failure = 1; - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_sni_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_funcs(TLSEXT_TYPE_server_name, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch sni funcs"); + + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need SNI\n"); goto err; } @@ -1693,18 +1815,20 @@ test_tlsext_sni_client(void) goto err; } - if (!tlsext_sni_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need SNI\n"); goto err; } - if (!tlsext_sni_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build SNI\n"); goto err; } - if (!CBB_finish(&cbb, &data, &dlen)) - errx(1, "failed to finish CBB"); + if (!CBB_finish(&cbb, &data, &dlen)) { + FAIL("failed to finish CBB"); + goto err; + } if (dlen != sizeof(tlsext_sni_client)) { FAIL("got client SNI with length %zu, " @@ -1721,13 +1845,29 @@ test_tlsext_sni_client(void) goto err; } - if ((ssl->session = SSL_SESSION_new()) == NULL) - errx(1, "failed to create session"); + /* + * SSL_set_tlsext_host_name() may be called with a NULL host name to + * disable SNI. + */ + if (!SSL_set_tlsext_host_name(ssl, NULL)) { + FAIL("cannot set host name to NULL"); + goto err; + } + + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { + FAIL("client should not need SNI\n"); + goto err; + } + + if ((ssl->session = SSL_SESSION_new()) == NULL) { + FAIL("failed to create session"); + goto err; + } ssl->internal->hit = 0; CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client)); - if (!tlsext_sni_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse client SNI\n"); goto err; } @@ -1751,12 +1891,15 @@ test_tlsext_sni_client(void) ssl->internal->hit = 1; + free(ssl->session->tlsext_hostname); if ((ssl->session->tlsext_hostname = strdup("notthesame.libressl.org")) == - NULL) - errx(1, "failed to strdup tlsext_hostname"); + NULL) { + FAIL("failed to strdup tlsext_hostname"); + goto err; + } CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client)); - if (tlsext_sni_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("parsed client with mismatched SNI\n"); goto err; } @@ -1778,6 +1921,8 @@ test_tlsext_sni_server(void) unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; int failure; size_t dlen; int alert; @@ -1786,17 +1931,22 @@ test_tlsext_sni_server(void) failure = 1; - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); + if (!tls_extension_funcs(TLSEXT_TYPE_server_name, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch sni funcs"); + if ((ssl->session = SSL_SESSION_new()) == NULL) errx(1, "failed to create session"); - if (tlsext_sni_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need SNI\n"); goto err; } @@ -1810,12 +1960,12 @@ test_tlsext_sni_server(void) NULL) errx(1, "failed to strdup tlsext_hostname"); - if (!tlsext_sni_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should need SNI\n"); goto err; } - if (!tlsext_sni_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server failed to build SNI\n"); goto err; } @@ -1842,7 +1992,7 @@ test_tlsext_sni_server(void) ssl->session->tlsext_hostname = NULL; CBS_init(&cbs, tlsext_sni_server, sizeof_tlsext_sni_server); - if (!tlsext_sni_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("failed to parse server SNI\n"); goto err; } @@ -1875,67 +2025,112 @@ test_tlsext_sni_server(void) return (failure); } -static unsigned char tls_ocsp_client_default[] = { - 0x01, 0x00, 0x00, 0x00, 0x00 + +/* + * QUIC transport parameters extension - RFC 90210 :) + */ + +#define TEST_QUIC_TRANSPORT_DATA "0123456789abcdef" + +static unsigned char tlsext_quic_transport_data[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, }; static int -test_tlsext_ocsp_client(void) +test_tlsext_quic_transport_parameters_client(void) { + const SSL_QUIC_METHOD quic_method; unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; - size_t dlen; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; int failure; - int alert; + size_t dlen; CBB cbb; CBS cbs; + int alert; + const uint8_t *out_bytes; + size_t out_bytes_len; failure = 1; - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_ocsp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { - FAIL("client should not need ocsp\n"); + if (!tls_extension_funcs(TLSEXT_TYPE_quic_transport_parameters, + &client_funcs, &server_funcs)) + errx(1, "failed to fetch quic transport parameter funcs"); + + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { + FAIL("client should not need QUIC\n"); goto err; } - SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp); - if (!tlsext_ocsp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { - FAIL("client should need ocsp\n"); + if (!SSL_set_quic_transport_params(ssl, + TEST_QUIC_TRANSPORT_DATA, strlen(TEST_QUIC_TRANSPORT_DATA))) { + FAIL("client failed to set QUIC parametes\n"); goto err; } - if (!tlsext_ocsp_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { - FAIL("client failed to build SNI\n"); + + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { + FAIL("client should not need QUIC\n"); goto err; } - if (!CBB_finish(&cbb, &data, &dlen)) - errx(1, "failed to finish CBB"); - if (dlen != sizeof(tls_ocsp_client_default)) { - FAIL("got ocsp client with length %zu, " + ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; + ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION; + + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { + FAIL("client should not need QUIC\n"); + goto err; + } + + ssl->quic_method = &quic_method; + + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { + FAIL("client should need QUIC\n"); + goto err; + } + + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + FAIL("client failed to build QUIC\n"); + goto err; + } + + if (!CBB_finish(&cbb, &data, &dlen)) { + FAIL("failed to finish CBB"); + goto err; + } + + if (dlen != sizeof(tlsext_quic_transport_data)) { + FAIL("got client QUIC with length %zu, " "want length %zu\n", dlen, - sizeof(tls_ocsp_client_default)); + sizeof(tlsext_quic_transport_data)); goto err; } - if (memcmp(data, tls_ocsp_client_default, dlen) != 0) { - FAIL("ocsp client differs:\n"); + + if (memcmp(data, tlsext_quic_transport_data, dlen) != 0) { + FAIL("client QUIC differs:\n"); fprintf(stderr, "received:\n"); hexdump(data, dlen); fprintf(stderr, "test data:\n"); - hexdump(tls_ocsp_client_default, - sizeof(tls_ocsp_client_default)); + hexdump(tlsext_quic_transport_data, + sizeof(tlsext_quic_transport_data)); goto err; } - CBS_init(&cbs, tls_ocsp_client_default, - sizeof(tls_ocsp_client_default)); - if (!tlsext_ocsp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { - FAIL("failed to parse ocsp client\n"); + + CBS_init(&cbs, tlsext_quic_transport_data, + sizeof(tlsext_quic_transport_data)); + + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + FAIL("server_parse of QUIC from server failed\n"); goto err; } if (CBS_len(&cbs) != 0) { @@ -1943,6 +2138,26 @@ test_tlsext_ocsp_client(void) goto err; } + SSL_get_peer_quic_transport_params(ssl, &out_bytes, &out_bytes_len); + + if (out_bytes_len != strlen(TEST_QUIC_TRANSPORT_DATA)) { + FAIL("server_parse QUIC length differs, got %zu want %zu\n", + out_bytes_len, + sizeof(tlsext_quic_transport_data)); + goto err; + } + + if (memcmp(out_bytes, TEST_QUIC_TRANSPORT_DATA, + out_bytes_len) != 0) { + FAIL("server_parse QUIC differs from sent:\n"); + fprintf(stderr, "received:\n"); + hexdump(data, dlen); + fprintf(stderr, "test data:\n"); + hexdump(tlsext_quic_transport_data, + sizeof(tlsext_quic_transport_data)); + goto err; + } + failure = 0; err: @@ -1955,43 +2170,123 @@ test_tlsext_ocsp_client(void) } static int -test_tlsext_ocsp_server(void) +test_tlsext_quic_transport_parameters_server(void) { + const SSL_QUIC_METHOD quic_method; unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; - size_t dlen; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; int failure; + size_t dlen; + int alert; CBB cbb; + CBS cbs; + const uint8_t *out_bytes; + size_t out_bytes_len; failure = 1; - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); - if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) + if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_ocsp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { - FAIL("server should not need ocsp\n"); + if (!tls_extension_funcs(TLSEXT_TYPE_quic_transport_parameters, + &client_funcs, &server_funcs)) + errx(1, "failed to fetch quic transport parameter funcs"); + + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { + FAIL("server should not need QUIC\n"); goto err; } - ssl->internal->tlsext_status_expected = 1; + if (!SSL_set_quic_transport_params(ssl, + TEST_QUIC_TRANSPORT_DATA, strlen(TEST_QUIC_TRANSPORT_DATA))) { + FAIL("server failed to set QUIC parametes\n"); + goto err; + } + + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_EE)) { + FAIL("server should not need QUIC\n"); + goto err; + } + + ssl->quic_method = &quic_method; - if (!tlsext_ocsp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { - FAIL("server should need ocsp\n"); + if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_EE)) { + FAIL("server should need QUIC\n"); goto err; } - if (!tlsext_ocsp_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { - FAIL("server failed to build ocsp\n"); + + if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_EE, &cbb)) { + FAIL("server failed to build QUIC\n"); goto err; } if (!CBB_finish(&cbb, &data, &dlen)) errx(1, "failed to finish CBB"); + if (dlen != sizeof(tlsext_quic_transport_data)) { + FAIL("got server QUIC with length %zu, want length %zu\n", + dlen, sizeof(tlsext_quic_transport_data)); + goto err; + } + + if (memcmp(data, tlsext_quic_transport_data, dlen) != 0) { + FAIL("saved server QUIC differs:\n"); + fprintf(stderr, "received:\n"); + hexdump(data, dlen); + fprintf(stderr, "test data:\n"); + hexdump(tlsext_quic_transport_data, + sizeof(tlsext_quic_transport_data)); + goto err; + } + + CBS_init(&cbs, tlsext_quic_transport_data, + sizeof(tlsext_quic_transport_data)); + + ssl->quic_method = NULL; + + if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_EE, &cbs, &alert)) { + FAIL("QUIC parse should have failed!\n"); + goto err; + } + + ssl->quic_method = &quic_method; + + if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + FAIL("client_parse of QUIC from server failed\n"); + goto err; + } + if (CBS_len(&cbs) != 0) { + FAIL("extension data remaining\n"); + goto err; + } + + SSL_get_peer_quic_transport_params(ssl, &out_bytes, &out_bytes_len); + + if (out_bytes_len != strlen(TEST_QUIC_TRANSPORT_DATA)) { + FAIL("client QUIC length differs, got %zu want %zu\n", + out_bytes_len, + sizeof(tlsext_quic_transport_data)); + goto err; + } + + if (memcmp(out_bytes, TEST_QUIC_TRANSPORT_DATA, out_bytes_len) != 0) { + FAIL("client QUIC differs from sent:\n"); + fprintf(stderr, "received:\n"); + hexdump(data, dlen); + fprintf(stderr, "test data:\n"); + hexdump(tlsext_quic_transport_data, + sizeof(tlsext_quic_transport_data)); + goto err; + } + failure = 0; err: @@ -2003,96 +2298,246 @@ test_tlsext_ocsp_server(void) return (failure); } -/* - * Session ticket - RFC 5077 since no known implementations use 4507. - * - * Session tickets can be length 0 (special case) to 2^16-1. - * - * The state is encrypted by the server so it is opaque to the client. - */ -static uint8_t tlsext_sessionticket_hello_min[1]; -static uint8_t tlsext_sessionticket_hello_max[65535]; +static unsigned char tls_ocsp_client_default[] = { + 0x01, 0x00, 0x00, 0x00, 0x00 +}; static int -test_tlsext_sessionticket_client(void) +test_tlsext_ocsp_client(void) { unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; + size_t dlen; int failure; + int alert; CBB cbb; - size_t dlen; - uint8_t dummy[1234]; + CBS cbs; failure = 1; - CBB_init(&cbb, 0); - - /* Create fake session tickets with random data. */ - arc4random_buf(tlsext_sessionticket_hello_min, - sizeof(tlsext_sessionticket_hello_min)); - arc4random_buf(tlsext_sessionticket_hello_max, - sizeof(tlsext_sessionticket_hello_max)); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - /* Should need a ticket by default. */ - if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { - FAIL("client should need Sessionticket for default " - "ciphers\n"); - goto err; - } + if (!tls_extension_funcs(TLSEXT_TYPE_status_request, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch ocsp funcs"); - /* Test disabling tickets. */ - if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) { - FAIL("Cannot disable tickets in the TLS connection\n"); - return 0; - } - if (tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { - FAIL("client should not need SessionTicket if it was disabled\n"); + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { + FAIL("client should not need TLSEXT_TYPE_status_request\n"); goto err; } + SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp); - /* Test re-enabling tickets. */ - if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) { - FAIL("Cannot re-enable tickets in the TLS connection\n"); - return 0; - } - if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { - FAIL("client should need SessionTicket if it was disabled\n"); + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { + FAIL("client should need TLSEXT_TYPE_status_request\n"); goto err; } - - /* Since we don't have a session, we should build an empty ticket. */ - if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { - FAIL("Cannot build a ticket\n"); + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + FAIL("client failed to build SNI\n"); goto err; } - if (!CBB_finish(&cbb, &data, &dlen)) { - FAIL("Cannot finish CBB\n"); + if (!CBB_finish(&cbb, &data, &dlen)) + errx(1, "failed to finish CBB"); + + if (dlen != sizeof(tls_ocsp_client_default)) { + FAIL("got TLSEXT_TYPE_status_request client with length %zu, " + "want length %zu\n", dlen, + sizeof(tls_ocsp_client_default)); goto err; } - if (dlen != 0) { + if (memcmp(data, tls_ocsp_client_default, dlen) != 0) { + FAIL("TLSEXT_TYPE_status_request client differs:\n"); + fprintf(stderr, "received:\n"); + hexdump(data, dlen); + fprintf(stderr, "test data:\n"); + hexdump(tls_ocsp_client_default, + sizeof(tls_ocsp_client_default)); + goto err; + } + CBS_init(&cbs, tls_ocsp_client_default, + sizeof(tls_ocsp_client_default)); + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + FAIL("failed to parse TLSEXT_TYPE_status_request client\n"); + goto err; + } + if (CBS_len(&cbs) != 0) { + FAIL("extension data remaining\n"); + goto err; + } + + failure = 0; + + err: + CBB_cleanup(&cbb); + SSL_CTX_free(ssl_ctx); + SSL_free(ssl); + free(data); + + return (failure); +} + +static int +test_tlsext_ocsp_server(void) +{ + unsigned char *data = NULL; + SSL_CTX *ssl_ctx = NULL; + SSL *ssl = NULL; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; + size_t dlen; + int failure; + CBB cbb; + + failure = 1; + + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); + + if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) + errx(1, "failed to create SSL_CTX"); + if ((ssl = SSL_new(ssl_ctx)) == NULL) + errx(1, "failed to create SSL"); + + if (!tls_extension_funcs(TLSEXT_TYPE_status_request, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch ocsp funcs"); + + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { + FAIL("server should not need TLSEXT_TYPE_status_request\n"); + goto err; + } + + ssl->internal->tlsext_status_expected = 1; + + if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { + FAIL("server should need TLSEXT_TYPE_status_request\n"); + goto err; + } + if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + FAIL("server failed to build TLSEXT_TYPE_status_request\n"); + goto err; + } + + if (!CBB_finish(&cbb, &data, &dlen)) + errx(1, "failed to finish CBB"); + + failure = 0; + + err: + CBB_cleanup(&cbb); + SSL_CTX_free(ssl_ctx); + SSL_free(ssl); + free(data); + + return (failure); +} + +/* + * Session ticket - RFC 5077 since no known implementations use 4507. + * + * Session tickets can be length 0 (special case) to 2^16-1. + * + * The state is encrypted by the server so it is opaque to the client. + */ +static uint8_t tlsext_sessionticket_hello_min[1]; +static uint8_t tlsext_sessionticket_hello_max[65535]; + +static int +test_tlsext_sessionticket_client(void) +{ + unsigned char *data = NULL; + SSL_CTX *ssl_ctx = NULL; + SSL *ssl = NULL; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; + int failure; + CBB cbb; + size_t dlen; + uint8_t dummy[1234]; + + failure = 1; + + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); + + /* Create fake session tickets with random data. */ + arc4random_buf(tlsext_sessionticket_hello_min, + sizeof(tlsext_sessionticket_hello_min)); + arc4random_buf(tlsext_sessionticket_hello_max, + sizeof(tlsext_sessionticket_hello_max)); + + if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) + errx(1, "failed to create SSL_CTX"); + if ((ssl = SSL_new(ssl_ctx)) == NULL) + errx(1, "failed to create SSL"); + + if (!tls_extension_funcs(TLSEXT_TYPE_session_ticket, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch session ticket funcs"); + + /* Should need a ticket by default. */ + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { + FAIL("client should need Sessionticket for default " + "ciphers\n"); + goto err; + } + + /* Test disabling tickets. */ + if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) { + FAIL("Cannot disable tickets in the TLS connection\n"); + goto err; + } + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { + FAIL("client should not need SessionTicket if it was disabled\n"); + goto err; + } + + /* Test re-enabling tickets. */ + if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) { + FAIL("Cannot re-enable tickets in the TLS connection\n"); + goto err; + } + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { + FAIL("client should need SessionTicket if it was disabled\n"); + goto err; + } + + /* Since we don't have a session, we should build an empty ticket. */ + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + FAIL("Cannot build a ticket\n"); + goto err; + } + if (!CBB_finish(&cbb, &data, &dlen)) { + FAIL("Cannot finish CBB\n"); + goto err; + } + if (dlen != 0) { FAIL("Expected 0 length but found %zu\n", dlen); goto err; } CBB_cleanup(&cbb); - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); free(data); data = NULL; /* With a new session (but no ticket), we should still have 0 length */ if ((ssl->session = SSL_SESSION_new()) == NULL) errx(1, "failed to create session"); - if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("Should still want a session ticket with a new session\n"); goto err; } - if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("Cannot build a ticket\n"); goto err; } @@ -2106,7 +2551,8 @@ test_tlsext_sessionticket_client(void) } CBB_cleanup(&cbb); - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); free(data); data = NULL; @@ -2122,11 +2568,11 @@ test_tlsext_sessionticket_client(void) memcpy(ssl->session->tlsext_tick, dummy, sizeof(dummy)); ssl->session->tlsext_ticklen = sizeof(dummy); - if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("Should still want a session ticket with a new session\n"); goto err; } - if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("Cannot build a ticket\n"); goto err; } @@ -2146,7 +2592,8 @@ test_tlsext_sessionticket_client(void) } CBB_cleanup(&cbb); - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); free(data); data = NULL; free(ssl->session->tlsext_tick); @@ -2162,7 +2609,7 @@ test_tlsext_sessionticket_client(void) goto err; } /* Should not need a ticket in this case */ - if (tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("Should not want to use session tickets with a NULL custom\n"); goto err; } @@ -2174,7 +2621,7 @@ test_tlsext_sessionticket_client(void) free(ssl->internal->tlsext_session_ticket); ssl->internal->tlsext_session_ticket = NULL; - if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("Should need a session ticket again when the custom one is removed\n"); goto err; } @@ -2185,11 +2632,11 @@ test_tlsext_sessionticket_client(void) FAIL("Should be able to set a custom ticket\n"); goto err; } - if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("Should need a session ticket again when the custom one is not empty\n"); goto err; } - if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("Cannot build a ticket with a max length random payload\n"); goto err; } @@ -2228,25 +2675,32 @@ test_tlsext_sessionticket_server(void) { SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; int failure; - uint8_t *data; + uint8_t *data = NULL; size_t dlen; CBB cbb; - CBB_init(&cbb, 0); - failure = 1; + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); + if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); + if (!tls_extension_funcs(TLSEXT_TYPE_session_ticket, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch session ticket funcs"); + /* * By default, should not need a session ticket since the ticket * is not yet expected. */ - if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need SessionTicket by default\n"); goto err; } @@ -2254,9 +2708,9 @@ test_tlsext_sessionticket_server(void) /* Test disabling tickets. */ if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) { FAIL("Cannot disable tickets in the TLS connection\n"); - return 0; + goto err; } - if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need SessionTicket if it was disabled\n"); goto err; } @@ -2264,22 +2718,22 @@ test_tlsext_sessionticket_server(void) /* Test re-enabling tickets. */ if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) { FAIL("Cannot re-enable tickets in the TLS connection\n"); - return 0; + goto err; } - if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need SessionTicket yet\n"); goto err; } /* Set expected to require it. */ ssl->internal->tlsext_ticket_expected = 1; - if (!tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should now be required for SessionTicket\n"); goto err; } /* server hello's session ticket should always be 0 length payload. */ - if (!tlsext_sessionticket_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("Cannot build a ticket with a max length random payload\n"); goto err; } @@ -2295,8 +2749,10 @@ test_tlsext_sessionticket_server(void) failure = 0; err: + CBB_cleanup(&cbb); SSL_CTX_free(ssl_ctx); SSL_free(ssl); + free(data); return (failure); } @@ -2357,24 +2813,31 @@ test_tlsext_srtp_client(void) SRTP_PROTECTION_PROFILE *prof; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; uint8_t *data = NULL; CBB cbb; CBS cbs; int failure, alert; size_t dlen; - CBB_init(&cbb, 0); - failure = 1; + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); + /* SRTP is for DTLS */ if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); + if (!tls_extension_funcs(TLSEXT_TYPE_use_srtp, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch srtp funcs"); + /* By default, we don't need this */ - if (tlsext_srtp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need SRTP by default\n"); goto err; } @@ -2383,14 +2846,14 @@ test_tlsext_srtp_client(void) FAIL("should be able to set a single SRTP\n"); goto err; } - if (!tlsext_srtp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need SRTP\n"); goto err; } /* Make sure we can build the client with a single profile. */ - if (!tlsext_srtp_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build SRTP\n"); goto err; } @@ -2413,7 +2876,8 @@ test_tlsext_srtp_client(void) } CBB_cleanup(&cbb); - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); free(data); data = NULL; @@ -2425,7 +2889,7 @@ test_tlsext_srtp_client(void) } CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single)); - if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse SRTP\n"); goto err; } @@ -2443,7 +2907,7 @@ test_tlsext_srtp_client(void) goto err; } - if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("should send server extension when profile selected\n"); goto err; } @@ -2454,12 +2918,12 @@ test_tlsext_srtp_client(void) FAIL("should be able to set SRTP to multiple profiles\n"); goto err; } - if (!tlsext_srtp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need SRTP by now\n"); goto err; } - if (!tlsext_srtp_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build SRTP\n"); goto err; } @@ -2482,7 +2946,8 @@ test_tlsext_srtp_client(void) } CBB_cleanup(&cbb); - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); free(data); data = NULL; @@ -2492,7 +2957,7 @@ test_tlsext_srtp_client(void) CBS_init(&cbs, tlsext_srtp_multiple, sizeof(tlsext_srtp_multiple)); - if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse SRTP\n"); goto err; } @@ -2510,7 +2975,7 @@ test_tlsext_srtp_client(void) goto err; } - if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("should send server extension when profile selected\n"); goto err; } @@ -2523,7 +2988,7 @@ test_tlsext_srtp_client(void) CBS_init(&cbs, tlsext_srtp_multiple_one_valid, sizeof(tlsext_srtp_multiple_one_valid)); - if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse SRTP\n"); goto err; } @@ -2541,7 +3006,7 @@ test_tlsext_srtp_client(void) goto err; } - if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("should send server extension when profile selected\n"); goto err; } @@ -2552,7 +3017,7 @@ test_tlsext_srtp_client(void) CBS_init(&cbs, tlsext_srtp_multiple_invalid, sizeof(tlsext_srtp_multiple_invalid)); - if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("should be able to fall back to negotiated\n"); goto err; } @@ -2566,7 +3031,7 @@ test_tlsext_srtp_client(void) FAIL("should not have selected a profile when none found\n"); goto err; } - if (tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("should not send server tlsext when no profile found\n"); goto err; } @@ -2588,24 +3053,31 @@ test_tlsext_srtp_server(void) const SRTP_PROTECTION_PROFILE *prof; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; uint8_t *data = NULL; CBB cbb; CBS cbs; int failure, alert; size_t dlen; - CBB_init(&cbb, 0); - failure = 1; + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); + /* SRTP is for DTLS */ if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); + if (!tls_extension_funcs(TLSEXT_TYPE_use_srtp, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch srtp funcs"); + /* By default, we don't need this */ - if (tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need SRTP by default\n"); goto err; } @@ -2616,14 +3088,14 @@ test_tlsext_srtp_server(void) goto err; } ssl->internal->srtp_profile = prof; - if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should need SRTP by now\n"); goto err; } /* Make sure we can build the server with a single profile. */ - if (!tlsext_srtp_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server failed to build SRTP\n"); goto err; } @@ -2646,7 +3118,8 @@ test_tlsext_srtp_server(void) } CBB_cleanup(&cbb); - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); free(data); data = NULL; @@ -2665,7 +3138,7 @@ test_tlsext_srtp_server(void) } CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single)); - if (!tlsext_srtp_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("failed to parse SRTP\n"); goto err; } @@ -2688,7 +3161,7 @@ test_tlsext_srtp_server(void) CBS_init(&cbs, tlsext_srtp_multiple, sizeof(tlsext_srtp_multiple)); - if (tlsext_srtp_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("should not find multiple entries from the server\n"); goto err; } @@ -2698,7 +3171,7 @@ test_tlsext_srtp_server(void) CBS_init(&cbs, tlsext_srtp_single_invalid, sizeof(tlsext_srtp_single_invalid)); - if (tlsext_srtp_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("should not be able to parse this\n"); goto err; } @@ -2736,6 +3209,8 @@ test_tlsext_clienthello_build(void) unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; size_t dlen; int failure; CBB cbb; @@ -2745,20 +3220,31 @@ test_tlsext_clienthello_build(void) if (!CBB_init(&cbb, 0)) errx(1, "failed to create CBB"); - if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) - errx(1, "failed to create SSL_CTX"); - if ((ssl = SSL_new(ssl_ctx)) == NULL) - errx(1, "failed to create SSL"); + if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) { + FAIL("failed to create SSL_CTX"); + goto err; + } + + if ((ssl = SSL_new(ssl_ctx)) == NULL) { + FAIL("failed to create SSL"); + goto err; + } + + if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch supported versions funcs"); - S3I(ssl)->hs.our_min_tls_version = TLS1_VERSION; - S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; + ssl->s3->hs.our_min_tls_version = TLS1_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("failed to build clienthello extensions\n"); goto err; } - if (!CBB_finish(&cbb, &data, &dlen)) - errx(1, "failed to finish CBB"); + if (!CBB_finish(&cbb, &data, &dlen)) { + FAIL("failed to finish CBB"); + goto err; + } if (dlen != sizeof(tlsext_clienthello_default)) { FAIL("got clienthello extensions with length %zu, " @@ -2775,26 +3261,31 @@ test_tlsext_clienthello_build(void) goto err; } + free(data); + data = NULL; CBB_cleanup(&cbb); - CBB_init(&cbb, 0); + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); /* Switch to TLSv1.1, disable EC ciphers and session tickets. */ - S3I(ssl)->hs.our_max_tls_version = TLS1_1_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION; if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) { FAIL("failed to set cipher list\n"); goto err; } if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) { FAIL("failed to disable session tickets\n"); - return 0; + goto err; } if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("failed to build clienthello extensions\n"); goto err; } - if (!CBB_finish(&cbb, &data, &dlen)) - errx(1, "failed to finish CBB"); + if (!CBB_finish(&cbb, &data, &dlen)) { + FAIL("failed to finish CBB"); + goto err; + } if (dlen != sizeof_tlsext_clienthello_disabled) { FAIL("got clienthello extensions with length %zu, " @@ -2847,24 +3338,32 @@ test_tlsext_serverhello_build(void) if (!CBB_init(&cbb, 0)) errx(1, "failed to create CBB"); - if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) - errx(1, "failed to create SSL_CTX"); - if ((ssl = SSL_new(ssl_ctx)) == NULL) - errx(1, "failed to create SSL"); - if ((ssl->session = SSL_SESSION_new()) == NULL) - errx(1, "failed to create session"); + if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) { + FAIL("failed to create SSL_CTX"); + goto err; + } + if ((ssl = SSL_new(ssl_ctx)) == NULL) { + FAIL("failed to create SSL"); + goto err; + } + if ((ssl->session = SSL_SESSION_new()) == NULL) { + FAIL("failed to create session"); + goto err; + } - S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; - S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION; - S3I(ssl)->hs.cipher = + ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; + ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION; + ssl->s3->hs.cipher = ssl3_get_cipher_by_id(TLS1_CK_RSA_WITH_AES_128_SHA256); if (!tlsext_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("failed to build serverhello extensions\n"); goto err; } - if (!CBB_finish(&cbb, &data, &dlen)) - errx(1, "failed to finish CBB"); + if (!CBB_finish(&cbb, &data, &dlen)) { + FAIL("failed to finish CBB"); + goto err; + } if (dlen != sizeof(tlsext_serverhello_default)) { FAIL("got serverhello extensions with length %zu, " @@ -2882,26 +3381,33 @@ test_tlsext_serverhello_build(void) } CBB_cleanup(&cbb); - CBB_init(&cbb, 0); + free(data); + data = NULL; + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); /* Turn a few things on so we get extensions... */ - S3I(ssl)->send_connection_binding = 1; - S3I(ssl)->hs.cipher = + ssl->s3->send_connection_binding = 1; + ssl->s3->hs.cipher = ssl3_get_cipher_by_id(TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256); ssl->internal->tlsext_status_expected = 1; ssl->internal->tlsext_ticket_expected = 1; - if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(1)) == NULL) - errx(1, "malloc failed"); - SSI(ssl)->tlsext_ecpointformatlist_length = 1; - SSI(ssl)->tlsext_ecpointformatlist[0] = + if ((ssl->session->tlsext_ecpointformatlist = malloc(1)) == NULL) { + FAIL("malloc failed"); + goto err; + } + ssl->session->tlsext_ecpointformatlist_length = 1; + ssl->session->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; if (!tlsext_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("failed to build serverhello extensions\n"); goto err; } - if (!CBB_finish(&cbb, &data, &dlen)) - errx(1, "failed to finish CBB"); + if (!CBB_finish(&cbb, &data, &dlen)) { + FAIL("failed to finish CBB"); + goto err; + } if (dlen != sizeof(tlsext_serverhello_enabled)) { FAIL("got serverhello extensions with length %zu, " @@ -2944,76 +3450,80 @@ test_tlsext_versions_client(void) unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; - int failure = 0; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; + int failure; size_t dlen; int alert; CBB cbb; CBS cbs; - CBB_init(&cbb, 0); + failure = 1; + + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - S3I(ssl)->hs.our_max_tls_version = TLS1_1_VERSION; + if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch supported versions funcs"); + + ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION; - if (tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need versions\n"); - failure = 1; goto done; } - S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; - if (tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need versions\n"); - failure = 1; goto done; } - S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; - if (!tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need versions\n"); - failure = 1; goto done; } - S3I(ssl)->hs.our_min_tls_version = TLS1_VERSION; - S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; + ssl->s3->hs.our_min_tls_version = TLS1_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; - if (!tlsext_versions_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client should have built versions\n"); - failure = 1; goto done; } if (!CBB_finish(&cbb, &data, &dlen)) { FAIL("failed to finish CBB\n"); - failure = 1; goto done; } if (dlen != sizeof(tlsext_versions_client)) { FAIL("got versions with length %zu, " "want length %zu\n", dlen, sizeof(tlsext_versions_client)); - failure = 1; goto done; } CBS_init(&cbs, data, dlen); - if (!tlsext_versions_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse client versions\n"); - failure = 1; goto done; } if (CBS_len(&cbs) != 0) { FAIL("extension data remaining\n"); - failure = 1; goto done; } + + failure = 0; + done: CBB_cleanup(&cbb); SSL_CTX_free(ssl_ctx); @@ -3023,72 +3533,76 @@ test_tlsext_versions_client(void) return (failure); } - static int test_tlsext_versions_server(void) { unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; - int failure = 0; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; + int failure; size_t dlen; int alert; CBB cbb; CBS cbs; - CBB_init(&cbb, 0); + failure = 1; + + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - S3I(ssl)->hs.negotiated_tls_version = TLS1_2_VERSION; + if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch supported versions funcs"); - if (tlsext_versions_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + ssl->s3->hs.negotiated_tls_version = TLS1_2_VERSION; + + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need versions\n"); - failure = 1; goto done; } - S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION; + ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION; - if (!tlsext_versions_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should need versions\n"); - failure = 1; goto done; } - if (!tlsext_versions_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server should have built versions\n"); - failure = 1; goto done; } if (!CBB_finish(&cbb, &data, &dlen)) { FAIL("failed to finish CBB\n"); - failure = 1; goto done; } if (dlen != sizeof(tlsext_versions_server)) { FAIL("got versions with length %zu, " "want length %zu\n", dlen, sizeof(tlsext_versions_server)); - failure = 1; goto done; } CBS_init(&cbs, data, dlen); - if (!tlsext_versions_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("failed to parse client versions\n"); - failure = 1; goto done; } if (CBS_len(&cbs) != 0) { FAIL("extension data remaining\n"); - failure = 1; goto done; } + + failure = 0; + done: CBB_cleanup(&cbb); SSL_CTX_free(ssl_ctx); @@ -3120,74 +3634,77 @@ test_tlsext_keyshare_client(void) unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; - int failure = 0; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; + int failure; size_t dlen; int alert; CBB cbb; CBS cbs; - CBB_init(&cbb, 0); + failure = 1; + + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if ((S3I(ssl)->hs.tls13.key_share = - tls13_key_share_new_nid(NID_X25519)) == NULL) + if (!tls_extension_funcs(TLSEXT_TYPE_key_share, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch keyshare funcs"); + + if ((ssl->s3->hs.key_share = + tls_key_share_new_nid(NID_X25519)) == NULL) errx(1, "failed to create key share"); - if (!tls13_key_share_generate(S3I(ssl)->hs.tls13.key_share)) + if (!tls_key_share_generate(ssl->s3->hs.key_share)) errx(1, "failed to generate key share"); - S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; - if (tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need keyshare\n"); - failure = 1; goto done; } - S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; - if (!tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need keyshare\n"); - failure = 1; goto done; } - S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; - if (!tlsext_keyshare_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client should have built keyshare\n"); - failure = 1; goto done; } if (!CBB_finish(&cbb, &data, &dlen)) { FAIL("failed to finish CBB\n"); - failure = 1; goto done; } if (dlen != sizeof(tlsext_keyshare_client)) { FAIL("got client keyshare with length %zu, " "want length %zu\n", dlen, (size_t) sizeof(tlsext_keyshare_client)); - failure = 1; goto done; } (ssl)->version = TLS1_3_VERSION; CBS_init(&cbs, data, dlen); - if (!tlsext_keyshare_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse client keyshare\n"); - failure = 1; goto done; } if (CBS_len(&cbs) != 0) { FAIL("extension data remaining\n"); - failure = 1; goto done; } + failure = 0; done: CBB_cleanup(&cbb); @@ -3198,117 +3715,131 @@ test_tlsext_keyshare_client(void) return (failure); } +static const uint8_t bogokey[] = { + 0xe5, 0xe8, 0x5a, 0xb9, 0x7e, 0x12, 0x62, 0xe3, + 0xd8, 0x7f, 0x6e, 0x3c, 0xec, 0xa6, 0x8b, 0x99, + 0x45, 0x77, 0x8e, 0x11, 0xb3, 0xb9, 0x12, 0xb6, + 0xbe, 0x35, 0xca, 0x51, 0x76, 0x1e, 0xe8, 0x22, +}; + static int test_tlsext_keyshare_server(void) { unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; - int failure = 0; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; + int decode_error; + int failure; size_t dlen, idx; int alert; CBB cbb; CBS cbs; - uint8_t bogokey[] = { - 0xe5, 0xe8, 0x5a, 0xb9, 0x7e, 0x12, 0x62, 0xe3, - 0xd8, 0x7f, 0x6e, 0x3c, 0xec, 0xa6, 0x8b, 0x99, - 0x45, 0x77, 0x8e, 0x11, 0xb3, 0xb9, 0x12, 0xb6, - 0xbe, 0x35, 0xca, 0x51, 0x76, 0x1e, 0xe8, 0x22, - }; - CBB_init(&cbb, 0); + failure = 1; + + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - S3I(ssl)->hs.negotiated_tls_version = TLS1_2_VERSION; - if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!tls_extension_funcs(TLSEXT_TYPE_key_share, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch keyshare funcs"); + + ssl->s3->hs.negotiated_tls_version = TLS1_2_VERSION; + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need keyshare\n"); - failure = 1; goto done; } - S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION; - if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION; + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("client should not need keyshare\n"); - failure = 1; goto done; } if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL) { FAIL("failed to find keyshare extension\n"); - failure = 1; goto done; } - S3I(ssl)->hs.extensions_seen |= (1 << idx); + ssl->s3->hs.extensions_seen |= (1 << idx); - if (!tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should need keyshare\n"); - failure = 1; goto done; } - if (tlsext_keyshare_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server should not have built a keyshare response\n"); - failure = 1; goto done; } - if ((S3I(ssl)->hs.tls13.key_share = - tls13_key_share_new_nid(NID_X25519)) == NULL) - errx(1, "failed to create key share"); - if (!tls13_key_share_generate(S3I(ssl)->hs.tls13.key_share)) - errx(1, "failed to generate key share"); + if ((ssl->s3->hs.key_share = + tls_key_share_new_nid(NID_X25519)) == NULL) { + FAIL("failed to create key share"); + goto done; + } + + if (!tls_key_share_generate(ssl->s3->hs.key_share)) { + FAIL("failed to generate key share"); + goto done; + } CBS_init(&cbs, bogokey, sizeof(bogokey)); - if (!tls13_key_share_peer_public(S3I(ssl)->hs.tls13.key_share, - 0x001d, &cbs)) { + + if (!tls_key_share_peer_public(ssl->s3->hs.key_share, &cbs, + &decode_error, NULL)) { FAIL("failed to load peer public key\n"); - failure = 1; goto done; } - if (!tlsext_keyshare_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server should be able to build a keyshare response\n"); - failure = 1; goto done; } if (!CBB_finish(&cbb, &data, &dlen)) { FAIL("failed to finish CBB\n"); - failure = 1; goto done; } if (dlen != sizeof(tlsext_keyshare_server)) { FAIL("got server keyshare with length %zu, " "want length %zu\n", dlen, sizeof(tlsext_keyshare_server)); - failure = 1; goto done; } - if ((S3I(ssl)->hs.tls13.key_share = - tls13_key_share_new_nid(NID_X25519)) == NULL) - errx(1, "failed to create key share"); - if (!tls13_key_share_generate(S3I(ssl)->hs.tls13.key_share)) - errx(1, "failed to generate key share"); + tls_key_share_free(ssl->s3->hs.key_share); + + if ((ssl->s3->hs.key_share = + tls_key_share_new_nid(NID_X25519)) == NULL) { + FAIL("failed to create key share"); + goto done; + } + if (!tls_key_share_generate(ssl->s3->hs.key_share)) { + FAIL("failed to generate key share"); + goto done; + } CBS_init(&cbs, data, dlen); - if (!tlsext_keyshare_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("failed to parse server keyshare\n"); - failure = 1; goto done; } if (CBS_len(&cbs) != 0) { FAIL("extension data remaining\n"); - failure = 1; goto done; } + failure = 0; + done: CBB_cleanup(&cbb); SSL_CTX_free(ssl_ctx); @@ -3333,53 +3864,57 @@ test_tlsext_cookie_client(void) unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; - int failure = 0; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; + int failure; size_t dlen; int alert; CBB cbb; CBS cbs; - CBB_init(&cbb, 0); + failure = 1; + + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; - if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_funcs(TLSEXT_TYPE_cookie, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch cookie funcs"); + + ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need cookie\n"); - failure = 1; goto done; } - S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; - if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need cookie\n"); - failure = 1; goto done; } /* Normally would be set by receiving a server cookie in an HRR */ - S3I(ssl)->hs.tls13.cookie = strdup(cookie); - S3I(ssl)->hs.tls13.cookie_len = strlen(cookie); + ssl->s3->hs.tls13.cookie = strdup(cookie); + ssl->s3->hs.tls13.cookie_len = strlen(cookie); - if (!tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need cookie\n"); - failure = 1; goto done; } - if (!tlsext_cookie_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client should have built a cookie response\n"); - failure = 1; goto done; } if (!CBB_finish(&cbb, &data, &dlen)) { FAIL("failed to finish CBB\n"); - failure = 1; goto done; } @@ -3387,25 +3922,24 @@ test_tlsext_cookie_client(void) FAIL("got cookie with length %zu, " "want length %zu\n", dlen, strlen(cookie) + sizeof(uint16_t)); - failure = 1; goto done; } CBS_init(&cbs, data, dlen); /* Checks cookie against what's in the hs.tls13 */ - if (!tlsext_cookie_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse client cookie\n"); - failure = 1; goto done; } if (CBS_len(&cbs) != 0) { FAIL("extension data remaining\n"); - failure = 1; goto done; } + failure = 0; + done: CBB_cleanup(&cbb); SSL_CTX_free(ssl_ctx); @@ -3421,52 +3955,56 @@ test_tlsext_cookie_server(void) unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; - int failure = 0; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; + int failure; size_t dlen; int alert; CBB cbb; CBS cbs; - CBB_init(&cbb, 0); + failure = 1; + + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; - if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!tls_extension_funcs(TLSEXT_TYPE_cookie, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch cookie funcs"); + + ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need cookie\n"); - failure = 1; goto done; } - S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; - if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need cookie\n"); - failure = 1; goto done; } /* Normally would be set by server before sending HRR */ - S3I(ssl)->hs.tls13.cookie = strdup(cookie); - S3I(ssl)->hs.tls13.cookie_len = strlen(cookie); + ssl->s3->hs.tls13.cookie = strdup(cookie); + ssl->s3->hs.tls13.cookie_len = strlen(cookie); - if (!tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_HRR)) { + if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_HRR)) { FAIL("server should need cookie\n"); - failure = 1; goto done; } - if (!tlsext_cookie_server_build(ssl, SSL_TLSEXT_MSG_HRR, &cbb)) { + if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_HRR, &cbb)) { FAIL("server should have built a cookie response\n"); - failure = 1; goto done; } if (!CBB_finish(&cbb, &data, &dlen)) { FAIL("failed to finish CBB\n"); - failure = 1; goto done; } @@ -3474,41 +4012,38 @@ test_tlsext_cookie_server(void) FAIL("got cookie with length %zu, " "want length %zu\n", dlen, strlen(cookie) + sizeof(uint16_t)); - failure = 1; goto done; } CBS_init(&cbs, data, dlen); - if (tlsext_cookie_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("client should not have parsed server cookie\n"); - failure = 1; goto done; } - freezero(S3I(ssl)->hs.tls13.cookie, S3I(ssl)->hs.tls13.cookie_len); - S3I(ssl)->hs.tls13.cookie = NULL; - S3I(ssl)->hs.tls13.cookie_len = 0; + freezero(ssl->s3->hs.tls13.cookie, ssl->s3->hs.tls13.cookie_len); + ssl->s3->hs.tls13.cookie = NULL; + ssl->s3->hs.tls13.cookie_len = 0; - if (!tlsext_cookie_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("failed to parse server cookie\n"); - failure = 1; goto done; } - if (memcmp(cookie, S3I(ssl)->hs.tls13.cookie, - S3I(ssl)->hs.tls13.cookie_len) != 0) { + if (memcmp(cookie, ssl->s3->hs.tls13.cookie, + ssl->s3->hs.tls13.cookie_len) != 0) { FAIL("parsed server cookie does not match sent cookie\n"); - failure = 1; goto done; } if (CBS_len(&cbs) != 0) { FAIL("extension data remaining\n"); - failure = 1; goto done; } + failure = 0; + done: CBB_cleanup(&cbb); SSL_CTX_free(ssl_ctx); @@ -3518,85 +4053,391 @@ test_tlsext_cookie_server(void) return (failure); } -unsigned char *valid_hostnames[] = { - "openbsd.org", - "op3nbsd.org", - "org", - "3openbsd.com", - "3-0penb-d.c-m", - "a", - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com", - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - NULL, +const uint8_t tlsext_default_psk_modes[] = { + 0x01, 0x01, +}; + +const uint8_t tlsext_psk_only_mode[] = { + 0x01, 0x00, +}; + +const uint8_t tlsext_psk_both_modes[] = { + 0x02, 0x00, 0x01, }; static int -test_tlsext_valid_hostnames(void) +test_tlsext_psk_modes_client(void) { - int i, failure = 0; + SSL_CTX *ssl_ctx = NULL; + SSL *ssl = NULL; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; + int failure; + uint8_t *data = NULL; + size_t dlen; + CBB cbb; + CBS cbs; + int alert; - for (i = 0; valid_hostnames[i] != NULL; i++) { - CBS cbs; - CBS_init(&cbs, valid_hostnames[i], strlen(valid_hostnames[i])); - if (!tlsext_sni_is_valid_hostname(&cbs)) { - FAIL("Valid hostname '%s' rejected\n", - valid_hostnames[i]); - failure = 1; - goto done; - } + failure = 1; + + if (!CBB_init(&cbb, 0)) + errx(1, "Failed to create CBB"); + + if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) + errx(1, "failed to create SSL_CTX"); + if ((ssl = SSL_new(ssl_ctx)) == NULL) + errx(1, "failed to create SSL"); + + if (!tls_extension_funcs(TLSEXT_TYPE_psk_kex_modes, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch psk funcs"); + + /* Disabled by default. */ + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { + FAIL("client should not need psk kex modes by default\n"); + goto err; } - done: + + /* + * Prerequisites: use_psk_dhe_ke flag is set and + * our_max_tls_version >= TLSv1.3. + */ + + ssl->s3->hs.tls13.use_psk_dhe_ke = 1; + ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; + + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { + FAIL("client should not need psk kex modes with TLSv1.2\n"); + goto err; + } + + ssl->s3->hs.tls13.use_psk_dhe_ke = 0; + ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; + + if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { + FAIL("client should not need psk kex modes without " + "use_psk_dhe_ke\n"); + goto err; + } + + ssl->s3->hs.tls13.use_psk_dhe_ke = 1; + ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; + + if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { + FAIL("client should need psk kex modes with TLSv1.3\n"); + goto err; + } + + /* Make sure we can build psk modes with DHE key establishment. */ + + if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + FAIL("client failed to build psk kex modes\n"); + goto err; + } + + if (!CBB_finish(&cbb, &data, &dlen)) + errx(1, "failed to finish psk kex CBB"); + + if (dlen != sizeof(tlsext_default_psk_modes)) { + FAIL("got client psk kex modes with length %zu, " + "want length %zu\n", dlen, + sizeof(tlsext_default_psk_modes)); + compare_data(data, dlen, tlsext_default_psk_modes, + sizeof(tlsext_default_psk_modes)); + goto err; + } + if (memcmp(data, tlsext_default_psk_modes, dlen) != 0) { + FAIL("client psk kex modes differ:\n"); + compare_data(data, dlen, tlsext_default_psk_modes, + sizeof(tlsext_default_psk_modes)); + goto err; + } + + CBB_cleanup(&cbb); + free(data); + data = NULL; + + /* + * Make sure we can parse the default psk modes and that use_psk_dhe_ke + * is set after parsing. + */ + + ssl->s3->hs.tls13.use_psk_dhe_ke = 0; + + CBS_init(&cbs, tlsext_default_psk_modes, + sizeof(tlsext_default_psk_modes)); + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + FAIL("failed to parse psk kex modes\n"); + goto err; + } + if (CBS_len(&cbs) != 0) { + FAIL("extension data remaining\n"); + goto err; + } + + if (ssl->s3->hs.tls13.use_psk_dhe_ke != 1) { + FAIL("should have set use_psk_dhe_ke\n"); + goto err; + } + + /* + * Make sure we can parse the psk-only mode and that use_psk_dhe_ke + * is still not set after parsing. + */ + + ssl->s3->hs.tls13.use_psk_dhe_ke = 0; + + CBS_init(&cbs, tlsext_psk_only_mode, sizeof(tlsext_psk_only_mode)); + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + FAIL("failed to parse psk kex modes\n"); + goto err; + } + if (CBS_len(&cbs) != 0) { + FAIL("extension data remaining\n"); + goto err; + } + + if (ssl->s3->hs.tls13.use_psk_dhe_ke != 0) { + FAIL("should not have set use_psk_dhe_ke\n"); + goto err; + } + + /* + * Make sure we can parse the extension indicating both modes and that + * use_psk_dhe_ke is set after parsing. + */ + + ssl->s3->hs.tls13.use_psk_dhe_ke = 0; + + CBS_init(&cbs, tlsext_psk_both_modes, sizeof(tlsext_psk_both_modes)); + if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + FAIL("failed to parse psk kex modes\n"); + goto err; + } + if (CBS_len(&cbs) != 0) { + FAIL("extension data remaining\n"); + goto err; + } + + if (ssl->s3->hs.tls13.use_psk_dhe_ke != 1) { + FAIL("should have set use_psk_dhe_ke\n"); + goto err; + } + + failure = 0; + + err: + CBB_cleanup(&cbb); + SSL_CTX_free(ssl_ctx); + SSL_free(ssl); + free(data); + return failure; } -unsigned char *invalid_hostnames[] = { - "openbsd.org.", - "openbsd..org", - "openbsd.org-", - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com", - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a", - "-p3nbsd.org", - "openbs-.org", - "openbsd\n.org", - "open_bsd.org", - "open\178bsd.org", - "open\255bsd.org", - NULL, +static int +test_tlsext_psk_modes_server(void) +{ + SSL_CTX *ssl_ctx = NULL; + SSL *ssl = NULL; + const struct tls_extension_funcs *client_funcs; + const struct tls_extension_funcs *server_funcs; + int failure; + + failure = 1; + + if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) + errx(1, "failed to create SSL_CTX"); + if ((ssl = SSL_new(ssl_ctx)) == NULL) + errx(1, "failed to create SSL"); + + if (!tls_extension_funcs(TLSEXT_TYPE_psk_kex_modes, &client_funcs, + &server_funcs)) + errx(1, "failed to fetch psk funcs"); + + if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { + FAIL("server should not need psk kex modes\n"); + goto err; + } + + failure = 0; + + err: + SSL_CTX_free(ssl_ctx); + SSL_free(ssl); + + return failure; +} + +struct tls_sni_test { + const char *hostname; + int is_ip; + int valid; +}; + +static const struct tls_sni_test tls_sni_tests[] = { + { + .hostname = "openbsd.org", + .valid = 1, + }, + { + .hostname = "op3nbsd.org", + .valid = 1, + }, + { + .hostname = "org", + .valid = 1, + }, + { + .hostname = "3openbsd.com", + .valid = 1, + }, + { + .hostname = "3-0penb-d.c-m", + .valid = 1, + }, + { + .hostname = "a", + .valid = 1, + }, + { + .hostname = + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com", + .valid = 1, + }, + { + .hostname = + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + .valid = 1, + }, + { + .hostname = "openbsd.org.", + .valid = 0, + }, + { + .hostname = "openbsd..org", + .valid = 0, + }, + { + .hostname = "openbsd.org-", + .valid = 0, + }, + { + .hostname = + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com", + .valid = 0, + }, + { + .hostname = + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a", + .valid = 0, + }, + { + .hostname = "-p3nbsd.org", + .valid = 0, + }, + { + .hostname = "openbs-.org", + .valid = 0, + }, + { + .hostname = "openbsd\n.org", + .valid = 0, + }, + { + .hostname = "open_bsd.org", + .valid = 0, + }, + { + .hostname = "open\178bsd.org", + .valid = 0, + }, + { + .hostname = "open\255bsd.org", + .valid = 0, + }, + { + .hostname = "dead::beef", + .is_ip = 1, + .valid = 0, + }, + { + .hostname = "192.168.0.1", + .is_ip = 1, + .valid = 0, + }, }; +#define N_TLS_SNI_TESTS (sizeof(tls_sni_tests) / sizeof(*tls_sni_tests)) + static int -test_tlsext_invalid_hostnames(void) +test_tlsext_is_valid_hostname(const struct tls_sni_test *tst) { - int i, failure = 0; + int failure; + int is_ip; CBS cbs; - for (i = 0; invalid_hostnames[i] != NULL; i++) { - CBS_init(&cbs, invalid_hostnames[i], - strlen(invalid_hostnames[i])); - if (tlsext_sni_is_valid_hostname(&cbs)) { + failure = 1; + + CBS_init(&cbs, tst->hostname, strlen(tst->hostname)); + if (tlsext_sni_is_valid_hostname(&cbs, &is_ip) != tst->valid) { + if (tst->valid) { + FAIL("Valid hostname '%s' rejected\n", + tst->hostname); + } else { FAIL("Invalid hostname '%s' accepted\n", - invalid_hostnames[i]); - failure = 1; - goto done; + tst->hostname); } + goto done; } - CBS_init(&cbs, valid_hostnames[0], - strlen(valid_hostnames[0]) + 1); - if (tlsext_sni_is_valid_hostname(&cbs)) { - FAIL("hostname with NUL byte accepted\n"); - failure = 1; + if (tst->is_ip != is_ip) { + if (tst->is_ip) { + FAIL("Hostname '%s' is an IP literal but not " + "identified as one\n", tst->hostname); + } else { + FAIL("Hostname '%s' is not an IP literal but is " + "identified as one\n", tst->hostname); + } goto done; } + + if (tst->valid) { + CBS_init(&cbs, tst->hostname, + strlen(tst->hostname) + 1); + if (tlsext_sni_is_valid_hostname(&cbs, &is_ip)) { + FAIL("hostname with NUL byte accepted\n"); + goto done; + } + } + + failure = 0; + done: + return failure; } +static int +test_tlsext_valid_hostnames(void) +{ + const struct tls_sni_test *tst; + int failure = 0; + size_t i; + + for (i = 0; i < N_TLS_SNI_TESTS; i++) { + tst = &tls_sni_tests[i]; + failure |= test_tlsext_is_valid_hostname(tst); + } + + return failure; +} int main(int argc, char **argv) @@ -3645,11 +4486,16 @@ main(int argc, char **argv) fprintf(stderr, "Skipping SRTP tests due to OPENSSL_NO_SRTP\n"); #endif + failed |= test_tlsext_psk_modes_client(); + failed |= test_tlsext_psk_modes_server(); + failed |= test_tlsext_clienthello_build(); failed |= test_tlsext_serverhello_build(); failed |= test_tlsext_valid_hostnames(); - failed |= test_tlsext_invalid_hostnames(); + + failed |= test_tlsext_quic_transport_parameters_client(); + failed |= test_tlsext_quic_transport_parameters_server(); return (failed); } diff --git a/tests/tlslegacytest.c b/tests/tlslegacytest.c index 58e452e9..f18b0eea 100644 --- a/tests/tlslegacytest.c +++ b/tests/tlslegacytest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tlslegacytest.c,v 1.4 2021/08/30 17:34:02 tb Exp $ */ +/* $OpenBSD: tlslegacytest.c,v 1.6 2022/06/10 22:00:15 tb Exp $ */ /* * Copyright (c) 2015, 2016, 2017, 2020 Joel Sing * @@ -567,7 +567,7 @@ tlslegacy_client_test(int testno, struct tlslegacy_client_test *tct) SSL *ssl = NULL; int ret = 1; - fprintf(stderr, "Test %i - %s\n", testno, tct->desc); + fprintf(stderr, "Test %d - %s\n", testno, tct->desc); if ((rbio = BIO_new_mem_buf(tct->server_response, tct->server_response_len)) == NULL) { @@ -589,9 +589,8 @@ tlslegacy_client_test(int testno, struct tlslegacy_client_test *tct) goto failure; } - rbio->references = 2; - wbio->references = 2; - + BIO_up_ref(rbio); + BIO_up_ref(wbio); SSL_set_bio(ssl, rbio, wbio); if (SSL_connect(ssl) == 1) { @@ -611,9 +610,6 @@ tlslegacy_client_test(int testno, struct tlslegacy_client_test *tct) SSL_CTX_free(ssl_ctx); SSL_free(ssl); - rbio->references = 1; - wbio->references = 1; - BIO_free(rbio); BIO_free(wbio); diff --git a/tests/tlstest.c b/tests/tlstest.c index 14684231..fb6649e8 100644 --- a/tests/tlstest.c +++ b/tests/tlstest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tlstest.c,v 1.13 2021/04/04 16:19:47 tb Exp $ */ +/* $OpenBSD: tlstest.c,v 1.15 2022/07/16 07:46:08 tb Exp $ */ /* * Copyright (c) 2017 Joel Sing * diff --git a/tests/x509attribute.c b/tests/x509attribute.c index 3dd6d291..908935cb 100644 --- a/tests/x509attribute.c +++ b/tests/x509attribute.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509attribute.c,v 1.1 2020/06/04 21:21:03 schwarze Exp $ */ +/* $OpenBSD: x509attribute.c,v 1.3 2021/11/01 08:28:31 tb Exp $ */ /* * Copyright (c) 2020 Ingo Schwarze * @@ -83,14 +83,12 @@ main(void) if ((attrib = X509_ATTRIBUTE_create(NID_pkcs9_contentType, V_ASN1_OBJECT, coid)) == NULL) fail_str("X509_ATTRIBUTE_create", "NULL"); - else if (attrib->object == NULL) - fail_str("attrib->object", "NULL"); - else if (attrib->single) - fail_int("attrib->single", attrib->single); - else if ((num = sk_ASN1_TYPE_num(attrib->value.set)) != 1) - fail_int("num", num); - else if ((any = sk_ASN1_TYPE_value(attrib->value.set, 0)) == NULL) - fail_str("any", "NULL"); + else if (X509_ATTRIBUTE_get0_object(attrib) == NULL) + fail_str("X509_ATTRIBUTE_get0_object", "NULL"); + else if ((num = X509_ATTRIBUTE_count(attrib)) != 1) + fail_int("X509_ATTRIBUTE_count", num); + else if ((any = X509_ATTRIBUTE_get0_type(attrib, 0)) == NULL) + fail_str("X509_ATTRIBUTE_get0_type", "NULL"); else if (any->type != V_ASN1_OBJECT) fail_int("any->type", any->type); else if (any->value.object != coid) diff --git a/tests/x509name.c b/tests/x509name.c index c9c96d4e..9deeeb29 100644 --- a/tests/x509name.c +++ b/tests/x509name.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509name.c,v 1.2 2018/11/10 01:43:03 tb Exp $ */ +/* $OpenBSD: x509name.c,v 1.3 2021/10/31 08:27:15 tb Exp $ */ /* * Copyright (c) 2018 Ingo Schwarze * @@ -28,7 +28,8 @@ debug_print(X509_NAME *name) int loc; for (loc = 0; loc < X509_NAME_entry_count(name); loc++) - printf("%d:", X509_NAME_get_entry(name, loc)->set); + printf("%d:", + X509_NAME_ENTRY_set(X509_NAME_get_entry(name, loc))); putchar(' '); X509_NAME_print_ex_fp(stdout, name, 0, XN_FLAG_SEP_CPLUS_SPC); putchar('\n'); diff --git a/tests/x509req_ext.c b/tests/x509req_ext.c new file mode 100644 index 00000000..b91a4136 --- /dev/null +++ b/tests/x509req_ext.c @@ -0,0 +1,161 @@ +/* $OpenBSD: x509req_ext.c,v 1.1 2021/11/03 13:08:57 schwarze Exp $ */ +/* + * Copyright (c) 2020, 2021 Ingo Schwarze + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include + +#include +#include +#include + +void fail_head(const char *); +void fail_tail(void); +void fail_str(const char *, const char *); +void fail_int(const char *, int); +void fail_ptr(const char *, const void *); + +static const char *testname; +static int errcount; + +void +fail_head(const char *stepname) +{ + fprintf(stderr, "failure#%d testname=%s stepname=%s ", + ++errcount, testname, stepname); +} + +void +fail_tail(void) +{ + unsigned long errnum; + + if ((errnum = ERR_get_error())) + fprintf(stderr, "OpenSSL says: %s\n", + ERR_error_string(errnum, NULL)); + if (errno) + fprintf(stderr, "libc says: %s\n", strerror(errno)); +} + +void +fail_str(const char *stepname, const char *result) +{ + fail_head(stepname); + fprintf(stderr, "wrong result=%s\n", result); + fail_tail(); +} + +void +fail_int(const char *stepname, int result) +{ + fail_head(stepname); + fprintf(stderr, "wrong result=%d\n", result); + fail_tail(); +} + +void +fail_ptr(const char *stepname, const void *result) +{ + fail_head(stepname); + fprintf(stderr, "wrong result=%p\n", result); + fail_tail(); +} + +int +main(void) +{ + X509_REQ *req; + X509_EXTENSIONS *exts; + X509_ATTRIBUTE *attr; + ASN1_TYPE *aval; + int irc; + + testname = "exts=NULL"; + if ((req = X509_REQ_new()) == NULL) { + fail_str("X509_REQ_new", "NULL"); + return 1; + } + if ((irc = X509_REQ_add_extensions(req, NULL)) != 0) + fail_int("X509_REQ_add_extensions", irc); + if ((irc = X509_REQ_get_attr_count(req)) != 0) + fail_int("X509_REQ_get_attr_count", irc); + if ((attr = X509_REQ_get_attr(req, 0)) != NULL) + fail_ptr("X509_REQ_get_attr", attr); + X509_REQ_free(req); + + testname = "nid=-1"; + if ((req = X509_REQ_new()) == NULL) { + fail_str("X509_REQ_new", "NULL"); + return 1; + } + if ((exts = sk_X509_EXTENSION_new_null()) == NULL) { + fail_str("sk_X509_EXTENSION_new_null", "NULL"); + return 1; + } + if ((irc = X509_REQ_add_extensions_nid(req, exts, -1)) != 0) + fail_int("X509_REQ_add_extensions", irc); + if ((irc = X509_REQ_get_attr_count(req)) != 0) + fail_int("X509_REQ_get_attr_count", irc); + if ((attr = X509_REQ_get_attr(req, 0)) != NULL) + fail_ptr("X509_REQ_get_attr", attr); + X509_REQ_free(req); + + testname = "valid"; + if ((req = X509_REQ_new()) == NULL) { + fail_str("X509_REQ_new", "NULL"); + return 1; + } + if ((irc = X509_REQ_add_extensions(req, exts)) != 1) + fail_int("X509_REQ_add_extensions", irc); + sk_X509_EXTENSION_free(exts); + if ((irc = X509_REQ_get_attr_count(req)) != 1) + fail_int("X509_REQ_get_attr_count", irc); + if ((attr = X509_REQ_get_attr(req, 0)) == NULL) { + fail_str("X509_REQ_get_attr", "NULL"); + goto end_valid; + } + if ((irc = X509_ATTRIBUTE_count(attr)) != 1) + fail_int("X509_ATTRIBUTE_count", irc); + if ((aval = X509_ATTRIBUTE_get0_type(attr, 0)) == NULL) { + fail_str("X509_ATTRIBUTE_get0_type", "NULL"); + goto end_valid; + } + if ((irc = ASN1_TYPE_get(aval)) != V_ASN1_SEQUENCE) + fail_int("ASN1_TYPE_get", irc); + exts = ASN1_item_unpack(aval->value.sequence, &X509_EXTENSIONS_it); + if (exts == NULL) { + fail_str("ASN1_item_unpack", "NULL"); + goto end_valid; + } + if ((irc = sk_X509_EXTENSION_num(exts)) != 0) + fail_int("sk_X509_EXTENSION_num", irc); + sk_X509_EXTENSION_free(exts); + +end_valid: + testname = "getext"; + if ((exts = X509_REQ_get_extensions(req)) == NULL) { + fail_str("X509_REQ_get_extensions", "NULL"); + goto end_getext; + } + if ((irc = sk_X509_EXTENSION_num(exts)) != 0) + fail_int("sk_X509_EXTENSION_num", irc); + sk_X509_EXTENSION_free(exts); + +end_getext: + X509_REQ_free(req); + return errcount != 0; +} diff --git a/tests/xchacha20_poly1305_tests.txt b/tests/xchacha20_poly1305_tests.txt new file mode 100644 index 00000000..d3eb39bb --- /dev/null +++ b/tests/xchacha20_poly1305_tests.txt @@ -0,0 +1,366 @@ +# Test vectors generated from libsodium + +KEY: 1f4774fbe6324700d62dd6a104e7b3ca7160cfd958413f2afdb96695475f007e +NONCE: 029174e5102710975a8a4a936075eb3e0f470d436884d250 +IN: +AD: +CT: +TAG: f55cf0949af356f977479f1f187d7291 + +KEY: eb27969c7abf9aff79348e1e77f1fcba7508ceb29a7471961b017aef9ceaf1c2 +NONCE: 990009311eab3459c1bee84b5b860bb5bdf93c7bec8767e2 +IN: e7ec3d4b9f +AD: +CT: 66bd484861 +TAG: 07e31b4dd0f51f0819a0641c86380f32 + +KEY: 4b6d89dbd7d019c0e1683d4c2a497305c778e2089ddb0f383f2c7fa2a5a52153 +NONCE: 97525eb02a8d347fcf38c81b1be5c3ba59406241cf251ba6 +IN: 074db54ef9fbc680b41a +AD: +CT: 1221898afd6f516f770f +TAG: 75e7182e7d715f5a32ee6733fd324539 + +KEY: 766997b1dc6c3c73b1f50e8c28c0fcb90f206258e685aff320f2d4884506c8f4 +NONCE: 30e7a9454892ef304776b6dc3d2c2f767ed97041b331c173 +IN: b8250c93ac6cf28902137b4522cc67 +AD: +CT: e2a13eeff8831a35d9336cb3b5c5d9 +TAG: 62fdf67735cad0172f9b88603b5f3c13 + +KEY: 6585031b5649fcabd9d4971d4ac5646fc7dca22f991dfa7dac39647001004e20 +NONCE: 705ee25d03fec430e24c9c6ccaa633f5b86dd43682778278 +IN: 9a4ca0633886a742e0241f132e8f90794c34dfd4 +AD: +CT: 0a8e6fd4cd1640be77c4c87dde4ae6222c887ed7 +TAG: edc4fbc91dfa07021e74ae0d9d1c98dc + +KEY: dfc6f7c86a10a319ebcb6362997e585f55b67f3434f47dc4039c2d67973e3077 +NONCE: 6097f30fd75229d928454c7d59a2d2c58bfddcb14c16438e +IN: 74c946a7f0733377e852a23087506a28dccef86e101a4359c0 +AD: +CT: 6e8ea0bb4c2f1323841d8e236816c61c3295866b75cefb5c25 +TAG: f16c0e9487ca7de5e7cb2a1b8bb370fc + +KEY: 59b8d488773767c4804d918709cfec6c69a193371145bb94f183899851aaadac +NONCE: ad5bdf8f190ca2d2cc02a75bb62aa22274cb3c98fe2d25f2 +IN: 066b9ed10f16d3dc132b409aae02d8cac209dd9b4fb789c4d34725ab2a1f +AD: +CT: 2bbd4542489006df66ad1462a932524642b139ddcbf86b6b480e9e6d976c +TAG: ca4835419ba029bc57010a8cc8bca80c + +KEY: 8c0cb4633cf8dc6b4b9552d1035f85517cb1ba4c36bcbc43338a8c6c7d15ce20 +NONCE: 8418b9655a0376fadefa3cdf8805815c4f7b56f467a74a95 +IN: 50c205a9c5d4088ba8e59a96fcd837f5170669854547678288199f1078ff2a81f0b19a +AD: +CT: 8b55a12df1a85dd3fb19c34ab047a85849d15a30225bb5360bad1f0a8f5f2bd49f5898 +TAG: bce13201df6e4a7e6d896262e45d969d + +KEY: b45386a75a5772e34bd193e1946f69ebfb90c37ae4581d39c9669d75e4584f50 +NONCE: 9fb763d0926585b5f726af9b8e3babdb331e9aa97f8d99ed +IN: 64df0e341145d9e4a0d090153591a74893bc36cb9dae1e9570d8fee62e907cf004f9d8a360343483 +AD: +CT: 3146d8a5c898edd832ec9d126e93b3a433ec97dc47dce0e1985bda88c88c6aeca46fc7d9a68e30ab +TAG: 44fdb0d69abd8068442cb2ea6df8b2f2 + +KEY: f2efbd358dd353639a162be39a957d27c0175d5ab72aeba4a266aeda434e4a58 +NONCE: 65a6f7ebe48de78beb183b518589a0afacf71b40a949fa59 +IN: f7473947996e6682a3b9c720f03cfaf26bbcdaf76c83342d2ad922435e227a5d1eacbd9bd6ea1727ec19fb0e42 +AD: +CT: 778a0fb701b9d671ccfaf1454e8928158ede9bb4395119356a8133036840c1bcbb8fe5e19922fbbcf8b18596e7 +TAG: 9d195a89fdd29ca271405d3330f996f9 + +KEY: 9dd674fb4a30a7bb85fc78050479ab0e2c3cc9f9f5b8689a7a67413aca304b21 +NONCE: ad9e8fe15940694725f232e88f79cda7c82fe1b8aae58ba4 +IN: 7272bb6609cbd1399a0b89f6ea255165f99330aeb170ac88fccdd8e226df0952407e35718fb5edc9e987faabb271cc69f7e7 +AD: +CT: 846901650cb38974463a18c367676e1579ebdaf3e96b57224e842f5d5f678f3270b9a15f01241795662befb3db0768800e25 +TAG: 900004db3613acbeb33d65d74dd437d7 + +KEY: 280cbe7380a0d8bb4d8dd4476012f2eeb388a37b8b71067969abb99f6a888007 +NONCE: 2e1854617c67002599e6b077a812c326deb22fe29d093cbb +IN: d0901ec3d31ece2832685ff577f383bdff26c31341ea254acee7c5929a5df74fea2aa964524dc680b2f55fbd4fea900e956c304cc4ac3c +AD: +CT: 546370726cc63068d3520d67f4f57f65d03b9ecec21c2a8c7b1133089ad28b07025a7181bddeb4a49f514fac1a44f64ee3af33d778fb98 +TAG: 39084e33e42a1b05f58da65ba487d138 + +KEY: 887564f75afa78f595cdadcea7340d20f5c5a2df169d0ad14b15fe32ce337004 +NONCE: 54c11df13d1f444da80b0964caeb59474b17b23a650a33f5 +IN: f0f008eece79ecb24b715dff8a3456dfe253924b99f98f2f1b18564cced50925fca860d1c2d4785bdf4a964c76c3079efa6b37c4ba2cacc534fb590c +AD: +CT: 32bb077268568d569b39e8ccdeeeb447ef424eaa2ffab565209a19b16a25952f897e5405bb0d67d8c9005d1c0b32687164d17fa4d0f412b80414c025 +TAG: 0bac7c0f8dce12917fbd4ed1738ac0cc + +KEY: 21c6aa88eb1a320d251f71a4b312ca75347040990d869a1dd2a1982c30fda2c7 +NONCE: 7dead2f1a3d9d45a9124a40efe8994300976991a4417ef4d +IN: +AD: e1bf7de4 +CT: +TAG: 341e9d0687006f981bced2f985f953e6 + +KEY: 0c97b9a65ffcd80b8f7c20c3904d0d6dd8809a7f97d7f46d39a12c198a85da5d +NONCE: 1f2c1dbc5f52fc9c8f9ca7695515d01d15904b86f703fba3 +IN: ecaf65b66d +AD: bd8a6f18 +CT: 8d1b2b0e38 +TAG: 27a7c7ac8bda627085414f0f31206a07 + +KEY: 4ab5e3595f39c4379a924e5f8ebcf3279075c08d18daff01d9ddfa40e03faf12 +NONCE: 94e6ddc294f5f1531924ec018823343ebcc220a88ea5ee33 +IN: c91b73abe5316c3effc6 +AD: c576f6ea +CT: abe960fbc64b339c53b1 +TAG: 7ebae48a2ff10117069324f04619ad6f + +KEY: a1e6146c71c2ea22300e9063455f621e15bd5bf1a3762e17f845e1aba5dd5a9c +NONCE: 82ddb6929abff8a9ad03dfb86c0bb3e7c092d45ebfa60a1b +IN: f011f32ccc2955158c117f53cf7b12 +AD: 5d14bc05 +CT: 44592321c665f51e9ffea052df1fea +TAG: d556798b97f9b647729801419424affc + +KEY: 7a1af30362c27fd55b8c24b7fca324d350decee1d1f8fae56b66253a9dd127dd +NONCE: 61201d6247992002e24e1a893180d4f0c19a3ae4cc74bf0c +IN: 5c7150b6a4daa362e62f82f676fdc4c4b558df64 +AD: 00c49210 +CT: 27d9e2730b6809c08efbd4b0d24639c7b67486f3 +TAG: 5889fdee25379960038778e36b2cedb2 + +KEY: 0b3fd9073e545ac44a7967263ead139c9547f7a54f06228fd3c8609fa2620784 +NONCE: 6450e1097d6f9ea76eb42e8e65972d501041c3a58baf8770 +IN: d679ae442b0351e5bff9906b099d45aab4f6aea5306a7a794f +AD: 318d292b +CT: a3f9ee45316d7b0f948a26145ee4fd0552bc6dc25e577e777a +TAG: 0068a401a194b8417ec0e198baa81830 + +KEY: 047c7d378fe80c02ee48df6f679a859253aed534fdcdd87023eb3d2f93fcafe3 +NONCE: ed240b0ff6f8ac585b3ea1ab2dab8080fc2f6401b010c5d0 +IN: 7288afb4e0fa5c58602090a75c10d84b5f5f1c0e03498519afe457251aa7 +AD: e4310302 +CT: 87906b14ca3e32ab01523b31ae0bb74590ce9e1df0811e743a2c7a93415a +TAG: 3a0abeab93792b1ffe768d316da74741 + +KEY: 1ad4e42acc5dfd07eb0a2456e9103cd0e150a36c667eb2f2b73c0d1ac1089ce3 +NONCE: 48efb52387284c5d38b4940c75f0c39a3f81f60bfebb48cb +IN: da7edb5b3193b4484f09efa85fcf85600968ecdc537d3829a469c866ee67b0df677866 +AD: 446be8e3 +CT: b76457ca99e95b6539b12f1d6bdac55a6d5c6469b1ff274459363ec05241f7e6e5d3ce +TAG: 06880ee508ce929da5a81f8b9de0031c + +KEY: 702a554c1b703d4dd69ad51234293ab787a01e15bdb3ce88bf89e18c01a67164 +NONCE: ea535d9c371241b9850b8b4a596b63db79eea60bd2cd9fbb +IN: a97156e9b39d05c00b811552d22088d7ee090a117a7f08adac574820d592021f16207720d49fb5fd +AD: ba5790e3 +CT: 8d0b2b04479c33287096f0c6276a73f6c037edc1a2b28f8d3b2b8e6d4c5f9dc5113309dd3ecb15e6 +TAG: 3cf303305e12924d29c223976699fb73 + +KEY: 1bb7303fefa4d8d344bb9a215901b2314324bf1f3aeb9df5d1c1532c3a55ebf1 +NONCE: a304551e5f0dc98995ddfee6215a9995023a3696debfd302 +IN: 6cf6819ce3e7ed9d4f85f4a5699701dbcaf3161adc210c0b7825ddfd83d6d7c685db62f68b3801ccc8a786066d +AD: 901c5feb +CT: bc5ef09c111f76e54f897e6fce4aee1d25b6ed934f641ed5262d0c5eed45f610a6aea3b58b7771e34256d43a16 +TAG: b83f73f7995ba1b243dbf48ddfeb8e3a + +KEY: 24b294f6cbac10d87158d1c6aca83b337d596132afac7633f69a3b3e58823f11 +NONCE: 805772ff619cc6fcc5ec0e9965435d6f74a2290c055ec754 +IN: 65e8581286868caabcec1a9814db00b805edc660b94ee3babc6ce19a3ca868bd322105484d59b4ce02ced4071bc16642a1f2 +AD: 7ae1c561 +CT: fe1d463b1466e8e411f0b0700f90760472ee5141f3e5afef43fd729f1623dca75cd4d00576765b335f8b2b77b00527599cb3 +TAG: 111d8540fd5ec04b9ba16ed810133026 + +KEY: 38e63e8b6402ac3f6d1641a1e3b74d2074be0fe41129975a3ff62b74ca52af05 +NONCE: 228d671b036710cbdaa72e9bf1d9ed6982b0bb3428a69fd6 +IN: 20a8d18878924d09aac32853c10e73dbd741134b7050ae6999839f2dbc727cb0052b5497c4bbd2a89e716278f15c81b871953614a49693 +AD: e9e6ac73 +CT: 80e0fe8eb26e5df229c6d939c944d440a37aa3cabf76eab5b9a420095513021ea4241ab367f6f44a20817b14631549ae6c96aa963970e1 +TAG: 1e80fbafcc7168e0494fce4cd76d692c + +KEY: 4325dd8406fdb8431a81f1b5db3603995256de36121019724cca2190c87a6e83 +NONCE: dcbf3077b36d5d678d668fd2d0c99284c780b55c4658ea75 +IN: 4f599ad04f79be9add10fdc649b8be53e1062ea5e9c2bed22265dc6fb30d5ab4fd4425b38ff14d8e68013405bec1eff8c9ef3069902e492aac73dcd9 +AD: 6fa0d757 +CT: 7decbdc7043495c59ecc64e720436bb0708b586a46f8745f74391477f5a2520905dfcebc3765a330999013d309dfaa997bf70bab6a0b8f4f2a2a3cdf +TAG: 051ec4ecce208d9be0cd17f434e13be3 + +KEY: 2d3d9ed4bc9eb9668733bafbb73e88be2cd17021c3a23be69b981d9f0df71df1 +NONCE: 84cae69639240c82b58895997511f145e474ebe1b008f391 +IN: +AD: 64db597c26a4c3da +CT: +TAG: 2a22c4a962d46a719014ab7b0ffaf6d3 + +KEY: 09ec4e79a02db53b19b54dd2d3592afc92c74ef57d1e0f51f3726a6631b1b73f +NONCE: 2907ced16e0777fedb1e2de30df11b3fd712af41dd714a4b +IN: b6e50cd4ea +AD: b5488e9b7f339b7b +CT: 0163e75330 +TAG: e29401c6d756adcc516580ae656852aa + +KEY: 9d5ac25a417b8a57b85332979e8a7cbad23617bb27772bbccc2acb0acae7b755 +NONCE: ff152421688dd6af7fef87817b508493a32d97a06fbda4f3 +IN: 92f4b9bc809be77e6a0d +AD: 892b793f7a6e0727 +CT: bcc594f59de8ee8c22c6 +TAG: 1a8275816c0d32a1b6cfd41fa3889558 + +KEY: eccf80c5f744d2ecc932f95ade0d9fe9327e19795023db1846d68d04720a2401 +NONCE: abc050fad8876589633b222d6a0f2e0bf709f73610aa23ee +IN: 45a380e438405314510c166bac6840 +AD: c32c9a1ce6852046 +CT: 9fa452dc9ca04c16ff7bde9925e246 +TAG: 3d5e826162fa78de3fc043af26044a08 + +KEY: b1912d6bc3cff47f0c3beccff85d7cd915b70ab88d0d3a8a59e994e1b0da8ac8 +NONCE: d8756090a42eea14ff25be890e66bfe4949fad498776ea20 +IN: e2f85df2ebcfa6045bd521abfe8af37fc88a0be1 +AD: 4576bb59b78032c8 +CT: 5eb6324aa48e0a4f72f5cb0a4917faf93af4209c +TAG: 774f8077f039588495045fee07950e14 + +KEY: 85162b111c9f3163f57c2cbc311a1e9aeed9dd6136b5784bc9c0b5052f8bffbd +NONCE: 23cdb8b546bb8a5a746b24446f0ab4199f0543d915ff51f1 +IN: dc81000077d5743beef09ac91663885d984212bbccf3dbe6f3 +AD: 3084f3e9c4d0a15f +CT: 692d17ae0b524ec6edc0cf49b69ac90c99bed44691f7ae63b7 +TAG: efe72ff84b3bccb4d83a27ddc574bc21 + +KEY: b05ca358d8ca79f51283d83e2673bfb741c379ba271a773b8dd9c6a108e758d3 +NONCE: 9a53ad79f535c6e9da011463063c896f2ec7645e6e3548fc +IN: 44e793742c774020e7349c996418042dc0dc30ee2bfd2654008c8929a436 +AD: 71ab5948c5e0f4c6 +CT: c5eddb7aeaa175b5f3dab68cf746f2acaf56fc62b29804629e25e2d63879 +TAG: bec3b7a8b8dad22ff3d14d26273294d2 + +KEY: abb5136a01354c765a96e832df58bec3b088bd19dc4d6bd6674f2f02007ebdaa +NONCE: 71267ac9f4fe5caa1d52cd85948a170a778f0141d54dbffe +IN: afb526fe41c4e2a767ce77c4145b9d054268f5f3b279237dec97f8bc46f9d158868b86 +AD: 047baa2b04748b62 +CT: 0032d4c1e65da2266539464c5d3c2b1618454a6af0e7f1e3cfc87845c75f2f4ae8b03f +TAG: b526a95a33f17ab61f2cdfc1e2dd486a + +KEY: bb826ed38008a0d7fb34c0c1a1a1149d2cad16b691d5129cc83f5eff2b3e5748 +NONCE: 4e02fe0915d81e9d5a62e5b3551b9db882e3873c0aaa230d +IN: 20270d291a8d9791b0f5e35a64387bb4237bad61169841d7e1667c994ad49869c7d5580ffa752a2d +AD: db852a275081e29b +CT: d740012efb7e1bb986ce2c535134a45f658b92163c109bdecf1ce5b836879fe9e006a56be1fac8d7 +TAG: 21e931042e7df80695262198a06286c9 + +KEY: 938d2c59f6f3e2e7316726537932372e05e8c1b5577aae0ee870bf712ff001ab +NONCE: fb4d71cf7eb2f70df9759a64c76a36b75203f88bf64f4edb +IN: 8910415d674a93c54c8f5e4aa88e59648d9a0a5039a66837d58ab14f0665a5f6d9af9b839f9033d0fe8bc58f19 +AD: a3fca278a63bf944 +CT: 1905c6987a702980b7f87f1ed2d3ae073abe1401b23434f3db43b5c37c979c2068ce9a92afedcdc218003848ea +TAG: 1bd712f64777381f68be5ccc73f364a3 + +KEY: dd0521842f498d23236692a22db0eb2f0f14fef57577e5fb194503e206b0973d +NONCE: 519e0eee8f86c75c7a364e0905a5d10d82073e11b91083a5 +IN: 61ff13acb99c5a7fd1921ec787c8de23c1a712ff002b08cecc644a78c47341eab78e7680380c93c7d53d5e56ef050d6ff192 +AD: bb5c4e5ae8f7e461 +CT: 9bfdb0fd195fa5d37da3416b3b1e8f67bd2a456eb0317c02aabf9aac9d833a19bda299e6388e7b7119be235761477a34d49e +TAG: 0f0c03b8423583cb8305a74f622fa1f9 + +KEY: 189bd84be3fb02723539b29cf76d41507c8b85b7217777ee1fb8f84a24aa7fee +NONCE: ef1bf39f22ba2edf86853505c24fafdf62c1a067963c63ba +IN: d5f96e240b5dd77b9fb2bf11c154fcbff312a791c3eb0717684e4fd84bf943e788050b47e76c427f42f3e5344b2636091603ba3b1d7a91 +AD: 93368a8e0900c7b6 +CT: c55a8b7f587bee4f97514582c5115582abffd6312914d76c2568be6836f62ba098789ed897c9a7508a5dc214bf8c218664f29941ccdfd6 +TAG: 78f87352dcb1143038c95dc6e7352cfd + +KEY: 23a2dbfcd02d265805169fa86e6927c7d49c9a24d2707884e18955e32dafc542 +NONCE: 305c7851f46f23ea8d832d5ed09d266714fd14f82ba0f69c +IN: 224de94a938d49cad46144e657e548bd86690a1b57b81558095eace59df1c552600dea389aaa609304fbc1eadf2241f2118c8bdf04522e1898efe1d4 +AD: 0075b20502bd29b2 +CT: 8e10c59369bbb0d72958100b05788498f59588795e075b8bce21d92d320206348b04010ced9b8cd3d651e825488915ce4a6e4f1af2f4d2f77b955376 +TAG: c39f0595ae8112dea6ef96df1c12458b + +KEY: 264e3c3f47bdf795cdde57d9a30be5a4da8b18463c0e3e05df28b7bf4e56410b +NONCE: 3ee09b6e205c261bf48ac53a9ba0afa460a5d5c0f2d80be8 +IN: +AD: 8eeec09d8972cb8ab0069554 +CT: +TAG: 245a034d84edab9fa6f0decb6b984766 + +KEY: d8ba98a272b5f91797b04b114311c3b92b7f2e3bb72edb7f78ed311b9f8ea2ad +NONCE: 481de9a06eee76a501e3c2b9d7423d90596193ad9d8a6564 +IN: 9ee1a3134d +AD: 928653701f6d6c8429b08c0d +CT: 459a07898f +TAG: 9188ec8d8e3bd91dcfda48fcc76773f7 + +KEY: ac9afd627a745df682bb003517056f07876eb94d2f8c610c61b6ac0d34ec4ec0 +NONCE: eaae7b8704530db1e8c3dcc968a00604a333c7c27ba51b16 +IN: f7c3f6ee2e9c03394dc8 +AD: 796620b367d5f041821baf69 +CT: d4a69005790cc91d8d34 +TAG: e4c83def113afcf83a1ea8cb204a0eae + +KEY: ea1a07c1fd60a5421f1fb6c43b4318090e290c97aa3bfa037e6fc5ee00fd47d4 +NONCE: 37327805cce92b38a669affbca1de92e068727fcf6fbb09a +IN: 7002ca765b91913ee719e7521ef5ac +AD: 64e7c48fc3041eac0734737f +CT: 9d8857a8c52a9ab3bf44b024b191b6 +TAG: d072c31714a7d0fe1596fd443a96e715 + +KEY: b3beb34fe0229fc8f49b354e941025bde6a788f25017a60e8a49591ed5d7e7da +NONCE: dd0e9fec76de1f6efb022b12164f7e9248b8e8c01d14ac02 +IN: acf360d7529a42be1f132f74745a940da9e823f2 +AD: 1489ca8d852f0a8547dbe8bc +CT: 2e8718372d6e8167213cf112dc41c80377244f5a +TAG: e4f31e8f84b9356999dc60989009e698 + +KEY: 9357cecd10bab8d2e42ed88c0386204827c3b76e9e51150d09fd4e3b4e0e1e6f +NONCE: 81f2106a5379e0ed861cf76b3cf95afb17515478b5cbcae9 +IN: ee51a0f25d091288b5e2b91ad11d491329e48b35a18a3a8685 +AD: b80cb677f4b409cd1537363b +CT: f681f19fa8de1fdea3538001a46f30fa6333b76d6439337e68 +TAG: afad5e6d282d9df6d8119c32237b3e60 + +KEY: 9f868600fbf81e40398b7dfb201fcae35d34bba10908860b0b2bf8b942b4e8fa +NONCE: 2ddcc13c97185614095d437900b8c0a9170e0a4a50e46ba5 +IN: 133fa3ac176fee6df67472752e41c6834f13300c0064ff5b190f903b7ac7 +AD: 0d61321fbee8bb1f3f5cb454 +CT: b93abb311ec0bf018dc300c7d511b42ade72780373186e231820b44f22f0 +TAG: f8bd2f649a337783ff911e37966037bd + +KEY: 05affcdfce0a28539924370db8d80a78b835254778ec41acbff52bfab092fa33 +NONCE: 3edaeb185f7273b1a7cccba54f84c5f7d6583433b49d3694 +IN: 7657581faad266cc1037962a380c8aa5306f88000427d0a05397696b503790ad2643c6 +AD: d7c213e9e6f4a40f3e5b662c +CT: 5eb19080aadc89f2329da4f5c41dc60568651c424c1b05d827f2bfb8dbff42c5a08224 +TAG: 2da20087b5674f0b967d1baa664bbd82 + +KEY: 645ed60ec74ddfe1f02694792db4436c262d20405d8645cd9755d64876219799 +NONCE: d83665b44c1fdf567299f2b8501e9c0e7ae2dda0bb8f2c82 +IN: ceee69d32ad4667a00909964d9611bf34fd98be41ad7f0feaaaff8169060d64cf310c13bcb9394cf +AD: 57379f8f44191ec9cf3b1a07 +CT: 4496a0666f0f895ebce224b448a04502f2ae7b354d868b7c54295bf051162e82c530c767d1ffd2cc +TAG: 1ffc56da4fb961ffdfabe66d82ec8f29 + +KEY: 06624c9a75bb7dbe224a3f23791281f53c40b407a14161a3f82f34924623dc02 +NONCE: e647b8b4739bf542a81d72d695e1cd6ba348fa593987ac47 +IN: 2658763f8d70e8c3303582d66ba3d736ce9d407e9507f6c6627e382d0144da157d73d0aee10ef034083cdd9013 +AD: 75536443a6c2189a57d553bb +CT: 305cab5c2f9a6edccac307d6965febe3c86f2a1e31ac8c74e88924a10c2a29106bce980c803b7886985bba8ec5 +TAG: 8c12bb58c84175b9f601b704d0f8a25c + +KEY: 63aeb46083100bbcc430f4f09bcc34410df9cfd5883d629e4af8645ffabb89c2 +NONCE: b09830874dc549195a5d6da93b9dcc12aa1ec8af201c96bd +IN: 1b3c9050e0a062f5a5cff7bec8706864cf8648142ec5cb1f9867ace384e9b2bba33aab8dc83e83b2d2fac70cd5189f2b5ab5 +AD: 7dcc05b0940198bd5c68cdf1 +CT: d8b22e5d381de08a50b163c00dbbca6c07d61c80199cebd52234c7bd4f7ed0a90d47ef05617cdb8e3f782875ae629c0f0ad6 +TAG: 194077f0e6d415bf7307d171e8484a9c + +KEY: 4826c1bf8b48088fece4008922173c500ff45790f945b1027f36110da4fecc92 +NONCE: 3a78fc7397944d762303b0a75974ac92a60e250bf112600a +IN: d26e3a2b92120ff8056bb992660cc8a2364792589c16a518b8d232b8184aed05ba8d4fd0b2ad2b928cd873e11905a21ffece5f1e63c974 +AD: 904d2cd3e50f7bfb9352f142 +CT: 21f4cf679662fad36f57945fc0c0753c3791261eb58d643278dfe1f14bfb585c5a01370ba96f18dc3f6b6945a2c6997330b24f12f5219a +TAG: 95397c54428f9d069c511b5c82e0151c + +KEY: ec526c03d8a08e8a63751112428a76399c399e8b83d98c9247c73164805ac8fe +NONCE: 2cc1a6ae89c2a091415fa2964b44a0e5da629d40d77b77f1 +IN: 567377f5b6df5442e70bc9a31bc450bd4febfcf89d7ca611353c7e612d8b7e36e859f6365ec7e5e99e9e0e882532666dd7203d06f6e25439ed871237 +AD: 35575b56716868b66cd21e24 +CT: 6b738274fe974438f1f5fca8ef1ee7df664f1e72bc54ccd3fb58c4a3df67ef9a73261df41ffe9c52aeafc8be4f6524baf9efb1558d4a57defec7bee3 +TAG: 92599d4b14a795e8c375ec2a8960b4dc + diff --git a/tls/CMakeLists.txt b/tls/CMakeLists.txt index 9aa10e1b..7827a5eb 100644 --- a/tls/CMakeLists.txt +++ b/tls/CMakeLists.txt @@ -7,6 +7,7 @@ set( tls_conninfo.c tls_keypair.c tls_server.c + tls_signer.c tls_ocsp.c tls_peer.c tls_util.c @@ -48,12 +49,6 @@ target_include_directories(tls_obj add_library(tls $ $ $) -target_include_directories(tls - PRIVATE - . - ../include/compat - PUBLIC - ../include) export_symbol(tls ${CMAKE_CURRENT_BINARY_DIR}/tls.sym) target_link_libraries(tls ${PLATFORM_LIBS}) @@ -74,3 +69,11 @@ if(ENABLE_LIBRESSL_INSTALL) RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} ) endif(ENABLE_LIBRESSL_INSTALL) + +# build static library for regression test +if(BUILD_SHARED_LIBS) + add_library(tls-static STATIC $ + $ $) + target_link_libraries(tls-static ${PLATFORM_LIBS}) +endif() + diff --git a/tls/Makefile.am b/tls/Makefile.am index 4cea3a26..4d31c928 100644 --- a/tls/Makefile.am +++ b/tls/Makefile.am @@ -30,6 +30,7 @@ libtls_la_SOURCES += tls_config.c libtls_la_SOURCES += tls_conninfo.c libtls_la_SOURCES += tls_keypair.c libtls_la_SOURCES += tls_server.c +libtls_la_SOURCES += tls_signer.c libtls_la_SOURCES += tls_ocsp.c libtls_la_SOURCES += tls_peer.c libtls_la_SOURCES += tls_util.c diff --git a/tls/Makefile.in b/tls/Makefile.in index ce25e8df..17a39f28 100644 --- a/tls/Makefile.in +++ b/tls/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.3 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2020 Free Software Foundation, Inc. +# Copyright (C) 1994-2021 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -144,7 +144,7 @@ am__DEPENDENCIES_1 = libtls_la_DEPENDENCIES = $(am__DEPENDENCIES_1) am__libtls_la_SOURCES_DIST = tls.c tls_client.c tls_bio_cb.c \ tls_config.c tls_conninfo.c tls_keypair.c tls_server.c \ - tls_ocsp.c tls_peer.c tls_util.c tls_verify.c \ + tls_signer.c tls_ocsp.c tls_peer.c tls_util.c tls_verify.c \ compat/ftruncate.c compat/pread.c compat/pwrite.c am__dirstamp = $(am__leading_dot)dirstamp @HOST_WIN_TRUE@am__objects_1 = compat/libtls_la-ftruncate.lo \ @@ -153,9 +153,9 @@ am__dirstamp = $(am__leading_dot)dirstamp am_libtls_la_OBJECTS = libtls_la-tls.lo libtls_la-tls_client.lo \ libtls_la-tls_bio_cb.lo libtls_la-tls_config.lo \ libtls_la-tls_conninfo.lo libtls_la-tls_keypair.lo \ - libtls_la-tls_server.lo libtls_la-tls_ocsp.lo \ - libtls_la-tls_peer.lo libtls_la-tls_util.lo \ - libtls_la-tls_verify.lo $(am__objects_1) + libtls_la-tls_server.lo libtls_la-tls_signer.lo \ + libtls_la-tls_ocsp.lo libtls_la-tls_peer.lo \ + libtls_la-tls_util.lo libtls_la-tls_verify.lo $(am__objects_1) libtls_la_OBJECTS = $(am_libtls_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -188,6 +188,7 @@ am__depfiles_remade = ./$(DEPDIR)/libtls_la-tls.Plo \ ./$(DEPDIR)/libtls_la-tls_ocsp.Plo \ ./$(DEPDIR)/libtls_la-tls_peer.Plo \ ./$(DEPDIR)/libtls_la-tls_server.Plo \ + ./$(DEPDIR)/libtls_la-tls_signer.Plo \ ./$(DEPDIR)/libtls_la-tls_util.Plo \ ./$(DEPDIR)/libtls_la-tls_verify.Plo \ compat/$(DEPDIR)/libtls_la-ftruncate.Plo \ @@ -237,8 +238,6 @@ am__define_uniq_tagged_files = \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags am__DIST_COMMON = $(srcdir)/Makefile.in \ $(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -258,6 +257,8 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ @@ -268,6 +269,7 @@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ +ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ @@ -378,8 +380,8 @@ libtls_la_LIBADD = $(libcrypto_la_objects) $(libcompat_la_objects) \ $(PLATFORM_LDADD) libtls_la_CPPFLAGS = $(AM_CPPFLAGS) $(am__append_1) $(am__append_2) libtls_la_SOURCES = tls.c tls_client.c tls_bio_cb.c tls_config.c \ - tls_conninfo.c tls_keypair.c tls_server.c tls_ocsp.c \ - tls_peer.c tls_util.c tls_verify.c $(am__append_3) + tls_conninfo.c tls_keypair.c tls_server.c tls_signer.c \ + tls_ocsp.c tls_peer.c tls_util.c tls_verify.c $(am__append_3) noinst_HEADERS = tls_internal.h all: all-am @@ -483,6 +485,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_ocsp.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_peer.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_server.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_signer.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_util.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtls_la-tls_verify.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/libtls_la-ftruncate.Plo@am__quote@ # am--include-marker @@ -568,6 +571,13 @@ libtls_la-tls_server.lo: tls_server.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libtls_la-tls_server.lo `test -f 'tls_server.c' || echo '$(srcdir)/'`tls_server.c +libtls_la-tls_signer.lo: tls_signer.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libtls_la-tls_signer.lo -MD -MP -MF $(DEPDIR)/libtls_la-tls_signer.Tpo -c -o libtls_la-tls_signer.lo `test -f 'tls_signer.c' || echo '$(srcdir)/'`tls_signer.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libtls_la-tls_signer.Tpo $(DEPDIR)/libtls_la-tls_signer.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tls_signer.c' object='libtls_la-tls_signer.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libtls_la-tls_signer.lo `test -f 'tls_signer.c' || echo '$(srcdir)/'`tls_signer.c + libtls_la-tls_ocsp.lo: tls_ocsp.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libtls_la-tls_ocsp.lo -MD -MP -MF $(DEPDIR)/libtls_la-tls_ocsp.Tpo -c -o libtls_la-tls_ocsp.lo `test -f 'tls_ocsp.c' || echo '$(srcdir)/'`tls_ocsp.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libtls_la-tls_ocsp.Tpo $(DEPDIR)/libtls_la-tls_ocsp.Plo @@ -675,7 +685,6 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am @@ -763,6 +772,7 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/libtls_la-tls_ocsp.Plo -rm -f ./$(DEPDIR)/libtls_la-tls_peer.Plo -rm -f ./$(DEPDIR)/libtls_la-tls_server.Plo + -rm -f ./$(DEPDIR)/libtls_la-tls_signer.Plo -rm -f ./$(DEPDIR)/libtls_la-tls_util.Plo -rm -f ./$(DEPDIR)/libtls_la-tls_verify.Plo -rm -f compat/$(DEPDIR)/libtls_la-ftruncate.Plo @@ -822,6 +832,7 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/libtls_la-tls_ocsp.Plo -rm -f ./$(DEPDIR)/libtls_la-tls_peer.Plo -rm -f ./$(DEPDIR)/libtls_la-tls_server.Plo + -rm -f ./$(DEPDIR)/libtls_la-tls_signer.Plo -rm -f ./$(DEPDIR)/libtls_la-tls_util.Plo -rm -f ./$(DEPDIR)/libtls_la-tls_verify.Plo -rm -f compat/$(DEPDIR)/libtls_la-ftruncate.Plo diff --git a/tls/VERSION b/tls/VERSION index 2005c066..69c99944 100644 --- a/tls/VERSION +++ b/tls/VERSION @@ -1 +1 @@ -22:0:0 +26:0:0 diff --git a/tls/tls.c b/tls/tls.c index 262ec3db..ff33ebe5 100644 --- a/tls/tls.c +++ b/tls/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.89 2021/02/01 15:35:41 tb Exp $ */ +/* $OpenBSD: tls.c,v 1.94 2022/02/08 19:13:50 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -387,6 +387,8 @@ tls_keypair_to_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY **pke static int tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *pkey) { + RSA_METHOD *rsa_method; + ECDSA_METHOD *ecdsa_method; RSA *rsa = NULL; EC_KEY *eckey = NULL; int ret = -1; @@ -407,6 +409,14 @@ tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *p tls_set_errorx(ctx, "RSA key setup failure"); goto err; } + if (ctx->config->sign_cb == NULL) + break; + if ((rsa_method = tls_signer_rsa_method()) == NULL || + RSA_set_ex_data(rsa, 1, ctx->config) == 0 || + RSA_set_method(rsa, rsa_method) == 0) { + tls_set_errorx(ctx, "failed to setup RSA key"); + goto err; + } break; case EVP_PKEY_EC: if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL || @@ -414,6 +424,14 @@ tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *p tls_set_errorx(ctx, "EC key setup failure"); goto err; } + if (ctx->config->sign_cb == NULL) + break; + if ((ecdsa_method = tls_signer_ecdsa_method()) == NULL || + ECDSA_set_ex_data(eckey, 1, ctx->config) == 0 || + ECDSA_set_method(eckey, ecdsa_method) == 0) { + tls_set_errorx(ctx, "failed to setup EC key"); + goto err; + } break; default: tls_set_errorx(ctx, "incorrect key type"); @@ -521,7 +539,7 @@ tls_configure_ssl(struct tls *ctx, SSL_CTX *ssl_ctx) } if (ctx->config->verify_time == 0) { - X509_VERIFY_PARAM_set_flags(ssl_ctx->param, + X509_VERIFY_PARAM_set_flags(SSL_CTX_get0_param(ssl_ctx), X509_V_FLAG_NO_CHECK_TIME); } @@ -629,9 +647,8 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify) tls_set_error(ctx, "failed to add crl"); goto err; } - xi->crl = NULL; } - X509_VERIFY_PARAM_set_flags(store->param, + X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); } @@ -747,7 +764,7 @@ tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix) case SSL_ERROR_WANT_ACCEPT: case SSL_ERROR_WANT_X509_LOOKUP: default: - tls_set_ssl_errorx(ctx, "%s failed (%i)", prefix, ssl_err); + tls_set_ssl_errorx(ctx, "%s failed (%d)", prefix, ssl_err); return (-1); } } diff --git a/tls/tls_bio_cb.c b/tls/tls_bio_cb.c index 0091808f..dad9d23e 100644 --- a/tls/tls_bio_cb.c +++ b/tls/tls_bio_cb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_bio_cb.c,v 1.19 2017/01/12 16:18:39 jsing Exp $ */ +/* $OpenBSD: tls_bio_cb.c,v 1.20 2022/01/10 23:39:48 tb Exp $ */ /* * Copyright (c) 2016 Tobias Pape * @@ -29,19 +29,41 @@ static int bio_cb_read(BIO *bio, char *buf, int size); static int bio_cb_puts(BIO *bio, const char *str); static long bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr); -static BIO_METHOD bio_cb_method = { - .type = BIO_TYPE_MEM, - .name = "libtls_callbacks", - .bwrite = bio_cb_write, - .bread = bio_cb_read, - .bputs = bio_cb_puts, - .ctrl = bio_cb_ctrl, -}; +static BIO_METHOD *bio_cb_method; + +static pthread_mutex_t bio_cb_method_lock = PTHREAD_MUTEX_INITIALIZER; + +static void +bio_cb_method_init(void) +{ + BIO_METHOD *bio_method; + + if (bio_cb_method != NULL) + return; + + bio_method = BIO_meth_new(BIO_TYPE_MEM, "libtls_callbacks"); + if (bio_method == NULL) + return; + + BIO_meth_set_write(bio_method, bio_cb_write); + BIO_meth_set_read(bio_method, bio_cb_read); + BIO_meth_set_puts(bio_method, bio_cb_puts); + BIO_meth_set_ctrl(bio_method, bio_cb_ctrl); + + bio_cb_method = bio_method; +} static BIO_METHOD * bio_s_cb(void) { - return (&bio_cb_method); + if (bio_cb_method != NULL) + return (bio_cb_method); + + pthread_mutex_lock(&bio_cb_method_lock); + bio_cb_method_init(); + pthread_mutex_unlock(&bio_cb_method_lock); + + return (bio_cb_method); } static int @@ -57,10 +79,10 @@ bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr) switch (cmd) { case BIO_CTRL_GET_CLOSE: - ret = (long)bio->shutdown; + ret = (long)BIO_get_shutdown(bio); break; case BIO_CTRL_SET_CLOSE: - bio->shutdown = (int)num; + BIO_set_shutdown(bio, (int)num); break; case BIO_CTRL_DUP: case BIO_CTRL_FLUSH: @@ -69,7 +91,7 @@ bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr) case BIO_CTRL_GET: case BIO_CTRL_SET: default: - ret = BIO_ctrl(bio->next_bio, cmd, num, ptr); + ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr); } return (ret); @@ -78,7 +100,7 @@ bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr) static int bio_cb_write(BIO *bio, const char *buf, int num) { - struct tls *ctx = bio->ptr; + struct tls *ctx = BIO_get_data(bio); int rv; BIO_clear_retry_flags(bio); @@ -96,7 +118,7 @@ bio_cb_write(BIO *bio, const char *buf, int num) static int bio_cb_read(BIO *bio, char *buf, int size) { - struct tls *ctx = bio->ptr; + struct tls *ctx = BIO_get_data(bio); int rv; BIO_clear_retry_flags(bio); @@ -115,8 +137,9 @@ int tls_set_cbs(struct tls *ctx, tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg) { - int rv = -1; + const BIO_METHOD *bio_cb; BIO *bio; + int rv = -1; if (read_cb == NULL || write_cb == NULL) { tls_set_errorx(ctx, "no callbacks provided"); @@ -127,12 +150,16 @@ tls_set_cbs(struct tls *ctx, tls_read_cb read_cb, tls_write_cb write_cb, ctx->write_cb = write_cb; ctx->cb_arg = cb_arg; - if ((bio = BIO_new(bio_s_cb())) == NULL) { + if ((bio_cb = bio_s_cb()) == NULL) { + tls_set_errorx(ctx, "failed to create callback method"); + goto err; + } + if ((bio = BIO_new(bio_cb)) == NULL) { tls_set_errorx(ctx, "failed to create callback i/o"); goto err; } - bio->ptr = ctx; - bio->init = 1; + BIO_set_data(bio, ctx); + BIO_set_init(bio, 1); SSL_set_bio(ctx->ssl_conn, bio, bio); diff --git a/tls/tls_client.c b/tls/tls_client.c index c45684db..1629697f 100644 --- a/tls/tls_client.c +++ b/tls/tls_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_client.c,v 1.47 2021/06/01 20:26:11 tb Exp $ */ +/* $OpenBSD: tls_client.c,v 1.48 2021/10/21 08:38:11 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -74,11 +74,8 @@ tls_connect_servername(struct tls *ctx, const char *host, const char *port, goto err; } - /* - * If port is NULL try to extract a port from the specified host, - * otherwise use the default. - */ - if ((p = (char *)port) == NULL) { + /* If port is NULL, try to extract a port from the specified host. */ + if (port == NULL) { ret = tls_host_port(host, &hs, &ps); if (ret == -1) { tls_set_errorx(ctx, "memory allocation failure"); diff --git a/tls/tls_config.c b/tls/tls_config.c index 9144dad9..15e218b4 100644 --- a/tls/tls_config.c +++ b/tls/tls_config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_config.c,v 1.63 2021/01/21 22:03:25 eric Exp $ */ +/* $OpenBSD: tls_config.c,v 1.65 2022/01/25 21:51:24 eric Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -722,7 +722,7 @@ tls_config_set_session_fd(struct tls_config *config, int session_fd) if (sb.st_uid != getuid()) { tls_config_set_errorx(config, "session file has incorrect " - "owner (uid %i != %i)", sb.st_uid, getuid()); + "owner (uid %u != %u)", sb.st_uid, getuid()); return (-1); } mugo = sb.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO); @@ -737,6 +737,17 @@ tls_config_set_session_fd(struct tls_config *config, int session_fd) return (0); } +int +tls_config_set_sign_cb(struct tls_config *config, tls_sign_cb cb, void *cb_arg) +{ + config->use_fake_private_key = 1; + config->skip_private_key_check = 1; + config->sign_cb = cb; + config->sign_cb_arg = cb_arg; + + return (0); +} + int tls_config_set_verify_depth(struct tls_config *config, int verify_depth) { diff --git a/tls/tls_internal.h b/tls/tls_internal.h index 5487b123..ca1d96f6 100644 --- a/tls/tls_internal.h +++ b/tls/tls_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_internal.h,v 1.78 2021/01/21 19:09:10 eric Exp $ */ +/* $OpenBSD: tls_internal.h,v 1.80 2022/03/24 15:56:34 tb Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas * Copyright (c) 2014 Joel Sing @@ -78,6 +78,10 @@ struct tls_ticket_key { time_t time; }; +typedef int (*tls_sign_cb)(void *_cb_arg, const char *_pubkey_hash, + const uint8_t *_input, size_t _input_len, int _padding_type, + uint8_t **_out_signature, size_t *_out_signature_len); + struct tls_config { struct tls_error error; @@ -112,6 +116,8 @@ struct tls_config { int verify_time; int skip_private_key_check; int use_fake_private_key; + tls_sign_cb sign_cb; + void *sign_cb_arg; }; struct tls_conninfo { @@ -291,6 +297,27 @@ int tls_cert_pubkey_hash(X509 *_cert, char **_hash); int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u); +RSA_METHOD *tls_signer_rsa_method(void); +ECDSA_METHOD *tls_signer_ecdsa_method(void); + +#define TLS_PADDING_NONE 0 +#define TLS_PADDING_RSA_PKCS1 1 +#define TLS_PADDING_RSA_X9_31 2 + +int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb, + void *_cb_arg); + +struct tls_signer* tls_signer_new(void); +void tls_signer_free(struct tls_signer * _signer); +const char *tls_signer_error(struct tls_signer * _signer); +int tls_signer_add_keypair_file(struct tls_signer *_signer, + const char *_cert_file, const char *_key_file); +int tls_signer_add_keypair_mem(struct tls_signer *_signer, const uint8_t *_cert, + size_t _cert_len, const uint8_t *_key, size_t _key_len); +int tls_signer_sign(struct tls_signer *_signer, const char *_pubkey_hash, + const uint8_t *_input, size_t _input_len, int _padding_type, + uint8_t **_out_signature, size_t *_out_signature_len); + __END_HIDDEN_DECLS /* XXX this function is not fully hidden so relayd can use it */ diff --git a/tls/tls_ocsp.c b/tls/tls_ocsp.c index f00e6bc8..83585fac 100644 --- a/tls/tls_ocsp.c +++ b/tls/tls_ocsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_ocsp.c,v 1.20 2021/03/23 20:04:29 tb Exp $ */ +/* $OpenBSD: tls_ocsp.c,v 1.22 2021/10/31 16:39:32 tb Exp $ */ /* * Copyright (c) 2015 Marko Kreen * Copyright (c) 2016 Bob Beck @@ -128,30 +128,38 @@ tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs, { X509_NAME *issuer_name; X509 *issuer; - X509_STORE_CTX storectx; - X509_OBJECT tmpobj; + X509_STORE_CTX *storectx = NULL; + X509_OBJECT *obj = NULL; OCSP_CERTID *cid = NULL; X509_STORE *store; if ((issuer_name = X509_get_issuer_name(main_cert)) == NULL) - return NULL; + goto out; if (extra_certs != NULL) { issuer = X509_find_by_subject(extra_certs, issuer_name); - if (issuer != NULL) - return OCSP_cert_to_id(NULL, main_cert, issuer); + if (issuer != NULL) { + cid = OCSP_cert_to_id(NULL, main_cert, issuer); + goto out; + } } if ((store = SSL_CTX_get_cert_store(ssl_ctx)) == NULL) - return NULL; - if (X509_STORE_CTX_init(&storectx, store, main_cert, extra_certs) != 1) - return NULL; - if (X509_STORE_get_by_subject(&storectx, X509_LU_X509, issuer_name, - &tmpobj) == 1) { - cid = OCSP_cert_to_id(NULL, main_cert, tmpobj.data.x509); - X509_OBJECT_free_contents(&tmpobj); - } - X509_STORE_CTX_cleanup(&storectx); + goto out; + if ((storectx = X509_STORE_CTX_new()) == NULL) + goto out; + if (X509_STORE_CTX_init(storectx, store, main_cert, extra_certs) != 1) + goto out; + if ((obj = X509_STORE_CTX_get_obj_by_subject(storectx, X509_LU_X509, + issuer_name)) == NULL) + goto out; + + cid = OCSP_cert_to_id(NULL, main_cert, X509_OBJECT_get0_X509(obj)); + + out: + X509_STORE_CTX_free(storectx); + X509_OBJECT_free(obj); + return cid; } diff --git a/tls/tls_server.c b/tls/tls_server.c index 0a8ec472..72f797b8 100644 --- a/tls/tls_server.c +++ b/tls/tls_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_server.c,v 1.47 2021/06/14 03:53:59 tb Exp $ */ +/* $OpenBSD: tls_server.c,v 1.48 2022/01/19 11:10:55 inoguchi Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -185,10 +185,16 @@ tls_server_ticket_cb(SSL *ssl, unsigned char *keyname, unsigned char *iv, memcpy(keyname, key->key_name, sizeof(key->key_name)); arc4random_buf(iv, EVP_MAX_IV_LENGTH); - EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, - key->aes_key, iv); - HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key), - EVP_sha256(), NULL); + if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, + key->aes_key, iv)) { + tls_set_errorx(tls_ctx, "failed to init encrypt"); + return (-1); + } + if (!HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key), + EVP_sha256(), NULL)) { + tls_set_errorx(tls_ctx, "failed to init hmac"); + return (-1); + } return (0); } else { /* get key by name */ @@ -196,10 +202,16 @@ tls_server_ticket_cb(SSL *ssl, unsigned char *keyname, unsigned char *iv, if (key == NULL) return (0); - EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, - key->aes_key, iv); - HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key), - EVP_sha256(), NULL); + if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, + key->aes_key, iv)) { + tls_set_errorx(tls_ctx, "failed to init decrypt"); + return (-1); + } + if (!HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key), + EVP_sha256(), NULL)) { + tls_set_errorx(tls_ctx, "failed to init hmac"); + return (-1); + } /* time to renew the ticket? is it the primary key? */ if (key != &tls_ctx->config->ticket_keys[0]) diff --git a/tls/tls_signer.c b/tls/tls_signer.c new file mode 100644 index 00000000..1f110967 --- /dev/null +++ b/tls/tls_signer.c @@ -0,0 +1,451 @@ +/* $OpenBSD: tls_signer.c,v 1.4 2022/02/01 17:18:38 jsing Exp $ */ +/* + * Copyright (c) 2021 Eric Faurot + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include + +#include "tls.h" +#include "tls_internal.h" + +struct tls_signer_key { + char *hash; + RSA *rsa; + EC_KEY *ecdsa; + struct tls_signer_key *next; +}; + +struct tls_signer { + struct tls_error error; + struct tls_signer_key *keys; +}; + +static pthread_mutex_t signer_method_lock = PTHREAD_MUTEX_INITIALIZER; + +struct tls_signer * +tls_signer_new(void) +{ + struct tls_signer *signer; + + if ((signer = calloc(1, sizeof(*signer))) == NULL) + return (NULL); + + return (signer); +} + +void +tls_signer_free(struct tls_signer *signer) +{ + struct tls_signer_key *skey; + + if (signer == NULL) + return; + + tls_error_clear(&signer->error); + + while (signer->keys) { + skey = signer->keys; + signer->keys = skey->next; + RSA_free(skey->rsa); + EC_KEY_free(skey->ecdsa); + free(skey->hash); + free(skey); + } + + free(signer); +} + +const char * +tls_signer_error(struct tls_signer *signer) +{ + return (signer->error.msg); +} + +int +tls_signer_add_keypair_mem(struct tls_signer *signer, const uint8_t *cert, + size_t cert_len, const uint8_t *key, size_t key_len) +{ + struct tls_signer_key *skey = NULL; + char *errstr = "unknown"; + int ssl_err; + EVP_PKEY *pkey = NULL; + X509 *x509 = NULL; + BIO *bio = NULL; + char *hash = NULL; + + /* Compute certificate hash */ + if ((bio = BIO_new_mem_buf(cert, cert_len)) == NULL) { + tls_error_setx(&signer->error, + "failed to create certificate bio"); + goto err; + } + if ((x509 = PEM_read_bio_X509(bio, NULL, tls_password_cb, + NULL)) == NULL) { + if ((ssl_err = ERR_peek_error()) != 0) + errstr = ERR_error_string(ssl_err, NULL); + tls_error_setx(&signer->error, "failed to load certificate: %s", + errstr); + goto err; + } + if (tls_cert_pubkey_hash(x509, &hash) == -1) { + tls_error_setx(&signer->error, + "failed to get certificate hash"); + goto err; + } + + X509_free(x509); + x509 = NULL; + BIO_free(bio); + bio = NULL; + + /* Read private key */ + if ((bio = BIO_new_mem_buf(key, key_len)) == NULL) { + tls_error_setx(&signer->error, "failed to create key bio"); + goto err; + } + if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb, + NULL)) == NULL) { + tls_error_setx(&signer->error, "failed to read private key"); + goto err; + } + + if ((skey = calloc(1, sizeof(*skey))) == NULL) { + tls_error_set(&signer->error, "failed to create key entry"); + goto err; + } + skey->hash = hash; + if ((skey->rsa = EVP_PKEY_get1_RSA(pkey)) == NULL && + (skey->ecdsa = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) { + tls_error_setx(&signer->error, "unknown key type"); + goto err; + } + + skey->next = signer->keys; + signer->keys = skey; + EVP_PKEY_free(pkey); + BIO_free(bio); + + return (0); + + err: + EVP_PKEY_free(pkey); + X509_free(x509); + BIO_free(bio); + free(hash); + free(skey); + + return (-1); +} + +int +tls_signer_add_keypair_file(struct tls_signer *signer, const char *cert_file, + const char *key_file) +{ + char *cert = NULL, *key = NULL; + size_t cert_len, key_len; + int rv = -1; + + if (tls_config_load_file(&signer->error, "certificate", cert_file, + &cert, &cert_len) == -1) + goto err; + + if (tls_config_load_file(&signer->error, "key", key_file, &key, + &key_len) == -1) + goto err; + + rv = tls_signer_add_keypair_mem(signer, cert, cert_len, key, key_len); + + err: + free(cert); + free(key); + + return (rv); +} + +static int +tls_sign_rsa(struct tls_signer *signer, struct tls_signer_key *skey, + const uint8_t *input, size_t input_len, int padding_type, + uint8_t **out_signature, size_t *out_signature_len) +{ + int rsa_padding, rsa_size, signature_len; + char *signature = NULL; + + *out_signature = NULL; + *out_signature_len = 0; + + if (padding_type == TLS_PADDING_NONE) { + rsa_padding = RSA_NO_PADDING; + } else if (padding_type == TLS_PADDING_RSA_PKCS1) { + rsa_padding = RSA_PKCS1_PADDING; + } else if (padding_type == TLS_PADDING_RSA_X9_31) { + rsa_padding = RSA_X931_PADDING; + } else { + tls_error_setx(&signer->error, "invalid RSA padding type (%d)", + padding_type); + return (-1); + } + + if (input_len > INT_MAX) { + tls_error_setx(&signer->error, "input too large"); + return (-1); + } + if ((rsa_size = RSA_size(skey->rsa)) <= 0) { + tls_error_setx(&signer->error, "invalid RSA size: %d", + rsa_size); + return (-1); + } + if ((signature = calloc(1, rsa_size)) == NULL) { + tls_error_set(&signer->error, "RSA signature"); + return (-1); + } + + if ((signature_len = RSA_private_encrypt((int)input_len, input, + signature, skey->rsa, rsa_padding)) <= 0) { + /* XXX - include further details from libcrypto. */ + tls_error_setx(&signer->error, "RSA signing failed"); + free(signature); + return (-1); + } + + *out_signature = signature; + *out_signature_len = (size_t)signature_len; + + return (0); +} + +static int +tls_sign_ecdsa(struct tls_signer *signer, struct tls_signer_key *skey, + const uint8_t *input, size_t input_len, int padding_type, + uint8_t **out_signature, size_t *out_signature_len) +{ + unsigned char *signature; + int signature_len; + + *out_signature = NULL; + *out_signature_len = 0; + + if (padding_type != TLS_PADDING_NONE) { + tls_error_setx(&signer->error, "invalid ECDSA padding"); + return (-1); + } + + if (input_len > INT_MAX) { + tls_error_setx(&signer->error, "digest too large"); + return (-1); + } + if ((signature_len = ECDSA_size(skey->ecdsa)) <= 0) { + tls_error_setx(&signer->error, "invalid ECDSA size: %d", + signature_len); + return (-1); + } + if ((signature = calloc(1, signature_len)) == NULL) { + tls_error_set(&signer->error, "ECDSA signature"); + return (-1); + } + + if (!ECDSA_sign(0, input, input_len, signature, &signature_len, + skey->ecdsa)) { + /* XXX - include further details from libcrypto. */ + tls_error_setx(&signer->error, "ECDSA signing failed"); + free(signature); + return (-1); + } + + *out_signature = signature; + *out_signature_len = signature_len; + + return (0); +} + +int +tls_signer_sign(struct tls_signer *signer, const char *pubkey_hash, + const uint8_t *input, size_t input_len, int padding_type, + uint8_t **out_signature, size_t *out_signature_len) +{ + struct tls_signer_key *skey; + + *out_signature = NULL; + *out_signature_len = 0; + + for (skey = signer->keys; skey; skey = skey->next) + if (!strcmp(pubkey_hash, skey->hash)) + break; + + if (skey == NULL) { + tls_error_setx(&signer->error, "key not found"); + return (-1); + } + + if (skey->rsa != NULL) + return tls_sign_rsa(signer, skey, input, input_len, + padding_type, out_signature, out_signature_len); + + if (skey->ecdsa != NULL) + return tls_sign_ecdsa(signer, skey, input, input_len, + padding_type, out_signature, out_signature_len); + + tls_error_setx(&signer->error, "unknown key type"); + + return (-1); +} + +static int +tls_rsa_priv_enc(int from_len, const unsigned char *from, unsigned char *to, + RSA *rsa, int rsa_padding) +{ + struct tls_config *config; + uint8_t *signature = NULL; + size_t signature_len = 0; + const char *pubkey_hash; + int padding_type; + + /* + * This function is called via RSA_private_encrypt() and has to conform + * to its calling convention/signature. The caller is required to + * provide a 'to' buffer of at least RSA_size() bytes. + */ + + pubkey_hash = RSA_get_ex_data(rsa, 0); + config = RSA_get_ex_data(rsa, 1); + + if (pubkey_hash == NULL || config == NULL) + goto err; + + if (rsa_padding == RSA_NO_PADDING) { + padding_type = TLS_PADDING_NONE; + } else if (rsa_padding == RSA_PKCS1_PADDING) { + padding_type = TLS_PADDING_RSA_PKCS1; + } else if (rsa_padding == RSA_X931_PADDING) { + padding_type = TLS_PADDING_RSA_X9_31; + } else { + goto err; + } + + if (from_len < 0) + goto err; + + if (config->sign_cb(config->sign_cb_arg, pubkey_hash, from, from_len, + padding_type, &signature, &signature_len) == -1) + goto err; + + if (signature_len > INT_MAX || (int)signature_len > RSA_size(rsa)) + goto err; + + memcpy(to, signature, signature_len); + free(signature); + + return ((int)signature_len); + + err: + free(signature); + + return (-1); +} + +RSA_METHOD * +tls_signer_rsa_method(void) +{ + static RSA_METHOD *rsa_method = NULL; + + pthread_mutex_lock(&signer_method_lock); + + if (rsa_method != NULL) + goto out; + + rsa_method = RSA_meth_new("libtls RSA method", 0); + if (rsa_method == NULL) + goto out; + + RSA_meth_set_priv_enc(rsa_method, tls_rsa_priv_enc); + + out: + pthread_mutex_unlock(&signer_method_lock); + + return (rsa_method); +} + +static ECDSA_SIG * +tls_ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, + const BIGNUM *rp, EC_KEY *eckey) +{ + struct tls_config *config; + ECDSA_SIG *ecdsa_sig = NULL; + uint8_t *signature = NULL; + size_t signature_len = 0; + const unsigned char *p; + const char *pubkey_hash; + + /* + * This function is called via ECDSA_do_sign_ex() and has to conform + * to its calling convention/signature. + */ + + pubkey_hash = ECDSA_get_ex_data(eckey, 0); + config = ECDSA_get_ex_data(eckey, 1); + + if (pubkey_hash == NULL || config == NULL) + goto err; + + if (dgst_len < 0) + goto err; + + if (config->sign_cb(config->sign_cb_arg, pubkey_hash, dgst, dgst_len, + TLS_PADDING_NONE, &signature, &signature_len) == -1) + goto err; + + p = signature; + if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &p, signature_len)) == NULL) + goto err; + + free(signature); + + return (ecdsa_sig); + + err: + free(signature); + + return (NULL); +} + +ECDSA_METHOD * +tls_signer_ecdsa_method(void) +{ + static ECDSA_METHOD *ecdsa_method = NULL; + + pthread_mutex_lock(&signer_method_lock); + + if (ecdsa_method != NULL) + goto out; + + ecdsa_method = calloc(1, sizeof(*ecdsa_method)); + if (ecdsa_method == NULL) + goto out; + + ecdsa_method->ecdsa_do_sign = tls_ecdsa_do_sign; + ecdsa_method->name = strdup("libtls ECDSA method"); + if (ecdsa_method->name == NULL) { + free(ecdsa_method); + ecdsa_method = NULL; + } + + out: + pthread_mutex_unlock(&signer_method_lock); + + return (ecdsa_method); +}